Skip to content

« Symfony UX » blog posts

Symfony UX 3.2.0 and 2.36.1 fix two security issues in UX Icons and UX Toolkit, while 3.2.0 also brings new TwigComponent, Toolkit and Native features.
June 19, 2026 #Symfony UX ❤️ 1 👍 3
XSS in symfony/ux-icons via unsanitized SVG content in local files and Iconify on-demand responses
June 19, 2026 #Symfony UX
Path Traversal in symfony/ux-toolkit Allows Arbitrary File Write and Read via Crafted Recipe Manifest
June 19, 2026 #Symfony UX
LiveComponentHydrator HMAC checksum lacks component and slot binding
May 29, 2026 #Symfony UX 👍 1
Information exposure via unescaped LIKE wildcards in EntitySearchUtil
May 29, 2026 #Symfony UX 👍 1
Format-less date LiveProps parsed with the permissive DateTime constructor
May 29, 2026 #Symfony UX
Denial of service in symfony/ux-live-component via unbounded batch action requests
May 29, 2026 #Symfony UX
XSS in symfony/ux-live-component via attacker-controlled child component tag
May 29, 2026 #Symfony UX
XSS in symfony/ux-autocomplete via unescaped AJAX response data
May 29, 2026 #Symfony UX
CSRF Protection Bypass in symfony/ux-live-component: Accept Header is CORS-Safelisted
May 29, 2026 #Symfony UX