search

kenjis / codeigniter-ss-twig

A Simple and Secure Twig integration for CodeIgniter 3.x and 4.x
MIT License
168 stars 46 forks source link

Sensiolabs security checker says the twig version you are using has a vulnerability #49

Closed unbelievableflavour closed 5 years ago

unbelievableflavour commented 5 years ago 
$ vendor/bin/security-checker security:check composer.lock
Symfony Security Check Report
=============================

1 packages have known vulnerabilities.

twig/twig (v1.37.1)
-------------------

 * [CVE-NONE-0001][]: Sandbox Information Disclosure

[CVE-NONE-0001]: https://symfony.com/blog/twig-sandbox-information-disclosure

Note that this checker can only detect vulnerabilities that are referenced in the SensioLabs security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.
kenjis commented 5 years ago

Thank you!

kenjis commented 5 years ago

@bartzaalberg I think the composer.lock in this repository does not affect your project directly. You could update your Twig just running composer require twig/twig anytime.

But for users security, I've updated minimal version of Twig to 1.38.0.

unbelievableflavour commented 5 years ago

Yeah i noticed. But still probably better to set minimal to 1.38.0 :)