craftcms / security-patches
Provides security patches for out-of-date Craft CMS installs
Installs: 2 182
Dependents: 0
Suggesters: 0
Security: 0
Stars: 18
Watchers: 5
Forks: 0
Open Issues: 0
Type:yii2-extension
Requires
- php: >=7.2.5
- craftcms/cms: ^3.6.0|^4.0|^5.0
Requires (Dev)
- craftcms/ecs: dev-main
- craftcms/phpstan: dev-main
This package is auto-updated.
Last update: 2025-04-17 22:33:51 UTC
README
Provides security patches for out-of-date Craft CMS installs.
Warning
This extension only attempts to mitigate high-severity vulnerabilities, and is not a substitute for keeping Craft CMS up-to-date. Maintaining a regular update cadence to ensure Craft CMS is kept up-to-date on a supported version is highly recommended.
Compatibility
This extension is compatible with Craft CMS 3.6.0+, 4.0.0+, and 5.0.0+.
Installation
To install, run the following command within a Craft 3/4/5 project:
composer require craftcms/security-patches:dev-main
Note If you get the following prompt, make sure to answer
y:yiisoft/yii2-composer contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins Do you trust "yiisoft/yii2-composer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json)
Mitigated Security Advisories
GHSA-f3gw-9ww9-jmc3(RCE, pending CVE)- Affects Craft CMS 3.0.0 – 3.9.14, 4.0.0 – 4.14.14, and 5.0.0 – 5.6.16
- Fixed in Craft CMS 3.9.15, 4.14.15, and 5.6.17
CVE-2024-56145- Affects Craft CMS 3.0.0 – 3.9.13, 4.0.0 – 4.13.1, and 5.0.0 – 5.5.1
- Fixed in Craft CMS 3.9.14, 4.13.2, and 5.5.2