Merge pull request #1 from wubinworks/extend-compatibility

Extended compatibility to Magento 2.3

Author: wubinworks

README.md

@@ -7,7 +7,11 @@
 When the `SAPI` is `php-fpm`, `\Magento\Framework\Xml\Security` cannot detect entity if the XML string is not encoded in `UTF-8`.  
 This is a potential security issue and many developers forget to detect the XML encoding before using this class.
 
-_Note: this class works correctly in CLI._
+_Note: the above class works correctly in CLI._
+
+##### A note about [CVE-2024-2961](https://www.cve.org/CVERecord?id=CVE-2024-2961)
+
+_XML string with `encoding="ISO-2022-CN-EXT"` won't cause the buffer overflow. So we don't forbid this encoding._
 
 ## Features
 
@@ -22,6 +26,7 @@ That's it.
 
 ## Requirements
 
+Magento 2.3  
 Magento 2.4
 
 ## Installation

composer.json

@@ -12,20 +12,23 @@
         "xml security",
         "enhancement",
         "encoding",
-        "php-fpm"
+        "php-fpm",
+        "cosmic sting",
+        "cosmicsting",
+        "cve-2024-34102"
     ],
     "homepage": "https://www.wubinworks.com",
     "support": {
         "issues": "https://github.com/wubinworks/magento2-enhanced-xml-security/issues",
         "chat": "https://www.wubinworks.com/contact"
     },
     "require": {
-        "php": ">=7.3",
-        "laminas/laminas-xml": "^1.4",
-        "magento/magento2-base": "~2.4.0"
+        "php": ">=7.1",
+        "laminas/laminas-xml": "^1.2",
+        "magento/magento2-base": "~2.3.0 || ~2.4.0"
     },
     "type": "magento2-module",
-    "version": "1.0.0",
+    "version": "1.0.1",
     "license": "OSL-3.0",
     "authors": [
         {