Skip to main content

Posts

Showing posts with the label #laravel 8 #laravel 2021 april

Composer Security Update (CVE-2021-29472) for leravel #2021

Composer had a security vulnerability reported (CVE-2021-29472) and a new version has been released to address this. Everyone should run  composer self-update  to get v2.0.13 which includes the fix. According to their  announcment : As a precaution after updating Composer we recommend you audit your composer.lock files to ensure they only contain URLs and none which start with -- , e.g. --config and could be considered command line options. Should you find any such URL values despite our belief that this vulnerability was not exploited in the wild, please contact us immediately by email to security@packagist.org. In general we always recommend you review changes you make to your lock files to ensure no untrusted dependencies or external URLs are introduced to your application. Please note that Packagist.org is only a metadata server and package contents are downloaded from a location chosen by the package maintainers. Private Packagist will store copies of mirrored package contents, so