Update dependencies to Twig 2.7.3 to avoid security check red warning #959

matks · 2019-03-22T14:02:08Z

If you install Symfony Demo now, you'll get the security check warning:

Executing script security-checker security:check [KO]
 [KO]
Script security-checker security:check returned with error code 1
!!  Symfony Security Check Report
!!  =============================
!!
!!  1 packages have known vulnerabilities.
!!
!!  twig/twig (v2.6.2)
!!  ------------------
!!
!!   * [CVE-NONE-0001][]: Sandbox Information Disclosure
!!
!!  [CVE-NONE-0001]: https://symfony.com/blog/twig-sandbox-information-disclosure
!!
!!  Note that this checker can only detect vulnerabilities that are referenced in the SensioLabs security advisories database.
!!  Execute this command regularly to check the newly discovered vulnerabilities.
!!
Script @auto-scripts was called via post-install-cmd

Consequently twig needs to be updated to v2.7.3 in order to remove this warning (and avoid scaring people away 😄)

matks · 2019-03-25T08:32:00Z

I see this update is also shipped by #955 so I close this PR

Updated dependencies to Twig 2.7.3

a28d3b8

matks closed this Mar 25, 2019

matks deleted the update-twig-v138 branch March 25, 2019 08:32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Update dependencies to Twig 2.7.3 to avoid security check red warning #959

Update dependencies to Twig 2.7.3 to avoid security check red warning #959

Uh oh!

matks commented Mar 22, 2019

Uh oh!

matks commented Mar 25, 2019

Uh oh!

Uh oh!

Uh oh!

Update dependencies to Twig 2.7.3 to avoid security check red warning #959

Update dependencies to Twig 2.7.3 to avoid security check red warning #959

Uh oh!

Conversation

matks commented Mar 22, 2019

Uh oh!

matks commented Mar 25, 2019

Uh oh!

Uh oh!