DocumentationELS for LibrariesLaravel
sidebar hamburger menu

Laravel

Endless Lifecycle Support (ELS) for Laravel from TuxCare provides security fixes for Laravel framework versions that have reached their end-of-life. This allows you to continue running your Laravel applications without vulnerability concerns, even after official support has ended.

Supported Versions

  • Laravel 5.4.36, 5.5.50, 5.6.40, 5.7.29, 5.8.38, 7.30.7, 8, 9.52.21, 10, 11, 12.58.0
  • Illuminate View 5.4.36
  • Illuminate Database 5.4.36

Other versions upon request.

Installation

Prerequisites

  • Nexus repository access credentials (username and password) — contact sales@tuxcare.com
  • To browse available artifacts, visit TuxCare Nexus and click Sign in in the top right corner. You may need to refresh the page after logging in.

  1. Locate the auth.json file

    Composer reads credentials from a per-user auth.json. Create or edit the file at:

    • Linux/macOS:

      ~/.composer/auth.json

    • Windows:

      %APPDATA%\Composer\auth.json

  2. Add your TuxCare credentials

    Use either the Composer CLI or edit auth.json directly to add credentials for nexus.repo.tuxcare.com:

    composer config --global --auth http-basic.nexus.repo.tuxcare.com USERNAME PASSWORD

    Replace USERNAME and PASSWORD with your TuxCare credentials (see Prerequisites above).

  3. Register the TuxCare repository

    Add the els_php Composer repository either via CLI or by editing composer.json:

    composer config repositories.tuxcare '{"type":"composer","url":"https://nexus.repo.tuxcare.com/repository/els_php/","options":{"http":{"verify":true}}}' --json

  4. Install Laravel components

    Install the TuxCare-maintained Laravel or Illuminate release that matches your project:

    Choose version: 
    composer require laravel/framework:10.48.28-p1+tuxcare

    Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.

    If you edited composer.json manually, run composer update to install the package:

    composer update

    Composer will resolve dependencies against the TuxCare repository and install the patched releases.

Composer Repository Configuration

If you encounter dependency resolution errors like:

packages from higher priority repository do not match your constraint

it usually means your project requires a package version that is not yet available in the TuxCare repository.

Solution: Update your composer.json to set the TuxCare repository as non-canonical:

{
    "repositories": [
        {
            "type": "composer",
            "url": "https://nexus.repo.tuxcare.com/repository/els_php/",
            "canonical": false
        }
    ]
}

This allows Composer to fall back to Packagist for packages not available in the TuxCare repository, while still preferring TuxCare patches when available.

Resolved CVEs in Laravel and Illuminate

Fixes for the following vulnerabilities are available in ELS for Laravel from TuxCare:

Choose version:
CVE IDSeverityVulnerable versionsFixed in version
CVE-2021-43808Medium< 6.18.35, < 7.24.05.4.36-p1+tuxcare
CVE-2021-21263High< 6.20.14, < 7.30.4, < 8.24.05.4.36-p2+tuxcare
GHSA-x7p5-p2c9-phvgHigh< 6.20.14, < 7.30.4, < 8.24.05.4.36-p2+tuxcare
GHSA-jwvj-pwww-3mj5High< 6.20.14, < 7.30.4, < 8.24.05.4.36-p2+tuxcare
CVE-2017-14775Medium< 5.5.105.4.36-p2+tuxcare
CVE-2017-16894High<= 5.5.215.4.36-p2+tuxcare
CVE-2018-15133High<= 5.5.40, 5.6.0 - 5.6.295.4.36-p2+tuxcare
CVE-2024-52301High< 6.20.45, < 7.30.7, < 8.83.28, < 9.52.17, < 10.48.23, < 11.31.05.4.36-p2+tuxcare
CVE-2020-19316High< 5.8.175.4.36-p2+tuxcare
CVE-2020-24941High< 6.18.35, < 7.24.05.4.36-p2+tuxcare
CVE-2025-27515Medium< 11.44.1, < 12.1.15.4.36-p2+tuxcare
GHSA-7852-w36x-6mf6Medium< 5.5.40, < 5.6.155.4.36-p2+tuxcare
GHSA-4mg9-vhxq-vm7jHigh< 6.20.26, < 7.30.5, < 8.40.05.4.36-p3+tuxcare
GHSA-wq8p-mqvg-2p5hHigh< 6.20.26, < 7.30.5, < 8.40.05.4.36-p3+tuxcare

What's Next?

icon penEdit this page
Scroll up