Problem/Motivation

A security release for Twig was release on 2015/08/12. I believe this is an issue b/c we allow Twig tokens to be used in user input in places (eg, Views).

Proposed resolution

Update Twig.

Remaining tasks

Do it.

User interface changes

?

API changes

?

Data model changes

None.

Files: 
CommentFileSizeAuthor
#4 update_to_twig_1_20-2550299-4.patch190.02 KBneclimdul
PASSED: [[SimpleTest]]: [PHP 5.5 MySQL] 101,575 pass(es). View
#2 2550299-01.patch181.06 KBmpdonadio
FAILED: [[SimpleTest]]: [PHP 5.5 MySQL] Failed to run tests: PHP Fatal error encountered during run_tests.sh. See review log for details.. View
#2 2550299-composer.json-only.patch458 bytesmpdonadio
PASSED: [[SimpleTest]]: [PHP 5.5 MySQL] 101,568 pass(es). View

Comments

mpdonadio created an issue. See original summary.

mpdonadio’s picture

Status: Active » Needs review
FileSize
458 bytes
PASSED: [[SimpleTest]]: [PHP 5.5 MySQL] 101,568 pass(es). View
181.06 KB
FAILED: [[SimpleTest]]: [PHP 5.5 MySQL] Failed to run tests: PHP Fatal error encountered during run_tests.sh. See review log for details.. View

Think I did this right. Just updated the composer.json, attached that for review, then did a `composer update twig/twig` and did the diff.

Status: Needs review » Needs work

The last submitted patch, 2: 2550299-01.patch, failed testing.

neclimdul’s picture

Status: Needs work » Needs review
FileSize
190.02 KB
PASSED: [[SimpleTest]]: [PHP 5.5 MySQL] 101,575 pass(es). View

I think you missed the new file. Same composer change, same command, just stagged all the changes before making the diff.

larowlan’s picture

Status: Needs review » Reviewed & tested by the community

Pretty straight forward bump

webchick’s picture

Status: Reviewed & tested by the community » Fixed

Normally I'd hold something like this for a couple of days and ask for manual testing, but we have to do this either way due to the security nature of things, so might as well see what fallout happens sooner than later.

Committed and pushed to 8.0.x. Thanks!

  • webchick committed 8043f5c on 8.0.x
    Issue #2550299 by mpdonadio, neclimdul: Update to Twig 1.20
    
dawehner’s picture

Variadic functions .... seriously.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.