We’ve just pushed out a critical upgrade to all SpinupWP customer servers to patch a Composer vulnerability.

We have a policy at SpinupWP of never making any changes to your server unless we consider them to be absolutely critical. Composer has released a fix for a command injection security vulnerability that was reported a few weeks ago. We felt that it was important to act on, so we’ve automatically updated Composer on your server.

The main impact of this vulnerability is to services passing user input to Composer, including Packagist.org and Private Packagist.