Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
The CakePHP core team is happy to announce the immediate availability of CakePHP 2.7.11. This release contains security fixes.
These releases contain fixes for arbitrary address spoofing when using the
clientIp() method of the request object. Previously, this method would use the
HTTP_CLIENT_IP header which can be spoofed easily. If you are using this method as a source of trusted data we recommend you upgrade. We'd like to thank the independent security researcher Dawid Golunski for discovering this vulnerability in CakePHP which was reported to us by Beyond Security's SecuriTeam Secure Disclosure program.