FEDORA-EPEL-2015-7612

security update in Fedora EPEL 7 for php-twig

Status: stable 3 years ago

1.20.0 (2015-08-12)

  • forbid access to the Twig environment from templates and internal parts of Twig_Template
  • fixed limited RCEs when in sandbox mode
  • deprecated Twig_Template::getEnvironment()
  • deprecated the _self variable for usage outside of the from and import tags
  • added Twig_BaseNodeVisitor to ease the compatibility of node visitors between 1.x and 2.x

1.19.0 (2015-07-31)

  • fixed wrong error message when including an undefined template in a child template
  • added support for variadic filters, functions, and tests
  • added support for extra positional arguments in macros
  • added ignore_missing flag to the source function
  • fixed batch filter with zero items
  • deprecated Twig_Environment::clearTemplateCache()
  • fixed sandbox disabling when using the include function

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2015-7612

Comments 10

This update has been submitted for testing by siwinski.

This update is currently being pushed to the Fedora EPEL 7 testing updates repository.

This update has been pushed to testing

siwinski edited this update.

siwinski edited this update.

This update has been submitted for testing by siwinski.

This update has been pushed to testing

siwinski edited this update.

This update has been submitted for stable by siwinski.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1249259 php-twig-v1.20.0 is available
#1255795 php-twig: Remote code execution via Twig templates
#1255797 php-twig: Remote code execution via Twig templates [epel-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 3

00 #1249259 php-twig-v1.20.0 is available
00 #1255795 php-twig: Remote code execution via Twig templates
00 #1255797 php-twig: Remote code execution via Twig templates [epel-all]

Automated Test Results