Affected versions
Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.
The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.
Description
Login to add comment
Other posts in this group
Contributed by Mathias Arlaud in
SymfonyOnline January 2025 is coming up soon, running on January 16-17, and it’s going to be a great two-day online conference! Get ready for top-notch insights, inspiring schedule & speake
In Symfony 7.2, we've improved many existing commands with new options and features.
Resolve Env Vars when Linting the Container
Symfony 7.1.8 has just been released. Here is the list of the most important changes since 7.1.7:
security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-g
Affected versions
Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.
The issue has been fixed in Symfony
The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it. https://symfony.com/blog/update-for-cve-2024-50342-internal-address-and-port-enumera
Symfony 7.2.0-RC1 has just been released. Here is the list of the most important changes since 7.2.0-BETA2:
feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)feature #57630 [TypeInfo]
