Skip to content

Commit 48b22ad

Browse files
authored
fix: patch SA-CONTRIB-2022-047 (#101)
Currently it seems the affected versions incorrectly states 1.0.6 was the patched version, as the "solution" section says to install `8.x-1.6` which would [map to `1.6.0`](https://www.drupal.org/docs/develop/using-composer/manage-dependencies#s-about-semantic-versioning) and that matches the [changelog for that version](https://www.drupal.org/project/config_terms/releases/8.x-1.6) which says it patched this security issue
1 parent 6736ff9 commit 48b22ad

2 files changed

Lines changed: 11 additions & 3 deletions

File tree

advisories/config_terms/DSA-CONTRIB-2022-047.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,17 @@
2020
"introduced": "0"
2121
},
2222
{
23-
"fixed": "1.0.6"
23+
"fixed": "1.6.0"
2424
}
2525
],
2626
"database_specific": {
27-
"constraint": "<1.0.6"
27+
"constraint": "<1.6.0"
2828
}
2929
}
3030
],
3131
"database_specific": {
32-
"affected_versions": "<1.0.6"
32+
"affected_versions": "<1.6.0",
33+
"patched": true
3334
}
3435
}
3536
],

patches.toml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,13 @@ field_affected_versions = [
1010
'>7.0 <=7.86',
1111
'>=7.0 <=7.86'
1212
]
13+
14+
[SA-CONTRIB-2022-047]
15+
field_affected_versions = [
16+
'<1.0.6',
17+
'<1.6.0'
18+
]
19+
1320
[SA-CONTRIB-2024-042]
1421
field_affected_versions = [
1522
'<1.8.0 || >=2.0.0 <2.0.0-beta3',

0 commit comments

Comments
 (0)