Have found a security issue in Symfony? Send the details to
security [at] symfony.com and don't
disclose it publicly until we can provide a fix for it.
Manage your notification preferences to receive an email as soon as a Symfony security release is published.
CVE-2018-19789 fixes a possible disclosure of an uploaded temporary file's full path in the form component
December 6, 2018
#Security Advisories
CVE-2018-14774 fixes a possible host header injection when using HttpCache
August 1, 2018
#Security Advisories
CVE-2018-14773 fixes a possible URL injection in HttpFoundation
August 1, 2018
#Security Advisories
CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.
May 25, 2018
#Security Advisories
CVE-2018-11406 fixes a possible CSRF token fixation.
May 25, 2018
#Security Advisories
CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
May 25, 2018
#Security Advisories
CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.
May 25, 2018
#Security Advisories
CVE-2018-11385 fixes a session fixation issue when using Guard authentication.
May 25, 2018
#Security Advisories
CVE-2017-16653 fixes CSRF protection which did not use different tokens for HTTP and HTTPS.
November 17, 2017
#Security Advisories
CVE-2017-16652 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler
November 17, 2017
#Security Advisories