You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa php-twig

Sigurnosni nedostatak programskog paketa php-twig

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-08-27 17:52:04.307033

Name : php-twig
Product : Fedora 22
Version : 1.20.0
Release : 1.fc22
Summary : The flexible, fast, and secure template engine for PHP
Description :
The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The
overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
allows Twig to be used as a template language for applications where users
may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the
developer to define its own custom tags and filters, and create its own

Update Information:

## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates
and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *
deprecated Twig_Template::getEnvironment() * deprecated the _self variable for
usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease
the compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child
template * added support for variadic filters, functions, and tests * added
support for extra positional arguments in macros * added ignore_missing flag to
the source function * fixed batch filter with zero items * deprecated
Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the
include function

[ 1 ] Bug #1249259 – php-twig-v1.20.0 is available
[ 2 ] Bug #1255796 – php-twig: Remote code execution via Twig templates [fedora-all]

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-twig’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2015-08-0014-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa firefox

Otkriveni su sigurnosni nedostaci u programskom paketu firefox. Otkriveni nedostaci potencijalnim napadačima omogućuju pokretanje proizvoljnog programskog koda, instalaciju malicioznih dodataka...