search

laminas / laminas-diactoros

PSR HTTP Message implementations
https://docs.laminas.dev/laminas-diactoros/
BSD 3-Clause "New" or "Revised" License
487 stars 63 forks source link

Requesting fix CVE-2023-29530 for 2.17.* #189

Closed easterncoder closed 4 months ago

easterncoder commented 4 months ago

As it stands right now, I'd have to use 2.18.1 or higher but those versions require PHP 8.

I need to support PHP 7.4 for my project and only 2.17.0 will work with but it has the CVE-2023-29530 vulnerability.

Would it be possible to officially release 2.17.1 (I saw it in the milestone) so I don't have to manually patch my copy.

Thanks!

Ocramius commented 4 months ago

PHP 7.4 is EOL: versions for PHP releases that are EOL are also closed for security patches.

See https://github.com/laminas/technical-steering-committee/blob/19e2bd56028580a7bb876a9d3ab2b4a0e3f9cc6b/meetings/minutes/2020-03-02-TSC-Minutes.md#summary-1