dependencies

Tagged

A collection of 2 posts

Composer 2.7 and CVE-2024-24821: Code execution and possible privilege escalation

Please immediately update Composer to version 2.7.0 or 2.2.23 (composer.phar self-update). The new releases includes fixes for a code execution and possible privilege escalation via InstalledVersions.php or installed.php vulnerability (CVE-2024-24821) reported by Ed Cradock. The vulnerability does not impact packagist.org and Private

Private Packagist

Introducing: Update Review

As of today, when you update your dependencies in a pull request, Private Packagist comments with all composer.lock changes displayed in a clear and easy to scan table. This feature is immediately available to all our customers at no additional cost. We love it! With the Private Packagist Update