Skip to content

bump version guzzlehttp/psr7#1940

Open
Monica-Wood wants to merge 1 commit into
collectiveaccess:masterfrom
Monica-Wood:patch-17
Open

bump version guzzlehttp/psr7#1940
Monica-Wood wants to merge 1 commit into
collectiveaccess:masterfrom
Monica-Wood:patch-17

Conversation

@Monica-Wood

@Monica-Wood Monica-Wood commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Upping version to any version 2 to keep up with security fixes.

This needs to be tested and reviewed!

Prompted by composer security audit:

+-------------------+----------------------------------------------------------------------------------+
| Package           | guzzlehttp/psr7                                                                  |
| CVE               | CVE-2026-48998                                                                   |
| Title             | guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation                |
| URL               | https://github.com/advisories/GHSA-34xg-wgjx-8xph                                |
| Affected versions | <2.10.2                                                                          |
| Reported at       | 2026-06-11T13:04:53+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | guzzlehttp/psr7                                                                  |
| CVE               | CVE-2026-49214                                                                   |
| Title             | guzzlehttp/psr7 has CRLF Injection via URI Host Component                        |
| URL               | https://github.com/advisories/GHSA-hq7v-mx3g-29hw                                |
| Affected versions | <2.10.2                                                                          |
| Reported at       | 2026-06-11T13:04:47+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Upping version to any version 2 to keep up with security fixes.

Prompted by composer security audit:
+-------------------+----------------------------------------------------------------------------------+
| Package           | guzzlehttp/psr7                                                                  |
| CVE               | CVE-2026-48998                                                                   |
| Title             | guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation                |
| URL               | GHSA-34xg-wgjx-8xph                                |
| Affected versions | <2.10.2                                                                          |
| Reported at       | 2026-06-11T13:04:53+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | guzzlehttp/psr7                                                                  |
| CVE               | CVE-2026-49214                                                                   |
| Title             | guzzlehttp/psr7 has CRLF Injection via URI Host Component                        |
| URL               | GHSA-hq7v-mx3g-29hw                                |
| Affected versions | <2.10.2                                                                          |
| Reported at       | 2026-06-11T13:04:47+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant