2.2.22 - released 2023-09-29
View the release on GitHub
Changelog
- Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
- Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
- Fixed handling of broken junctions on windows (#11550)
- Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
- Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
- Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
- Fixed support for plugin classes being marked as readonly (#11404)
- Fixed GitHub rate limit reporting (#11366)
- Fixed issue displaying solver problems with branch names containing
%
signs (#11359)