Impact
Some files should not be in the release archive, and others should not be accessible.
Patches
The problem is fixed in 1.7.6.6
Workarounds
Make sure composer.json and docker-compose.yml are not accessible on your server.
References
Information Disclosure (CWE-200)
Thanks to Komradz
Impact
Some files should not be in the release archive, and others should not be accessible.
Patches
The problem is fixed in 1.7.6.6
Workarounds
Make sure
composer.jsonanddocker-compose.ymlare not accessible on your server.References
Information Disclosure (CWE-200)
Thanks to Komradz