Skip to content

Add new Laravel database advisory #532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 2, 2021
Merged

Add new Laravel database advisory #532

merged 1 commit into from
Feb 2, 2021

Conversation

@jaylinski
Copy link
Contributor

@jaylinski jaylinski commented Feb 1, 2021

@naderman
Copy link
Contributor

naderman commented Feb 1, 2021

@jaylinski thanks, think this make more sense, however the source/link seems to be some third party blog, rather than laravel itself now?

@jaylinski
Copy link
Contributor Author

jaylinski commented Feb 1, 2021
edited
Loading

@naderman Yeah, that was deliberate, since there is no official blog-post for this exact security-release. Do you think it is better to include the official advisory? I want to avoid confusion (see #528 (comment)).

@naderman naderman mentioned this pull request Feb 1, 2021
Merged
@stof
Copy link
Member

stof commented Feb 1, 2021

maybe use the PR as target of the link instead of using a non-official source (the merged PR is in the official repository)

@naderman
Copy link
Contributor

naderman commented Feb 1, 2021

Indeed, that would work for now and we can still update the link if Laravel clarify this in their blog posts further.

@jaylinski
Add new Laravel database advisory
aa31123 
The previous fix (CVE-2021-21263) could be bypassed,
so new versions were released.
@jaylinski
Copy link
Contributor Author

jaylinski commented Feb 1, 2021

@naderman @stof Good idea. I updated the PR.

@naderman naderman merged commit 6de5418 into FriendsOfPHP:master Feb 2, 2021
@naderman
Copy link
Contributor

naderman commented Feb 2, 2021

@jaylinski they added a new advisory now: GHSA-x7p5-p2c9-phvg can you send another PR for the updated link? Thank you for all the help here!

@jaylinski jaylinski deleted the laraval-db-new branch February 2, 2021 15:03
@jaylinski jaylinski mentioned this pull request Feb 2, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@naderman naderman naderman approved these changes

@stof stof stof approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jaylinski @naderman @stof