AddToAny

Share this

 

Feed items

  • warning: Declaration of views_handler_argument::init(&$view, &$options) should be compatible with views_handler::init(&$view, $options) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_argument.inc on line 48.
  • warning: Declaration of views_handler_filter_boolean_operator::value_validate(&$form, &$form_state) should be compatible with views_handler_filter::value_validate($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_filter_boolean_operator.inc on line 111.
  • warning: Declaration of views_plugin_row_node_view::options_form(&$form, &$form_state) should be compatible with views_plugin_row::options_form($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/modules/node/views_plugin_row_node_view.inc on line 35.

New in Symfony 7.2: New Command Options

In Symfony 7.2, we've improved many existing commands with new options and features.




Symfony 7.2.0-RC1 released

Symfony 7.2.0-RC1 has just been released.
Here is the list of the most important changes since 7.2.0-BETA2:




CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

Affected versions

Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.

The issue has been fixed in Symfony 5.4.47, 6.4.15, and 7.1.8.

Description

When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.

Resolution

The PersistentRememberMeHandler class now ensures the submitted username is the cookie owner.




Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it.

Sponsor the Symfony project.




Symfony 7.1.8 released

Symfony 7.1.8 has just been released.
Here is the list of the most important changes since 7.1.7:




Symfony 6.4.15 released

Symfony 6.4.15 has just been released.
Here is the list of the most important changes since 6.4.14:




Symfony 5.4.47 released

Symfony 5.4.47 has just been released.
Here is the list of the most important changes since 5.4.46: