public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Update changelog

pull/12013/head
Jordi Boggiano 2024-06-10 22:14:46 +02:00
parent 01ce481f22
commit a4a83a341a
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@ -2,14 +2,14 @@
* Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241) * Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
* Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242) * Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
* Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
* Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
* Security: Fixed perforce argument escaping (3773f775)
* Security: Fixed handling of zip bombs when extracting archives (de5f7e32)
* Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)
* Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957) * Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
* Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000) * Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
* Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001) * Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
* Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
* Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
* Fixed perforce argument escaping (3773f775)
* Fixed handling of zip bombs when extracting archives (de5f7e32)
* Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)
* Fixed ability for `config` command to remove autoload keys (#11967) * Fixed ability for `config` command to remove autoload keys (#11967)
* Fixed empty `type` support in `init` command (#11999) * Fixed empty `type` support in `init` command (#11999)
* Fixed git clone errors when `safe.bareRepository` is set to `strict` in the git config (#11969) * Fixed git clone errors when `safe.bareRepository` is set to `strict` in the git config (#11969)