Today, the Composer team released v1.6.4 and it includes a security fix so all users are encouraged to upgrade. According to Jordi Boggiano, it also includes triaging/merging/fixing for almost 200 issues and you can see everything that changed from the release page on Github.
Below is a highlight of the changes:
- Security fixes in some edge case scenarios, recommended update for all users
- Fixed regression in version guessing of path repositories
- Fixed removing aliased packages from the repository, which might resolve some odd update bugs
- Fixed updating of package URLs for GitLab
- Fixed run-script –list failing when script handlers were defined
- Fixed init command not respecting the current php version when selecting package versions
- Fixed handling of uppercase package names in why/why-not commands
- Fixed exclude-from-classmap symlink handling
- Fixed filesystem permissions of PEAR binaries
- Improved performance of subversion repos
- Other minor fixes
To get this latest version the Composer CLI tool includes a
self-update command and you can run the following:
For complete details visit the v1.6.4 release page.