--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-617a6df23e
2022-04-21 20:57:05.212161
--------------------------------------------------------------------------------Name        : composer
Product     : Fedora 34
Version     : 2.2.12
Release     : 1.fc34
URL         : https://getcomposer.org/
Summary     : Dependency Manager for PHP
Description :
Composer helps you declare, manage and install dependencies of PHP projects,
ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

--------------------------------------------------------------------------------Update Information:

**Version 2.2.12** - 2022-04-13  * Security: Fixed command injection
vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) *
Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
* Fixed composer.lock file still being used/read when the `lock` config option
is disabled (#10726) * Fixed `validate` command checking the lock file even if
the `lock` option is disabled (#10723)  ----  **Version 2.2.11** -  2022-04-01
* Added missing config.bitbucket-oauth in composer-schema.json * Added --2.2
flag to `self-update` to pin the Composer version to the 2.2 LTS range (#10682)
* Updated semver, jsonlint deps for minor fixes * Fixed generation of autoload
crashing if a package has a broken path (#10688) * Removed dev-master=>dev-main
alias from #10372 as it does not work when reloading from lock file and
extracting dev deps (#10651)
--------------------------------------------------------------------------------ChangeLog:

* Thu Apr 14 2022 Remi Collet  - 2.2.12-1
- update to 2.2.12
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-617a6df23e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 34: composer 2022-617a6df23e

April 21, 2022
**Version 2.2.12** - 2022-04-13 * Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) * Fixed curl downloader not retrying ...

Summary

Composer helps you declare, manage and install dependencies of PHP projects,

ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

**Version 2.2.12** - 2022-04-13 * Security: Fixed command injection

vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) *

Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)

* Fixed composer.lock file still being used/read when the `lock` config option

is disabled (#10726) * Fixed `validate` command checking the lock file even if

the `lock` option is disabled (#10723) ---- **Version 2.2.11** - 2022-04-01

* Added missing config.bitbucket-oauth in composer-schema.json * Added --2.2

flag to `self-update` to pin the Composer version to the 2.2 LTS range (#10682)

* Updated semver, jsonlint deps for minor fixes * Fixed generation of autoload

crashing if a package has a broken path (#10688) * Removed dev-master=>dev-main

alias from #10372 as it does not work when reloading from lock file and

extracting dev deps (#10651)

* Thu Apr 14 2022 Remi Collet - 2.2.12-1

- update to 2.2.12

su -c 'dnf upgrade --advisory FEDORA-2022-617a6df23e' at the command

line. For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2022-617a6df23e 2022-04-21 20:57:05.212161 Product : Fedora 34 Version : 2.2.12 Release : 1.fc34 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ **Version 2.2.12** - 2022-04-13 * Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) * Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716) * Fixed composer.lock file still being used/read when the `lock` config option is disabled (#10726) * Fixed `validate` command checking the lock file even if the `lock` option is disabled (#10723) ---- **Version 2.2.11** - 2022-04-01 * Added missing config.bitbucket-oauth in composer-schema.json * Added --2.2 flag to `self-update` to pin the Composer version to the 2.2 LTS range (#10682) * Updated semver, jsonlint deps for minor fixes * Fixed generation of autoload crashing if a package has a broken path (#10688) * Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651) * Thu Apr 14 2022 Remi Collet - 2.2.12-1 - update to 2.2.12 su -c 'dnf upgrade --advisory FEDORA-2022-617a6df23e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
Product : Fedora 34
Version : 2.2.12
Release : 1.fc34
URL : https://getcomposer.org/
Summary : Dependency Manager for PHP

Related News

1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved