New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security vulnerability advisory #15

Closed

mtangoo opened this issue Jul 11, 2023 · 3 comments

Labels

Milestone

Contributor

mtangoo commented Jul 11, 2023

It seems time to update league server version. here is the report from composer audit

Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | league/oauth2-server |
| CVE | CVE-2023-37260 |
| Title | league/oauth2-server key exposed in exception message when passing as a string a |
| | nd providing an invalid pass phrase |
| URL | GHSA-wj7q-gjg8-3cpm |
| Affected versions | >=8.3.2,<8.5.3 |
| Reported at | 2023-07-06T21:07:27+00:00 |
+-------------------+----------------------------------------------------------------------------------+

The text was updated successfully, but these errors were encountered:

Owner

rhertogh commented Jul 13, 2023

Hi, I'm waiting for thephpleague/oauth2-server#1359 to be merged since 8.5 requires PHP 8.

Contributor Author

mtangoo commented Jul 13, 2023

Didn't notice that since everything I code in runs at least on 8.1
I can leave this ope to track that ticket!

Owner

rhertogh commented Aug 4, 2023

Fixed in v1.0.0-alpha15

rhertogh closed this as completed

rhertogh added the security label

rhertogh added this to the 1.0.0-alpha15 milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment