Laravel <= v8.4.2 debug mode: Remote code execution

More info here. Not sure if this affects IN 5, but I thought it might be of interest.

1 Like

Hey there,

Thanks for reporting this to us, it’s awesome to see we have such a nice community. At the moment, we’re on 2.5.8.

We reported the bug, along with a patch, to the maintainers of Ignition on GitHub on the 16th of November 2020, and a new version (2.5.2) was issued the next day. Since it is a require-dev dependency of Laravel, we expect every instance installed after this date to be safe.

1 Like