phpunit vulnerability

  • I received notification pertaining to other software I use, about a vulnerability with phpunit.xml file more info about the vulnerability here https://nvd.nist.gov/vuln/detail/CVE-2017-9841. It was recommended this file be deleted. I searched the server for instances of the file and removed it from the other software installation. The search also found two files in the woltlab installation:

    /forum/lib/system/api/pear/net_idna2/phpunit.xml.dist

    /forum/lib/system/api/erusev/parsedown/phpunit.xml.dist


    Are these files safe, needed, can /should be removed?

  • The file phpunit.xml itself is not vulnerable, only the phpunit framework, which is not delivered with the libraries.