New Private Subnets Shortcut for Trusted Proxies

    Contributed by
                Nicolas Grekas
                                     in…

https://symfony.com/blog/new-in-symfony-7-2-simpler-trusted-proxies-configuration?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

This week, Symfony 5.4.46, 6.4.14, and 7.1.7, maintenance versions were released. In addition, we released the second beta version of Symfony 7.2 ahead of its final release at the end of November 2024. Lastly, we published eight security advisories to fix… https://symfony.com/blog/a-week-of-symfony-932-4-10-november-2024?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

In Symfony 7.2, besides introducing three new constraints and improving the Compound constraint, we've also improved other constraints.

Added a Validation Mode for BIC Constraint… https://symfony.com/blog/new-in-symfony-7-2-constraint-improvements?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

<

SymfonyCon Vienna is only a month away! 🎉 The full schedule is now online, packed with everything you need to plan for this incredible event with the Symfony and PHP community.

Quick tip: personalize your SymfonyLive profile to let us know your… https://symfony.com/blog/less-than-a-month-to-go-get-ready-for-symfonycon-vienna-2024?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Contributed by Laurens Laman in

57576…

https://symfony.com/blog/new-in-symfony-7-2-console-finished-indicator?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox,… https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.

The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.

Description

In a sandbox,… https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Process component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

On Window, when an executable… https://symfony.com/blog/cve-2024-51736-command-execution-hijack-on-windows-with-process-class?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpFoundation component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

The Request class, does… https://symfony.com/blog/cve-2024-50345-open-redirect-via-browser-sanitized-urls?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions <5.4.43; >=6, <6.4.11; >=7, <7.1.4 of the Symfony Validator component are affected by this security issue.

The issue has been fixed in Symfony 5.4.43, 6.4.11, and 7.1.4.

Description

It is possible to trick a… https://symfony.com/blog/cve-2024-50343-incorrect-response-from-validator-when-input-ends-with-n?utm_source=Symfony%20Blog%20Feed&utm_medium=feed