CVE-2021-41268: Remember me cookie persistance after password changes
CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
CVE-2021-41270: Prevent CSV Injection via formulas
CVE-2021-32693: Authentication granted to all firewalls instead of just one
CVE-2021-21424 prevents user enumeration in authentication mechanisms
CVE-2020-15094 fixes an issue to prevent RCE when calling untrusted remote with CachingHttpClient
CVE-2020-5275 fixes an issue preventing all rules set in "access_control" to be checked when a firewall is configured with the unanimous strategy
CVE-2020-5255 fixes a cache poisoning issue via a Response Content-Type header
CVE-2020-5274 fixes Exception message escaping rendered by ErrorHandler.
CVE-2019-18888 fixes an issue where provided file paths to the MimeTypeGuesser were not properly escaped before being executed.
- « Previous Page
- Next Page »