{
  "repository": "https://www.joomlic.com/download/icagenda",
  "commit_source": "official_release_package_sha256",
  "submitted_target": {
    "target_kind": "release_package",
    "version": "4.0.7",
    "ref": "package-icagenda-core-4-0-7-zip",
    "display": "Official iCagenda 4.0.7 package from https://www.joomlic.com/download/icagenda/icagenda-core-4-0-7/package-icagenda-core-4-0-7-zip",
    "package_sha256": "f12e38d16f7c6cdf9bfd4bde9ab2351f8123c78e09b1db0846371eb42fb30537"
  },
  "variant_target": {
    "target_kind": "release_package",
    "version": "4.0.8",
    "ref": "package-icagenda-core-4-0-8-zip",
    "display": "Official iCagenda 4.0.8 fixed package from https://www.joomlic.com/download/icagenda/icagenda-core-4-0-8/package-icagenda-core-4-0-8-zip",
    "package_sha256": "be3788daaef85b903b540685eebeec2bf3257ed2cc02159f11fbddf5e707ce74"
  },
  "runtime": {
    "joomla_image": "joomla:6.0-php8.3-apache",
    "mysql_image": "mysql:8.0",
    "php_version": "PHP 8.3.30",
    "apache_version": "Apache/2.4.66 (Debian)"
  },
  "notes": "No git commit hash was provided by the ticket or official package download. Source identity is pinned by official release package version and SHA-256 as recorded in bundle/logs/vuln_variant/vulnerable_version.txt and bundle/logs/vuln_variant/fixed_version.txt. No distinct variant or bypass was confirmed."
}
