Affected versions
Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.
The issue has been fixed in Symfony 5.4.47, 6.4.15, and 7.1.8.
Description
Whan consuming… https://symfony.com/blog/cve-2024-51996-authentication-bypass-via-persisted-rememberme-cookie?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Login to add comment
Other posts in this group
This week, Symfony development activity was very intense. The upcoming Symfony 7.3 version added a Slug constraint, introduced support for union types in OptionsResolver, enabled using HTTP/3 with the
This blog post highlights the key accomplishments of the Symfony project in 2024. We are grateful for your continuous support, which enabled the Symfony project to achieve a remarkable year.
Releases
This week, Symfony 6.4.17, 7.1.10 and 7.2.2 maintenance versions were released. In addition, we published more information about the upcoming SymfonyOnline January 2025 conference.
Symfony developmen
Get ready for the exciting SymfonyOnline January 2025, kicking off shortly on January 16-17! There’s still time to register and join the international online Symfony conference—along with pre-
Symfony 6.4.17 has just been released. Here is the list of the most important changes since 6.4.16:
bug #59304 [PropertyInfo] Remove @internal from PropertyReadInfo and PropertyWriteInfo (Dario G
Symfony 7.1.10 has just been released. Here is the list of the most important changes since 7.1.9:
bug #59304 [PropertyInfo] Remove @internal from PropertyReadInfo and PropertyWriteInfo (Dario Gu
Symfony 7.2.2 has just been released. Here is the list of the most important changes since 7.2.1:
bug #59304 [PropertyInfo] Remove @internal from PropertyReadInfo and PropertyWriteInfo (Dario Gua