Joomla! Issue Tracker | Joomla! CMS #42469 - [5.0] Update phpseclib to 3.0.34

Composer Dependency Changed PR-5.0-dev

Fixed in Code Base
31 Dec 2023
Medium
Build: 5.0-dev
# 42469
Diff
SniperSister:5.0-composerdeps-dec23

Pending

User tests: Successful: Unsuccessful:

SniperSister
5 Dec 2023

Summary of Changes

Update phpseclib to 3.0.34 to fix https://nvd.nist.gov/vuln/detail/CVE-2023-49316.

Testing Instructions

Code review.

674f372 5 Dec 2023

update phpseclib

SniperSister - open - 5 Dec 2023

SniperSister - change - 5 Dec 2023

Status

New

⇒

Pending

joomla-cms-bot - change - 5 Dec 2023

Category

⇒

External Library Composer Change

richard67 - comment - 20 Dec 2023

This will also fix issue #42142 . See also my PR #42190 for that issue, which I've just closed in favour of this one here.

richard67 - test_item - 20 Dec 2023 - Tested successfully

richard67 - comment - 20 Dec 2023

I have tested this item ✅ successfully on 674f372

Tested by code review + verified that the URL is correct.

There is an additional change from "plugin-api-version": "2.6.0" to "plugin-api-version": "2.3.0", but that doesn't really matter, so I'm ok with it as it is, but would also be ok with reverting that change.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42469.}

richard67 - comment - 29 Dec 2023

@SniperSister Meanwhile there is a new release 3.0.35 available. Changelog see https://github.com/phpseclib/phpseclib/releases/tag/3.0.35 . Would it make sense to update this PR to that release?

fb2a70c 30 Dec 2023