Projects must not depend on dependencies with known security issues

More information: https://insight.symfony.com/what-we-analyse/composer.security_issue_in_composer

The checker detected 2 security issues in package yiisoft/yii2 installed in version 2.0.0.0-beta
1) class yii\web\ViewAction allowed to include arbitrary files that end with .php.
2) JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks.

Time to fix: about 1 day
Open Issue Permalink
Collective