|
| 1 | +# php-svg-lib |
| 2 | + |
| 3 | +Endless Lifecycle Support (ELS) for php-svg-lib from TuxCare provides security fixes for php-svg-lib versions that have reached their end-of-life. This allows you to continue running your applications without vulnerability concerns, even after official support has ended. |
| 4 | + |
| 5 | +## Supported Versions |
| 6 | + |
| 7 | +* **php-svg-lib** 0.3.4 |
| 8 | + |
| 9 | +Other versions upon request. |
| 10 | + |
| 11 | +## Connection to ELS for php-svg-lib Repository |
| 12 | + |
| 13 | +This guide outlines the steps needed to integrate the TuxCare ELS for php-svg-lib repository into your application. The repository provides trusted php-svg-lib packages that can be easily integrated into your **Composer** projects. |
| 14 | + |
| 15 | +### Step 1: Get user credentials |
| 16 | + |
| 17 | +You need a username and password in order to use TuxCare ELS for php-svg-lib repository. Anonymous access is disabled. To receive the credentials, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). |
| 18 | + |
| 19 | +### Step 2: Configure Composer authentication |
| 20 | + |
| 21 | +1. Create or edit the `auth.json` file for the user running Composer: |
| 22 | + |
| 23 | + * **Linux/macOS**: |
| 24 | + |
| 25 | + ```text |
| 26 | + ~/.composer/auth.json |
| 27 | + ``` |
| 28 | +
|
| 29 | + * **Windows**: |
| 30 | +
|
| 31 | + ```text |
| 32 | + %APPDATA%\Composer\auth.json |
| 33 | + ``` |
| 34 | +
|
| 35 | +2. Use either the Composer CLI or edit `auth.json` directly to add your credentials for `nexus.repo.tuxcare.com`. |
| 36 | +
|
| 37 | + <CodeTabs :tabs="[ |
| 38 | + { title: 'Composer CLI', content: `composer config --global --auth http-basic.nexus.repo.tuxcare.com USERNAME PASSWORD` }, |
| 39 | + { title: 'auth.json', content: authjson } |
| 40 | + ]" /> |
| 41 | +
|
| 42 | + Replace `USERNAME` and `PASSWORD` with the credentials you received in [Step 1](#step-1-get-user-credentials). |
| 43 | +
|
| 44 | +### Step 3: Register the TuxCare repository |
| 45 | +
|
| 46 | +Add the `els_php` Composer repository either via CLI or by editing `composer.json`: |
| 47 | +
|
| 48 | + <CodeTabs :tabs="[ |
| 49 | + { title: 'Composer CLI', content: cli }, |
| 50 | + { title: 'composer.json', content: composerjson } |
| 51 | + ]" /> |
| 52 | +
|
| 53 | +### Step 4: Install php-svg-lib |
| 54 | +
|
| 55 | +Install the TuxCare-maintained php-svg-lib release that matches your project: |
| 56 | +
|
| 57 | +<CodeTabs :tabs="[ |
| 58 | + { title: 'Composer CLI', content: `composer require phenx/php-svg-lib:0.3.4-p1+tuxcare` }, |
| 59 | + { title: 'composer.json', content: pkgjson } |
| 60 | +]" /> |
| 61 | +
|
| 62 | +**Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.** |
| 63 | +
|
| 64 | +If you edited `composer.json` manually, run `composer update` to install the package: |
| 65 | +
|
| 66 | +```text |
| 67 | +composer update |
| 68 | +``` |
| 69 | + |
| 70 | +Composer will resolve dependencies against the TuxCare repository and install the patched releases. |
| 71 | + |
| 72 | +### Composer Repository Configuration |
| 73 | + |
| 74 | +If you encounter dependency resolution errors like: |
| 75 | + |
| 76 | +`packages from higher priority repository do not match your constraint` |
| 77 | + |
| 78 | +it usually means your project requires a package version that is not yet available in the TuxCare repository. |
| 79 | + |
| 80 | +**Solution**: Update your `composer.json` to set the TuxCare repository as non-canonical: |
| 81 | + |
| 82 | +``` |
| 83 | +{ |
| 84 | + "repositories": [ |
| 85 | + { |
| 86 | + "type": "composer", |
| 87 | + "url": "https://nexus.repo.tuxcare.com/repository/els_php/", |
| 88 | + "canonical": false |
| 89 | + } |
| 90 | + ] |
| 91 | +} |
| 92 | +``` |
| 93 | + |
| 94 | +This allows Composer to fall back to Packagist for packages not available in the TuxCare repository, while still preferring TuxCare patches when available. |
| 95 | + |
| 96 | +## Vulnerability Exploitability eXchange (VEX) |
| 97 | + |
| 98 | +VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks. |
| 99 | + |
| 100 | +TuxCare provides VEX for php-svg-lib ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_php/phenx-php-svg-lib/](https://security.tuxcare.com/vex/cyclonedx/els_lang_php/phenx-php-svg-lib/). |
| 101 | + |
| 102 | +## How to Upgrade to a Newer Version |
| 103 | + |
| 104 | +If you have already installed a TuxCare php-svg-lib package and want to upgrade to a newer release, update the version string in your `composer.json` file or run the `composer require` command with the new version: |
| 105 | + |
| 106 | +```text |
| 107 | +composer require phenx/php-svg-lib:VERSION-pN+tuxcare |
| 108 | +``` |
| 109 | + |
| 110 | +Then run `composer update` to apply the changes: |
| 111 | + |
| 112 | +```text |
| 113 | +composer update |
| 114 | +``` |
| 115 | + |
| 116 | +## Resolved CVEs |
| 117 | + |
| 118 | +Fixes for the following vulnerabilities are available in ELS for php-svg-lib from TuxCare: |
| 119 | + |
| 120 | +| CVE ID | Severity | Library | Vulnerable Versions | Safe Version | |
| 121 | +| :-----------------: | :------: | :----------: | :-----------------: | :-----------------: | |
| 122 | +| CVE-2024-25117 | Medium | php-svg-lib | < 0.5.2 | 0.3.4-p1+tuxcare | |
| 123 | +| CVE-2023-50251 | High | php-svg-lib | < 0.5.1 | 0.3.4-p1+tuxcare | |
| 124 | +| GHSA-97m3-52wr-xvv2 | Critical | php-svg-lib | < 0.5.2 | 0.3.4-p1+tuxcare | |
| 125 | + |
| 126 | +If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com). |
| 127 | + |
| 128 | +<script setup> |
| 129 | + |
| 130 | +const authjson = |
| 131 | +`{ |
| 132 | + "http-basic": { |
| 133 | + "nexus.repo.tuxcare.com": { |
| 134 | + "username": "USERNAME", |
| 135 | + "password": "PASSWORD" |
| 136 | + } |
| 137 | + } |
| 138 | +}` |
| 139 | + |
| 140 | +const composerjson = |
| 141 | +`{ |
| 142 | + "repositories": [ |
| 143 | + { |
| 144 | + "type": "composer", |
| 145 | + "url": "https://nexus.repo.tuxcare.com/repository/els_php/", |
| 146 | + "options": { |
| 147 | + "http": { |
| 148 | + "verify": true |
| 149 | + } |
| 150 | + } |
| 151 | + } |
| 152 | + ] |
| 153 | +}` |
| 154 | + |
| 155 | +const cli = |
| 156 | +`composer config repositories.tuxcare '{"type":"composer","url":"https://nexus.repo.tuxcare.com/repository/els_php/","options":{"http":{"verify":true}}}' --json` |
| 157 | + |
| 158 | +const pkgjson = |
| 159 | +`{ |
| 160 | + "require": { |
| 161 | + "phenx/php-svg-lib": "0.3.4-p1+tuxcare" |
| 162 | + } |
| 163 | +}` |
| 164 | + |
| 165 | +</script> |
0 commit comments