peterjaap
commented
1 year ago Found a workaround; downgrade symfony/http-client to ^5; composer update symfony/http-client:^5 -W and then upgrade symfony/http-kernel to 4.4.50; composer why symfony/http-kernel 4.4.50
Yesterday this CVE got published; CVE-2022-24894: Prevent storing cookie headers in HttpCache
To fix this in Magento 2, we need to update
symfony/http-kernelto4.4.50.In an install with this Sentry module, Magento installs
4.4.13because in4.4.14, a dependency onsymfony/http-client-contracts: ^1.1|^2is introduced and this extension requires thesentry/sdk ^3.0which in turn needssymfony/http-client ^4.3|^5.0|^6.0which in turn needssymfony/http-client-contracts ^3.0. However,symfony/http-client-contracts ^1.1|^2does not satisfy this constraint.This all means we can't update
symfony/http-kernelto4.4.50because thesentry/sdkrequired by this extension needs a newer version ofsymfony/http-client-contractsthansymfony/http-kernel:4.4.50allows.Do you see any way around this?