A week of symfony #595 (21-27 May 2018)

This week Symfony released 2.7.48, 2.8.41, 3.3.17, 3.4.11 and 4.0.11 versions to address several security vulnerabilities. Meanwhile Symfony 4.1.0 beta3 was published in preparation for next week's final release. Lastly, it was announced that the SymfonyLive USA 2018 conference will take place in San Francisco on October 11th and 12th.

Symfony 4.1.0-BETA3 released

Read release notes

CVE-2018-11386: Denial of service when using PDOSessionHandler

CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.

CVE-2018-11408: Open redirect vulnerability on security handlers

CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.

CVE-2018-11406: CSRF Token Fixation

CVE-2018-11406 fixes a possible CSRF token fixation.

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.

CVE-2018-11385: Session Fixation Issue for Guard Authentication

CVE-2018-11385 fixes a session fixation issue when using Guard authentication.

Symfony 4.0.11 released

Read release notes

Symfony 3.4.11 released

Read release notes

Symfony 3.3.17 released

Read release notes