Getting feedback and help from the community in the form of tickets is an extremely important part of the CakePHP development process. All of CakePHP’s tickets are hosted on GitHub.

Reporting bugs

Well written bug reports are very helpful. There are a few steps to help create the best bug report possible:

  • Do search for a similar existing ticket, and ensure someone hasn’t already reported your issue, or that it hasn’t already been fixed in the repository.

  • Do include detailed instructions on how to reproduce the bug. This could be in the form of test cases or a code snippet that demonstrates the issue. Not having a way to reproduce an issue, means it’s less likely to get fixed.

  • Do give as many details as possible about your environment: (OS, PHP version, CakePHP version).

  • Don’t use the ticket system to ask support questions. Use the Google Group, the #cakephp IRC channel or Stack Overflow <> for that.

Reporting security issues

If you’ve found a security issue in CakePHP, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker, mailing list or IRC please send an email to security [at] Emails sent to this address go to the CakePHP core team on a private mailing list.

For each report, we try to first confirm the vulnerability. Once confirmed, the CakePHP team will take the following actions:

  • Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.

  • Get a fix/patch prepared.

  • Prepare a post describing the vulnerability, and the possible exploits.

  • Release new versions of all affected versions.

  • Prominently feature the problem in the release announcement.