File tree 2 files changed +38
-0
lines changed
2 files changed +38
-0
lines changed Original file line number Diff line number Diff line change 1+ CakePHP 4.5.9
2+ ==============
3+
4+ The CakePHP core team is happy to announce the immediate availability of CakePHP
5+ 4.5.9. This is a maintenance release for the 4.4 branch that fixes a few
6+ community reported issues and a security fix.
7+
8+ Bugfixes
9+ --------
10+
11+ You can expect the following changes in 4.5.9. See the `changelog
12+ <https://github.com/cakephp/cakephp/compare/4.5.8...4.5.9> `_ for every commit.
13+
14+ - Requests now read the uri from REQUEST_URI instead of PATH_INFO. PATH_INFO
15+ has urlescaping applied which enables requests with %2f to be routed when they
16+ should not. This could create a security risk for applications that use CDN or
17+ loadbalancer rules with paths to be bypassed.
18+ - Fix ORM queries not being able to set read role.
19+
20+ Contributors to 4.5.9
21+ ----------------------
22+
23+ Thank you to all the contributors that helped make this release happen:
24+
25+ - Jeppe Bonde Weikop for reporting the PATH_INFO issue.
26+ - Kevin Pfeifer
27+ - Mark Story
28+
29+ As always, we would like to thank all the contributors that opened issues,
30+ created pull requests or updated the documentation.
31+
32+ Download a `packaged release on github
33+ <https://github.com/cakephp/cakephp/releases> `_.
34+
35+ .. author :: markstory
36+ .. categories :: release, news, security
37+ .. tags :: release, news, security
Original file line number Diff line number Diff line change 44.. toctree ::
55 :maxdepth: 1
66
7+ 2025/01/04/cakephp_459
78 2024/12/12/cakephp_514
89 2024/11/24/cakephp_458
910 2024/11/09/cakephp_512
You can’t perform that action at this time.
0 commit comments