FEDORA-2022-47d2e7da46
Packages in this update:
composer-2.3.5-1.fc35
Update description:
Version 2.3.5 – 2022-04-13
Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
Added warning when downloading a file with verify_peer[_name] disabled (#10722)
Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
Fixed validate command checking the lock file even if the lock option is disabled (#10723)
Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)
Version 2.3.4 – 2022-04-07
Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions (#10714)
Fixed run-script –list flag regression (#10710)
Fixed curl downloader handling of DNS resolution failures to do an automatic retry (#10716)
Fixed script handling of external commands not setting the Path env correctly on windows (#10700)
Fixed various type errors (#10694, #10696, #10702, #10712, #10703)
Version 2.3.3 – 2022-04-01
Added –2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
Added missing config.bitbucket-oauth in composer-schema.json
Fixed type errors in SvnDriver (#10681)
Fixed –version output to match the pre-2.3 one (#10684)
Fixed config/auth.json files not being validated against the composer-schema.json (#10685)
Fixed generation of autoload crashing if a package has a broken path (#10688)
Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687)
Updated semver, jsonlint deps for minor fixes
Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651)
Version 2.3.2 – 2022-03-30
Fixed type error when running exec command (#10672)
Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#10648)
Fixed type error in ComposerRepository (#10675)
Fixed issues loading platform packages where the version of a library cannot be established (#10631)
Version 2.3.1 – 2022-03-30
Fixed type error when HOME env var is not set (#10670)
Version 2.3.0 – 2022-03-30
Fixed many strict types errors (#10646, #10642, #10647, #10658, #10656, #10665, #10660, #10663, #10662)
Version 2.3.0-RC2 – 2022-03-20
Fixed invalid return value in ComposerRepository::findPackage (#10622)
Fixed many show command issues due to a flipped condition (#10623)
Fixed phpversion() handling when it returns false due to an extension defining no version (#10631)
Fixed remove command failing when no allow-plugin is defined in config (#10629)
Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632)
Version 2.3.0-RC1 – 2022-03-16
BC Break: the minimum PHP version is now 7.2.5+, use the Composer 2.2 LTS if you are stuck with an older PHP (#10343)
BC Break: added native parameter & return types to many internal APIs, we explicitly left the most extended/implemented symbols untouched but if this causes problems nonetheless please report it ASAP (#10547, #10561)
BC Break: added visibility to all constants, a few internal ones have been made private/protected, if this causes problems please report it ASAP (#10550)
BC Break: the minimum supported Symfony components version is now 5.4, this only affects you if you are requiring composer/composer directly however, which is generally frowned upon
Bumped composer-plugin-api to 2.3.0
Bumped bundled Symfony components from 2.8 to 5.4 🥳
Added declare(strict_types=1) to all the classes, which for sure could cause regressions in edge cases, please report with stack traces (#10567)
Added –patch-only to the outdated command to only show updates to patch versions and ignore new major/minor versions (#10589)
Added clickable links to various commands for terminals which support it (#10430)
Added ProcessExecutor ability to receive commands as arrays by (internals/plugin change only) (#10435)
Added abandoned flag to show/outdated commands JSON-formatted output (#10485)
Added config.reference option to path repositories to configure the way the reference is generated, and possibly reduce composer.lock conflicts (#10488)
Added automatic removal of allow-plugins rules when removing a plugin via the remove command (#10615)
Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS env vars to configure the equivalent flags (#10616)
Added support for Symfony 6.0 components
Added support for psr/log 3.x (#10454)
Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
Performance improvement in pool optimization step (#10585)
Version 2.2.10 – 2022-03-29
Fixed Bitbucket authorization detection due to API changes (#10657)
Fixed validate command warning about dist/source keys if defined (#10655)
Fixed deletion/handling of corrupted 0-bytes zip archives (#10666)
More Stories
helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42 rust-gix-dir-0.8.0-1.fc42 rust-gix-discover-0.35.0-1.fc42 rust-gix-features-0.38.2-3.fc42 rust-gix-filter-0.13.0-1.fc42 rust-gix-fs-0.11.3-1.fc42 rust-gix-glob-0.16.5-1.fc42 rust-gix-ignore-0.11.4-1.fc42 rust-gix-index-0.35.0-1.fc42 rust-gix-mailmap-0.24.0-1.fc42 rust-gix-negotiate-0.15.0-1.fc42 rust-gix-object-0.44.0-1.fc42 rust-gix-odb-0.63.0-1.fc42 rust-gix-pack-0.53.0-1.fc42 rust-gix-packetline-0.17.6-1.fc42 rust-gix-packetline-blocking-0.17.5-1.fc42 rust-gix-path-0.10.11-1.fc42 rust-gix-pathspec-0.7.7-1.fc42 rust-gix-prompt-0.8.7-1.fc42 rust-gix-protocol-0.45.3-1.fc42 rust-gix-ref-0.47.0-1.fc42 rust-gix-refspec-0.25.0-1.fc42 rust-gix-revision-0.29.0-1.fc42 rust-gix-revwalk-0.15.0-1.fc42 rust-gix-sec-0.10.8-1.fc42 rust-gix-status-0.13.0-1.fc42 rust-gix-submodule-0.14.0-1.fc42 rust-gix-tempfile-14.0.2-1.fc42 rust-gix-trace-0.1.10-1.fc42 rust-gix-transport-0.42.3-1.fc42 rust-gix-traverse-0.41.0-1.fc42 rust-gix-url-0.27.5-1.fc42 rust-gix-validate-0.9.0-1.fc42 rust-gix-worktree-0.36.0-1.fc42 rust-gix-worktree-state-0.13.0-1.fc42 rust-gix-worktree-stream-0.15.0-1.fc42 rust-onefetch-2.21.0-4.fc42 rust-prodash-29.0.0-1.fc42 rust-rustsec-0.29.3-3.fc42 rust-tame-index-0.12.0-3.fc42 rust-vergen-8.3.1-4.fc42 stgit-2.4.12-1.fc42
FEDORA-2024-1b3089c689 Packages in this update: helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42...
webkitgtk-2.46.0-1.fc39
FEDORA-2024-01501ccce2 Packages in this update: webkitgtk-2.46.0-1.fc39 Update description: Use Skia instead of cairo for 2D rendering and enable GPU rendering...
chromium-129.0.6668.58-1.fc41
FEDORA-2024-b85d941d78 Packages in this update: chromium-129.0.6668.58-1.fc41 Update description: update to 129.0.6668.58 High CVE-2024-8904: Type Confusion in V8 Medium CVE-2024-8905: Inappropriate...
chromium-129.0.6668.58-1.el8
FEDORA-EPEL-2024-2cc55c9f93 Packages in this update: chromium-129.0.6668.58-1.el8 Update description: update to 129.0.6668.58 High CVE-2024-8904: Type Confusion in V8 Medium CVE-2024-8905: Inappropriate...
USN-7023-1: Git vulnerabilities
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue...
Stored XSS in “Edit Profile” – htmlyv2.9.9
Posted by Andrey Stoykov on Sep 18 # Exploit Title: Stored XSS in "Edit Profile" - htmlyv2.9.9 # Date: 9/2024...