CodeIgniter Update?

[ColeDCrawford]

Hi Craig and team - I was wondering if there is a timeline for upgrading CodeIgniter 2 to v3 or v4. I saw this old issue from 2017 around the same question: #77. It looks like CodeIgniter v2 has been EOL since 2015, so I don't think it's getting any security patches or updates at this point. Not sure how those potential vulnerabilites are being tracked or handled. I recognize that updating the framework would definitely be a major lift but curious to know how this fits into the Scalar goals.

[craigdietrich]

Hi @ColeDCrawford,

No plan to update CodeIgniter at this stage. As you mention, it's a pretty monumental effort, for both the update and for systems that run Scalar to update (they would need to change config files, update core files, etc..).

[paulmer]

I'd like to vote for this to be a higher priority. The use of an 8 year old unsupported package (and the abandoned sonata-project/google-authenticator) in Scalar is a security concern for me, unless the Scalar project is taking over security maintenance of these packages? Yes, it's a heavy lift to update, but it's not going to get easier as time goes by. Better to bite the bullet now and be able to get the latest patches, then let things languish until there's a problem.

[brucehvn]

I'm in the middle of getting Scalar up and running on CI 3.1.13 so that we can support PHP 10.x. We have a working copy we are currently testing and I'm in the process of migrating all the commits that have happened since I made the initial branch to work on this. It will take some time to get those up-to-date and to figure out the best way to handle migration as it is a big jump with lots of changes. It will be somewhat better organized with almost all 3rd party libraries installed by composer and changes to core CI files done properly with overrides in the application folder. Also trying to prepare for the next step which will be migrating to CI 4 to really bring Scalar into the 21st century :)