Version 4.2.11

Release Date: December 21, 2022

4.2.11 release of CodeIgniter4

SECURITY

• Attackers may spoof IP address when using proxy was fixed. See the Security advisory GHSA-ghw3-5qvm-3mqc for more information.

• Potential Session Handlers Vulnerability was fixed. See the Security advisory GHSA-6cq5-8cj7-g558 for more information.

BREAKING

• The Config\App::$proxyIPs value format has been changed. See Upgrading Guide.

• The key of the session data record for DatabaseHandler Driver, MemcachedHandler Driver and RedisHandler Driver has changed. See Upgrading Guide.

Enhancements

• Full support for PHP 8.2.

Bugs Fixed

• Fixed a FileLocator::locateFile() bug where a similar namespace name could be replaced by another, causing a failure to find a file that exists.

• Fixed a RedisHandler session class to use the correct config when used with a socket connection.

See the repo’s CHANGELOG_4.2.md for a complete list of bugs fixed.