Skip to main content

Composer Security Update (CVE-2021-29472) for leravel #2021

Composer had a security vulnerability reported (CVE-2021-29472) and a new version has been released to address this. Everyone should run composer self-update to get v2.0.13 which includes the fix.

According to their announcment:

As a precaution after updating Composer we recommend you audit your composer.lock files to ensure they only contain URLs and none which start with -- , e.g. --config and could be considered command line options. Should you find any such URL values despite our belief that this vulnerability was not exploited in the wild, please contact us immediately by email to security@packagist.org.

In general we always recommend you review changes you make to your lock files to ensure no untrusted dependencies or external URLs are introduced to your application. Please note that Packagist.org is only a metadata server and package contents are downloaded from a location chosen by the package maintainers. Private Packagist will store copies of mirrored package contents, so Composer can download them from there, but the lock files will still contain the maintainers' original URLs for reference and as a fallback.

Read more about this in the Packagist official announcement 

Labels

Labels:

Popular posts from this blog

Laravel8 in Serializes Models trait | laravelnote

This article was originally posted, with additional formatting, on my personal blog at laravel serializes model Background  When dispatching an object onto the queue, behind the scenes Laravel is recursively serializing the object and all of its properties into a string representation that is then written to the queue. There it awaits a queue worker to retrieve it from the queue and unserialize it back into a PHP object (Phew!). Problem When complicated objects are serialized, their string representations can be atrociously long, taking up unnecessary resources both on the queue and application servers. Solution Because of this, Laravel offers a trait called SerializesModels which, when added to an object, finds any properties of type Model or Eloquent\Collection during serialization and replaces them with a plain-old-PHP-object (POPO) known as a ModelIdentifier. These identifier objects represent the original properties Model type and ID, or IDs in the case of an Eloquent\Collecti...
Read more

Octane Support in Laravel forge 2021 5 may

 Back in March, Taylor announced the new Laravel Octane project at Laracon Online. Since then, we've been busy working on bug fixes and enhancements to Octane, as well as adding support to Laravel Forge. Today we're pleased to announce that Octane support is available in Forge. We've written the guide below to help you get started. Please keep in mind that Octane is still in beta and should not be used in production. Prerequisites Your project must require "laravel/octane": "^0.3.2" or above. Your server must have PHP 8.0 installed. You should then follow the Octane installation instructions listed in the Octane repository. Creating an Octane Site Octane can be enabled by selecting the Laravel Octane (Beta) project type option and PHP 8.0 as the PHP version that should be used to serve your site: Laravel Octane Project Type Laravel Octane Project Type Once the project type has been selected, Forge will ask for the port that Octane should listen on. Unlik...
Read more

Create Your Next Project's Readme in Laravel8 | laravelnote

  The readme.so editor gives you visual cues, starter section templates and includes many standard readme sections you're likely to use. It also has a nice preview to help guide you along the way. Never forget a section for your readme again! Select sections to add to your readme, edit the contents, and drag to rearrange. See a live-updating rendered preview of your markdown, then download your README.md file! Here's an example of starting an API section, which provides helpful formatting. You might need to specify API params: The editor includes both light and dark editor support, and you can download or copy/paste the raw markdown of your readme into version control once you're done. You can learn more about this project and start using it on  readme.so . Also, be sure to check out  readme.so on Product Hunt  and upvote it if you find it useful!
Read more