Getting feedback and help from the community in the form of tickets is an
extremely important part of the CakePHP development process. All of CakePHP’s
tickets are hosted on GitHub.
Well written bug reports are very helpful. There are a few steps to help create
the best bug report possible:
- Do: Please search
for a similar existing ticket, and ensure someone hasn’t already reported your
issue, or that it hasn’t already been fixed in the repository.
- Do: Please include detailed instructions on how to reproduce the bug.
This could be in the form of a test-case or a snippet of code that
demonstrates the issue. Not having a way to reproduce an issue means it’s less
likely to get fixed.
- Do: Please give as many details as possible about your environment: (OS,
PHP version, CakePHP version).
- Don’t: Please don’t use the ticket system to ask support questions. Both the support channel on the
CakePHP Slack workspace and the #cakephp IRC channel on Freenode have many
developers available to help answer your questions. Also have a look at
Stack Overflow or the official CakePHP forum.
Reporting Security Issues
If you’ve found a security issue in CakePHP, please use the following procedure
instead of the normal bug reporting system. Instead of using the bug tracker,
mailing list or IRC please send an email to security [at] cakephp.org.
Emails sent to this address go to the CakePHP core team on a private mailing
For each report, we try to first confirm the vulnerability. Once confirmed, the
CakePHP team will take the following actions:
- Acknowledge to the reporter that we’ve received the issue, and are working on
a fix. We ask that the reporter keep the issue confidential until we announce
- Get a fix/patch prepared.
- Prepare a post describing the vulnerability, and the possible exploits.
- Release new versions of all affected versions.
- Prominently feature the problem in the release announcement.