Releases: symfony/security-http
Releases · symfony/security-http
v8.1.0
v8.1.0-RC1
v8.1.0-RC1
This tag was signed with the committer’s verified signature.
fabpot
Fabien Potencier
Changelog (v8.1.0-BETA3...v8.1.0-RC1)
- security #cve-2026-48489 Don't honor user-supplied _failure_path on failure_forward (@nicolas-grekas)
- bug #64337 Initialize lazy users before serializing them (@MatTheCat)
Contributors
nicolas-grekas and MatTheCat
Assets 2
v8.0.13
Changelog (v8.0.12...v8.0.13)
- security #cve-2026-48489 Don't honor user-supplied _failure_path on failure_forward (@nicolas-grekas)
- bug #64337 Initialize lazy users before serializing them (@MatTheCat)
Contributors
nicolas-grekas and MatTheCat
Assets 2
v7.4.13
Changelog (v7.4.12...v7.4.13)
- security #cve-2026-48489 Don't honor user-supplied _failure_path on failure_forward (@nicolas-grekas)
- bug #64337 Initialize lazy users before serializing them (@MatTheCat)
Contributors
nicolas-grekas and MatTheCat
Assets 2
v6.4.41
Changelog (v6.4.40...v6.4.41)
- security #cve-2026-48489 Don't honor user-supplied _failure_path on failure_forward (@nicolas-grekas)
- bug #64337 Initialize lazy users before serializing them (@MatTheCat)
Contributors
nicolas-grekas and MatTheCat
Assets 2
v5.4.53
Changelog (v5.4.52...v5.4.53)
- security #cve-2026-48489 Don't honor user-supplied _failure_path on failure_forward (@nicolas-grekas)
Contributors
nicolas-grekas
Assets 2
v8.1.0-BETA3
v8.1.0-BETA3
This tag was signed with the committer’s verified signature.
fabpot
Fabien Potencier
Changelog (v8.1.0-BETA2...v8.1.0-BETA3)
- security #cve-2026-45069 Add missing claims in
OidcTokenHandler(@alexandre-daubois) - bug #64290 Various fixes and hardenings (@nicolas-grekas)
- security #cve-2026-45063 Anchor emailAddress regex to RDN boundary in X509Authenticator (@alexandre-daubois)
- security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
- security #cve-2026-45075 Fix HEAD requests bypassing methods filter in
IsGranted,IsCsrfTokenValidandIsSignatureValidattributes (@nicolas-grekas) - bug #64213 Fix impersonation being deauthenticated on every request (@nicolas-grekas)
Contributors
nicolas-grekas and alexandre-daubois
Assets 2
v8.0.12
Changelog (v8.0.11...v8.0.12)
- security #cve-2026-45069 Add missing claims in
OidcTokenHandler(@alexandre-daubois) - security #cve-2026-45063 Anchor emailAddress regex to RDN boundary in X509Authenticator (@alexandre-daubois)
- security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
- security #cve-2026-45075 Fix HEAD requests bypassing methods filter in
IsGranted,IsCsrfTokenValidandIsSignatureValidattributes (@nicolas-grekas) - bug #64213 Fix impersonation being deauthenticated on every request (@nicolas-grekas)
Contributors
nicolas-grekas and alexandre-daubois
Assets 2
v7.4.12
Changelog (v7.4.11...v7.4.12)
- security #cve-2026-45069 Add missing claims in
OidcTokenHandler(@alexandre-daubois) - security #cve-2026-45063 Anchor emailAddress regex to RDN boundary in X509Authenticator (@alexandre-daubois)
- security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
- security #cve-2026-45075 Fix HEAD requests bypassing methods filter in
IsGranted,IsCsrfTokenValidandIsSignatureValidattributes (@nicolas-grekas) - bug #64213 Fix impersonation being deauthenticated on every request (@nicolas-grekas)
Contributors
nicolas-grekas and alexandre-daubois
Assets 2
v6.4.40
Changelog (v6.4.39...v6.4.40)
- security #cve-2026-45069 Add missing claims in
OidcTokenHandler(@alexandre-daubois) - security #cve-2026-45063 Anchor emailAddress regex to RDN boundary in X509Authenticator (@alexandre-daubois)
Contributors
alexandre-daubois