Security Advisories

CVE-2014-6061: Security issue when parsing the Authorization header

CVE-2014-6061 is about a potential security issue when parsing the Authorization header.

CVE-2014-6072: CSRF vulnerability in the Web Profiler

CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

CVE-2014-5245 is about being able to access ESI URLs even behind a trusted proxy.

CVE-2014-5244: Denial of service with a malicious HTTP Host header

CVE-2014-5244 is about a potential denial of service with a malicious HTTP Host header.

Security releases (CVE-2014-4931): Symfony 2.3.18, 2.4.8, and 2.5.2 released

Symfony 2.3.18, 2.4.8, and 2.5.2 have just been released; they contain a security fix for the Translator class provided by FrameworkBundle (CVE-2014-4931).

Security releases (CVE-2013-5958): Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 released

Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 have just been released; they contain a security fix for the Security component (CVE-2013-5958).

CVE-2013-5750: Security issue in FOSUserBundle login form

A security issue has been discovered in FOSUserBundle (CVE-2013-5750).

Security releases: Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 released

Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 have just been released and they contain security fixes for the Validator component (CVE-2013-4751) and the HttpFoundation component (CVE-2013-4752).

Security release: Symfony 2.0.22 and 2.1.7 released

Symfony 2.0.22 and Symfony 2.1.7 have just been released and they both contain security fixes for the YAML component (CVE-2013-1348 and CVE-2013-1397).

Security release: Symfony 2.0.20 and 2.1.5 released

Symfony 2.0.20 and Symfony 2.1.5 have just been released and they both contain two security fixes.

Security release: Symfony 2.0.19 and 2.1.4

Symfony 2.0.18 and 2.1.4 have been released with a security issue fix.

Security release: symfony 1.4.20 released

symfony 1.4.20 has just been released. It contains a security fix.

Security Release: Symfony 2.0.17 released

Symfony 2.0.17 has just been released.

Security Release: symfony 1.4.18 released

symfony 1.4.18 has just been released. It contains a security fix.

Security Release: Symfony 2.0.11 released

Symfony 2.0.11 has just been released. Read the post as this release fixes a security vulnerability in the Serializer Component.

Security Release: Symfony 2.0.6

Symfony 2.0.6 addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge.