Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Twig security issue #328

Merged
merged 1 commit into from
Sep 26, 2024
Merged

Fix Twig security issue #328

merged 1 commit into from
Sep 26, 2024

Conversation

dfranco
Copy link
Contributor

@dfranco dfranco commented Sep 24, 2024
edited
Loading

Bump twig/twig dependency to version 3.11.1 to address a Twig security issue (CVE-2024-45411).

Issue already fixed, and further details are available at GHSA-6j75-5wfj-gh66

phpunit tests result

$ XDEBUG_MODE=coverage vendor/bin/phpunit
PHPUnit 9.6.21 by Sebastian Bergmann and contributors.

.....................................................             53 / 53 (100%)

Time: 00:00.255, Memory: 16.00 MB

OK (53 tests, 114 assertions)

@dfranco
Copy link
Contributor Author

dfranco commented Sep 25, 2024

@odan could you please review this PR and if you agree, publish a new release ?

Best,

odan
odan reviewed Sep 25, 2024
View reviewed changes
composer.json Outdated
},
"require-dev": {
"phpspec/prophecy-phpunit": "^2.0",
"phpstan/phpstan": "^1.10.59",
"phpunit/phpunit": "^9.6 || ^10",
Copy link
Contributor

@odan odan Sep 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this change necessary?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not 100% sure, let me check and I'll update my branch or leave a comment here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change has been reverted, it was due to my tests.

@odan
Copy link
Contributor

odan commented Sep 25, 2024

Thanks @dfranco for the PR. I can merge it if we keep phpunit/phpunit as it was before.

Fix Twig security issue
abeaa9a 
Fix Twig security issue (CVE-2024-45411) by upgrading twig/twig dependency.
@dfranco
Copy link
Contributor Author

dfranco commented Sep 26, 2024

Thanks @dfranco for the PR. I can merge it if we keep phpunit/phpunit as it was before.

phpunit/phpunit change has been reverted, this pr is ready to be merged.

@odan odan merged commit b4268d8 into slimphp:3.x Sep 26, 2024
6 checks passed
@dfranco
Copy link
Contributor Author

dfranco commented Sep 26, 2024

Thanks @odan

Do you plan to publish a release soon ?

I need to publish a security release of some of my projets which use twig-view.

Best,

@odan
Copy link
Contributor

odan commented Sep 26, 2024

Yes, its planned for today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@odan odan odan left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dfranco @odan