Skip to content

[5.0] Update phpseclib to 3.0.34#42469

Merged
bembelimen merged 4 commits intojoomla:5.0-devfrom
SniperSister:5.0-composerdeps-dec23
Dec 31, 2023
Merged

[5.0] Update phpseclib to 3.0.34#42469
bembelimen merged 4 commits intojoomla:5.0-devfrom
SniperSister:5.0-composerdeps-dec23

Conversation

@SniperSister
Copy link
Contributor

@SniperSister SniperSister commented Dec 5, 2023

Summary of Changes

Update phpseclib to 3.0.34 to fix https://nvd.nist.gov/vuln/detail/CVE-2023-49316.

Testing Instructions

Code review.

@richard67 richard67 mentioned this pull request Dec 20, 2023
Closed
2 tasks
@richard67
Copy link
Member

richard67 commented Dec 20, 2023

This will also fix issue #42142 . See also my PR #42190 for that issue, which I've just closed in favour of this one here.

richard67
richard67 reviewed Dec 20, 2023
View reviewed changes
@richard67
Copy link
Member

richard67 commented Dec 20, 2023

I have tested this item ✅ successfully on 674f372

Tested by code review + verified that the URL is correct.

There is an additional change from "plugin-api-version": "2.6.0" to "plugin-api-version": "2.3.0", but that doesn't really matter, so I'm ok with it as it is, but would also be ok with reverting that change.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/42469.

@richard67
Copy link
Member

richard67 commented Dec 29, 2023

@SniperSister Meanwhile there is a new release 3.0.35 available. Changelog see https://github.com/phpseclib/phpseclib/releases/tag/3.0.35 . Would it make sense to update this PR to that release?

@bembelimen bembelimen merged commit eaf830e into joomla:5.0-dev Dec 31, 2023
@bembelimen
Copy link
Contributor

bembelimen commented Dec 31, 2023

Thx

@bembelimen bembelimen added this to the Joomla! 5.0.2 milestone Dec 31, 2023
Razzo1987 added a commit that referenced this pull request Jan 4, 2024
@Razzo1987 @RickR2H
@heelc29 @laoneo @richard67 @brianteeman @wilsonge @alikon @bembelimen @SniperSister @janschoenherr
[5.1] upmerge 2024-01-04 (#42609)
cb6bba1 
* Fix link and button colors in header footer (#42504)

* [4.x] add php 8.3 to tests (#42545)

* Update the signature for #42545 (#42552)

* [4.4] Joomlaupdate remove br tag from language strings - follow up to PR 42489 (#42550)

* Better English (1)

* Better English (2)

* Remove br html element from language strings

* Fixes to form validation process (#42560)

Fixes hardening measure introduced in #23716

* [4][com_actionlogs] missed load plugin languages (#42562)

* load lang

* test-4-dupkey

* Better message on package uninstallation (#42570)

* Better message on package uninstallation when an extension from that package is missing. Fixes issue #42537 .

* backport #41865 (#42088)

* backport [5] update from nightly to latest nightly build #41865

* [5] harmonize naming task types (#42574)

* [5.0] colour contrast in media manager file list [a11y] (#42544)

* [5.0] Update phpseclib to 3.0.34 (#42469)

* Fix `function` parameter lost during redirect (#42315)

* Fix `function` parameter lost during redirect

* Move function parameter to form url

* Remove hidden input

* [4.4] Fix SQL error "1104 The SELECT would examine more than MAX_JOIN_SIZE rows" when checking for core updates (#42576)

* Use concat of columns for getting core extensions

* Fix PHPCS

* Remove wrong quotes

* Revert min version in drone (#42583)

* Joomla! 5.0.2 Release Candidate 1

* Revert to dev

* [4][com_templates] cast to int for pgsql (#42569)

* cast to int for pgsql

* yet-another

* patch article tags (#42486)

* Joomla 5.0.2 Release Candidate 2

* Reset to dev

* Update signature HMAC in .drone.yml

---------

Co-authored-by: Rick Spaan <rick@r2h.nl>
Co-authored-by: Christian Heel <66922325+heelc29@users.noreply.github.com>
Co-authored-by: Allon Moritz <allon.moritz@digital-peak.com>
Co-authored-by: Richard Fath <richard67@users.noreply.github.com>
Co-authored-by: Brian Teeman <brian@teeman.net>
Co-authored-by: George Wilson <georgejameswilson@googlemail.com>
Co-authored-by: Nicola Galgano <optimus4joomla@gmail.com>
Co-authored-by: Benjamin Trenkle <benjamin.trenkle@wicked-software.de>
Co-authored-by: Benjamin Trenkle <bembelimen@users.noreply.github.com>
Co-authored-by: David Jardin <d.jardin@djumla.de>
Co-authored-by: janschoenherr <jan@yootheme.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richard67 richard67 richard67 left review comments

Assignees

No one assigned

Labels

Composer Dependency Changed

Projects

None yet

Milestone

Joomla! 5.0.2

Development

Successfully merging this pull request may close these issues.

4 participants

@SniperSister @richard67 @bembelimen @joomla-cms-bot

Comments