fixed CVE-2015-5723 in the Proxy generator

doctrine · Sep 1, 2015 · 9beaa8f · 9beaa8f
1 parent 92f4aea
commit 9beaa8f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,18 @@
 Changelog
 =========
 
+1.2.5
+-----
+
+Fixed CVE-2015-5723 in the Proxy Generator
+
+* **2015-09-01**: resolved a security vulnerability related to Proxy generation in ODM.
+                  Doctrine Common and ORM are also affected, so users are encouraged to
+                  update all libraries and dependencies. The vulnerability has been assigned
+                  [CVE-2015-5723](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723)
+                  and additional information on the issue may be found in
+                  [this blog post](http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html).
+
 1.2.0
 -----
 

diff --git a/lib/Doctrine/ODM/PHPCR/Tools/Console/Command/GenerateProxiesCommand.php b/lib/Doctrine/ODM/PHPCR/Tools/Console/Command/GenerateProxiesCommand.php
@@ -83,7 +83,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
         }
 
         if ( ! is_dir($destPath)) {
-            mkdir($destPath, 0777, true);
+            mkdir($destPath, 0775, true);
         }
 
         $destPath = realpath($destPath);

diff --git a/lib/Doctrine/ODM/PHPCR/Version.php b/lib/Doctrine/ODM/PHPCR/Version.php
@@ -27,5 +27,5 @@ class Version
     /**
      * Current version of PHPCR ODM
      */
-    const VERSION = '1.2.0';
+    const VERSION = '1.2.5';
 }