0025621: `vendor` folder is not protected - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0025621	mantisbt	security	public	2019-03-18 23:49	2020-12-30 08:27

Reporter	vboctor	Assigned To	vboctor
Priority	urgent	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2.20.0
Target Version	2.20.1	Fixed in Version	2.20.1

Summary	0025621: `vendor` folder is not protected
Description	We should protect the `vendor` folder the same way we protect other folders that shouldn't be accessed directly (e.g. `library`, `core`, etc).
Tags	No tags attached.

MantisBT: master-2.20 9b07063e 2019-04-19 22:42 vboctor Details Diff	Protect vendors folder Fixes 0025621	Affected Issues 0025621
	add - vendor/.htaccess	Diff File
	add - vendor/Web.config	Diff File