stable

composer-2.6.5-1.el9

FEDORA-EPEL-2023-a0ec47d7c6 created by remi a year ago for Fedora EPEL 9

Version 2.6.5 - 2023-10-06

  • Fixed error when vendor dir contains broken symlinks (#11670)
  • Fixed composer.lock missing from Composer's zip archives (#11674)
  • Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

Version 2.6.4 - 2023-09-29

  • Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
  • Fixed json output of abandoned packages in audit command (#11647)
  • Performance improvement in pool optimization step (#11638)
  • Performance improvement in show -a <packagename> (#11659)

This update has been submitted for testing by remi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has obsoleted composer-2.6.4-1.el9, and has inherited its bugs and notes.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
Builds
1
composer-2.6.5-1.el9
BZ#2241496 CVE-2023-43655 composer: Remote Code Execution via web-accessible composer.phar
0
0
BZ#2241497 CVE-2023-43655 composer: Remote Code Execution via web-accessible composer.phar [epel-all]
0
0
composer-2.6.5-1.el9

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-5kbt2.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy