Skip to content

Patch vulnerability advisory#3966

Merged
SychO9 merged 1 commit into2.xfrom
luceos-patch-1
Feb 22, 2024
Merged

Patch vulnerability advisory#3966
SychO9 merged 1 commit into2.xfrom
luceos-patch-1

Conversation

@luceos
Copy link
Member

@luceos luceos commented Feb 22, 2024
edited
Loading

Seems composer has a vulnerability, see GHSA-7c6p-848j-wh5h

Affected versions

= 2.0.0-alpha1, < 2.2.23 -- patched in 2.2.23
= 2.3.0-rc1, < 2.7.0 -- patched in 2.7.0

Let's raise the minimum to enforce the latest. This probably needs to be backported to 1.x once this is merged.

Thank you @PeopleInside for reporting this.

@luceos
Patch vulnerability advisory
befc03f 
Seems composer has a vulnerability, see GHSA-7c6p-848j-wh5h


Affected versions
>= 2.0.0-alpha1, < 2.2.23 -- patched in 2.2.23
>= 2.3.0-rc1, < 2.7.0 -- patched in 2.7.0

---

Let's raise the minimum to enforce the latest.

Thank you @PeopleInside for reporting this.
@luceos luceos requested a review from a team as a code owner February 22, 2024 09:44
@SychO9 SychO9 merged commit e771b90 into 2.x Feb 22, 2024
@SychO9 SychO9 deleted the luceos-patch-1 branch February 22, 2024 10:40
SychO9 pushed a commit that referenced this pull request Feb 22, 2024
@luceos @SychO9
Patch vulnerability advisory (#3966)
a52959c 
Seems composer has a vulnerability, see GHSA-7c6p-848j-wh5h

Affected versions
>= 2.0.0-alpha1, < 2.2.23 -- patched in 2.2.23
>= 2.3.0-rc1, < 2.7.0 -- patched in 2.7.0

---

Let's raise the minimum to enforce the latest.

Thank you @PeopleInside for reporting this.

(cherry picked from commit e771b90)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SychO9 SychO9 SychO9 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@luceos @SychO9