github Spomky-Labs/otphp 11.4.3
on GitHub

6 hours ago

🔒 Security release

This release fixes two medium-severity advisories affecting Factory::loadFromProvisioningUri() — the entry point used to load third-party otpauth:// provisioning URIs. All versions < 11.4.3 are affected; upgrade to 11.4.3.

  • GHSA-g7m4-839x-ch6v — an unbounded digits value made 10 ** digits overflow, raising an uncatchable DivisionByZeroError in at()/now()/verify(). digits is now bounded to 1..10.
  • GHSA-2jx3-65f3-xr8r — a hostile URI key could mass-assign internal properties (state corruption, TypeError, readonly Error). Only label/issuer are now written; any failure surfaces as the documented InvalidProvisioningUriException.

Release Notes for 11.4.3

11.4.x bugfix release (patch)

11.4.3

  • Total issues resolved: 0
  • Total pull requests resolved: 1
  • Total contributors: 1

bug

Check out latest releases or
releases around Spomky-Labs/otphp 11.4.3

Don't miss a new otphp release

NewReleases is sending notifications on new releases.

Get notifications