Feeling Lucky
Composer Dependency Changed
PR-4.4-dev
[#42470] - [4.4] Update phpseclib to 3.0.34
- Fixed in Code Base
- 19 Feb 2024
- Medium
- Build: 4.4-dev
- # 42470
- Diff
- SniperSister:4.4-composerdeps-dec23
User tests: Successful: Unsuccessful:
Summary of Changes
Update phpseclib to 3.0.34 to fix https://nvd.nist.gov/vuln/detail/CVE-2023-49316.
Testing Instructions
Code review.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | External Library Composer Change |
richard67
- comment
- 20 Dec 2023
I have tested this item ✅ successfully on a518908
Tested by code review + verified that the URL is correct.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42470.
rdeutz
- comment
- 20 Dec 2023
Shouldn't we have also an update for composer.json, we have still "phpseclib/bcmath_compat": "^2.0.1"
richard67
- comment
- 29 Dec 2023
@SniperSister Meanwhile there is a new release 3.0.35 available. Changelog see https://github.com/phpseclib/phpseclib/releases/tag/3.0.35 . Would it make sense to update this PR to that release?
SniperSister
- comment
- 31 Dec 2023
@richard67 as we have updated to 3.0.34 in the 5.x branch I would suggest we do the same here.
| Labels |
Added:
Composer Dependency Changed
PR-4.4-dev
|
||
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2024-02-19 11:53:47 |
| Closed_By | ⇒ | MacJoom |
MacJoom
- comment
- 19 Feb 2024
Thank you!
This will also fix issue #42142 . See also my PR #42190 for that issue, which I've just closed in favour of this one here.