Commit 3d048b30 authored by Benni Mack's avatar Benni Mack
Browse files

[SECURITY] Raise Fluid Standalone dependency

Raise Fluid Standalone dependency to the next stable version
which fixes an important XSS issue when escaping
ternary operators.

Used composer command:
  composer req typo3fluid/fluid:^2.6.1 --prefer-lowest

Resolves: #88288
Releases: master, 9.5, 8.7
Security-Bulletin: TYPO3-CORE-SA-2019-013
Change-Id: I04f32d8d01f893bc26ff21aa0c079c85e9db85b9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60693

Reviewed-by: Claus Due's avatarClaus Due <claus@phpmind.net>
Reviewed-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Tested-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
parent d9d0db43
......@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "dd75c56b773d10022589ed34561b54ba",
"content-hash": "b05126bc9b4ed088c9d8771245846625",
"packages": [
{
"name": "cogpowered/finediff",
......@@ -2498,16 +2498,16 @@
},
{
"name": "typo3fluid/fluid",
"version": "2.6.0",
"version": "2.6.1",
"source": {
"type": "git",
"url": "https://github.com/TYPO3/Fluid.git",
"reference": "e3533d0b80e4020cf0de7a546efaae25866f898b"
"reference": "9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/TYPO3/Fluid/zipball/e3533d0b80e4020cf0de7a546efaae25866f898b",
"reference": "e3533d0b80e4020cf0de7a546efaae25866f898b",
"url": "https://api.github.com/repos/TYPO3/Fluid/zipball/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d",
"reference": "9ef6a8ffff2e812025fc0701b4ce72eea6911a3d",
"shasum": ""
},
"require": {
......@@ -2533,7 +2533,7 @@
"LGPL-3.0-or-later"
],
"description": "The TYPO3 Fluid template rendering engine",
"time": "2018-12-07T14:46:13+00:00"
"time": "2019-05-07T07:07:18+00:00"
},
{
"name": "webmozart/assert",
......@@ -5357,7 +5357,7 @@
"minimum-stability": "stable",
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"prefer-lowest": true,
"platform": {
"php": "^7.2",
"ext-pdo": "*",
......
......@@ -17,7 +17,7 @@
"typo3/cms-core": "10.0.*@dev",
"typo3/cms-fluid": "10.0.*@dev",
"typo3/cms-frontend": "10.0.*@dev",
"typo3fluid/fluid": "^2.6.0",
"typo3fluid/fluid": "^2.6.1",
"psr/http-message": "~1.0",
"psr/http-server-handler": "^1.0",
"psr/http-server-middleware": "^1.0"
......
......@@ -44,7 +44,7 @@
"typo3/cms-cli": "^2.0",
"typo3/cms-composer-installers": "^2.0",
"typo3/phar-stream-wrapper": "^3.1.1",
"typo3fluid/fluid": "^2.6.0"
"typo3fluid/fluid": "^2.6.1"
},
"require-dev": {
"codeception/codeception": "^2.5.4",
......
......@@ -15,7 +15,7 @@
"require": {
"typo3/cms-core": "10.0.*@dev",
"typo3/cms-extbase": "10.0.*@dev",
"typo3fluid/fluid": "^2.6.0"
"typo3fluid/fluid": "^2.6.1"
},
"conflict": {
"typo3/cms": "*"
......
......@@ -15,7 +15,7 @@
"require": {
"typo3/cms-backend": "10.0.*@dev",
"typo3/cms-core": "10.0.*@dev",
"typo3fluid/fluid": "^2.6.0"
"typo3fluid/fluid": "^2.6.1"
},
"conflict": {
"typo3/cms": "*"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment