New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency symfony/framework-bundle to v3.4.26 [SECURITY] #14

Open

shokohsc wants to merge 1 commit into master from renovate/packagist-symfony/framework-bundle-vulnerability

Owner

shokohsc commented Sep 30, 2022

This PR contains the following updates:

Package	Type	Update	Change
symfony/framework-bundle (source)	require	minor	`3.0.3` -> `3.4.26`

GitHub Vulnerability Alerts

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Release Notes

symfony/framework-bundle

`v3.4.26`

`v3.4.25`

`v3.4.24`

`v3.4.23`

`v3.4.22`

`v3.4.21`

`v3.4.20`

`v3.4.19`

`v3.4.18`

`v3.4.17`

`v3.4.16`

`v3.4.15`

`v3.4.14`

`v3.4.13`

`v3.4.12`

`v3.4.11`

`v3.4.10`

`v3.4.9`

`v3.4.8`

`v3.4.7`

`v3.4.6`

`v3.4.5`

`v3.4.4`

`v3.4.3`

`v3.4.2`

`v3.4.1`

`v3.4.0`

Added translator.default_path option and parameter
Session use_strict_mode is now enabled by default and the corresponding option has been deprecated
Made the cache:clear command to not clear "app" PSR-6 cache pools anymore,
but to still clear "system" ones; use the cache:pool:clear command to clear "app" pools instead
Always register a minimalist logger that writes in stderr
Deprecated profiler.matcher option
Added support for EventSubscriberInterface on MicroKernelTrait
Removed doctrine/cache from the list of required dependencies in composer.json
Deprecated validator.mapping.cache.doctrine.apc service
The symfony/stopwatch dependency has been removed, require it via composer require symfony/stopwatch in your dev environment.
Deprecated using the KERNEL_DIR environment variable with KernelTestCase::getKernelClass().
Deprecated the KernelTestCase::getPhpUnitXmlDir() and KernelTestCase::getPhpUnitCliConfigArgument() methods.
Deprecated AddCacheClearerPass, use tagged iterator arguments instead.
Deprecated AddCacheWarmerPass, use tagged iterator arguments instead.
Deprecated TranslationDumperPass, use
Symfony\Component\Translation\DependencyInjection\TranslationDumperPass instead
Deprecated TranslationExtractorPass, use
Symfony\Component\Translation\DependencyInjection\TranslationExtractorPass instead
Deprecated TranslatorPass, use
Symfony\Component\Translation\DependencyInjection\TranslatorPass instead
Added command attribute to the console.command tag which takes the command
name as value, using it makes the command lazy
Added cache:pool:prune command to allow manual stale cache item pruning of supported PSR-6 and PSR-16 cache pool
implementations
Deprecated Symfony\Bundle\FrameworkBundle\Translation\TranslationLoader, use
Symfony\Component\Translation\Reader\TranslationReader instead
Deprecated translation.loader service, use translation.reader instead
AssetsInstallCommand::__construct() now takes an instance of
Symfony\Component\Filesystem\Filesystem as first argument
CacheClearCommand::__construct() now takes an instance of
Symfony\Component\HttpKernel\CacheClearer\CacheClearerInterface as
first argument
CachePoolClearCommand::__construct() now takes an instance of
Symfony\Component\HttpKernel\CacheClearer\Psr6CacheClearer as
first argument
EventDispatcherDebugCommand::__construct() now takes an instance of
Symfony\Component\EventDispatcher\EventDispatcherInterface as
first argument
RouterDebugCommand::__construct() now takes an instance of
Symfony\Component\Routing\RouterInterface as
first argument
RouterMatchCommand::__construct() now takes an instance of
Symfony\Component\Routing\RouterInterface as
first argument
TranslationDebugCommand::__construct() now takes an instance of
Symfony\Component\Translation\TranslatorInterface as
first argument
TranslationUpdateCommand::__construct() now takes an instance of
Symfony\Component\Translation\TranslatorInterface as
first argument
AssetsInstallCommand, CacheClearCommand, CachePoolClearCommand,
EventDispatcherDebugCommand, RouterDebugCommand, RouterMatchCommand,
TranslationDebugCommand, TranslationUpdateCommand, XliffLintCommand
and YamlLintCommand classes have been marked as final
Added asset.request_context.base_path and asset.request_context.secure parameters
to provide a default request context in case the stack is empty (similar to router.request_context.* parameters)
Display environment variables managed by Dotenv in AboutCommand

