Read Time:48 Second

FEDORA-2022-617a6df23e

Packages in this update:

composer-2.2.12-1.fc34

Update description:

Version 2.2.12 – 2022-04-13

Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
Fixed validate command checking the lock file even if the lock option is disabled (#10723)

Version 2.2.11 – 2022-04-01

Added missing config.bitbucket-oauth in composer-schema.json
Added –2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
Updated semver, jsonlint deps for minor fixes
Fixed generation of autoload crashing if a package has a broken path (#10688)
Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651)

Read More