Release Date: December 21, 2022
4.2.11 release of CodeIgniter4
Attackers may spoof IP address when using proxy was fixed. See the Security advisory GHSA-ghw3-5qvm-3mqc for more information.
Potential Session Handlers Vulnerability was fixed. See the Security advisory GHSA-6cq5-8cj7-g558 for more information.
Config\App::$proxyIPsvalue format has been changed. See Upgrading Guide.
The key of the session data record for DatabaseHandler Driver, MemcachedHandler Driver and RedisHandler Driver has changed. See Upgrading Guide.
Full support for PHP 8.2.
FileLocator::locateFile()bug where a similar namespace name could be replaced by another, causing a failure to find a file that exists.
RedisHandlersession class to use the correct config when used with a socket connection.
See the repo’s CHANGELOG_4.2.md for a complete list of bugs fixed.