Updated changelog

Trigger an E_USER_DEPRECATED notice instead of an error
Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600
2025-05-31 14:12:07 +05:30 · 2017-07-11 07:31:36 +01:00 · 2017-07-11 07:31:30 +01:00 · 2017-07-11 07:30:39 +01:00
3 changed files with 12 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog

+## 5.1.5 (released 2017-07-11)
+
+To address feedback from the security release the following two changes have been made:
+
+* If an RSA key cannot be `chmod`'ed to 600 then it will now throw a `E_USER_NOTICE` instead of an exception.
+* Not using the new encryption key method on `AuthorizationServer` will set throw an `E_USER_DEPRECATED` message instead of an error.
+
 ## 5.1.4 (released 2017-07-01)

 * Fixed multiple security vulnerabilities as a result of a security audit paid for by the [Mozilla Secure Open Source Fund](https://wiki.mozilla.org/MOSS/Secure_Open_Source). All users of this library are encouraged to update as soon as possible to this version or version 6.0 or greater.
--- a/src/AuthorizationServer.php
+++ b/src/AuthorizationServer.php
@@ -139,7 +139,7 @@ class AuthorizationServer implements EmitterAwareInterface

        if ($this->encryptionKey === null) {
            // @codeCoverageIgnoreStart
-            error_log(self::ENCRYPTION_KEY_ERROR);
+            trigger_error(self::ENCRYPTION_KEY_ERROR, E_USER_DEPRECATED);
            // @codeCoverageIgnoreEnd
        }
        $grantType->setEncryptionKey($this->encryptionKey);
@@ -161,7 +161,7 @@ class AuthorizationServer implements EmitterAwareInterface
    {
        if ($this->encryptionKey === null) {
            // @codeCoverageIgnoreStart
-            error_log(self::ENCRYPTION_KEY_ERROR);
+            trigger_error(self::ENCRYPTION_KEY_ERROR, E_USER_DEPRECATED);
            // @codeCoverageIgnoreEnd
        }

--- a/src/CryptKey.php
+++ b/src/CryptKey.php
@@ -50,12 +50,13 @@ class CryptKey
            // Attempt to correct the permissions
            if (chmod($keyPath, 0600) === false) {
                // @codeCoverageIgnoreStart
-                throw new \LogicException(
+                trigger_error(
                    sprintf(
                        'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue',
                        $keyPath,
                        $keyPathPerms
-                    )
+                    ),
+                    E_USER_NOTICE
                );
                // @codeCoverageIgnoreEnd
            }
Author	SHA1	Message	Date
Alex Bilbie	8e5df6d628	Updated changelog	2017-07-11 07:31:36 +01:00
Alex Bilbie	295e90c27d	Trigger an E_USER_DEPRECATED notice instead of an error	2017-07-11 07:31:30 +01:00
Alex Bilbie	788ccb8605	Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600	2017-07-11 07:30:39 +01:00