v8.1.0-BETA3
·
32 commits
to 8.2
since this release
v8.1.0-BETA3
fabpot
Fabien Potencier
This tag was signed with the committer’s verified signature.
fabpot
Fabien Potencier
Changelog (v8.1.0-BETA2...v8.1.0-BETA3)
- security #cve-2026-45069 Add missing claims in
OidcTokenHandler(@alexandre-daubois) - bug #64290 Various fixes and hardenings (@nicolas-grekas)
- security #cve-2026-45063 Anchor emailAddress regex to RDN boundary in X509Authenticator (@alexandre-daubois)
- security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
- security #cve-2026-45075 Fix HEAD requests bypassing methods filter in
IsGranted,IsCsrfTokenValidandIsSignatureValidattributes (@nicolas-grekas) - bug #64213 Fix impersonation being deauthenticated on every request (@nicolas-grekas)
Contributors
nicolas-grekas and alexandre-daubois