Skip to content

Liberated the Vendor Dir

Choose a tag to compare

View all tags
@SyntaxC4 SyntaxC4 released this 16 Jul 22:09
· 18 commits to master since this release
v0.2.8
b62a412

Removed the COMPOSER_VENDOR_DIR environment variable due to issues using create-project or global require.

Still working on a work around for create-project which seems to be acting inconsistently.

Security Issue - vendor directory is placed back into a publicly accessible folder, you can fix this by adding a web.config file to the vendor directory.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering>
                <denyUrlSequences>
                    <add sequence="/" />
                </denyUrlSequences>
            </requestFiltering>
        </security>
    </system.webServer>
</configuration>
Assets 3
Loading