Closed 4c0n closed 5 years ago
Thank you for your contribution! I have merged your PR and made a new release.
We are not planning a new version based on 2.X just yet, this is mainly because we us an old version of PHP so I cannot test it on a system. When we upgrade I will look into it again!
Hi,
This bundle depends on dragonbe/vies version
^1.0
. That version has a dependency on an old Zend framework version, that has security issues:One way to potentially fix the problem seems to be to blacklist version
1.0.1
of thedragonbe/vies
package (the dependency onzendframework/zendframework1
appears to have been removed in version1.0.2
).Also there is a version 2.x available of the
dragonbe/vies
package. Do you have any plans on releasing a new version of this bundle that uses the new version of the client?Thanks in advance for your time and effort.