News

11/06/2024 - 12:05

CVE-2024-50340: Ability to change environment from query

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Runtime component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.

11/06/2024 - 12:05

CVE-2024-50341: Security::login does not take into account custom user_checker

Affected versions

Symfony versions >=6.2, <6.4.10; >=7.0, <7.0.10; >=7.1, <7.1.3 of the Symfony SecurityBundle component are affected by this security issue.

The issue has been fixed in Symfony 6.4.10, 7.0.10, and 7.1.3.

Description

The custom user_checker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login.

Resolution

The Security::login method now ensure to call the configured user_checker.

11/05/2024 - 19:02

WordPress 6.7 Release Candidate 3

The third release candidate (RC3) for WordPress 6.7 is ready for download and testing!

This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC3 on a test server and site.

11/05/2024 - 14:45

AddToAny

News

CVE-2024-50340: Ability to change environment from query

CVE-2024-50341: Security::login does not take into account custom user_checker

WordPress 6.7 Release Candidate 3

First Public Working Draft: Web Audio API 1.1

Laravel Solr

[news] Yii Request Provider 1.1

[news] Yii HTML 3.8

Laravel Roundup - November