Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.0] Update phpseclib to 3.0.34 #42469

Merged
merged 4 commits into from Dec 31, 2023
Merged

[5.0] Update phpseclib to 3.0.34 #42469

merged 4 commits into from Dec 31, 2023

Conversation

SniperSister
Copy link
Contributor

Summary of Changes

Update phpseclib to 3.0.34 to fix https://nvd.nist.gov/vuln/detail/CVE-2023-49316.

Testing Instructions

Code review.

@richard67 richard67 mentioned this pull request Dec 20, 2023
Closed
2 tasks
@richard67
Copy link
Member

This will also fix issue #42142 . See also my PR #42190 for that issue, which I've just closed in favour of this one here.

richard67
richard67 reviewed Dec 20, 2023
View reviewed changes
composer.lock Outdated Show resolved Hide resolved
@richard67
Copy link
Member

I have tested this item ✅ successfully on 674f372

Tested by code review + verified that the URL is correct.

There is an additional change from "plugin-api-version": "2.6.0" to "plugin-api-version": "2.3.0", but that doesn't really matter, so I'm ok with it as it is, but would also be ok with reverting that change.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42469.

@richard67
Copy link
Member

@SniperSister Meanwhile there is a new release 3.0.35 available. Changelog see https://github.com/phpseclib/phpseclib/releases/tag/3.0.35 . Would it make sense to update this PR to that release?

@bembelimen bembelimen merged commit eaf830e into joomla:5.0-dev Dec 31, 2023
2 checks passed
@bembelimen
Copy link
Contributor

Thx

@bembelimen bembelimen added this to the Joomla! 5.0.2 milestone Dec 31, 2023
Razzo1987 added a commit that referenced this pull request Jan 4, 2024
@Razzo1987 @RickR2H
@heelc29 @laoneo @richard67 @brianteeman @wilsonge @alikon @bembelimen @SniperSister @janschoenherr
[5.1] upmerge 2024-01-04 (#42609)
cb6bba1 
* Fix link and button colors in header footer (#42504)

* [4.x] add php 8.3 to tests (#42545)

* Update the signature for #42545 (#42552)

* [4.4] Joomlaupdate remove br tag from language strings - follow up to PR 42489 (#42550)

* Better English (1)

* Better English (2)

* Remove br html element from language strings

* Fixes to form validation process (#42560)

Fixes hardening measure introduced in #23716

* [4][com_actionlogs] missed load plugin languages (#42562)

* load lang

* test-4-dupkey

* Better message on package uninstallation (#42570)

* Better message on package uninstallation when an extension from that package is missing. Fixes issue #42537 .

* backport #41865 (#42088)

* backport [5] update from nightly to latest nightly build #41865

* [5] harmonize naming task types (#42574)

* [5.0] colour contrast in media manager file list [a11y] (#42544)

* [5.0] Update phpseclib to 3.0.34 (#42469)

* Fix `function` parameter lost during redirect (#42315)

* Fix `function` parameter lost during redirect

* Move function parameter to form url

* Remove hidden input

* [4.4] Fix SQL error "1104 The SELECT would examine more than MAX_JOIN_SIZE rows" when checking for core updates (#42576)

* Use concat of columns for getting core extensions

* Fix PHPCS

* Remove wrong quotes

* Revert min version in drone (#42583)

* Joomla! 5.0.2 Release Candidate 1

* Revert to dev

* [4][com_templates] cast to int for pgsql (#42569)

* cast to int for pgsql

* yet-another

* patch article tags (#42486)

* Joomla 5.0.2 Release Candidate 2

* Reset to dev

* Update signature HMAC in .drone.yml

---------

Co-authored-by: Rick Spaan <rick@r2h.nl>
Co-authored-by: Christian Heel <66922325+heelc29@users.noreply.github.com>
Co-authored-by: Allon Moritz <allon.moritz@digital-peak.com>
Co-authored-by: Richard Fath <richard67@users.noreply.github.com>
Co-authored-by: Brian Teeman <brian@teeman.net>
Co-authored-by: George Wilson <georgejameswilson@googlemail.com>
Co-authored-by: Nicola Galgano <optimus4joomla@gmail.com>
Co-authored-by: Benjamin Trenkle <benjamin.trenkle@wicked-software.de>
Co-authored-by: Benjamin Trenkle <bembelimen@users.noreply.github.com>
Co-authored-by: David Jardin <d.jardin@djumla.de>
Co-authored-by: janschoenherr <jan@yootheme.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richard67 richard67 richard67 left review comments

Assignees
No one assigned
Labels
Composer Dependency Changed PR-5.0-dev
Projects
None yet
Milestone
Joomla! 5.0.2
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@SniperSister @richard67 @bembelimen @joomla-cms-bot