Roave / SecurityAdvisories deprecate CakePHP 1,2 and 3?

Hi !
i use the composer package roave/security-advisories and a new commit
juste deprecated all CakePHP versions before 4.0.6 … is it really justified or a simple mistake ?

it seems linked to this security bulletin

is there an upgrade planned for this dependency ?

The security bulletin is this one

At the time of release, 3.8 was released, i didn’t see the same notice in those releases.

thx for the bulletin … migration to CakePHP 4 seems to be inevitable with the incompatibility of CakePHP 3 and PHP 8 :smiley: