typo3/cms needs to be in sync with typo3/cms-core

Roave / SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily

MIT License

2.72k stars 106 forks source link

Closed simonschaufi closed 2 years ago

simonschaufi commented 2 years ago

typo3/cms-core: >=9,<9.5.37 is wrong. It needs to be >=9,<9.5.29. The other version constraints also needs to match.

froschdesign commented 2 years ago

typo3/cms-core: >=9,<9.5.37 is wrong.

See:

Ocramius commented 2 years ago

This repository only merges published advisories: you will need to find the faulty CVE publication, and backtrack from there.