CVE-2018-11406: CSRF Token Fixation
CVE-2018-11406 fixes a possible CSRF token fixation.
May 25, 2018
Fabien Potencier
CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password
CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.
May 25, 2018
Fabien Potencier
CVE-2018-11385: Session Fixation Issue for Guard Authentication
CVE-2018-11385 fixes a session fixation issue when using Guard authentication.
May 25, 2018
Fabien Potencier
CVE-2018-11386: Denial of service when using PDOSessionHandler
CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.
May 25, 2018
Fabien Potencier
CVE-2018-11408: Open redirect vulnerability on security handlers
CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
May 25, 2018
Fabien Potencier
CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS
CVE-2017-16653 fixes CSRF protection which did not use different tokens for HTTP and HTTPS.
November 17, 2017
Fabien Potencier
CVE-2017-16652: Open redirect vulnerability on security handlers
CVE-2017-16652 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler
November 17, 2017
Fabien Potencier
CVE-2017-16654: Intl bundle readers breaking out of paths
CVE-2017-16654 fixes the possibility for the Intl bundle reader to break out of paths.
November 17, 2017
Fabien Potencier
CVE-2017-16790: Ensure that submitted data are uploaded files
CVE-2017-16790 checks that submitted data are uploaded files.
November 17, 2017
Fabien Potencier
CVE-2017-11365: Empty passwords validation issue
CVE-2017-11365 fixes a regression which allows empty passwords to be always valid for any user.
July 17, 2017
Fabien Potencier