Skip to content
Snippets Groups Projects
Commit 900e2de5 authored by Andreas Fernandez's avatar Andreas Fernandez
Browse files

[BUGFIX] Update guzzlehttp/guzzle to 6.5.6 

The package guzzlehttp/guzzle has been updated to 7.4.3 and 6.5.6
respectively, both fixing a security vulnerability related to
cross-domain cookie leakage [1]. Since TYPO3 is not affected by
this issue by default, this is handled as a public bugfix.

However, 3rd party code (e.g. thru extensions) may be affected by this
issue, as long `'cookies' => true` is used in requests done by Guzzle.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.6 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.6 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Resolves: #97694
Releases: main, 11.5, 10.4
Change-Id: I39071c917c7ed26392f66b0ea2f774ecbceead9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74772


Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: default avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent 077c8c50
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment