Security Advisories

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

CVE-2016-1902 fixes the SecureRandom class when OpenSSL fails.

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

CVE-2015-8124 fixes a session fixation in the "Remember Me" login feature.

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

CVE-2015-8125 fixes a potential remote timing attack vulnerability in Security remember-me service.

CVE-2015-4050: ESI unauthorized access

CVE-2015-4050 fixes unauthorized access when using ESI.

CVE-2015-2308: Esi Code Injection

CVE-2015-2308 is about possible code injections via the ESI framework.

CVE-2015-2309: Unsafe methods in the Request class

CVE-2015-2309 fixes some unsafe methods in the Request class.

CVE-2014-6072: CSRF vulnerability in the Web Profiler

CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.

CVE-2014-6061: Security issue when parsing the Authorization header

CVE-2014-6061 is about a potential security issue when parsing the Authorization header.

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

CVE-2014-5245 is about being able to access ESI URLs even behind a trusted proxy.

CVE-2014-5244: Denial of service with a malicious HTTP Host header

CVE-2014-5244 is about a potential denial of service with a malicious HTTP Host header.