[BUGFIX] Update guzzlehttp/guzzle to 7.4.4
The package guzzlehttp/guzzle has been updated to version 7.4.4 and 6.5.7 which both fix the security issues [1] and [2]. Since TYPO3 is not affected by the issues by default, this is handled as a public bugfix. 3rd party extensions may however be affected by the vulnerabilities if `Authorization` or `Cookie` headers are used. Executed commands: composer require \ guzzlehttp/guzzle:^7.4.4 \ -W composer require \ -d typo3/sysext/core \ guzzlehttp/guzzle:^7.4.4 \ --no-update [1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q [2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9 Resolves: #97759 Releases: main, 11.5, 10.4 Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74876 Tested-by:core-ci <typo3@b13.com> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
... | ... | @@ -55,7 +55,7 @@ |
"doctrine/lexer": "^1.2.3", | ||
"egulias/email-validator": "^3.1", | ||
"enshrined/svg-sanitize": "^0.15.4", | ||
"guzzlehttp/guzzle": "^7.4.3", | ||
"guzzlehttp/guzzle": "^7.4.4", | ||
"guzzlehttp/promises": "^1.4.0", | ||
"guzzlehttp/psr7": "^1.8.5 || ^2.1.2", | ||
"lolli42/finediff": "^1.0.1", | ||
... | ... |
Please register or sign in to comment