Symfony Blog
Let's talk at SymfonyCon!
As part of the efforts of the diversity initiative we are looking at ways to make the experience for everyone more enjoyable and to make it easier for newcomers to get a foothold in the community. So one of the things we want to help achieve is to allow people to build networks. Since not everyone is a natural at this we would like to highlight to concrete ways in which we hope to make it easier for everyone: Conference buddies and sticker.
Updates About the "Symfony 5: The Fast Track" Book
The contents of the new book about Symfony 5 have been completed on time. Read the full table of contents and find out other surprising facts about the book.
CVE-2019-11325: Fix escaping of strings in VarExporter
CVE-2019-11325 fixes an issue where some strings were not properly escaped while dumping, leading to possible remote code execution.
CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
CVE-2019-18888 fixes an issue where provided file paths to the MimeTypeGuesser were not properly escaped before being executed.
CVE-2019-18886: Prevent user enumeration using switch user functionality
CVE-2019-18886 fixes an issue where one could enumerate users using the switch user functionality as different behaviour would occur when a user existed compared to when a user did not
CVE-2019-18887: Use constant time comparison in UriSigner
CVE-2019-18887 fixes an issue where one could guess the signature of an URI using a remote timing attack.
CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances
CVE-2019-18889 fixes an issue where the destructor of TagAwareAdapter execute callables stored in properties, leading to possible remote code execution when an external payload is unserialized.