PHP Composer

composer/composer last check 96 releases recent
Notes

Dependency Manager for PHP

Release notes
v2.2.29 · recent
view on github
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Fixed GitHub token validation to be even more relaxed (#12856)

Full Changelog: https://github.com/composer/composer/compare/2.2.28...2.2.29