Feed items

warning: Declaration of views_handler_argument::init(&$view, &$options) should be compatible with views_handler::init(&$view, $options) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_argument.inc on line 48.
warning: Declaration of views_handler_filter_boolean_operator::value_validate(&$form, &$form_state) should be compatible with views_handler_filter::value_validate($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_filter_boolean_operator.inc on line 111.
warning: Declaration of views_plugin_row_node_view::options_form(&$form, &$form_state) should be compatible with views_plugin_row::options_form($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/modules/node/views_plugin_row_node_view.inc on line 35.

Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it.

Sponsor the Symfony project.

Symfony 7.1.8 released

Symfony 7.1.8 has just been released.
Here is the list of the most important changes since 7.1.7:

Symfony 6.4.15 released

Symfony 6.4.15 has just been released.
Here is the list of the most important changes since 6.4.14:

Symfony 5.4.47 released

Symfony 5.4.47 has just been released.
Here is the list of the most important changes since 5.4.46:

New in Symfony 7.2: Simpler Single-File Symfony Applications

Contributed by
Yonel Ceruto

New in Symfony 7.2: Simpler Trusted Proxies Configuration

New Private Subnets Shortcut for Trusted Proxies

A Week of Symfony #932 (4-10 November 2024)

This week, Symfony 5.4.46, 6.4.14, and 7.1.7, maintenance versions were released. In addition, we released the second beta version of Symfony 7.2 ahead of its final release at the end of November 2024.

New in Symfony 7.2: Constraint Improvements

In Symfony 7.2, besides introducing three new constraints and
improving the Compound constraint, we've also improved other constraints.

Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1.
Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox, an attacker can call __toString() on an object even if the __toString() method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance).

Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1.
Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy.
They are now checked via the property policy and the __isset() method is now called after the security check.
This is a BC break.

AddToAny

Feed items