New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

security vulnerability advisory #15

Closed

mtangoo opened this issue Jul 11, 2023 · 3 comments

Labels

Milestone

Contributor

mtangoo commented Jul 11, 2023

It seems time to update league server version. here is the report from composer audit

Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | league/oauth2-server |
| CVE | CVE-2023-37260 |
| Title | league/oauth2-server key exposed in exception message when passing as a string a |
| | nd providing an invalid pass phrase |
| URL | GHSA-wj7q-gjg8-3cpm |
| Affected versions | >=8.3.2,<8.5.3 |
| Reported at | 2023-07-06T21:07:27+00:00 |
+-------------------+----------------------------------------------------------------------------------+

The text was updated successfully, but these errors were encountered:

Owner

rhertogh commented Jul 13, 2023

Hi, I'm waiting for thephpleague/oauth2-server#1359 to be merged since 8.5 requires PHP 8.

Contributor Author

mtangoo commented Jul 13, 2023

Didn't notice that since everything I code in runs at least on 8.1
I can leave this ope to track that ticket!

Owner

rhertogh commented Aug 4, 2023

Fixed in v1.0.0-alpha15

rhertogh closed this as completed

rhertogh added the security label

rhertogh added this to the 1.0.0-alpha15 milestone

# for free to join this conversation on GitHub. Already have an account? # to comment