CodeIgniter 1.6.3 Maintenance and Security Release

We are happy to release CodeIgniter version 1.6.3 today.  Version 1.6.3 is primarily a maintenance release, with a variety of bug fixes and some refinement to existing features (with a few new ones tossed in for good measure).  Details of course can be found in the Change Log.

Additionally, with the assistance of an outstanding community member, Pascal Kriete (Inparo), we have identified and eliminated a potential cross-site scripting vulnerability.  No known sites have been affected, but as we take security very seriously, we felt it warranted a feature-light point release to help users protect their sites.  We cannot thank Pascal enough for the manner in which he reported this issue to us, and then continuing to diligently work with us to make sure the vulnerability was plugged.  If you’re looking for a fresh set of eyes to do a security audit on your app, he comes highly recommended by the EllisLab staff.

Command line addicts: don’t forget that starting with version 1.6.1, the CodeIgniter subversion contains tagged releases!

Posted by Derek Jones on June 26, 2008