I got the following error when trying to do composer install --no-progress within deployment:
1 packages have known vulnerabilities.
!!
!! symfony/http-kernel (v5.0.7)
!! ----------------------------
!!
!! * [CVE-2020-15094][]: Prevent RCE when calling untrusted remote with CachingHttpClient
!!
!! [CVE-2020-15094]: https://symfony.com/cve-2020-15094
Following this link provided in my error: https://symfony.com/blog/cve-2020-15094-prevent-rce-when-calling-untrusted-remote-with-cachinghttpclient
It navigates me to the following github link here: https://github.com/symfony/symfony/commit/ba3975329149cddebfe969f70b2577b0e37d1e76
What does that mean for local development and the fix associated to it? I tried following the link: src/Symfony/Component/HttpClient/Tests/CachingHttpClientTest.php
My project doesn't have that link
So how do I fix this issue? How does one update issues that come up moving forward? I'm using a mac set up.
The best way to move forward is to update to a later Symfony version. 5.0 is not maintained anymore, you can use 5.1 or 5.2. If you are not the one responsible for updating dependencies on the project, you may want to report this to the person who is.
If you look at the page linked in the error itself (https://symfony.com/cve-2020-15094) you can read:
The issue has been fixed in Symfony 4.4.13 and 5.1.5. Symfony 4.3 and 5.0 won't be patched as they are not maintained anymore.
To update Symfony you can follow this link: https://symfony.com/doc/current/setup/upgrade_minor.html
Related
I've got a strange problem going on with Symfony. Today I made brand new project using composer create-project symfony/website-skeleton gall command and right after installation, before doing anything in code I go to the website and the only thing that is said on webprofiler toolbar is "An error occurred while loading the web debug toolbar." I don't even get to see what kind of error is this.
The server I'm running is PHP v. 7.2.3, program is Xampp for Windows.
I thought maybe this default starting page is bugged, so I made some test controller and the error is exactly the same. Have you encountered such problem with latest symfony?
I would never figure it out myself, but adding index.php to browser address resolved the issue.
Much better solution is to use command
composer require symfony/apache-pack
As the .htaccess file is not included in the website-skeleton by default :)
Thanks for pointing me in the right direction guys!
I want to use Symfony 4.x for a new project, I have installed composer and used it to create a new project. My php version is 7.0.10 & I have wamp as well.
In this tutorial (https://symfony.com/doc/master/setup.html), it says after you run the server "Open your browser and navigate to http://localhost:8000/". When I do so, I get a No route found for "GET /" error.
the pictures bellow display what I get as an error more precisely :
as well as
I have installed everything following the guide on their official page. I have seen this problem being discussed on github (https://github.com/symfony/symfony-docs/issues/9178) but I don't understand their "quick fix" nor what they're talking about.
I want to know how to get my project running without that problem.
Thanks for any help
It’s strange but It’s totally normal and the error proved that Symfony is well installed
It’s not a « compile » or « configuration » error it’s just a logical error that means you don’t have route defined at
url / so keep learning and define a route (see doc and you see the result)
I am using Reportico reporting module, and follow the installation instructions listed on official website, but somehow its not working.
Here are the steps I followed:
I have created a fresh laravel project mentioned on laravel docs:
composer create-project --prefer-dist laravel/laravel blog
Then within the project root directory, I executed the following command by using composer:
composer require reportico/laravel-reportico "~5.2"
And remaining steps are same as listed on Reportico website. It did not give me any error message in the steps, but finally when I go to the url:
http://localhost:8000/index.php/reportico
It is showing error message that route not found.
Can anybody suggest how to fix this, or is there any free-open-source reporting tool which I can use with Laravel project.
This project was upgraded to 5.4 in February, but unfortunately there was a problem which made it unavailable to the world. I believe I have fixed this now so please retry the composer require command and you should get version 5.4 of the package.
If it doesnt work you could try using the following instead to force the version update:
composer require "reportico/laravel-reportico" "dev-master"
Also, the error messsage you are getting implies you havent added to your config/app.php file in the providers section
Reportico\Reportico\ReporticoServiceProvider::class
This is very important. Please let me know if this works.
Peter
I had the same issue.
Changing the url to below worked for me
http://localhost:8000/index.php/reportico
Hope it helps someone.
This is regarding Laravel and I am still pretty new to the framework. I recently updated my Laravel to 5.4. And I am running into the following error:
[Symfony\Component\Debug\Exception\FatalThrowableError]
Call to undefined method Illuminate\Foundation\Application::share()
Some investigation landed me on one of my vendor module 'Way' is still call share(), which is no longer supported. I did realize that singleton() is the preferred way, but should I even touch the vendor files? Should composer update the vendor Modules as well (especially Way since it is one of the core module)?
Any tips will be greatly appreciated!
Thanks.
laravel 5.4 share has been removed. You will have to use the singleton instead.
See this
https://github.com/laravel/framework/commit/1a1969b6e6f793c3b2a479362641487ee9cbf736
I was able to fix it for now by adjusting the way generator line in composer.json to:
"way/generators": "dev-master"
The library was updated but it is just not included in the composer update.
Just want to post the answer here in case anyone is running into similar issue.
This library does not have support for Laravel 5.4 .
Author referred other library : laracasts/generators. Both the packages are managed by same author.
Check below link : https://github.com/JeffreyWay/Laravel-4-Generators#laravel-5
I don't know if this is a Symfony issue or a FOSUserBundle issue so I'll report here and hope get some help. I have two development instances:
CentOS 6.5, PHP 5.5.16, MySQL 5.5.37
CentOS 7, PHP 5.6.0, MariaDB 5.5.37
I tried the same project in both instances and by same project I mean the same: copied without any vendor and in both instances run "composer update" at first. After composer updates the vendor I tried to access admin area, which is handled by, FOSUserBundle and surprise in the first instance it works without any problem but in the second one it does not work and I get this error:
Error! Warning: Erroneous data format for unserializing
'Tanane\UserBundle\Entity\User' in
/var/www/html/tanane/vendor/doctrine/orm/lib/Doctrine/ORM/Mapping/ClassMetadataInfo.php
line 872
Can any give me some advice around this? Is a Symfony bug or a FOSUserBundle bug? Or it's other thing and I don't see it?
Yes, this is a known problem, though it's not in FOSUserBundle. This problem is caused by Doctrine 2, the deserialization is broken there on creating a ClassMetadataInfo.
However, fixing this problem involves introducing some incompatibilities in Doctrine's architecture, so this won't be fixed until Doctrine 2.5 release at least.
Currently, the options are to switch back to PHP 5.5 or less or use a master version of Doctrine (the pull request fixing this does not seem to be tagged yet)
See this Doctrine Jira ticket for more info.