PHPackages craftcms/security-patches - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. craftcms/security-patches ActiveYii2-extension[Security](/categories/security) craftcms/security-patches ========================= Provides security patches for out-of-date Craft CMS installs 2632.3k↓25.7%2PHPCI failing Since Apr 30Pushed 1y ago9 watchersCompare [ Source](https://github.com/craftcms/security-patches)[ Packagist](https://packagist.org/packages/craftcms/security-patches)[ RSS](/packages/craftcms-security-patches/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Security Patches ---------------- [](#security-patches) Provides security patches for out-of-date Craft CMS installs. Warning This extension only attempts to mitigate high-severity vulnerabilities, and is not a substitute for keeping Craft CMS up-to-date. Maintaining a regular update cadence to ensure Craft CMS is kept up-to-date on a [supported version](https://craftcms.com/knowledge-base/supported-versions) is highly recommended. Compatibility ------------- [](#compatibility) This extension is compatible with Craft CMS 3.6.0+, 4.0.0+, and 5.0.0+. Installation ------------ [](#installation) To install, run the following command within a Craft 3/4/5 project: ``` composer require craftcms/security-patches:dev-main ``` > **Note**If you get the following prompt, make sure to answer `y`: > > ``` > yiisoft/yii2-composer contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins > Do you trust "yiisoft/yii2-composer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) > ``` Mitigated Security Advisories ----------------------------- [](#mitigated-security-advisories) - `CVE-2025-32432` (RCE) - Affects Craft CMS 3.0.0 – 3.9.14, 4.0.0 – 4.14.14, and 5.0.0 – 5.6.16 - Fixed in Craft CMS 3.9.15, 4.14.15, and 5.6.17 - `CVE-2024-56145` - Affects Craft CMS 3.0.0 – 3.9.13, 4.0.0 – 4.13.1, and 5.0.0 – 5.5.1 - Fixed in Craft CMS 3.9.14, 4.13.2, and 5.5.2 ### Health Score 27 — LowBetter than 49% of packages Maintenance36 Infrequent updates — may be unmaintained Popularity39 Limited adoption so far Community14 Small or concentrated contributor base Maturity15 Early-stage or recently created project Bus Factor1 Top contributor holds 87.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/3ccdf8b493035de2343c55bd889513e3af5c04d5823482a2b186ad16adb1c3e3?d=identicon)[brandonkelly](/maintainers/brandonkelly) --- Top Contributors [![brandonkelly](https://avatars.githubusercontent.com/u/47792?v=4)](https://github.com/brandonkelly "brandonkelly (7 commits)")[![angrybrad](https://avatars.githubusercontent.com/u/61869?v=4)](https://github.com/angrybrad "angrybrad (1 commits)") ### Embed Badge ![Health badge](/badges/craftcms-security-patches/health.svg) ``` [![Health](https://phpackages.com/badges/craftcms-security-patches/health.svg)](https://phpackages.com/packages/craftcms-security-patches) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)