Composer v1.6.4 is Released With a Security Fix

Composer v1.6.4 is Released With a Security Fix

Today, the Composer team released v1.6.4 and it includes a security fix so all users are encouraged to upgrade. According to Jordi Boggiano, it also includes triaging/merging/fixing for almost 200 issues and you can see everything that changed from the release page on Github.

Below is a highlight of the changes:

  • Security fixes in some edge case scenarios, recommended update for all users
  • Fixed regression in version guessing of path repositories
  • Fixed removing aliased packages from the repository, which might resolve some odd update bugs
  • Fixed updating of package URLs for GitLab
  • Fixed run-script –list failing when script handlers were defined
  • Fixed init command not respecting the current php version when selecting package versions
  • Fixed handling of uppercase package names in why/why-not commands
  • Fixed exclude-from-classmap symlink handling
  • Fixed filesystem permissions of PEAR binaries
  • Improved performance of subversion repos
  • Other minor fixes

To get this latest version the Composer CLI tool includes a self-update command and you can run the following:

composer self-update

For complete details visit the v1.6.4 release page.


Filed in: News / Composer


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Full Stack Developer (Laravel/Vue.JS)
London, UK or Remote (UK only)
hullo Ltd
Senior Web Developer
San Diego, CA
Platform Science
Laravel Developer
San Jose, CA
X3 Builders
Lead Front End Developer
Remote
continued
Full-Stack Laravel Developer
Cologne
Revive Interior
Intermediate PHP Developer (Full Stack | CakePHP | Laravel | Vue | jQuery)
Remote
continued
Senior PHP Developer (Full Stack | CakePHP | Laravel | Vue | jQuery)
Remote
continued