Note: The security team have made the determination that because this project doesn't have a stable release, this issue can be fixed in public.

As part of the httpoxy vulnerability, this module includes an affected version of guzzlehttp/guzzle package (~5.0) as a dependency:

http://cgit.drupalcode.org/aegir_cloud/tree/providers/digitalocean/digit...

The guzzlehttp/guzzle dependency should be updated to 6.2.1 to address this issue.

Comments

badjava created an issue. See original summary.

jon pugh’s picture

jon pugh
he/him
Primary language English
Location Newburgh, NY
commented
Status: Active » Needs review

Thanks!

Replacing it with ~6.0.

  • Jon Pugh committed ab0f270 on 7.x-1.x 
    Fixing #2770245: Adding our own composer and vendor instead of just...