Blog Tutorials Packages Newsletter Podcasts

Partners Links Your Account

Composer v1.6.4 is Released With a Security Fix

Published on April 13th, 2018 by Eric L. Barnes

Composer v1.6.4 is Released With a Security Fix image

Today, the Composer team released v1.6.4 and it includes a security fix so all users are encouraged to upgrade. According to Jordi Boggiano, it also includes triaging/merging/fixing for almost 200 issues and you can see everything that changed from the release page on Github.

Below is a highlight of the changes:

Security fixes in some edge case scenarios, recommended update for all users
Fixed regression in version guessing of path repositories
Fixed removing aliased packages from the repository, which might resolve some odd update bugs
Fixed updating of package URLs for GitLab
Fixed run-script –list failing when script handlers were defined
Fixed init command not respecting the current php version when selecting package versions
Fixed handling of uppercase package names in why/why-not commands
Fixed exclude-from-classmap symlink handling
Fixed filesystem permissions of PEAR binaries
Improved performance of subversion repos
Other minor fixes

To get this latest version the Composer CLI tool includes a self-update command and you can run the following:

composer self-update

For complete details visit the v1.6.4 release page.

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Threads

Instagram

Github

Filed in:

News Composer

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

Humbly Confident Senior Laravel Engineer

Vue / Nuxt Developer

Junior QA & Application Support Specialist

Full-Stack PHP Developer (Laravel)

Builder in Chief

Laravel Code Review

Get expert guidance in a few days with a Laravel code review

Partners

View all →

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Providing innovation and stability to ensure your web application succeeds.

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Easily create and manage your servers and deploy your Laravel applications in seconds.

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $9500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

The latest

View all →

Watch the Teaser for 'The Story of PHP' Documentary image

Watch the Teaser for 'The Story of PHP' Documentary

Ship AI with Laravel: Give Your AI Agent Live Web Search image

Ship AI with Laravel: Give Your AI Agent Live Web Search

Lattice: Describe Inertia UIs in PHP image

Lattice: Describe Inertia UIs in PHP

How We Cached Laravel News at the Edge with Fast Laravel image

How We Cached Laravel News at the Edge with Fast Laravel

The artisan dev Command in Laravel 13.16.0 image

The artisan dev Command in Laravel 13.16.0

LaraOwl: Self-Hosted Monitoring for Laravel Applications image

LaraOwl: Self-Hosted Monitoring for Laravel Applications