[SECURITY] Raise Fluid Standalone dependency 93/60693/3
authorBenni Mack <benni@typo3.org>
Tue, 7 May 2019 08:18:10 +0000 (10:18 +0200)
committerBenni Mack <benni@typo3.org>
Tue, 7 May 2019 09:33:29 +0000 (11:33 +0200)
Raise Fluid Standalone dependency to the next stable version
which fixes an important XSS issue when escaping
ternary operators.

Used composer command:
  composer req typo3fluid/fluid:^2.6.1 --prefer-lowest

Resolves: #88288
Releases: master, 9.5, 8.7
Security-Bulletin: TYPO3-CORE-SA-2019-013
Change-Id: I04f32d8d01f893bc26ff21aa0c079c85e9db85b9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60693
Reviewed-by: Claus Due <claus@phpmind.net>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
composer.json
composer.lock
typo3/sysext/adminpanel/composer.json
typo3/sysext/core/composer.json
typo3/sysext/fluid/composer.json
typo3/sysext/redirects/composer.json

index b699f72..5de6c91 100644 (file)
@@ -64,7 +64,7 @@
                "typo3/cms-cli": "^2.0",
                "typo3/cms-composer-installers": "^2.0",
                "typo3/phar-stream-wrapper": "^3.1.1",
-               "typo3fluid/fluid": "^2.6.0",
+               "typo3fluid/fluid": "^2.6.1",
                "webmozart/assert": "^1.0"
        },
        "require-dev": {
index a2e2d13..1e47b39 100644 (file)
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "dd75c56b773d10022589ed34561b54ba",
+    "content-hash": "b05126bc9b4ed088c9d8771245846625",
     "packages": [
         {
             "name": "cogpowered/finediff",
         },
         {
             "name": "typo3fluid/fluid",
-            "version": "2.6.0",
+            "version": "2.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/TYPO3/Fluid.git",
-                "reference": "e3533d0b80e4020cf0de7a546efaae25866f898b"
+                "reference": "9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/TYPO3/Fluid/zipball/e3533d0b80e4020cf0de7a546efaae25866f898b",
-                "reference": "e3533d0b80e4020cf0de7a546efaae25866f898b",
+                "url": "https://api.github.com/repos/TYPO3/Fluid/zipball/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d",
+                "reference": "9ef6a8ffff2e812025fc0701b4ce72eea6911a3d",
                 "shasum": ""
             },
             "require": {
                 "LGPL-3.0-or-later"
             ],
             "description": "The TYPO3 Fluid template rendering engine",
-            "time": "2018-12-07T14:46:13+00:00"
+            "time": "2019-05-07T07:07:18+00:00"
         },
         {
             "name": "webmozart/assert",
     "minimum-stability": "stable",
     "stability-flags": [],
     "prefer-stable": false,
-    "prefer-lowest": false,
+    "prefer-lowest": true,
     "platform": {
         "php": "^7.2",
         "ext-pdo": "*",
index 853bf3d..6622283 100644 (file)
@@ -17,7 +17,7 @@
                "typo3/cms-core": "10.0.*@dev",
                "typo3/cms-fluid": "10.0.*@dev",
                "typo3/cms-frontend": "10.0.*@dev",
-               "typo3fluid/fluid": "^2.6.0",
+               "typo3fluid/fluid": "^2.6.1",
                "psr/http-message": "~1.0",
                "psr/http-server-handler": "^1.0",
                "psr/http-server-middleware": "^1.0"
index 49e59bc..81c8e3e 100644 (file)
@@ -44,7 +44,7 @@
                "typo3/cms-cli": "^2.0",
                "typo3/cms-composer-installers": "^2.0",
                "typo3/phar-stream-wrapper": "^3.1.1",
-               "typo3fluid/fluid": "^2.6.0"
+               "typo3fluid/fluid": "^2.6.1"
        },
        "require-dev": {
                "codeception/codeception": "^2.5.4",
index 8c81a84..d8cce88 100644 (file)
@@ -15,7 +15,7 @@
        "require": {
                "typo3/cms-core": "10.0.*@dev",
                "typo3/cms-extbase": "10.0.*@dev",
-               "typo3fluid/fluid": "^2.6.0"
+               "typo3fluid/fluid": "^2.6.1"
        },
        "conflict": {
                "typo3/cms": "*"
index ca894da..5afc925 100644 (file)
@@ -15,7 +15,7 @@
        "require": {
                "typo3/cms-backend": "10.0.*@dev",
                "typo3/cms-core": "10.0.*@dev",
-               "typo3fluid/fluid": "^2.6.0"
+               "typo3fluid/fluid": "^2.6.1"
        },
        "conflict": {
                "typo3/cms": "*"