- Issue created by @Andreas Albers
- First commit to issue fork.
- Status changed to Needs review
4 months ago 10:23am 29 August 2024 - 🇮🇳India sarwan_verma
Hi,
I have successfully applied the patch, and it is now working for me. I have created a Merge Request (MR!3) for it. please review it?
Thanks!
- 🇨🇦Canada kpaxman
Also important due to the recently announced library vulnerability. https://github.com/advisories/GHSA-ghg6-32f9-2jp7
- 🇳🇱Netherlands spokje
$ composer audit Found 2 security vulnerability advisories affecting 1 package: +-------------------+----------------------------------------------------------------------------------+ | Package | phpoffice/phpspreadsheet | | Severity | high | | CVE | CVE-2024-45048 | | Title | XXE in PHPSpreadsheet encoding is returned | | URL | https://github.com/advisories/GHSA-ghg6-32f9-2jp7 | | Affected versions | <2.2.1 | | Reported at | 2024-08-29T17:58:27+00:00 | +-------------------+----------------------------------------------------------------------------------+ +-------------------+----------------------------------------------------------------------------------+ | Package | phpoffice/phpspreadsheet | | Severity | medium | | CVE | CVE-2024-45046 | | Title | PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style | | | information | | URL | https://github.com/advisories/GHSA-wgmf-q9vr-vww6 | | Affected versions | <2.1.0 | | Reported at | 2024-08-29T17:56:56+00:00 | +-------------------+----------------------------------------------------------------------------------+
- 🇳🇱Netherlands spokje
Added a new commit to the MR, in which I bumped
phpoffice/phpspreadsheet
to ^2.1, dropped dev-dependencyvijaycs85/drupal-quality-checker
.The latter kept us on composer 1.x and, by the looks of it, won't work on the (not-so-new-anymore) GitLab CI that Drupal uses nowadays.
After that commit I get:
$ composer audit No security vulnerability advisories found.
- 🇫🇷France prudloff Lille
Yes, drupal-quality-checker is not maintained anymore so we should remove it. (Also we probably don't need to version composer.lock if we don't have any dev tools anymore.)
Thanks for the MR, I will test it next week. - First commit to issue fork.
- Status changed to RTBC
4 months ago 10:46pm 1 September 2024 - 🇳🇿New Zealand ericgsmith
Have tested this with a few webforms. Changes look good and cell headers and data produced the expected results for me.
Setting to RTBC - I note there is a comment that the composer.lock file can be removed that hasn't been actioned yet, needs works if that is intended to happen here but the changes around the library and v2 compatibility look good to me.
-
prudloff →
committed 2cb2ca6d on 8.x-1.x authored by
sarwan_verma →
Issue #3470891: Webform XLSX Export Module to Support PHPSpreadsheet ^2....
-
prudloff →
committed 2cb2ca6d on 8.x-1.x authored by
sarwan_verma →
- Status changed to Fixed
4 months ago 8:22am 2 September 2024 Automatically closed - issue fixed for 2 weeks with no activity.