+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Installation & Setup (https://forum.codeigniter.com/forumdisplay.php?fid=9)
+--- Thread: composer upgrade to 4.4.8 (/showthread.php?tid=92560)
composer upgrade to 4.4.8 - cadgiru - 03-06-2025
Get
Code:
composer audit
The new audit.abandoned setting (currently defaulting to "report" will default to "fail" in Composer 2.7, make sure to set it to "report" or "ignore" explicitly by then if you do not want this.
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | codeigniter4/framework |
| CVE | CVE-2025-24013 |
| Title | Missing validation of header name and value in codeigniter4/framework |
| URL | https://github.com/advisories/GHSA-x5mq-jjr3-vmx6 |
| Affected versions | <4.5.8 |
| Reported at | 2025-01-21T21:13:40+00:00 |
+-------------------+----------------------------------------------------------------------------------+RE: composer upgrade to 4.4.8 - ozornick - 03-06-2025
Yes, you should worry if you are creating a public project (not a localhost). To fix the error, you need to update CI to v4.5.8.
If you only train, nothing will happen.
Please read https://github.com/advisories/GHSA-x5mq-jjr3-vmx6
RE: composer upgrade to 4.4.8 - cadgiru - 03-10-2025
thanks