diff --git a/Neos.Flow/Documentation/TheDefinitiveGuide/PartV/ChangeLogs/8113.rst b/Neos.Flow/Documentation/TheDefinitiveGuide/PartV/ChangeLogs/8113.rst new file mode 100644 index 0000000000..218b9d839e --- /dev/null +++ b/Neos.Flow/Documentation/TheDefinitiveGuide/PartV/ChangeLogs/8113.rst @@ -0,0 +1,78 @@ +`8.1.13 (2024-06-28) `_ +================================================================================================ + +Overview of merged pull requests +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`BUGFIX: Avoid insecure composer/composer versions `_ +-------------------------------------------------------------------------------------------------------------------- + +This adjusts the dependency to ``~2.2.24 || ^2.7.7`` to avoid versions vulnerable to multiple command injections via malicious branch names. + +More details in: + +- https://blog.packagist.com/composer-2-7-7/ +- https://github.com/advisories/GHSA-v9qv-c7wm-wgmf +- https://github.com/advisories/GHSA-47f6-5gq3-vx9c + + +* Packages: ``Flow`` + +`BUGFIX: Dont log stack trace for `InvalidHashException` in Production `_ +---------------------------------------------------------------------------------------------------------------------------------------- + +This configures an ``invalidHashExceptions`` exception handler rendering group and configures it to not dump stack traces in ``Production`` context. For ``Development`` context stack traces are still written to ease debugging. + +* See: `#3159 `_ + +**Upgrade instructions** + +In case you need trace dumps for ``InvalidHashException`` in production context, override the settings as needed. + +**Review instructions** + +* See: `#3159 `_ for ways to trigger those exceptions. Then check if a trace is dumped. + + +* Packages: ``Flow`` + +`BUGFIX: Fix documentation of `maximumThrowableDump` defaults `_ +------------------------------------------------------------------------------------------------------------------------------- + +* Related: `#3158 `_ + +* Packages: ``Flow`` + +`TASK: Scripts.php avoid use of same references for exec `_ +-------------------------------------------------------------------------------------------------------------------------- + +Followup to https://github.com/neos/flow-development-collection/pull/3116 + +I debugged with @dlubitz a problem and we found that in theory? $output _might_ be possibly already filled? +I dont know if that can happen but just to be sure we set it to empty as its also a bad practice. + + +**Upgrade instructions** + + +* Packages: ``Flow`` + +`TASK: Fix errors in Middleware code example `_ +-------------------------------------------------------------------------------------------------------------- + +I found two small errors in the Middleware code example in the documentation. + + +* Packages: ``Flow`` + +`TASK: Correct Flow composer.json `_ +--------------------------------------------------------------------------------------------------- + +The upmerge commit `42e3fd7886d5bed317511a2046d4119867216923 `_ wrongly overwrote major parts of Flows composer.json, introducing older versions of PHP and psr/log as well as removing dependencies on some other psr packages. This change corrects the issue and needs to be upmerged accordingly. + +The changes were never merged into the collection composer.json so that the issue was not noticed in development environments. + +* Packages: ``Flow`` + +`Detailed log `_ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~