Have found a security issue in Symfony? Send the details to
security [at] symfony.com and don't
disclose it publicly until we can provide a fix for it.
Manage your notification preferences to receive an email as soon as a Symfony security release is published.
CVE-2015-2309 fixes some unsafe methods in the Request class.
April 1, 2015
#Security Advisories
CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.
September 3, 2014
#Security Advisories
CVE-2014-6061 is about a potential security issue when parsing the Authorization header.
September 3, 2014
#Security Advisories
CVE-2014-5245 is about being able to access ESI URLs even behind a trusted
proxy.
September 3, 2014
#Security Advisories
CVE-2014-5244 is about a potential denial of service with a malicious HTTP Host header.
September 3, 2014
#Security Advisories
Symfony 2.3.18, 2.4.8, and 2.5.2 have just been released; they contain a
security fix for the Translator class provided by FrameworkBundle
(CVE-2014-4931).
July 15, 2014
#Security Advisories
Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 have just been released; they contain
a security fix for the Security component (CVE-2013-5958).
October 10, 2013
#Security Advisories
A security issue has been discovered in FOSUserBundle (CVE-2013-5750).
September 23, 2013
#Security Advisories
Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 have just been released and they
contain security fixes for the Validator component (CVE-2013-4751) and the
HttpFoundation component (CVE-2013-4752).
August 7, 2013
#Security Advisories
Symfony 2.0.22 and Symfony 2.1.7 have just been released and they both contain
security fixes for the YAML component (CVE-2013-1348 and CVE-2013-1397).
January 17, 2013
#Security Advisories