What happened?
Summary
Twig should be updated to 3.14.0 as suggested by composer audit. Is there any reason why currently only the patch releases for twig are installed by ~3.12.0 and we are not using minor versions ^3.12.0?
Details
+-------------------+----------------------------------------------------------------------------------+
| Package | twig/twig |
| CVE | CVE-2024-45411 |
| Title | Twig has a possible sandbox bypass |
| URL | https://github.com/advisories/GHSA-6j75-5wfj-gh66 |
| Affected versions | >=3.0.0,<3.14.0|>=2.0.0,<2.16.1|>=1.0.0,<1.44.8 |
| Reported at | 2024-09-09T20:19:26+00:00 |
+-------------------+----------------------------------------------------------------------------------+
Craft CMS version
4.12.1, etc.
PHP version
8.3
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
What happened?
Summary
Twig should be updated to 3.14.0 as suggested by composer audit. Is there any reason why currently only the patch releases for twig are installed by ~3.12.0 and we are not using minor versions ^3.12.0?
Details
Craft CMS version
4.12.1, etc.
PHP version
8.3
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions