Description
When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded-* HTTP headers. HTTP headers that are not part of the "trusted_headers" allowed list are ignored and protect you from "Cache poisoning" attacks.
Description
CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker.
In Symfony 4.1, we've added the opt-in csv_escape_formulas option in CsvEncoder, to prefix all cells starting by =, +, - or @ by a tab \t.
Symfony 6.0.0-RC1 has just been released. Here is a list of the most
important changes:
Symfony 5.4.0-RC1 has just been released. Here is a list of the most
important changes:
Symfony 5.3.12 has just been released. Here is a list of the most
important changes:
Symfony 4.4.35 has just been released. Here is a list of the most
important changes:
Symfony 5.3.11 has just been released. Here is a list of the most
important changes:
Symfony 4.4.34 has just been released. Here is a list of the most
important changes:
This week, Symfony 5.4.0 BETA3 and 6.0.0 BETA3 versions were published so you can test them on your applications before their final release at the end of the month. In addition, the Symfony Core Team added four new members to help grow the Symfony project in the next few years.