Hi Chris
Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
Ths thing is that this CVE tells that drupal7 is also vulnerable but drupal7 is not in dla-needed.txt.
Is there any specific reason for this?
I guess there is, like drupal7 impact was realized later, or lack of time for triaging or something else.
Or should I add drupal7 as well?
I decided to ask instead of spending a lot of time trying to figure this out from git history.
Cheers
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
---------------------------------------------------------------