Composer v1.6.4 is Released With a Security Fix

Today, the Composer team released v1.6.4 and it includes a security fix so all users are encouraged to upgrade. According to Jordi Boggiano, it also includes triaging/merging/fixing for almost 200 issues and you can see everything that changed from the release page on Github.

Below is a highlight of the changes:

• Security fixes in some edge case scenarios, recommended update for all users
• Fixed regression in version guessing of path repositories
• Fixed removing aliased packages from the repository, which might resolve some odd update bugs
• Fixed updating of package URLs for GitLab
• Fixed run-script –list failing when script handlers were defined
• Fixed init command not respecting the current php version when selecting package versions
• Fixed handling of uppercase package names in why/why-not commands
• Fixed exclude-from-classmap symlink handling
• Fixed filesystem permissions of PEAR binaries
• Improved performance of subversion repos
• Other minor fixes

To get this latest version the Composer CLI tool includes a self-update command and you can run the following:

composer self-update

For complete details visit the v1.6.4 release page.