After the release of 1.2 Final, we received a lot of attention. Some of this came in the form of a security concern. The issue could affect sites relying on the AuthComponent for user authentication, without the use of the SecurityComponent. Essentially, an attacker may be able to obtain credentials as the first user of the system. If you are interested in testing your site, you can use the SQL Inject Me plugin for Firefox[1]
Along with several other bugs, this issue was fixed in the recently released CakePHP 1.2.1.8004 Stable. We highly recommend that users upgrade to this release. A big thank you for all those who report these issues to us and allow us to fix them. Bake on, CakePHP team [1] https://addons.mozilla.org/en-US/firefox/addon/7597 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
