Composer v2.1.9 Release Notes

Release Date: 2021-10-05 // 24 days ago
    • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
    • Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107)
    • Fixed inline git credentials showing up in output in some conditions (#10115)
    • Fixed support for running updates while offline as long as the cache contains enough information (#10116)
    • Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095)
    • Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132)
    • Fixed CA bundle to remove the expired Let's Encrypt root CA

Previous changes from v2.1.8

    • Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode (#10102)