AddToAny

Share this

 

Feed items

  • warning: Declaration of views_handler_argument::init(&$view, &$options) should be compatible with views_handler::init(&$view, $options) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_argument.inc on line 48.
  • warning: Declaration of views_handler_filter_boolean_operator::value_validate(&$form, &$form_state) should be compatible with views_handler_filter::value_validate($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/handlers/views_handler_filter_boolean_operator.inc on line 111.
  • warning: Declaration of views_plugin_row_node_view::options_form(&$form, &$form_state) should be compatible with views_plugin_row::options_form($form, &$form_state) in /home/clients/ru/domains/development4web.com/html/sites/all/modules/views/modules/node/views_plugin_row_node_view.inc on line 35.

Symfony 7.2.0-RC1 released

Symfony 7.2.0-RC1 has just been released.
Here is the list of the most important changes since 7.2.0-BETA2:




CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

Affected versions

Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.

The issue has been fixed in Symfony 5.4.47, 6.4.15, and 7.1.8.

Description

When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.

Resolution

The PersistentRememberMeHandler class now ensures the submitted username is the cookie owner.




Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it.

Sponsor the Symfony project.




Symfony 7.1.8 released

Symfony 7.1.8 has just been released.
Here is the list of the most important changes since 7.1.7:




Symfony 6.4.15 released

Symfony 6.4.15 has just been released.
Here is the list of the most important changes since 6.4.14:




Symfony 5.4.47 released

Symfony 5.4.47 has just been released.
Here is the list of the most important changes since 5.4.46:




A Week of Symfony #932 (4-10 November 2024)

This week, Symfony 5.4.46, 6.4.14, and 7.1.7, maintenance versions were released. In addition, we released the second beta version of Symfony 7.2 ahead of its final release at the end of November 2024.