Skip to content

v4.0.11
Compare
Choose a tag to compare
@fabpot fabpot released this 25 May 14:06
· 34984 commits to 7.2 since this release
v4.0.11
This tag was signed with the committer’s verified signature.
fabpot Fabien Potencier
GPG key ID: EB8AA69A566C0795
Learn about vigilant mode.
a54fa08
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog (since v4.0.10...v4.0.11)

  • bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (@nicolas-grekas)
  • bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (@nicolas-grekas)
  • security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured
  • security #cve-2018-11406 clear CSRF tokens when the user is logged out
  • security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener
  • security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
  • security #cve-2018-11385 Adding session strategy to ALL listeners to avoid any possible fixation
  • security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
  • bug #27341 [WebProfilerBundle] Fixed validator/dump trace CSS (@yceruto)
  • bug #27337 [FrameworkBundle] fix typo in CacheClearCommand (@emilielorenzo)

[PR] #27383
[SECURITY] Security release

Assets 2
Loading