Permalink
Commits on Aug 1, 2018
  1. Merge pull request #28099 from fabpot/release-3.3.18

    fabpot committed Aug 1, 2018
    released v3.3.18
  2. updated VERSION for 3.3.18

    fabpot committed Aug 1, 2018
  3. updated CHANGELOG for 3.3.18

    fabpot committed Aug 1, 2018
  4. security #cve-2018-14774 [HttpKernel] fix trusted headers management …

    nicolas-grekas committed Aug 1, 2018
    …in HttpCache and InlineFragmentRenderer (nicolas-grekas)
    
    * commit '7f912bbb78':
      [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
  5. security #cve-2018-14773 [HttpFoundation] Remove support for legacy a…

    nicolas-grekas committed Aug 1, 2018
    …nd risky HTTP headers (nicolas-grekas)
    
    This PR was merged into the 3.3 branch.
    
    Discussion
    ----------
    
    [3.3][HttpFoundation] Remove support for legacy and risky HTTP headers
    
    Commits
    -------
    
    12adeb9 [HttpFoundation] Remove support for legacy and risky HTTP headers
Commits on Jul 31, 2018
Commits on May 25, 2018
  1. Merge pull request #27377 from fabpot/release-3.3.17

    fabpot committed May 25, 2018
    released v3.3.17
  2. updated VERSION for 3.3.17

    fabpot committed May 25, 2018
  3. updated CHANGELOG for 3.3.17

    fabpot committed May 25, 2018
  4. Make CI green for regular jobs

    nicolas-grekas committed May 25, 2018
Commits on May 24, 2018
  1. do not mock the session in token storage tests

    xabbuh authored and fabpot committed May 18, 2018
  2. fixtures config fix

    xabbuh authored and fabpot committed May 24, 2018
  3. simplified code

    fabpot committed May 24, 2018
  4. fix version constraint

    xabbuh authored and fabpot committed May 24, 2018
  5. simplified code

    fabpot committed May 24, 2018
  6. security #cve-2018-11407 [Ldap] cast to string when checking empty pa…

    fabpot committed May 24, 2018
    …sswords
    
    * cve-2018-11407-3.3:
      [Ldap] cast to string when checking empty passwords
  7. security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils…

    fabpot committed May 24, 2018
    … cannot be configured
    
    * cve-2018-11408-3.3:
      [SecurityBundle] Fail if security.http_utils cannot be configured
  8. fixed deps

    fabpot committed May 24, 2018
  9. security #cve-2018-11406 clear CSRF tokens when the user is logged out

    fabpot committed May 24, 2018
    * cve-2018-11406-3.3:
      clear CSRF tokens when the user is logged out
Commits on May 23, 2018
  1. security #cve-2018-11385 migrating session for UsernamePasswordJsonAu…

    fabpot committed May 23, 2018
    …thenticationListener
    
    * cve-2018-11385-3.3:
      migrating session for UsernamePasswordJsonAuthenticationListener
      Adding session authentication strategy to Guard to avoid session fixation
      Adding session strategy to ALL listeners to avoid *any* possible fixation
  2. security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoS…

    fabpot committed May 23, 2018
    …essionHandler when MySQL is in loose mode
    
    * cve-2018-11386-3.3:
      [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
Commits on Jan 29, 2018
  1. bumped Symfony version to 3.3.17

    fabpot committed Jan 29, 2018
  2. Merge pull request #25955 from fabpot/release-3.3.16

    fabpot committed Jan 29, 2018
    released v3.3.16
  3. updated VERSION for 3.3.16

    fabpot committed Jan 29, 2018
  4. updated CHANGELOG for 3.3.16

    fabpot committed Jan 29, 2018
  5. Merge branch '2.8' into 3.3

    fabpot committed Jan 29, 2018
    * 2.8:
      [HttpFoundation] Use the correct syntax for session gc based on Pdo driver
      Removed assertDateTimeEquals() methods.
      Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
      Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
      Disable CSP header on exception pages only in debug
      Fixed submitting disabled buttons
      Fixed Button::setParent() when already submitted
      Improve assertions
      Improve assertions
      SCA: get rid of repetitive calls
      allow null values for root nodes in YAML configs
      [VarDumper] Fix docblock
      Improve phpdoc to make it more explicit
  6. Merge branch '2.7' into 2.8

    fabpot committed Jan 29, 2018
    * 2.7:
      Removed assertDateTimeEquals() methods.