From 32e7cfbf6155ac4030836938dc68761a28d8defd Mon Sep 17 00:00:00 2001
From: wubinworks <127310257+wubinworks@users.noreply.github.com>
Date: Wed, 15 Jan 2025 12:20:33 +0900
Subject: [PATCH] Extended compatibility to Magento 2.3

---
 README.md     |  7 ++++++-
 composer.json | 13 ++++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index fffad4f..c5ee6a1 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,11 @@
 When the `SAPI` is `php-fpm`, `\Magento\Framework\Xml\Security` cannot detect entity if the XML string is not encoded in `UTF-8`.  
 This is a potential security issue and many developers forget to detect the XML encoding before using this class.
 
-_Note: this class works correctly in CLI._
+_Note: the above class works correctly in CLI._
+
+##### A note about [CVE-2024-2961](https://www.cve.org/CVERecord?id=CVE-2024-2961)
+
+_XML string with `encoding="ISO-2022-CN-EXT"` won't cause the buffer overflow. So we don't forbid this encoding._
 
 ## Features
 
@@ -22,6 +26,7 @@ That's it.
 
 ## Requirements
 
+Magento 2.3  
 Magento 2.4
 
 ## Installation
diff --git a/composer.json b/composer.json
index 7bf2694..d7ef8a6 100644
--- a/composer.json
+++ b/composer.json
@@ -12,7 +12,10 @@
         "xml security",
         "enhancement",
         "encoding",
-        "php-fpm"
+        "php-fpm",
+        "cosmic sting",
+        "cosmicsting",
+        "cve-2024-34102"
     ],
     "homepage": "https://www.wubinworks.com",
     "support": {
@@ -20,12 +23,12 @@
         "chat": "https://www.wubinworks.com/contact"
     },
     "require": {
-        "php": ">=7.3",
-        "laminas/laminas-xml": "^1.4",
-        "magento/magento2-base": "~2.4.0"
+        "php": ">=7.1",
+        "laminas/laminas-xml": "^1.2",
+        "magento/magento2-base": "~2.3.0 || ~2.4.0"
     },
     "type": "magento2-module",
-    "version": "1.0.0",
+    "version": "1.0.1",
     "license": "OSL-3.0",
     "authors": [
         {