This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
lnkohana/system/guide/kohana/upgrading-from-3-3-3-1.md

24 lines
1.2 KiB
Markdown
Raw Permalink Normal View History

2016-05-01 10:50:24 +00:00
# Upgrading from 3.3.3.1
Minor version upgrades are usually done in a drop-in fashion. Unfortunately, however, upgrading from 3.3.3.1 to 3.3.4 needs a little configuration. This is because a [security disclosure from HP Fortify](https://github.com/kohana/kohana/issues/74), that unveiled a serious [host header attack](https://github.com/kohana/core/issues/613) vulnerability.
[!!] You *might* still be able to have a drop-in upgrade, in case you have set the `base_url` in the [Kohana::init] call to an absolute URL. We advise you however that you follow the step below to make your application secure, in case some day you decide to change your `base_url` to a relative URL.
## Trusted Hosts
You need to setup a list of trusted hosts. Trusted hosts are hosts that you expect your application to be accessible from.
Open `application/config/url.php` and add regex patterns of these hosts. An example is given hereunder:
~~~
return array(
'trusted_hosts' => array(
'example\.org',
'.*\.example\.org',
),
);
~~~
[!!] Do not forget to escape your dots (.) as these are regex patterns. These patterns should always fully match, as they are prepended with `^` and appended with `$`.