Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Process component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
On Window, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking.
Resolution
The Process class now uses the absolute path to cmd.exe.
Affected versions
Symfony versions >=6.2, <6.4.10; >=7.0, <7.0.10; >=7.1, <7.1.3 of the Symfony SecurityBundle component are affected by this security issue.
The issue has been fixed in Symfony 6.4.10, 7.0.10, and 7.1.3.
Description
The custom user_checker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login.
Resolution
The Security::login method now ensure to call the configured user_checker.
Affected versions
Symfony versions <5.4.43; >=6, <6.4.11; >=7, <7.1.4 of the Symfony Validator component are affected by this security issue.
The issue has been fixed in Symfony 5.4.43, 6.4.11, and 7.1.4.
Description
It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n.
Resolution
Symfony now uses the D regex modifier to match the entire input.
Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Runtime component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.
Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpClient component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration.
Resolution
The NoPrivateNetworkHttpClient now filters blocked IPs earlier to prevent such leaks.
The third release candidate (RC3) for WordPress 6.7 is ready for download and testing!
This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC3 on a test server and site.
The Audio Working Group has published a First Public Working Draft of Web Audio API 1.1. This specification describes a high-level Web API for processing and synthesizing audio in web applications.
If you have ever had a need to implement search into your application you've probably heard of Apache Solr. Solr is a fast, open source search platform built on the full-text, vector, and geospatial search capabilities of Apache Lucene.
Version 3.8 of Yii HTML package is released. There are some improvements: