CVE-2017-16652: Open redirect vulnerability on security handlers
CVE-2017-16652 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler
November 17, 2017
Fabien Potencier
CVE-2017-16654: Intl bundle readers breaking out of paths
CVE-2017-16654 fixes the possibility for the Intl bundle reader to break out of paths.
November 17, 2017
Fabien Potencier
CVE-2017-16790: Ensure that submitted data are uploaded files
CVE-2017-16790 checks that submitted data are uploaded files.
November 17, 2017
Fabien Potencier
CVE-2017-11365: Empty passwords validation issue
CVE-2017-11365 fixes a regression which allows empty passwords to be always valid for any user.
July 17, 2017
Fabien Potencier
CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password
CVE-2016-2403 fixes an unauthorized access on a misconfigured Ldap server when using an empty password
May 9, 2016
Fabien Potencier
CVE-2016-4423: Large username storage in session
CVE-2016-4423 avoids storing large usernames in UsernamePasswordFormAuthenticationListener.
May 9, 2016
Fabien Potencier
CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails
CVE-2016-1902 fixes the SecureRandom class when OpenSSL fails.
January 18, 2016
Fabien Potencier
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
CVE-2015-8125 fixes a potential remote timing attack vulnerability in Security remember-me service.
November 23, 2015
Fabien Potencier
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
CVE-2015-8124 fixes a session fixation in the "Remember Me" login feature.
November 23, 2015
Fabien Potencier
CVE-2015-4050: ESI unauthorized access
CVE-2015-4050 fixes unauthorized access when using ESI.
May 27, 2015
Fabien Potencier