Yii 2.0.5 (security fix)

Yii 2.0.5 is released to fix a security issue found in the yii\web\ViewAction . It is highly recommended to upgrade . The update is fully compatible with 2.0.4, contains only a security fix and does not break your code.



The vulnerability in ViewAction is the ability to run any PHP file (or file with the .php extension) on the disk by passing a relative path through the view parameter. Since the problem was reported through a public tracker, we fixed it and released the update immediately.



We have reserved the CVE-2015-5467 number for this vulnerability.