New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is there a 2.x patch for security issue CVE-2015-8379? #9160
Comments
From the next time, please send an email to security [at] cakephp.org when you want to ask a question about security of CakePHP.
|
2.7.9 was the first release that contained 4b8d628 |
It would be great to mention CVEs on release notes... |
@onlyjob I agree. In this situation the CVE was claimed after the release was done, and we were not told about the CVE being claimed. |
@markstory means the CVE should have been published with a correct statement which versions are affected and which are not. That would have answered @onlyjob's question implicitly. |
@ravage84 That would be nice too, but the original issue reporter claimed and filled out the CVE report as well. |
After installing my CakePHP app on a new server I found it triggering mod_security (rule 241601) - it's trying to protect me from the CVE-2015-8379 security issue in CakePHP up to 3.1.5.
The text was updated successfully, but these errors were encountered: