Have found a security issue in Symfony? Send the details to
security [at] symfony.com and don't
disclose it publicly until we can provide a fix for it.
Manage your notification preferences to receive an email as soon as a Symfony security release is published.
CVE-2017-16654 fixes the possibility for the Intl bundle reader to break out of paths.
November 17, 2017
#Security Advisories
CVE-2017-16790 checks that submitted data are uploaded files.
November 17, 2017
#Security Advisories
CVE-2017-11365 fixes a regression which allows empty passwords to be always valid for any user.
July 17, 2017
#Security Advisories
CVE-2016-2403 fixes an unauthorized access on a misconfigured Ldap server when using an empty password
May 9, 2016
#Security Advisories
CVE-2016-4423 avoids storing large usernames in UsernamePasswordFormAuthenticationListener.
May 9, 2016
#Security Advisories
CVE-2016-1902 fixes the SecureRandom class when OpenSSL fails.
January 18, 2016
#Security Advisories
CVE-2015-8125 fixes a potential remote timing attack vulnerability in Security remember-me service.
November 23, 2015
#Security Advisories
CVE-2015-8124 fixes a session fixation in the "Remember Me" login feature.
November 23, 2015
#Security Advisories
CVE-2015-4050 fixes unauthorized access when using ESI.
May 27, 2015
#Security Advisories
CVE-2015-2308 is about possible code injections via the ESI framework.
April 1, 2015
#Security Advisories