Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Fedora 44 Composer Critical Shell Escaping Fix Advisory 2026-9b34a78e81

fedora
Calendar Grey June 12, 2026
Dist Fedora Esm H88
Critical Fedora Advisory for Composer 2.10.1 addresses security flaws including shell escaping issues and signature verification.
Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor (#12903) Security: Verify backup phar signature before restoring it when using self- update --roll...

Summary

Composer helps you declare, manage and install dependencies of PHP projects,

ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

Update Information:

Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor (#12903) Security: Verify backup phar signature before restoring it when using self- update --rollback (#12918) Fixed source-fallback also disabling fallbacks to dist install when source is the preferred install method (#12888) Fixed source - dist package updates wiping the .git dir without checking for local changes first (#12912) Fixed GitHub token prompt happening multiple times on parallel auth failures (#12913) Fixed warnings from Composer repositories being printed twice in some cases (#12907) Version 2.10.0 Read the Composer 2.10 Release Announcement for more details on the release highlights. Full Changelog BC Break / Security: Disabled automatic fallback to source checkout if dist/zip install fails, we have introduced a new source-fallback config option as a temporary way to restore the old behavior, but if you need this talk to us as we plan to remove it entirely in 2.11 (#...

Topics%20covered

Topics Covered

security advisory fedora critical PHP dependency shell escaping backup signature

Change Log

* Thu Jun 4 2026 Remi Collet - 2.10.1-1 - update to 2.10.1 * Thu May 28 2026 Remi Collet - 2.10.0-1 - update to 2.10.0

References

Fedora Update Notification FEDORA-2026-9b34a78e81 2026-06-13 01:09:32.029641+00:00 Name : composer Product : Fedora 44 Version : 2.10.1 Release : 1.fc44 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9b34a78e81' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: composer
Product: Fedora 44
Version: 2.10.1
Release: 1.fc44
URL: https://getcomposer.org/
Summary: Dependency Manager for PHP

Topics%20covered

Topics Covered

security advisory fedora critical PHP dependency shell escaping backup signature

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here