Back to Home

Yii 1.1.15 (security patch)

yii · security

Yii 1.1.15 (security patch)

    The Yii 1.1.15 PHP framework has been released that fixes the security problem found in 1.1.14. Earlier versions are not affected. If you use it, you should upgrade. 1.1.15 is fully compatible with 1.1.14.

    Vulnerability Affects `CDetailView`. If your application takes the value of value from the user, then the attacker has the ability to execute an arbitrary PHP script on your server. We do not disclose the details immediately to give time to update. According to our data, the details are so far known only to the core development team of the framework.

    Vulnerability assigned number CVE-2014-4672.

    You can pick up the distribution kit, as usual, at yiiframework.com or upgrade via Composer.

    Read Next