You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: user_guide/changelog.html
+14-3Lines changed: 14 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -57,11 +57,22 @@
57
57
58
58
<h1>Change Log</h1>
59
59
60
+
<h2>Version 2.2.5</h2>
61
+
<p>Release Date: October 8, 2015</p>
62
+
63
+
<ul>
64
+
<li><b>Security</b>
65
+
<ul>
66
+
<li>Fixed a number of XSS attack vectors in <ahref="libraries/security.html">Security Library</a> method <samp>xss_clean</samp> (thanks to Frans Rosén from <ahref="https://detectify.com/">Detectify</a>).
67
+
</ul>
68
+
</li>
69
+
</ul>
70
+
60
71
<h2>Version 2.2.4</h2>
61
72
<p>Release Date: August 20, 2015</p>
62
73
63
74
<ul>
64
-
<li><b>Security</b></li>
75
+
<li><b>Security</b>
65
76
<ul>
66
77
<li>Fixed an SQL injection vulnerability in <ahref="database/active_record.html">Active Record</a> method <samp>offset()</samp>.</li>
67
78
</ul>
@@ -72,7 +83,7 @@ <h2>Version 2.2.3</h2>
72
83
<p>Release Date: July 14, 2015</p>
73
84
74
85
<ul>
75
-
<li><b>Security</b></li>
86
+
<li><b>Security</b>
76
87
<ul>
77
88
<li>Removed a fallback to <samp>mysql_escape_string()</samp> in the 'mysql' database driver (<samp>escape_str()</samp> method) when there's no active database connection.</li>
78
89
</ul>
@@ -83,7 +94,7 @@ <h2>Version 2.2.2</h2>
83
94
<p>Release Date: April 15, 2015</p>
84
95
85
96
<ul>
86
-
<li><b>Security</b></li>
97
+
<li><b>Security</b>
87
98
<ul>
88
99
<li>Added HTTP "Host" header character validation to prevent cache poisoning attacks when <kbd>base_url</kbd> auto-detection is used.</li>
89
100
<li>Added <kbd>FSCommand</kbd> and <kbd>seekSegmentTime</kbd> to the "evil attributes" list in <samp>CI_Security::xss_clean()</samp>.</li>
0 commit comments