News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Evert Pot:
Composer's bug now fixed
February 24, 2014 @ 12:38:06

Evert Pot has posted an update to a previous post around Composer's vulnerability around installing the wrong packages in the case of a conflict. In this latest post he points out, however, that the bug is now fixed.

As an update to my previous post, the composer security problem now appears fixed. Good to see that a quick response was possible after all.

The original issue was caused by the "replace" functionality, allowing the possibility for an incorrect package to be installed instead of the one requested. Other posts with more details include this one from Pádraic Brady and Nils Adermann. if you're a Composer user, it's highly suggested you update your currently installed version (run a "composer self-update").

0 comments voice your opinion now!
composer bug security vulnerability fix selfupdate

Link: http://evertpot.com/composer-bug-fixed

blog comments powered by Disqus

Similar Posts

Smashing Magazine: Keeping Web Users Safe By Sanitizing Input Data

Pierre-Alain Joye's Blog: Zip 1.8.7, safemode and open_basedir fixes

IBM developerWorks: Locking down your PHP applications

Milw0rm.com: Exploit - PHP5 COM Object Security Bypass (Windows)

Community News: PHP 5.1.3RC3 Released


Community Events





Don't see your event here?
Let us know!


introduction version language opinion series interview voicesoftheelephpant framework security library conference laravel artisanfiles symfony list community tool podcast composer release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework