View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0036860mantisbttoolspublic2026-01-30 08:142026-02-03 17:11
Reporterdregad Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version2.28.1Fixed in Version2.28.1 
Summary0036860: Update PHPUnit to 9.6.34
Description

According to PHPUnit release notes, a security issue in earlier versions allows Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests.

Dependabot PR https://github.com/mantisbt/mantisbt/pull/2172 for 9.6.33

Going straight to 9.6.34, which includes a fix for a regression issue.

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0033098 closeddregad Ugrade to PHPUnit 9.6 and adapt test suite 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.28 3a3c7a8b

2026-01-30 08:18

dregad


Details Diff		 Bump phpunit/phpunit from 9.6.31 to 9.6.34

Also increase minimum versions in composer.json.

Fixes 0036860, PR https://github.com/mantisbt/mantisbt/pull/2172		 Affected Issues
0036860
mod - composer.json Diff File
mod - composer.lock Diff File