Today we’re releasing Composer 2.7.7 (PHP 7.2+) and 2.2.24 (LTS for use on PHP 5.3 to 7.1) to address two security vulnerabilities as well as a number of smaller security hardening measures, please update to the new versions immediately (e.g. with composer self-update ). The problems detailed in this post were identified by security firm Cure53 as part of an audit performed over the last weeks on
![Composer 2.7.7 & Security Audit by Cure53 funded by Alpha-Omega](https://cdn-ak-scissors.b.st-hatena.com/image/square/9585b247a859740c16db13b3e051bd7c5750a576/height=288;version=1;width=512/https%3A%2F%2Fblog.packagist.com%2Fcontent%2Fimages%2Fsize%2Fw1200%2F2018%2F11%2FDSC_6578_BestWide.jpg)