php-laravel-framework (6.20.14+dfsg-2+deb11u2) bullseye-security; urgency=high

  * Non-maintainer upload by the Debian LTS team.
  * CVE-2024-52301: When the register_argc_argv php directive was set to "on"
    and users called a URL with a specially-crafted query string, they were
    able to change the environment used by the framework when handling the
    request. Laravel now ignores argv values for environment detection on
    non-CLI APIs. (Closes: #1088189)

 -- Chris Lamb <lamby@debian.org>  Sat, 21 Dec 2024 13:38:59 +0000

php-laravel-framework (6.20.14+dfsg-2+deb11u1) bullseye; urgency=high

  * Fix security issue: XSS vulnerability in the Blade templating engine
    (CVE-2021-43808, Closes: #1001333)
  * Fix security issue: Failure to block the upload of executable PHP content
    (CVE-2021-43617, Closes: #1002728)

 -- Robin Gustafsson <robin@rgson.se>  Sun, 02 Jan 2022 19:58:35 +0100

php-laravel-framework (6.20.14+dfsg-2) unstable; urgency=medium

  * Fix security issue: SQL injection with Microsoft SQL Server
    (Closes: #987831)

 -- Robin Gustafsson <robin@rgson.se>  Fri, 30 Apr 2021 18:23:38 +0200

php-laravel-framework (6.20.14+dfsg-1) unstable; urgency=medium

  * New upstream version 6.20.14+dfsg
    - Fix security issue: More unexpected bindings in QueryBuilder
  * Replace git attributes with uscan's gitexport=all

 -- Robin Gustafsson <robin@rgson.se>  Fri, 22 Jan 2021 18:39:34 +0100

php-laravel-framework (6.20.11+dfsg-1) unstable; urgency=medium

  * Set upstream metadata fields: Security-Contact.
  * New upstream version 6.20.11+dfsg
    - Fix security issue: Unexpected bindings in QueryBuilder
      (CVE-2021-21263, Closes: #980095)
  * Bump Standards-Version

 -- Robin Gustafsson <robin@rgson.se>  Fri, 15 Jan 2021 00:35:41 +0100

php-laravel-framework (6.20.6+dfsg-1) unstable; urgency=medium

  [ Robin Gustafsson ]
  * New upstream version 6.20.6+dfsg
  * Remove Salsa CI config

  [ David Prévot ]
  * Update generate-autoload-tpl for php-doctrine-inflector (>= 2)
    (Closes: #976799)

 -- Robin Gustafsson <robin@rgson.se>  Sun, 06 Dec 2020 16:40:52 +0100

php-laravel-framework (6.20.5+dfsg-1) unstable; urgency=medium

  * Initial release (Closes: #951159)
  * Merge php-illuminate-* source packages
    (Closes: #975304, #975306, #975307, #975308)

 -- Robin Gustafsson <robin@rgson.se>  Tue, 24 Nov 2020 20:32:22 +0100