search

Roave / SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
MIT License
2.7k stars 105 forks source link

Craft 3 installs (craftcms/cms) flagged as insecure #118

Closed LauraMontgomery closed 1 year ago

LauraMontgomery commented 1 year ago

This seems to be a problem at keeps re-appearing. Last flagged on 22nd June: https://github.com/Roave/SecurityAdvisories/issues/117

xabbuh commented 1 year ago

github/advisory-database#2443 has been merged only 13 hours ago. Maybe it just takes some time to be visible here too.

Ocramius commented 1 year ago

I'd check if:

  1. the advisory DB is cached
  2. there are more advisories declaring the version constraint invalid

Closing here though: the root cause is not in this repository.