New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Twig 2.7.0 breaks TokenParserInterface() #3983
Comments
|
Can confirm that Twig 2.7 that dropped today kills Craft. A temporary workaround is adding a requirement for 2.6.2 to your projects composer.json and running
|
See this issue on the twigphp/twig repo as well twigphp/Twig#2886 |
Can confirm this also happens on new Craft installs. Ran into this just now when doing a composer install on a local machine. |
We need 2.7.0 as 2.6.2 is not secure anymore! See https://symfony.com/blog/twig-sandbox-information-disclosure |
I've tried to force 2.6.2 but…
Any suggestions? This has not been a happy update! |
Craft version 3.1.17.2 released -> https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#31172---2019-03-12
|
That is not a fix! Every sane person that uses a security vulnerability checker in CI will still fail on this as 2.6.2 has a vulnerability. cc @iparr See https://symfony.com/blog/twig-sandbox-information-disclosure |
@boboldehampsink 3.1.17.2 and 3.0.40.1 are just stop-gaps so people's sites will stop breaking. Working on updating our custom Twig stuff for the breaking changes and will cut more releases with Twig 2.7 "real soon now". Going to go ahead and close this in the meantime. |
FWIW I’ve just tried the just-released Twig 2.7.1 with Craft 3.1.17.1 and I only had to change one line in Environment.php ( |
Twig ^2.7.2 is in place for the next release (2b06c7d). |
Description
The latest version of Twig (2.7.0) deprecated the
Twig_TokenParser
that Craft uses in CacheTokenParser, which is causing the site & CP to crash with this error:Declaration of craft\web\twig\tokenparsers\CacheTokenParser::parse(Twig_Token $token) must be compatible with Twig\TokenParser\TokenParserInterface::parse(Twig\Token $token)
Steps to reproduce
Additional info
The text was updated successfully, but these errors were encountered: