- Issue created by @vishalkhode
- 🇺🇸United States DamienMcKenna NH, USA
While site maintainers can already update their sites to deal with the security vulnerability if they do "composer update" and are using PHP 8.0 or above, the issue here is to increase the minimum required versions so sites are forced to update. This would also force sites to update to PHP 8.
- @vishalkhode-0 opened merge request.
- 🇮🇳India vishalkhode
@DamienMcKenna I've submitted an MR !102 and here I did not update the minimum required versions. Instead, I added conflicts to prevent the usage of unsecured versions and enforced the adoption of secure releases based on PHP versions. For example, the release 8.3.0 or 8.3.1 (which doesn't contain vulnerability ) will be used for PHP ^7.2 and release >=8.5.3 will be enforced for PHP ^8.0.
- Status changed to Needs review
12 months ago 11:47am 18 July 2023 - 🇮🇳India vishalkhode
This is no longer required now, as the league/oauth2-server library have released a minor release supporting PHP 7.4
- Status changed to Closed: outdated
11 months ago 8:58am 4 August 2023