What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hi everyone, I am updating the spryker/http from a Security notification: RCE vulnerability in the H

U026NDPAYUF
U026NDPAYUF Posts: 1 🧑🏻‍🚀 - Cadet
edited April 2022 in Help

Hi everyone, I am updating the spryker/http from a Security notification: RCE vulnerability in the HTTP module of Spryker OS and my case is this one described by spryker on an old version of spryker =>
*Q: I don’t have spryker/http on my project, but the archived Silex package is used instead*
*A: Replace Symfony Silex version with Spryker fork.*
*composer update spryker/silex --with-dependencies*
*Open composer.lock file and make sure that spryker/silexphp package installed in version 0.3.10*
*Find all usages in code of \Silex\Provider\HttpFragmentServiceProvider class and add getenv('SPRYKER_ZED_REQUEST_TOKEN') to the getting class instance call as on code snippet:*
*new HttpFragmentServiceProvider( getenv('SPRYKER_ZED_REQUEST_TOKEN')),*
The issue is that i have is spryker/silexphp package installed is version 0.3.5 so I dont really know what to do for this case! {I can not update the PHP to 7.2 btw} Does anyone had the problem?

Comments

  • USZ0XG6SK
    USZ0XG6SK Posts: 111 🧑🏻‍🚀 - Cadet

    I know that it doesn’t really answer your question and isn’t something you want to hear but you should really force that PHP update.
    Version 7.1 - 7.3 reached their EOL quite some time ago https://www.php.net/supported-versions.php which also means they won’t be supported by Spryker anymore.

Categories