Skip to content

Tags: cakephp/twig-view

Tags

1.3.3

Toggle 1.3.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Backport security fixes to 1.x (#120)

Fix `include` tag being vulnerable to path traversal

Ensure that all relative and absolute file paths are contained by
a template path. We're looking at the string values so that any `../`
tricks don't work.

Thanks to Volker Dusch and the PHP Ecosystem security team for reporting this.

* Fix deserialization of untrusted data weakness (#119)

The unserialize filter has a weakness to arbitrary class usage which
can be combined with user input to create unserialization gadgets
which are used in RCE vulnerability chains.

I've also chosen to deprecate these functions. I see no reason to
continue having them when they have so many sharp edges. Applications
relying on these features, can add their own filters.

Thanks to Volker Dusch and the PHP Ecosystem security team for reporting this.

CI was broken.

* Open OS range
* Update for older phpunit

2.1.2

Toggle 2.1.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Fix deserialization of untrusted data weakness (#119)

The unserialize filter has a weakness to arbitrary class usage which
can be combined with user input to create unserialization gadgets
which are used in RCE vulnerability chains.

I've also chosen to deprecate these functions. I see no reason to
continue having them when they have so many sharp edges. Applications
relying on these features, can add their own filters.

Thanks to Volker Dusch and the PHP Ecosystem security team for reporting this.

2.1.1

Toggle 2.1.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Merge pull request #117 from cakephp/2.x-stan-twig

update stan and require secure twig version

1.3.2

Toggle 1.3.2's commit message 
adjust min twig version

2.1.0

Toggle 2.1.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Merge pull request #108 from cakephp/command-name

Add configurable underscore command naming

2.0.3

Toggle 2.0.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Merge pull request #103 from cakephp/chore/tests

Update tests to account for changes in CakePHP 5.1

1.3.1

Toggle 1.3.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Merge pull request #100 from ishanvyas22/bump-twig-to-fix-possible-sa…

…ndbox-bypass-security-vuln

Bump minimum twig version to v3.11 to fix Possible sandbox bypass security vulnerability

2.0.2

Toggle 2.0.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Merge pull request #98 from cakephp/fix-97

Add shim for date filter

2.0.1

Toggle 2.0.1's commit message 
Update to stable releases.

2.0.0

Toggle 2.0.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode 
Merge pull request #94 from cakephp/merge-1x

merge 1.x => 2.x