Skip to content

v3.14.2

Choose a tag to compare

View all tags
@alies-dev alies-dev released this 22 Jun 00:15
v3.14.2
0632503
This commit was signed with the committer’s verified signature.
alies-dev Alies Lapatsin
SSH Key Fingerprint: it5A0rKOAcE2lG9g8/p6Qe4+rwundBmqntUGDr5mfwg
Verified
Learn about vigilant mode.

Patch release: fewer false positives on Laravel's Application contract and uploaded files, plus a simpler (but more powerful and secure) generated CI workflow added via psalm-laravel add ci.

Fixes

  • Resolve concrete-only Application methods (isProduction(), isLocal(), path(), ...) when the receiver is typed on the Contracts\Foundation\Application interface, eliminating false UndefinedInterfaceMethod on app(), ServiceProvider::$app, and Command::$laravel (#1141)
  • 🛡️ Stop false TaintedFile / TaintedSSRF on UploadedFile reads: its only string coercion is the server-controlled temp path, while the user-controlled accessors (contents, client name, MIME type) stay tainted (#1136)
  • Simplify the generated GitHub Actions workflow to a single Psalm job (Psalm 7 runs taint analysis by default) and add CLI-first CI docs (#1132)

Full Changelog: v3.14.1...v3.14.2

Assets 2
Loading