Old version of web-token/jwt-framework

[KasperFranz]

Hi,

I can see you have just included the package web-token/jwt-framework in the latest release.

Would you be able to update to use v3 instead of v2? (or allow both at the same time).

version 2 is using symfony/console ^4.2|^5.0 version 3 allows ^5.4|^6.0.

Symfony 4.4 is out of security support in November this year https://symfony.com/releases/4.4

Thank you

[gnongsie]

Hi @KasperFranz , we will need to evaluate this package.

Kindly allow us some time to add this to our work backlog and we will update this thread with a probable future release date.

---Gabriel

[KasperFranz]

Thank you, We are not able to update our integration as the required package conflicts with our security policy

[KasperFranz]

Any update on this?

[rbhalgami]

Hi, Do you have any updates on this? We are unable to integrate one of the packages which is dependent on this.

[uverus2]

Any updates on this please ?

[ms-abm]

Hi,

We can't update cybersource/rest-client-php (right now locked in 0.0.43) as well because we're using Symfony 6.

And we have to update before 3/22/2024 due to security fix https://community.developer.cybersource.com/t5/cybersource-Developer-Blog/REST-API-Http-Signature-Authentication-Critical-Security-Update/ba-p/87319

Could you please prioritize that?

[ms-abm]

@gaubansa @monu-kumar-visa @gnongsie could you please check?

[jaycruz805]

Same issue. Downgrading symfony/console is out of the question for us from a security standpoint and also from package conflict standpoint.

I'm using "laravel/framework": "^10.10" and PHP 8.2 and there are so many conflicts that arise even if I try to downgrade symphony/console version.

Similiar issues arise when with the "brick/math" Cybersource dependency as well.

Please fix since Cybersource is requiring developers to upgrade March 22nd 2024 .

[monu-kumar-visa]

We've updated the blog post; the updated date is April 22. Additionally, we will share an update regarding the upgrade decision by the end of February.

[mihani]

Hello, do we have an update concerning the impossibility to upgrade the package for a symfony/laravel project ?

[jaycruz805]

Cybersource is no longer requiring the update. It's optional now.

https://community.developer.cybersource.com/t5/cybersource-Developer-Blog/REST-API-Http-Signature-Authentication-Critical-Security-Update/ba-p/87319

On Wed, Mar 20, 2024 at 4:21 AM Maud REMORIQUET @.***> wrote:

Hello, do we have an update concerning the impossibility to upgrade the package for a symfony/laravel project ?

— Reply to this email directly, view it on GitHub https://github.com/CyberSource/cybersource-rest-client-php/issues/138#issuecomment-2009102919, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQZXXJGLX2SBY5DCSL3XDTYZFIK5AVCNFSM6AAAAAA5Y3H7IGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMBZGEYDEOJRHE . You are receiving this because you commented.Message ID: @.***>

[mihani]

I see this, but do they plan to update their package ? Because I need to use an old version of the package to avoid the symfony/console conflict.

[jaycruz805]

I have no idea ? I've thought about that as well. I haven't tried updating and testing yet.

On Fri, Mar 22, 2024 at 12:51 AM Maud REMORIQUET @.***> wrote:

I see this, but do they plan to update their package ? Because I need to use an old version of the package to avoid the symfony/console conflict.

— Reply to this email directly, view it on GitHub https://github.com/CyberSource/cybersource-rest-client-php/issues/138#issuecomment-2014405877, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQZXXP5UL6PMNF6I2I5JS3YZPBHZAVCNFSM6AAAAAA5Y3H7IGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJUGQYDKOBXG4 . You are receiving this because you commented.Message ID: @.***>

[gaubansa]

Hi All, We have upgraded the web-token/jwt-framework dependency in SDK to ^2.2.11|^3.3.5 which will optional to higher version for php v8.1 and above and you can use the new PHP SDK version 0.0.50 onwards.