urlscan.io logo urlscan.io
SecurityTrails logo

www.yiiframework.com Open in urlscan Pro
2a01:4f8:1c0c:63e7::1  Public Scan

Back to summary
URL: https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
Submission: On September 28 via manual from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET /search

<form id="search-form" class="navbar-form" action="/search" method="get">
  <input type="hidden" name="type" value="news">
  <div class="form-group nospace">
    <div class="input-group">
      <input type="text" class="form-control" id="search" name="q" placeholder="Search News…" autocomplete="off" value="" style="width: 226px;">
    </div>
  </div>
  <div id="search-resultbox" style="width: 350px;"></div>
</form>

Text Content

 * Guide
 * API
 * Wiki
 * Forum
 * Community
   * Live Chat
   * Extensions
   * Resources
   * Members
   * Hall of Fame
   * Badges
 * More
   * Learn
   * Books
   * Resources
   * Develop
   * Download Yii
   * Report an Issue
   * Report a Security Issue
   * Contribute to Yii
   * Donate
   * About
   * What is Yii?
   * Release Cycle
   * News
   * License
   * Team
   * Official Logos and Design

 * Login


Yii Framework News
Jul 11, 2015


YII 2.0.5 IS RELEASED (SECURITY FIX)

We are releasing Yii 2.0.5 to fix a security issue found in the
yii\web\ViewAction class. We urge all users of the class to upgrade their Yii
installation to this latest release. Upgrading from 2.0.4 to this release is
very safe as the release does only contain the bugfix for the vulnerability and
will not break your existing code.

The vulnerability is in the ViewAction action. It is possible to execute any PHP
file (a file ending with .php) on the disk by passing a relative path via view
parameter. Since the issue was posted on the public issue tracker and is already
known, we've fixed it and decided to make this release immediately.

We have reserved a CVE number (CVE-2015-5467) for this issue, which you can use
to refer to it.


RELATED NEWS

 * Yii 2.0.47
 * Yii 1.1.27 is released
 * Yii 1.1.28 is released and security support extended
 * Yii 2.0.48
 * Yii 2.0.49


TAGS

 * release
 * security


NEWS ARCHIVE

 * 2023 (66)
 * 2022 (82)
 * 2021 (101)
 * 2020 (64)
 * 2019 (75)
 * 2018 (32)
 * 2017 (35)
 * 2016 (30)
 * 2015 (9)
 * 2014 (6)
 * 2013 (11)
 * 2012 (14)
 * 2011 (10)
 * 2010 (10)
 * 2009 (23)
 * 2008 (5)

 * About
 * About Yii
 * News
 * License
 * Contact Us

 * Downloads
 * Framework
 * Documentation
 * Extensions
 * Logo

 * Documentation
 * Guide
 * API
 * Wiki
 * Resources

 * Development
 * Contribute
 * Latest Updates
 * Report a Bug
 * Report Security Issue

 * Community
 * Forum
 * Live Chat
 * Facebook Group
 * Hall of Fame
 * Badges

 * 
 * Terms of service
 * License
 * Website Source Code
 *  
 * © 2008 - 2023 Yii
 * Design: Eshill

 * 
 * Terms of service
 * License
 * Website Source Code
 *  
 * © 2008 - 2023 Yii
 * Design: Eshill

 * Supported by
 * 
 *