Fedora 28: php-symfony Security Update 2018-eba0006df2
Summary
PHP framework for web projects
**Version 2.8.41** (2018-05-25) * bug #27359 [HttpFoundation] Fix perf issue
during MimeTypeGuesser intialization (nicolas-grekas) * security
#cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be
configured * security #cve-2018-11406 clear CSRF tokens when the user is logged
out * security #cve-2018-11385 Adding session authentication strategy to Guard
to avoid session fixation * security #cve-2018-11385 Adding session strategy to
ALL listeners to avoid *any* possible fixation * security #cve-2018-11386
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose
mode ---- **Version 2.8.40** (2018-05-21) * bug #26781 [Form] Fix
precision of MoneyToLocalizedStringTransformer's divisions on transform()
(syastrebov) * bug #27286 [Translation] Add Occitan plural rule (kylekatarnls)
* bug #27246 Disallow invalid characters in session.name (ostrolucky) * bug
#24805 [Security] Fix logout (MatTheCat) * bug #27141 [Process] Suppress
warnings when open_basedir is non-empty (cbj4074) * bug #27250 [Session]
limiting :key for GET_LOCK to 64 chars (oleg-andreyev) * bug #27237 [Debug] Fix
populating error_get_last() for handled silent errors (nicolas-grekas) * bug
#27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas) * bug
#27152 [HttpFoundation] use brace-style regex delimiters (xabbuh) * feature
#24896 Add CODE_OF_CONDUCT.md (egircys)
* Mon May 28 2018 Remi Collet
- update to 2.8.41
* Thu May 24 2018 Remi Collet
- update to 2.8.40
* Fri May 4 2018 Remi Collet
- update to 2.8.39
su -c 'dnf upgrade --advisory FEDORA-2018-eba0006df2' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
FEDORA-2018-eba0006df2 2018-06-06 13:29:38.347930 Product : Fedora 28 Version : 2.8.41 Release : 1.fc28 URL : https://symfony.com/ Summary : PHP framework for web projects Description : PHP framework for web projects **Version 2.8.41** (2018-05-25) * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas) * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured * security #cve-2018-11406 clear CSRF tokens when the user is logged out * security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode ---- **Version 2.8.40** (2018-05-21) * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov) * bug #27286 [Translation] Add Occitan plural rule (kylekatarnls) * bug #27246 Disallow invalid characters in session.name (ostrolucky) * bug #24805 [Security] Fix logout (MatTheCat) * bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074) * bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev) * bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas) * bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas) * bug #27152 [HttpFoundation] use brace-style regex delimiters (xabbuh) * feature #24896 Add CODE_OF_CONDUCT.md (egircys) * Mon May 28 2018 Remi Collet - 2.8.41-1 - update to 2.8.41 * Thu May 24 2018 Remi Collet - 2.8.40-1 - update to 2.8.40 * Fri May 4 2018 Remi Collet - 2.8.39-1 - update to 2.8.39 su -c 'dnf upgrade --advisory FEDORA-2018-eba0006df2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
Change Log
References
Update Instructions
