« Changelog History


Composer v2.3.5 Release Notes

Release Date: 2022-04-13 // about 2 years ago
    • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
    • Added warning when downloading a file with verify_peer[_name] disabled (#10722)
    • Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
    • Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
    • Fixed validate command checking the lock file even if the lock option is disabled (#10723)
    • Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)