Composer v1.6.4 is Released With a Security Fix

Composer v1.6.4 is Released With a Security Fix

Today, the Composer team released v1.6.4 and it includes a security fix so all users are encouraged to upgrade. According to Jordi Boggiano, it also includes triaging/merging/fixing for almost 200 issues and you can see everything that changed from the release page on Github.

Below is a highlight of the changes:

  • Security fixes in some edge case scenarios, recommended update for all users
  • Fixed regression in version guessing of path repositories
  • Fixed removing aliased packages from the repository, which might resolve some odd update bugs
  • Fixed updating of package URLs for GitLab
  • Fixed run-script –list failing when script handlers were defined
  • Fixed init command not respecting the current php version when selecting package versions
  • Fixed handling of uppercase package names in why/why-not commands
  • Fixed exclude-from-classmap symlink handling
  • Fixed filesystem permissions of PEAR binaries
  • Improved performance of subversion repos
  • Other minor fixes

To get this latest version the Composer CLI tool includes a self-update command and you can run the following:

composer self-update

For complete details visit the v1.6.4 release page.


Filed in: News / Composer


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Web Developer
Remote
Livesystems dooh AG
Senior Backend Engineer
Remote
64 Robots
Senior Laravel Developer
Atlanta, GA
Helium LLC
Full-Stack Developer (JS - Vue.js, PHP - Laravel)
US Remote / Telecommute
TTEC Digital
Backend Engineer
Brooklyn, NY
Stationhead
Back-End Developer
Orlando, FL
Christ for all Nations
Senior Software Developer
Nashville, TN
Bernard Health