Closed marcmascarell closed 6 years ago
Wow, this is an official payment handle library which has multiple security vulnerabilities and doesn't even get a reply in 1 month? I wonder how up-to-date are their servers too.
@marcmascarell, @tobeorla, thanks for your feedback. We have a release imminent to resolve this. I can confirm that changing to the following in composer.json doesn't impact the functionality of the SDK:
"apache/log4php": "2.3.*",
"symfony/validator": "2.7.*",
"doctrine/annotations":"1.2.*",
"doctrine/cache":"1.4.*"
@marcmascarell, @tobeorla, this is now resolved in version 1.1.1. Again, thanks for your feedback.
[CRITICAL] 2 packages have known vulnerabilities
doctrine/annotations (v1.2.6)
doctrine/cache (v1.4.1)