« Security Advisories » blog posts
Have found a security issue in Symfony? Send the details to
security [at] symfony.com and don't
disclose it publicly until we can provide a fix for it.
Manage your notification preferences to receive an email as soon as a Symfony security release is published.
Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions.
September 9, 2024
#Security Advisories
❤️ 6
CVE-2023-46735: Potential XSS in WebhookController
November 10, 2023
#Security Advisories
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
November 10, 2023
#Security Advisories
CVE-2023-46733: Possible session fixation
November 10, 2023
#Security Advisories
Security bug release for symfony/ux-autocomplete CVE-2023-41336
September 11, 2023
#Security Advisories
CVE-2022-24894: Prevent storing cookie headers in HttpCache.
February 1, 2023
#Security Advisories
CVE-2022-24895: CSRF token fixation.
February 1, 2023
#Security Advisories
CVE-2022-23601 fixes CSRF token missing in forms.
January 29, 2022
#Security Advisories
CVE-2021-41268: Remember me cookie persistance after password changes
November 24, 2021
#Security Advisories
CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
November 24, 2021
#Security Advisories