CVE-2019-10909: Escape validation messages in the PHP templating engine

CVE-2019-10909 fixes an issue where when using the form theme of the PHP templating engine validation messages were not correctly escaped.

CVE-2019-10910: Check service IDs are valid

CVE-2019-10910 fixes an issue where crafted service IDs could be executed as code

CVE-2019-10911: Add a separator in the remember me cookie hash

CVE-2019-10911 fixes an issue where there was not a clear differentiation between different parts of the content of a cookie allowing for potential to authenticate as a different user in particular situations

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

CVE-2019-10912 fixes an issue where files could be deleted or raw output echoed when some classes were unserialized.

CVE-2019-10913: Reject invalid HTTP method overrides

CVE-2019-10913 ensures that HTTP Methods are sanitized for use in unescaped contexts.

Symfony 4.2.7 released

Read release notes

Symfony 4.1.12 released

Read release notes

Symfony 3.4.26 released

Read release notes

Symfony 2.8.50 released

Read release notes

Symfony 2.7.51 released

Read release notes