Allows admin chosen post types to have a featured post check box on the edit screen. Also adds appropriate classes to front end post display, and allows featured posts to be queried via a taxonomy query.
GNU General Public License v2.0
0
stars
0
forks
source link
chore(deps): update dependency phpseclib/phpseclib to v3.0.36 [security] - autoclosed #113
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
Release Notes
phpseclib/phpseclib (phpseclib/phpseclib)
### [`v3.0.36`](https://togithub.com/phpseclib/phpseclib/blob/HEAD/CHANGELOG.md#3036---2024-02-25)
[Compare Source](https://togithub.com/phpseclib/phpseclib/compare/3.0.35...3.0.36)
- BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)
- ASN1: limit OID length (CVE-2024-27355)
- EC: when using openssl to do signing use unencrypted key ([#1979](https://togithub.com/phpseclib/phpseclib/issues/1979))
- SSH2: add different options to isConnected() ([#1983](https://togithub.com/phpseclib/phpseclib/issues/1983))
### [`v3.0.35`](https://togithub.com/phpseclib/phpseclib/blob/HEAD/CHANGELOG.md#3035---2023-12-18)
[Compare Source](https://togithub.com/phpseclib/phpseclib/compare/3.0.34...3.0.35)
- SSH2: implement terrapin attack countermeasures ([#1972](https://togithub.com/phpseclib/phpseclib/issues/1972))
- SSH2: only capture login info once ([#1970](https://togithub.com/phpseclib/phpseclib/issues/1970))
- Crypt/AsymmetricKey: loading hidden custom key plugins didn't work ([#1971](https://togithub.com/phpseclib/phpseclib/issues/1971))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
3.0.34->3.0.36GitHub Vulnerability Alerts
CVE-2024-27354
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
CVE-2024-27355
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
Release Notes
phpseclib/phpseclib (phpseclib/phpseclib)
### [`v3.0.36`](https://togithub.com/phpseclib/phpseclib/blob/HEAD/CHANGELOG.md#3036---2024-02-25) [Compare Source](https://togithub.com/phpseclib/phpseclib/compare/3.0.35...3.0.36) - BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354) - ASN1: limit OID length (CVE-2024-27355) - EC: when using openssl to do signing use unencrypted key ([#1979](https://togithub.com/phpseclib/phpseclib/issues/1979)) - SSH2: add different options to isConnected() ([#1983](https://togithub.com/phpseclib/phpseclib/issues/1983)) ### [`v3.0.35`](https://togithub.com/phpseclib/phpseclib/blob/HEAD/CHANGELOG.md#3035---2023-12-18) [Compare Source](https://togithub.com/phpseclib/phpseclib/compare/3.0.34...3.0.35) - SSH2: implement terrapin attack countermeasures ([#1972](https://togithub.com/phpseclib/phpseclib/issues/1972)) - SSH2: only capture login info once ([#1970](https://togithub.com/phpseclib/phpseclib/issues/1970)) - Crypt/AsymmetricKey: loading hidden custom key plugins didn't work ([#1971](https://togithub.com/phpseclib/phpseclib/issues/1971))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.