diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2024-09-28 14:47:41 +0200 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2024-09-28 15:07:23 +0200 |
| commit | 4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687 (patch) | |
| tree | fad2b149f74383897841db0e8e749fd7ea9c95ba /vendor/composer/installed.php | |
| parent | c12ef4fbf4b2046e0af68b11e8fe5af2d335f32e (diff) | |
| download | volse-hubzilla-4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687.tar.gz volse-hubzilla-4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687.tar.bz2 volse-hubzilla-4dff1a1e5b6d1117cf3a8ad9924d38fb7d01b687.zip | |
deps: Upgrade smarty/smarty to version 4.5.4
This eliminates a potential vulnerability where an template author could
inject arbitrary PHP files to be run via the 'extends' tag.
See:
- https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
- https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a
Impact assessment:
In our case I would consider this a low severity issue as we don't
allow users to dynamically add or edit smarty templates. Templates has
to be updated via merge requests, or by installing a theme. In both
cases a malicious attacker already has easier ways to inject whatever
code they want.
Further, the extend tag is not in use in any of our core templates.
Diffstat (limited to 'vendor/composer/installed.php')
| -rw-r--r-- | vendor/composer/installed.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index 595995bde..08afaebaa 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'zotlabs/hubzilla', 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '39933052a9eb827afee3965509909ba314de5257', + 'reference' => 'c12ef4fbf4b2046e0af68b11e8fe5af2d335f32e', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -269,9 +269,9 @@ 'dev_requirement' => false, ), 'smarty/smarty' => array( - 'pretty_version' => 'v4.4.1', - 'version' => '4.4.1.0', - 'reference' => 'f4152e9b814ae2369b6e4935c05e1e0c3654318d', + 'pretty_version' => 'v4.5.4', + 'version' => '4.5.4.0', + 'reference' => 'c11676e85aa71bc7c3cd9100f1655a9f4d14616e', 'type' => 'library', 'install_path' => __DIR__ . '/../smarty/smarty', 'aliases' => array(), @@ -349,7 +349,7 @@ 'zotlabs/hubzilla' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '39933052a9eb827afee3965509909ba314de5257', + 'reference' => 'c12ef4fbf4b2046e0af68b11e8fe5af2d335f32e', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), |