Comments (12)
Here are the releases:
- https://github.com/slimphp/Slim-Psr7/releases/tag/1.4.1
- https://github.com/slimphp/Slim-Psr7/releases/tag/1.5.1
Thank you @MauricioFauth @williamdes for these contributions!
cc: @akrabat
I am closing as resolved now feel free to re-open if there's anything
from slim-psr7.
@williamdes we cannot do security releases for PHP versions we do not support anymore unfortunately.
We are using typed properties in the codebase which are not supported by either PHP 7.2 or PHP 7.3.
This would be an insane amount of work.
If someone wants to raise the PR for it, I will gladly release it. Otherwise it's not going to happen.
from slim-psr7.
@l0gicgate What can be done is to create a branch from the tag, and then git cherry-pick
the commit 4fea29e, which is the security fix.
I wasn't able to do that because there are no 1.4.x and 1.5.x branches to open PRs to.
from slim-psr7.
@MauricioFauth @williamdes I will create branches for those later today that you can PR against
from slim-psr7.
Here are the branches @MauricioFauth @williamdes feel free to raise PRs and I will release soon as we merge.
https://github.com/slimphp/Slim-Psr7/tree/1.4.x
https://github.com/slimphp/Slim-Psr7/tree/1.5.x
from slim-psr7.
Thanks for the update. I was used version 0.6 due to I would like to widely support many PHP versions in many places.
However, I have to bump up to minimum PHP 7.4 and Slim\PSr7 version 1.6.1 due to this security reason.
The update looks great because it seems to have nothing break since 0.6. So that I can continuous use my code without a lot of fix.
Thank you.
from slim-psr7.
Only 7.2 is required
Line 31 in d3cea65
Since 1.4 was fixed
from slim-psr7.
@akrabat This is a security concern, could you have a look please ?
from slim-psr7.
@williamdes we cannot do security releases for PHP versions we do not support anymore unfortunately.
We are using typed properties in the codebase which are not supported by either PHP 7.2 or PHP 7.3.
This would be an insane amount of work.
If someone wants to raise the PR for it, I will gladly release it. Otherwise it's not going to happen.
We could "easily" make a branch from the last releases I mentioned, pick the security fix and release it
It's only a regex change
Seems possible, don't you think?
I can do the PRs if you validate that
from slim-psr7.
@l0gicgate What can be done is to create a branch from the tag, and then
git cherry-pick
the commit 4fea29e, which is the security fix.I wasn't able to do that because there are no 1.4.x and 1.5.x branches to open PRs to.
Maybe you can create them on a fork and @l0gicgate can push the tags from them
Not needing to have a branch on the main repo as a result
from slim-psr7.
A simple cherry-pick and it worked, tests did run perfectly (for the HeadersTest, others where failing before the PR)
Should I open another PR on 1.4 and 1.5 to fix the currently failing tests (failing before the PR) ?
from slim-psr7.
Thanks @l0gicgate ! 🎉 🚀
PS: The bot says (github/advisory-database#2233 (comment)) that the advisory needs a manual update here: GHSA-q2qj-628g-vhfw
from slim-psr7.
Related Issues (20)
- ParseAuthorizationHeader should treat header name case-insensitively. HOT 1
- Documentation? HOT 2
- Invalid URI characters in password or username are not reencoded HOT 4
- Psr7 update issue HOT 1
- Fix PHP 8 Failing Test
- Lowercase authorization header creates a broken request HOT 4
- Issue with empty response with php builtin server HOT 4
- Fix URI Integration Tests
- Bug with empty PSR-7 body? HOT 6
- Incorrect working of the method HOT 1
- Replace deprecated setMethods() HOT 1
- Stream incorrectly reports write-only pipe (STDOUT) as readable
- Illegal offset type in isset or empty when getting attribute from request HOT 2
- PHP uncaught TypeError: strtolower() expects parameter 1 to be string, int given HOT 2
- Integration tests error
- Construction of Uri via UriFactory fails for non-HTTP-related URIs
- $_SERVER['SERVER_PORT'] server port passed as string
- Declaration of Slim\Psr7\Uri::withScheme($scheme) must be compatible with Psr\Http\Message\UriInterface::withScheme(string $scheme): Psr\Http\Message\UriInterface HOT 7
- New version with `psr/http-message` 2 support HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slim-psr7.