🚨 [security] New version of typo3/cms-core (11.5.30) broke the build #31
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
|
Hey! Changelogs info seems to be missing or might be in incorrect format. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We've tested your project with an updated dependency and the build failed.
This version is either within the version range you specified or you haven't specified a version/range. To be able to test your project with the new version, we've taken the liberty of pinning the version for this branch and pull request.
Unfortunately, we encountered failing tests after pinning. This means that this new version is not compatible with your project and the test failure will potentially also happen on fresh installs.
If you have correctly specified a semantic versioning version range, you should probably also file an issue with the upstream project as they might have released an update that's breaking SemVer rules, which is not cool. (But then again, not all projects explicitly follow SemVer)
We've left the pull request open for you to investigate this issue. Please don't merge it as is, because, again, we've pinned the version of typo3/cms-core for this test run.
What changed?
✳️ typo3/cms-core (^11.0 → 11.5.30) · Repo
Security Advisories 🚨
🚨 Information Disclosure due to Out-of-scope Site Resolution
Commits
See the full diff on Github. The new version differs by 8 commits:
[RELEASE] Release of TYPO3 11.5.30[SECURITY] Avoid out-of-scope page access for non-matching site[SECURITY] Upgrade to typo3/html-sanitizer v2.1.2[BUGFIX] Ensure `uid` is not updated when updating resources[TASK] Drop redundant condition from TransportFactory[BUGFIX] Fix fallback icons for custom page types[BUGFIX] Make icon cache in localStorage version-aware[TASK] Set TYPO3 version to 11.5.30-devDepfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands