Today, a new version (184.108.40.20663) of CakePHP has been released. It fixes a XSS (cross-site scripting) vulnerability in CakePHP, you find the details in ticket #1272. So it is strongly recommended to update. You find the release on CakeForge. This release contains also the SessionHelper I wrote about in the post “New core helper: SessionHelper”.