시스템 보안 업데이트 3.0.6 -> 3.1.0 업데이트 일괄 적용 완료.

 

코드이그나이터 3.1.0 최신버전이 릴리즈 되어 

저희 디웹스 서버도 일괄적으로 시스템 업데이트가 진행되었습니다.

 

관리자화면 접속시 왼쪽 메뉴 하단에 업데이트 버전이 적용된것을 확인하실 수 있습니다.

 

 

 

기존 3.0.6 에서 3.1.0 으로 업데이트 되었으며

자세한 내역은 아래 링크를 참조하시기 바랍니다.

http://forum.codeigniter.com/thread-65803.html

 

 

SQL 인젝션 공격에 대비한 보안 업데이트부터 라이브러리와 헬퍼등이 대량 업데이트 되었습니다.

 

Version 3.1.0

Release Date: July 26, 2016

 

Security

Fixed an SQL injection in the ‘odbc’ database driver.

Updated set_realpath() Path Helpr function to filter-out php:// wrapper inputs.

Officially dropped any kind of support for PHP 5.2.x and anything under 5.3.7.

General Changes

Updated Image Manipulation Library to validate width and height configuration values.

Updated Encryption Library to always

 prefer random_bytes() when it is available.

Updated Session Library to log ‘debug’ messages when using fallbacks to session.save_path (php.ini) or ‘sess_use_database’, ‘sess_table_name’ settings.

Added a ‘LONGTEXT’ to ‘STRING’ alias to Database Forge for the ‘cubrid’, ‘pdo/cubrid’ drivers.

Added ‘TINYINT’, ‘MEDIUMINT’, ‘INT’ and ‘BIGINT’ aliases to ‘NUMBER’ to Database Forge for the ‘oci8’, ‘pdo/oci’ drivers.

password_hash() compatibility function changes:

Changed salt-generation logic to prefer random_bytes() when it is available.

Changed salt-generation logic to prefer direct access to /dev/urandom over openssl_random_pseudo_bytes().

Changed salt-generation logic to error if openssl_random_pseudo_bytes() sets its $crypto_strong flag to FALSE.

 

Bug fixes for 3.1.0

Fixed a bug where Image Manipulation Library didn’t escape image source paths passed to ImageMagick as shell arguments.

Fixed a bug (#861) - Database Forge method create_table() incorrectly accepts field width constraints for MSSQL/SQLSRV integer-type columns.

Fixed a bug (#4562) - Cache Library didn’t check if Memcached::quit() is available before calling it.

Fixed a bug (#4563) - Input Library method request_headers() ignores $xss_clean parameter value after first call.

Fixed a bug (#4605) - Config Library method site_url() stripped trailing slashes from relative URIs passed to it.

Fixed a bug (#4613) - Email Library failed to send multiple emails via SMTP due to “already authenticated” errors when keep-alive is enabled.

Fixed a bug (#4633) - Form Validation Library ignored multiple “callback” rules for empty, non-required fields.

Fixed a bug (#4637) - Database method error() returned FALSE with the ‘oci8’ driver if there was no error.

Fixed a bug (#4647) - Query Builder method count_all_results() doesn’t take into account GROUP BY clauses while deciding whether to do a subquery or not.

Fixed a bug where Session Library ‘redis’ driver didn’t properly detect if a connection is properly closed on PHP 5.x.

Fixed a bug (#4583) - Email Library didn’t properly handle inline attachments in HTML emails.

Fixed a bug where Database method db_select() didn’t clear metadata cached for the previously used database.

Fixed a bug (#4675) - File Helper function delete_files() treated symbolic links as regular directories.

Fixed a bug (#4674) - Database driver ‘dblib’ triggered E_WARNING messages while connecting.

Fixed a bug (#4678) - Database Forge tried to use unsupported IF NOT EXISTS clause when creating tables on Oracle.

Fixed a bug (#4691) - File Uploading Library method data() returns wrong ‘raw_name’ when the filename extension is also contained in the raw filename.

Fixed a bug (#4679) - Input Library method ip_address() errors with a matching $config['proxy_ips'] IPv6 address.

Fixed a bug (#4695) - User Agent Library didn’t load the config/user_agents.php file when there’s no User-Agent HTTP request header.

Fixed a bug (#4713) - Query Builder methods insert_batch(), update_batch() could return wrong affected rows count.

Fixed a bug (#4712) - Email Library doesn’t sent RSET to SMTP servers after a failure and while using keep-alive.

Fixed a bug (#4724) - Common function is_https() compared the X-Forwarded-Proto HTTP header case-sensitively.

Fixed a bug (#4725) - Common function remove_invisible_characters() searched case-sensitively for URL-encoded characters.

 

 

시스템의 일괄 업데이트 적용은 저희 디웹스가 개발한 자체솔루션의 특 장점중 하나입니다.

 

디웹스는 모든 클라이언트분들이 사업에만 전념 하실 수 있도록 항상 노력하고 있습니다.

디웹스를 선택해 주셔서 감사합니다.

- 디웹스 -