Affected versions
Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.
The issue has been fixed in Symfony 5.4.47, 6.4.15, and 7.1.8.
Description
Whan consuming… https://symfony.com/blog/cve-2024-51996-authentication-bypass-via-persisted-rememberme-cookie?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Login to add comment
Other posts in this group
Contributed by Mathias Arlaud in
SymfonyOnline January 2025 is coming up soon, running on January 16-17, and it’s going to be a great two-day online conference! Get ready for top-notch insights, inspiring schedule & speake
In Symfony 7.2, we've improved many existing commands with new options and features.
Resolve Env Vars when Linting the Container
Symfony 7.1.8 has just been released. Here is the list of the most important changes since 7.1.7:
security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-g
The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it. https://symfony.com/blog/update-for-cve-2024-50342-internal-address-and-port-enumera
Symfony 7.2.0-RC1 has just been released. Here is the list of the most important changes since 7.2.0-BETA2:
feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)feature #57630 [TypeInfo]
Symfony 5.4.47 has just been released. Here is the list of the most important changes since 5.4.46:
security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas