Merge tag '3.0.2' into develop

Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
2022-02-27 12:34:23 +01:00 · 2022-02-27 12:34:23 +01:00 · 7f28275fb0
commit 7f28275fb0
parent bf4a761d3a 148a171b24
8 changed files with 866 additions and 147 deletions
--- a/composer.json
+++ b/composer.json
@ -25,6 +25,8 @@
    "aura/session": "^2.1",
    "barracudanetworks/archivestream-php": "^1.0",
    "consolidation/log": "^2.0",
+    "cweagans/composer-patches": "^1.7",
+    "j0k3r/httplug-ssrf-plugin": "^2.0",
    "jawira/case-converter": "^3.4",
    "jean85/pretty-package-versions": "^1.3",
    "mathmarques/smarty-view": "^1.2",
@ -97,7 +99,12 @@
    },
    "installer-types": [
      "library"
-    ]
+    ],
+    "patches": {
+      "ytdl-org/youtube-dl": {
+        "Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
+      }
+    }
  },
  "scripts": {
    "lint": "grumphp run --ansi",