PHP Composer
Notes
Dependency Manager for PHP
Release notes
v2.10.2
· recent
- Security: Validate package names (GHSA-499r-g7pc-vmp9)
- Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
- Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
- Security: Only follow HTTP redirects from HTTP responses (#12948)
- Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
- Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
- Added warning output in self-update command when using a soon-to-be EOL version (#12920)
- Added download retry when a GitHub codeload URL returns a 400 (#12962)
- Fixed
auditcommand to output the audit result to stdout (#12904) - Fixed backspace characters being output to non-decorated output (#12925)
- Fixed security advisory blocking causing issues with xdebug enabled (#12935)
- Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
- Fixed security advisory blocking causing issues with xdebug enabled (#12935)
Full Changelog: https://github.com/composer/composer/compare/2.10.1...2.10.2