Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
A security release for Twig was release on 2015/08/12. I believe this is an issue b/c we allow Twig tokens to be used in user input in places (eg, Views).
Proposed resolution
Update Twig.
Remaining tasks
Do it.
User interface changes
?
API changes
?
Data model changes
None.
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | update_to_twig_1_20-2550299-4.patch | 190.02 KB | neclimdul |
| #2 | 2550299-01.patch | 181.06 KB | mpdonadio |
| |||
| #2 | 2550299-composer.json-only.patch | 458 bytes | mpdonadio |
Comments
Comment #2
mpdonadioThink I did this right. Just updated the composer.json, attached that for review, then did a `composer update twig/twig` and did the diff.
Comment #4
neclimdulI think you missed the new file. Same composer change, same command, just stagged all the changes before making the diff.
Comment #5
larowlanPretty straight forward bump
Comment #6
webchickNormally I'd hold something like this for a couple of days and ask for manual testing, but we have to do this either way due to the security nature of things, so might as well see what fallout happens sooner than later.
Committed and pushed to 8.0.x. Thanks!
Comment #8
dawehnerVariadic functions .... seriously.