Requesting fix CVE-2023-29530 for 2.17.*
Closed this issue · 1 comments
easterncoder commented
As it stands right now, I'd have to use 2.18.1 or higher but those versions require PHP 8.
I need to support PHP 7.4 for my project and only 2.17.0 will work with but it has the CVE-2023-29530 vulnerability.
Would it be possible to officially release 2.17.1 (I saw it in the milestone) so I don't have to manually patch my copy.
Thanks!
Ocramius commented
PHP 7.4 is EOL: versions for PHP releases that are EOL are also closed for security patches.