`v3.3.18`

`v3.3.17`

`v3.3.16`

`v3.3.15`

`v3.3.14`

`v3.3.13`

`v3.3.12`

`v3.3.11`

`v3.3.10`

`v3.3.9`

`v3.3.8`

`v3.3.7`

`v3.3.6`

`v3.3.5`

`v3.3.4`

`v3.3.3`

`v3.3.2`

`v3.3.1`

`v3.3.0`

Not defining the type option of the framework.workflows.* configuration entries is deprecated.
The default value will be state_machine in Symfony 4.0.
Deprecated the CompilerDebugDumpPass class
Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
Added a new version strategy option called "json_manifest_path"
that allows you to use the JsonManifestVersionStrategy.
Added Symfony\Bundle\FrameworkBundle\Controller\AbstractController. It provides
the same helpers as the Controller class, but does not allow accessing the dependency
injection container, in order to encourage explicit dependency declarations.
Added support for the controller.service_arguments tag, for injecting services into controllers' actions
Changed default configuration for
assets/forms/validation/translation/serialization/csrf from canBeEnabled() to
canBeDisabled() when Flex is used
The server:* commands and their associated router files were moved to WebServerBundle
Translation related services are not loaded anymore when the framework.translator option
is disabled.
Added GlobalVariables::getToken()
Deprecated Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddConsoleCommandPass. Use Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass instead.
Added configurable paths for validation files
Deprecated SerializerPass, use Symfony\Component\Serializer\DependencyInjection\SerializerPass instead
Deprecated FormPass, use Symfony\Component\Form\DependencyInjection\FormPass instead
Deprecated SessionListener
Deprecated TestSessionListener
Deprecated Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\ConfigCachePass.
Use tagged iterator arguments instead.
Deprecated PropertyInfoPass, use Symfony\Component\PropertyInfo\DependencyInjection\PropertyInfoPass instead
Deprecated ControllerArgumentValueResolverPass. Use
Symfony\Component\HttpKernel\DependencyInjection\ControllerArgumentValueResolverPass instead
Deprecated RoutingResolverPass, use Symfony\Component\Routing\DependencyInjection\RoutingResolverPass instead
[BC BREAK] The server:run, server:start, server:stop and
server:status console commands have been moved to a dedicated bundle.
Require symfony/web-server-bundle in your composer.json and register
Symfony\Bundle\WebServerBundle\WebServerBundle in your AppKernel to use them.
Added $defaultLocale as 3rd argument of Translator::__construct()
making Translator works with any PSR-11 container
Added framework.serializer.mapping config option allowing to define custom
serialization mapping files and directories
Deprecated AddValidatorInitializersPass, use
Symfony\Component\Validator\DependencyInjection\AddValidatorInitializersPass instead
Deprecated AddConstraintValidatorsPass, use
Symfony\Component\Validator\DependencyInjection\AddConstraintValidatorsPass instead
Deprecated ValidateWorkflowsPass, use
Symfony\Component\Workflow\DependencyInjection\ValidateWorkflowsPass instead
Deprecated ConstraintValidatorFactory, use
Symfony\Component\Validator\ContainerConstraintValidatorFactory instead.
Deprecated PhpStringTokenParser, use
Symfony\Component\Translation\Extractor\PhpStringTokenParser instead.
Deprecated PhpExtractor, use
Symfony\Component\Translation\Extractor\PhpExtractor instead.

`v3.2.14`

`v3.2.13`

`v3.2.12`

`v3.2.11`

`v3.2.10`

`v3.2.9`

`v3.2.8`

`v3.2.7`

`v3.2.6`

`v3.2.5`

`v3.2.4`

`v3.2.3`

`v3.2.2`

`v3.2.1`

`v3.2.0`

Removed doctrine/annotations from the list of required dependencies in composer.json
Removed symfony/security-core and symfony/security-csrf from the list of required dependencies in composer.json
Removed symfony/templating from the list of required dependencies in composer.json
Removed symfony/translation from the list of required dependencies in composer.json
Removed symfony/asset from the list of required dependencies in composer.json
The Resources/public/images/* files have been removed.
The Resources/public/css/*.css files have been removed (they are now inlined in TwigBundle).
Added possibility to prioritize form type extensions with 'priority' attribute on tags form.type_extension

`v3.1.10`

`v3.1.9`

`v3.1.8`

`v3.1.7`

`v3.1.6`

`v3.1.5`

`v3.1.4`

`v3.1.3`

`v3.1.2`

`v3.1.1`

`v3.1.0`

Added Controller::json to simplify creating JSON responses when using the Serializer component
Deprecated absolute template paths support in the template name parser
Deprecated using core form types without dependencies as services
Added Symfony\Component\HttpHernel\DataCollector\RequestDataCollector::onKernelResponse()
Added Symfony\Bundle\FrameworkBundle\DataCollector\RequestDataCollector
The framework.serializer.cache option and the service serializer.mapping.cache.apc have been
deprecated. APCu should now be automatically used when available.

`v3.0.9`

`v3.0.8`

`v3.0.7`

`v3.0.6`

`v3.0.5`

`v3.0.4`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.


          Update dependency symfony/framework-bundle to v3.4.26 [SECURITY]

d1d0176

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet