Project

General

Profile

Actions
Copy link

Bug #97759

closed

Update vulnerable guzzlehttp/guzzle version

Added by Torben Hansen almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
Torben Hansen
Category:
-
Target version:
next-patchlevel
Start date:
2022-06-12
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

guzzlehttp/guzzle must be updated to version 6.5.7 and 7.4.4 which fixes the following security vulnerabilities:

Failure to strip the Cookie header on change in host or HTTP downgrade
https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Fix failure to strip Authorization header on HTTP downgrade
https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q

Since TYPO3 is not affected by the vulnerabilities by default, the update is handled in public.

Actions
Copy link

Also available in: Atom PDF