Merge pull request hanneskod#35 from hanneskod/CVE-2018-17057

Added additional version constraint to mitigate CVE-2018-17057
liip · Mar 27, 2019 · cd0591e · cd0591e
2 parents 46a0611 + c93b6b1
commit cd0591e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,7 +10,7 @@ php:
 install:
   - composer install
   - composer global require chh/bob:^1@alpha
-  - export PATH=$PATH:$HOME/.composer/vendor/bin/
+  - export PATH=$PATH:$HOME/.config/composer/vendor/bin/:$HOME/.composer/vendor/bin/
   - bob install_dev_tools
 
 script:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,13 @@ All notable changes to this project will be documented in this file.
 
 After some early deviations this project now adheres to [Semantic Versioning](http://semver.org/).
 
-## [4.0.0-beta1] - 2018-11-12
+## [4.0.1] - 2019-03-27
+
+### Added
+- Added additional version constraint in composer.json to protect against
+  [CVE-2018-17057](https://polict.net/blog/CVE-2018-17057).
+
+## [4.0.0] - 2018-11-16
 
 ### Added
 - Added `PagesInterface`.

diff --git a/composer.json b/composer.json
@@ -18,6 +18,7 @@
     },
     "require": {
         "php": "^7.1",
+        "tecnickcom/tcpdf": "^6.2.22",
         "setasign/fpdi-tcpdf": "^2.0",
         "rafikhaceb/tcpdi": "^1"
     },