Composer Security Update (CVE-2021-29472)

Published on by

Composer Security Update (CVE-2021-29472) image

Composer had a security vulnerability reported (CVE-2021-29472) and a new version has been released to address this. Everyone should run composer self-update to get v2.0.13 which includes the fix.

According to their announcment:

As a precaution after updating Composer we recommend you audit your composer.lock files to ensure they only contain URLs and none which start with -- , e.g. --config and could be considered command line options. Should you find any such URL values despite our belief that this vulnerability was not exploited in the wild, please contact us immediately by email to security@packagist.org.

In general we always recommend you review changes you make to your lock files to ensure no untrusted dependencies or external URLs are introduced to your application. Please note that Packagist.org is only a metadata server and package contents are downloaded from a location chosen by the package maintainers. Private Packagist will store copies of mirrored package contents, so Composer can download them from there, but the lock files will still contain the maintainers' original URLs for reference and as a fallback.

Read more about this in the Packagist official announcement

Eric L. Barnes photo

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Filed in:
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Laravel Forge logo

Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Forge
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $7500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $2500/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
LaraJobs logo

LaraJobs

The official Laravel job board

LaraJobs
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
Rector logo

Rector

Your partner for seamless Laravel upgrades, cutting costs, and accelerating innovation for successful companies

Rector
MongoDB logo

MongoDB

Enhance your PHP applications with the powerful integration of MongoDB and Laravel, empowering developers to build applications with ease and efficiency. Support transactional, search, analytics and mobile use cases while using the familiar Eloquent APIs. Discover how MongoDB's flexible, modern database can transform your Laravel applications.

MongoDB

The latest

View all →
Learn to master Query Scopes in Laravel image

Learn to master Query Scopes in Laravel

Read article
How to Redirect Uppercase URLs to Lowercase with Laravel Middleware image

How to Redirect Uppercase URLs to Lowercase with Laravel Middleware

Read article
Generics Added to Eloquent Builder in Laravel 11.15 image

Generics Added to Eloquent Builder in Laravel 11.15

Read article
Manage Roles and Permissions in Filament with Hex Lite image

Manage Roles and Permissions in Filament with Hex Lite

Read article
Laravel Rest Api now supports Laravel Scout image

Laravel Rest Api now supports Laravel Scout

Read article
Build Your SaaS App in Days with SaaSykit image

Build Your SaaS App in Days with SaaSykit

Read article