-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP #14087
Conversation
This didn't fix it because
|
Added dependencies and ran with PHP 7.4 to preserve that platform requirement |
FTR here is what is getting updated:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the contribution to help keep us secure! It's very much appreciated.
I tested it by doing this - first, I read up on the AWS SDK for PHP, and its minimum PHP versions - which are very conservative (which I like). Then, I tested by switching my system version of PHP to each of 7.4.x, 8.0.x, and 8.1.x and blowing out ./vendors
and running composer install
- and ensuring that php artisan test
works.
I should note that php 8.2.x does not work (dependencies will not install), but I am hoping that we will be able to enable that - and maybe even 8.3 - once we can release Snipe-IT v7.
Thanks again!
TY @joelpittet! |
Description
Type of change
How Has This Been Tested?
Composer audit before and after fix