A week of symfony #595 (21-27 May 2018)
This week Symfony released 2.7.48, 2.8.41, 3.3.17, 3.4.11 and 4.0.11 versions to address several security vulnerabilities. Meanwhile Symfony 4.1.0 beta3 was published in preparation for next week's final release. Lastly, it was announced that the SymfonyLive USA 2018 conference will take place in San Francisco on October 11th and 12th.
May 27, 2018
Javier Eguiluz
CVE-2018-11386: Denial of service when using PDOSessionHandler
CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.
May 25, 2018
Fabien Potencier
CVE-2018-11408: Open redirect vulnerability on security handlers
CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
May 25, 2018
Fabien Potencier
CVE-2018-11406: CSRF Token Fixation
CVE-2018-11406 fixes a possible CSRF token fixation.
May 25, 2018
Fabien Potencier
CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password
CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.
May 25, 2018
Fabien Potencier
CVE-2018-11385: Session Fixation Issue for Guard Authentication
CVE-2018-11385 fixes a session fixation issue when using Guard authentication.
May 25, 2018
Fabien Potencier