yiisoft/yii2-dev Security Advisories for 2.0.0-rc (5)
-
Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`
Affected version: <2.0.12.1|>=2.0.13,<2.0.13.2|>=2.0.14,<2.0.15
Reported by:
FriendsOfPHP/security-advisories -
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
Affected version: <2.0.14
Reported by:
FriendsOfPHP/security-advisories -
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity
Affected version: <2.0.14
Reported by:
FriendsOfPHP/security-advisories -
class yii\web\ViewAction allowed to include arbitrary files that end with .php
Affected version: <2.0.5
Reported by:
FriendsOfPHP/security-advisories -
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
Affected version: <2.0.4
Reported by:
FriendsOfPHP/security-advisories