CakePHP 3.7.7, 3.6.15 and 3.5.18 released - Security updates!

news
release
#1

The CakePHP core team is happy to announce the immediate availability of CakePHP 3.7.7, 3.6.15 and 3.5.18. These releases contain a security related fix for CVE-2019-11458. The vulnerability affects applications that open serialized content from user input. When doing so the SmtpTransport can be used to overwrite any file the webserver has write access to.

CakePHP 3.7.7 also contains several bug fixes - check out the bakery for more on the releases!

#2

Thanks for this post. I would like know only the recent security updates. Only for security, please, not for other improvements. I have a site in production with 3.4 version and I need the fastest update with only security updates. ┬┐Is this possible? Thanks

#3

You can view this in the changelog. This is the commit for the security vulnerability.

1a74e798309192a9895c9cedabd714ceee345f4e