In Symfony 7.2, besides introducing three new constraints and improving the Compound constraint, we've also improved other constraints.

Added a Validation Mode for BIC Constraint… https://symfony.com/blog/new-in-symfony-7-2-constraint-improvements?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

<

SymfonyCon Vienna is only a month away! 🎉 The full schedule is now online, packed with everything you need to plan for this incredible event with the Symfony and PHP community.

Quick tip: personalize your SymfonyLive profile to let us know your… https://symfony.com/blog/less-than-a-month-to-go-get-ready-for-symfonycon-vienna-2024?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Contributed by Laurens Laman in

57576…

https://symfony.com/blog/new-in-symfony-7-2-console-finished-indicator?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox,… https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox,… https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Process component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

On Window, when an executable… https://symfony.com/blog/cve-2024-51736-command-execution-hijack-on-windows-with-process-class?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpFoundation component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

The Request class, does… https://symfony.com/blog/cve-2024-50345-open-redirect-via-browser-sanitized-urls?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions <5.4.43; >=6, <6.4.11; >=7, <7.1.4 of the Symfony Validator component are affected by this security issue.

The issue has been fixed in Symfony 5.4.43, 6.4.11, and 7.1.4.

Description

It is possible to trick a… https://symfony.com/blog/cve-2024-50343-incorrect-response-from-validator-when-input-ends-with-n?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 5.4.46 has just been released. Here is the list of the most important changes since 5.4.45:

bug #58772 [DoctrineBridge] Backport detection fix of Xml/Yaml driver in DoctrineExtension (@MatTheCat)

security #cve-2024-51736 [Process] Use PATH before… https://symfony.com/blog/symfony-5-4-46-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions >=6.2, <6.4.10; >=7.0, <7.0.10; >=7.1, <7.1.3 of the Symfony SecurityBundle component are affected by this security issue.

The issue has been fixed in Symfony 6.4.10, 7.0.10, and 7.1.3.

Description

The custom… https://symfony.com/blog/cve-2024-50341-security-login-does-not-take-into-account-custom-user-checker?utm_source=Symfony%20Blog%20Feed&utm_medium=feed