pim-community-dev icon indicating copy to clipboard operation
pim-community-dev copied to clipboard

Published 20 hours ago verified publisher icon akeneo

BH-1056: Upgrade phpseclib to v3.0

Open jmleroux opened this issue 3 years ago • 2 comments

Upgrade phpseclib to be less prone to security breach and allow us to configure the .rnd file path (here)

Putting it in the /tmp directory avoid to create it at the project root and add it to the repo if we forget to ignore it.

See also the official for v3 improvements: https://phpseclib.com/docs/why#phpseclib-30-vs-phspeclib-10--20

jmleroux avatar May 24 '22 19:05 jmleroux

Hello @jmleroux, any news on this PR?

ValentinMumble avatar Jun 27 '22 07:06 ValentinMumble

I think it's ready, but need to be tested with real SSO access to ensure backward compatibility

jmleroux avatar Jun 27 '22 09:06 jmleroux

Hello, Can you wait a little more before merging this PR ? We confirmed that it will probably break User Authentication for Apps. We will assess which apps are affected in production and Mégane will test manually each one.

tseho avatar Oct 19 '22 15:10 tseho