Feed items

warning: Declaration of views_handler_argument::init(&$view, &$options) should be compatible with views_handler::init(&$view, $options) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_argument.inc on line 48.
warning: Declaration of views_handler_filter_boolean_operator::value_validate(&$form, &$form_state) should be compatible with views_handler_filter::value_validate($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_filter_boolean_operator.inc on line 111.
warning: Declaration of views_plugin_row_node_view::options_form(&$form, &$form_state) should be compatible with views_plugin_row::options_form($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/modules/node/views_plugin_row_node_view.inc on line 35.

New in Symfony 7.2: Optional Secret

One of the most well-know Symfony configuration options is the secret,
which can be configured via the framework.secret option or the APP_SECRET
env var in one of the .env files processed by Symfony.

New in Symfony 7.2: Deprecations

A new Symfony minor version release is a good opportunity to deprecate some
features in preparation for their removal in the next major version. In Symfony 7.2,
we've deprecated the following features that will be removed in Symfony 8.0.

New in Symfony 7.2: Stateless CSRF

Contributed by
Nicolas Grekas

New in Symfony 7.2: Serializer Improvements

In Symfony 7.2, we improved the Serializer component with some new features.

A Week of Symfony #933 (11-17 November 2024)

This week, Symfony 5.4.47, 6.4.15, and 7.1.8 maintenance versions were released. Additionally, the second release candidate of Symfony 7.2 was published, ahead of its final release scheduled for the end of November 2024.

New in Symfony 7.2: Redesigned TypeInfo Component

Contributed by
Mathias Arlaud

New in Symfony 7.2: New Command Options

In Symfony 7.2, we've improved many existing commands with new options and features.

Symfony 7.2.0-RC1 released

Symfony 7.2.0-RC1 has just been released.
Here is the list of the most important changes since 7.2.0-BETA2:

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

Affected versions

Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.

The issue has been fixed in Symfony 5.4.47, 6.4.15, and 7.1.8.

Description

When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.

Resolution

The PersistentRememberMeHandler class now ensures the submitted username is the cookie owner.

Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it.

Sponsor the Symfony project.

AddToAny

Feed items