Problem/Motivation

While trying to resolve version dependencies in a project running both xls_serialization and url_status_scanner, I found this issue, alluding to a security vulnerability in phpoffice/phpspreadsheet: https://www.drupal.org/project/url_status_scanner/issues/3552525

Therefore, I would like to update the minimum required version to the 5.1 branch.

Proposed resolution

Currently, composer.json requires "^2.3.7 || ^3.9.0", can we replace that line with just "^5.1"

Issue fork xls_serialization-3553753

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

rominronin created an issue. See original summary.

rominronin opened merge request !53

mably’s picture

mably commented

Related CVE : https://nvd.nist.gov/vuln/detail/CVE-2025-54370

mably opened merge request !54

mably’s picture

mably commented
Status: Active » Needs review
mably’s picture

mably commented

I'm not sure current implementation is compatible with version 5.1 of phpspreadsheet.

Let's stick to 2.4.0 and 3.10.0 for now.

  • mably committed 0670bf79 on 2.1.x 
    Resolve #3553753 "Phpspreadsheet vulnerability 2.1.x"

  • mably committed d78098f8 on 2.0.x authored by rominronin 
    Issue #3553753 by rominronin, mably: phpoffice/phpspreadsheet security...
mably’s picture

mably commented
Status: Needs review » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.