Skip to content
Snippets Groups Projects
Commit 1e90ac9d authored by Andreas Fernandez's avatar Andreas Fernandez
Browse files

[BUGFIX] Update guzzlehttp/guzzle to 7.4.3

The package guzzlehttp/guzzle has been updated to 7.4.3 and 6.5.6
respectively, both fixing a security vulnerability related to
cross-domain cookie leakage [1]. Since TYPO3 is not affected by
this issue by default, this is handled as a public bugfix.

However, 3rd party code (e.g. thru extensions) may be affected by this
issue, as long `'cookies' => true` is used in requests done by Guzzle.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.3 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.3 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Resolves: #97694
Releases: main, 11.5, 10.4
Change-Id: I39071c917c7ed26392f66b0ea2f774ecbceead9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74747


Tested-by: default avatarSimon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarOliver Klee <typo3-coding@oliverklee.de>
Tested-by: default avatarStefan Bürk <stefan@buerk.tech>
Tested-by: default avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: default avatarSimon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: default avatarOliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: default avatarStefan Bürk <stefan@buerk.tech>
Reviewed-by: default avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent a1325680
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment