Ok, basically you shouldn't be afraid of script kiddie attacks that
much with
CakePHP as you should be when using systems like Drupal, Typo3, Joomla,
etc.. Those people like to use Google to find vulnerable sites, and
since CakePHP
doesn't leave much of a typical html signature, it's a little d
While there is no guarantee that an exploit will or will not be found you will notice that within a few hours of tickets being submitted I have a patch created or a new release built. I think compared to many other projects, or even software that you pay for, you would not see this type of turn aro
but I'm not sure if I can
> do that without exposing my ISP to an attack.
There are no known open security issues:
https://trac.cakephp.org/query?
status=new&status=assigned&status=reopened&type=Security
+Exploit&order=priority
Given that our usage base is pretty large, yo
Is there any chance that the security expert would be willing to put
together a brief overview of security concerns within Cake? I get
overwhelmed with the number and variety of exploits and exploiters out
there now. Everywhere I look there seems to be a chink in the armor of
every online system.
Yes it seems CakePHP has picked up a security expert as this is the
second update I have seen for CakePHP security fix. Very nice to have
someone interested in CakePHP enough to find them AND report them in a
manner that the developers can resolve it. I love CakePHP!
--~--~-~--~~--
ok at the security aspects in the framework.
Best Regards,
Felix Geisendörfer
--
http://www.thinkingphp.org
http://www.fg-webdesign.de
Larry E. Masters aka PhpNut schrieb:
There was an security exploit brought to my attention
today. I have fixed this exploit in the trun
There was an security exploit brought to my attention today. I have fixed this exploit in the trunk and branched versions. Please replace the app/webroot/js/vendors.php with this file.
https://trac.cakephp.org/browser/trunk/cake/1.x.x.x/app/webroot/js/vendors.php?format=txtThis exploit is
