Released new version Yii 1.1.15

For download new version is available Yii 1.1.15.

This update has been fixed a security bug:

The vulnerability affects CDetailView. If your application takes the value value from the user, the attacker is able to execute arbitrary PHP script on your server.
Vulnerability as a number CVE-2014-4672.

This update is fully compatible with version 1.1.14 and does not require any update instructions, therefore, recommended at your earliest upgrade to the new version.

Well, I would like to announce the sweet essence of the fixed bug:
  1. is_callable($attribute['value'])? call_user_func($attribute['value'],$this->data)

Here you can see what changed.

Comments (0)

Leave a comment