Skip to content

Update framework #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
abnegate merged 1 commit into from
Jan 14, 2026
Merged

Update framework #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"require": {
"php": ">=8.0",
"ext-swoole": "*",
"utopia-php/framework": "0.33.36"
"utopia-php/framework": "0.33.37"
Copy link

@coderabbitai coderabbitai bot Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

utopia-php/framework 0.33.37 release notes changelog

💡 Result:

I can fetch that — do you want the full changelog text for v0.33.37, or just a summary and links to the release/CHANGELOG?

🌐 Web query:

utopia-php/framework latest version 2026

💡 Result:

Latest release of utopia-php/framework (as of January 14, 2026) is 1.2.0 — released October 21, 2025. [1]

Sources:
[1] Packagist: utopia-php/framework (release 1.2.0, 2025-10-21).

🌐 Web query:

utopia-php/framework security advisories vulnerabilities

💡 Result:

Summary — known/security-relevant items for utopia-php/framework

  • Remote Code Execution (RCE) reported affecting utopia-php/framework v0.20.0 → v0.34.6; fixed in v0.34.7 (reported by Aikido; no public CVE listed). [1]
  • Package information and current releases available on Packagist (use composer to check installed version and upgrade to >=0.34.7 or the latest published release). [2]
  • Use the PHP security-advisories DB / local security checker to scan composer.lock for known advisories. [3]
  • Older unrelated “Utopia” PHP projects (different vendors/projects) have historic advisories (examples include CVE-2005-3201 and CVE-2007-3129) — verify your project’s exact package name to avoid confusion. [4][5]

Recommended actions

  • If you use utopia-php/framework, upgrade to the fixed release (>=0.34.7) or the latest version on Packagist. [1][2]
  • Run a composer-based vulnerability scan (FriendsOfPHP local-php-security-checker / GitHub Dependabot or similar) against your composer.lock. [3]
  • If you need, I can: 1) check your composer.lock for affected versions, or 2) fetch the exact changelog/patch note that fixed the RCE. Which would you like?

Sources
[1] Aikido advisory (AIKIDO-2025-10433) — utopia-php/framework RCE (fixed in 0.34.7).
[2] Packagist — utopia-php/framework package page (release info).
[3] FriendsOfPHP security-advisories (PHP security checker tooling).
[4] NVD / CVE-2005-3201 (historic Utopia-related entry).
[5] FullDisclosure / CVE-2007-3129 (historic Utopia News Pro XSS).

Do not merge — critical security vulnerability in 0.33.37.

This version is affected by a Remote Code Execution (RCE) vulnerability (AIKIDO-2025-10433) that impacts utopia-php/framework v0.20.0 through v0.34.6. Version 0.33.37 is within the vulnerable range. The RCE was fixed in v0.34.7.

Upgrade to at least v0.34.7, or preferably to the latest stable version 1.2.0 (released October 21, 2025).

🤖 Prompt for AI Agents 
In `@composer.json` at line 18, The composer dependency "utopia-php/framework":
"0.33.37" is pinned to a version with a critical RCE vulnerability; update the
version spec for the package name utopia-php/framework to at least ">=0.34.7"
(recommended) or preferably to the latest stable "1.2.0", then run composer
update to install the patched release and verify tests/builds.

},
"require-dev": {
"phpunit/phpunit": "^9.3",
Expand Down
Loading