Stay Secure with the Latest Linux Advisories

security advisoryupdateFedora

Fedora 29: FEDORA-2019-a9a37fed18 Moderate: php-twig2 Sandbox Issue

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-a9a37fed18 2019-03-23 02:56:03.380042 --------------------------------------------------------------------------------Name : php-twig2 Product : Fedora 29 Version : 2.7.2 Release : 1.fc29 URL : https://twig.symfony.com Summary : The flexible, fast, and secure template engine for PHP Description : The flexible, fast, and secure template engine for PHP. * Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. * Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a template language for applications where users may modify the template design. * Flexible: Twig is powered by a flexible lexer and parser. This allows the developer to define its own custom tags and filters, and create its own DSL. Autoloader: /usr/share/php/Twig2/autoload.php --------------------------------------------------------------------------------Update Information: **Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill parameter is used * added preserveKeys support for the batch filter * fixed "embed"support when used from "template_from_string" * deprecated passing a Twig\Template to Twig\Environment::load()/Twig\Environment::resolveTemplate() * added the possibility to pass a TemplateWrapper to Twig\Environment::load() * marked Twig\Environment::getTemplateClass() as internal (implementation detail) * improved the performance of the sandbox * deprecated the spaceless tag * added a spaceless filter * added max value to the "random" function * deprecated Twig\Extension\InitRuntimeInterface * deprecated Twig\Loader\ExistsLoaderInterface * deprecated PSR-0 classes in favor of namespaced ones * made namespace classes the default classes (PSR-0 ones are aliases now) * added Twig\Loader\ChainLoader::getLoaders() * removed duplicated directory separator in FilesystemLoader * deprecated the "base_template_class" option on Twig\Environment * deprecated the Twig\Environment::getBaseTemplateClass() and Twig\Environment::setBaseTemplateClass() methods * changed internal code to use the namespaced classes as much as possible * deprecated Twig_Parser::isReservedMacroName() --------------------------------------------------------------------------------ChangeLog: * Wed Mar 13 2019 Remi Collet - 2.7.2-1 - update to 2.7.2 * Mon Jan 14 2019 Remi Collet - 2.6.2-1 - update to 2.6.2 * Tue Dec 18 2018 Remi Collet - 2.6.0-1 - update to 2.6.0 - add dependency on symfony/polyfill-mbstring 1.3 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-a9a37fed18' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Boost your Fedora 29 environment with the recent security patch for php-twig2 that resolves serious sandbox vulnerabilities.. Fedora 29, php-twig2, security update, template engine, code execution. . LinuxSecurity.com Team

Mar 23, 2019 Fedora