Security Vulnerabilities?

Jbugy

Evening All,

When running composer, i notice that two security vulnerabilities are noted, one is symfony which I believe isnt a problem but I also note one for svg-sanitize

However, run i run composer to update it tells me everything is fine?

Can anyone please confirm?

Thank you

clarkwinkelmann

Jbugy can you include your php flarum info output and/or the output of composer why enshrined/svg-sanitize

SVG Sanitize is not a library included by default in Flarum, it comes from one or multiple extensions. If it's FoF Upload, you should be able to update and get enshrined/svg-sanitize version 0.22 that is safe.

If you don't allow SVG file uploads in FoF Uploads, then you can ignore this for the time being, as I don't think there's any way to exploit the vulnerability if you cannot upload that type of file.