The package does not pass `sensiolabs/security-checker` check

realexpayments / rxp-hpp-php

Please use our new PHP SDK: https://github.com/globalpayments/php-sdk

MIT License

13 stars 42 forks source link

The package does not pass `sensiolabs/security-checker` check #7

Closed marcmascarell closed 6 years ago

marcmascarell commented 6 years ago

[CRITICAL] 2 packages have known vulnerabilities

doctrine/annotations (v1.2.6)

CVE-2015-5723: Security Misconfiguration Vulnerability in various Doctrine projects http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

doctrine/cache (v1.4.1)

CVE-2015-5723: Security Misconfiguration Vulnerability in various Doctrine projects http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

tobeorla commented 6 years ago

Wow, this is an official payment handle library which has multiple security vulnerabilities and doesn't even get a reply in 1 month? I wonder how up-to-date are their servers too.

rxp-developers commented 6 years ago

@marcmascarell, @tobeorla, thanks for your feedback. We have a release imminent to resolve this. I can confirm that changing to the following in composer.json doesn't impact the functionality of the SDK:

"apache/log4php": "2.3.*",
"symfony/validator": "2.7.*",
"doctrine/annotations":"1.2.*",
"doctrine/cache":"1.4.*"

rxp-developers commented 6 years ago

@marcmascarell, @tobeorla, this is now resolved in version 1.1.1. Again, thanks for your feedback.