Version 4.3.5

Release Date: May 21, 2023

4.3.5 release of CodeIgniter4

SECURITY

• Remote Code Execution Vulnerability in Validation Placeholders was fixed. See the Security advisory GHSA-m6m8-6gq8-c9fj for more information.

• Fixed that Session::stop() did not destroy the session. See Session Library for details.

Changes

• make:cell command: When creating a new cell, the controller would always have the Cell suffixed to the class name. For the view file, the final _cell is always removed.

• View Cells: For compatibility with previous versions, view filenames ending with _cell can still be located by the Cell as long as auto-detection of view file is enabled (via setting the $view property to an empty string).

Deprecations

• Session: The Session::stop() method is deprecated. Use the Session::destroy() instead.

Bugs Fixed

• Validation: Fixed a bug where a closure used in combination with permit_empty or if_exist rules was causing an error.

• make:cell command: Fixed generating view files as classes.

• make:cell command: Fixed treatment of single word class input for case-insensitive OS.

See the repo’s CHANGELOG.md for a complete list of bugs fixed.