Code Igniter 4.6.2
29 July 2025
Code Igniter version 4.6.2 is now available (security release).
Upgrading to Code Igniter 4.6.2
Code Igniter 4.6.2 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Code Igniter updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Code Igniter install to test the 4.6.2 upgrade prior to applying it live. Get started managing your Code Igniter installations with Installatron
What's New in Code Igniter 4.6.2
Security
- ImageMagickHandler: Command Injection Vulnerability in ImageMagick Handler Fixes a vulnerability relating to uses of ImageMagickHandler's resize() or text() methods where an attacker can upload malicious filenames containing shell metacharacters that get executed when the image is processed or when text is added to the image. See the security advisory for details. Credits to @vicevirus for reporting the issue.
Fixed Bugs
- chore: add missing EscaperInterface to the AutoloadConfig by @michalsn in #9561
- fix: remove service dependency from sanitize_filename() helper function by @michalsn in #9560
- fix: use native PHP truthiness for condition evaluation in when()/whenNot() by @michalsn in #9576
- fix: add error handling for corrupted cache files in FileHandler by @michalsn in #9586
- fix: correct getHostname() fallback logic in Email class by @michalsn in #9587
- fix: encapsulation violation in BasePreparedQuery class by @michalsn in #9603
- fix: URI authority generation for schemes without default ports by @michalsn in #9605
- fix: correct path parsing in SiteURIFactory::parseRequestURI() by @michalsn in #9613
- fix: support for multibyte folder names when the app is served from a subfolder by @michalsn in #9615
- fix: use correct 24-hour time format in development error page. by @ping-yee in #9628
- fix: improve CURLRequest intermediate HTTP response handling by @michalsn in #9627
- fix: ensure make:test works on Windows by @paulbalandan in #9635
- fix: ensure make:test generates test files ending in Test by @paulbalandan in #9636
- fix: make:test requires 3 inputs after entering an empty class name by @paulbalandan in #9637
- fix: add filename parameters to inline Content-Disposition headers by @michalsn in #9638
Refactoring
- refactor: add system/util_bootstrap.php to curb overreliance to system/Test/bootstrap.php by @paulbalandan in #9562
- refactor: update places to use system/util_bootstrap.php by @paulbalandan in #9568
- refactor: more accurate array PHPDocs of Cookie by @paulbalandan in #9569
- refactor: use native phpdocs wherever possible by @paulbalandan in #9571
- refactor: fix notIdentical.alwaysTrue error by @paulbalandan in #9579
- refactor: fix phpstan errors in Events by @paulbalandan in #9580
- refactor: fix non-booleans in if conditions by @paulbalandan in #9578
- refactor: fix and micro-optimize code in Format by @paulbalandan in #9583
- refactor: fix various phpstan errors in Log component by @paulbalandan in #9581
- refactor: partial fix errors on Email by @paulbalandan in #9582
- refactor: fix phpstan errors in ResponseTrait by @paulbalandan in #9591
- refactor: precise PHPDocs for Autoloader by @paulbalandan in #9593
- refactor: fix phpstan errors in mock classes by @paulbalandan in #9594
- refactor: fix various phpstan errors in Cache by @paulbalandan in #9610
- fix: apply rector rule TernaryImplodeToImplodeRector by @michalsn in #9614
- refactor: Console::showHeader() call date() only once by @paulbalandan in #9616
