After pulling in this fork to our project, we've received dependabot alerts regarding a couple CakePHP2 vulnerabilities, notably: ``` CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. ``` I realize the scope of this project is to provide the minimal set of patches to meet compatibility with PHP8. But I wanted to inquire if there was any potential roadmap for patching issues like this, or if perhaps this has already been done? Thanks.
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by jeffpamer and has received 4 comments.
Add a comment
Comment form would go here