AddToAny

Share this

 

News

11/06/2024 - 12:05

CVE-2024-51736: Command execution hijack on Windows with Process class

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Process component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

On Window, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking.

Resolution

The Process class now uses the absolute path to cmd.exe.




11/06/2024 - 12:05

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpClient component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration.

Resolution

The NoPrivateNetworkHttpClient now filters blocked IPs earlier to prevent such leaks.




11/05/2024 - 19:02

WordPress 6.7 Release Candidate 3

The third release candidate (RC3) for WordPress 6.7 is ready for download and testing!

This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC3 on a test server and site.




11/05/2024 - 14:45

First Public Working Draft: Web Audio API 1.1

The Audio Working Group has published a First Public Working Draft of Web Audio API 1.1. This specification describes a high-level Web API for processing and synthesizing audio in web applications.




11/05/2024 - 07:34

Laravel Solr

If you have ever had a need to implement search into your application you've probably heard of Apache Solr. Solr is a fast, open source search platform built on the full-text, vector, and geospatial search capabilities of Apache Lucene.




11/03/2024 - 02:00

[news] Yii Request Provider 1.1

Version 3.8 of Yii HTML package is released. There are some improvements:




11/03/2024 - 02:00

[news] Yii HTML 3.8

Version 3.8 of Yii HTML package is released. There are some improvements:




11/01/2024 - 16:12

Laravel Roundup - November

Welcome to the November edition of the Laravel Roundup. This covers recent highlights, community events, Laravel jobs, and more!