search

slimphp / Twig-View

Slim Framework view helper built on top of the Twig templating component
http://slimframework.com
MIT License
359 stars 87 forks source link

Fix Twig security issue #328

Closed dfranco closed 1 month ago

dfranco commented 1 month ago

Bump twig/twig dependency to version 3.11.1 to address a Twig security issue (CVE-2024-45411).

Issue already fixed, and further details are available at https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66

phpunit tests result

$ XDEBUG_MODE=coverage vendor/bin/phpunit
PHPUnit 9.6.21 by Sebastian Bergmann and contributors.

.....................................................             53 / 53 (100%)

Time: 00:00.255, Memory: 16.00 MB

OK (53 tests, 114 assertions)
dfranco commented 1 month ago

@odan could you please review this PR and if you agree, publish a new release ?

Best,

odan commented 1 month ago

Thanks @dfranco for the PR. I can merge it if we keep phpunit/phpunit as it was before.

dfranco commented 1 month ago

Thanks @dfranco for the PR. I can merge it if we keep phpunit/phpunit as it was before.

phpunit/phpunit change has been reverted, this pr is ready to be merged.

dfranco commented 1 month ago

Thanks @odan

Do you plan to publish a release soon ?

I need to publish a security release of some of my projets which use twig-view.

Best,

odan commented 1 month ago

Yes, its planned for today.