The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it. https://symfony.com/blog/update-for-cve-2024-50342-internal-address-and-port-enumeration-allowed-by-noprivatenetworkhttpclient?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Connectez-vous pour ajouter un commentaire
Autres messages de ce groupe
Contributed by Mathias Arlaud in
SymfonyOnline January 2025 is coming up soon, running on January 16-17, and it’s going to be a great two-day online conference! Get ready for top-notch insights, inspiring schedule & speake
In Symfony 7.2, we've improved many existing commands with new options and features.
Resolve Env Vars when Linting the Container
Symfony 7.1.8 has just been released. Here is the list of the most important changes since 7.1.7:
security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-g
Affected versions
Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.
The issue has been fixed in Symfony
Symfony 7.2.0-RC1 has just been released. Here is the list of the most important changes since 7.2.0-BETA2:
feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)
feature #57630 [TypeInfo]
Symfony 5.4.47 has just been released. Here is the list of the most important changes since 5.4.46:
security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas