Comparing changes
Open a pull request
- 17 commits
- 20 files changed
- 3 contributors
Commits on May 4, 2022
Commits on Jan 24, 2023
-
security #cve-2022-24894 [HttpKernel] Remove private headers before s…
…toring responses with HttpCache (nicolas-grekas) This PR was merged into the 4.4 branch.
-
security #cve-2022-24895 [Security/Http] Remove CSRF tokens from stor…
…age on successful login (nicolas-grekas) This PR was merged into the 4.4 branch.
-
Commits on Jan 25, 2023
-
bug #49103 [Security/Http] Fix compat of persistent remember-me with …
…legacy tokens (nicolas-grekas) This PR was merged into the 5.4 branch. Discussion ---------- [Security/Http] Fix compat of persistent remember-me with legacy tokens | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #49100 | License | MIT | Doc PR | - In #49078, we changed the format of remember-me tokens, effectively invalidating them all. While the invalidation is intentional for signature-based remember-me handlers, persistent remember-me handlers could accept both legacy and updated tokens. This PR fixes compat with legacy tokens for persistent remember-me handlers. Commits ------- 538d660 [Security/Http] Fix compat of persistent remember-me with legacy tokens
-
-
bug #49104 [HttpClient] Fix collecting data non-late for the profiler…
… (nicolas-grekas) This PR was merged into the 5.4 branch. Discussion ---------- [HttpClient] Fix collecting data non-late for the profiler | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #49096 | License | MIT | Doc PR | - `@silverbackdan` `@pforesi` could you please confirm that this fixes both your use cases? Commits ------- 3cb1d70 [HttpClient] Fix collecting data non-late for the profiler
Commits on Jan 27, 2023
-
bug #49126 [DependencyInjection] Fix order of arguments when mixing p…
…ositional and named ones (nicolas-grekas) This PR was merged into the 5.4 branch. Discussion ---------- [DependencyInjection] Fix order of arguments when mixing positional and named ones | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #49118 | License | MIT | Doc PR | - Commits ------- 45d614d [DependencyInjection] Fix order of arguments when mixing positional and named ones
Commits on Jan 29, 2023
-
-
bug #49141 [HttpFoundation] Fix bad return type in IpUtils::checkIp4(…
…) (tristankretzer) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [HttpFoundation] Fix bad return type in IpUtils::checkIp4() | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | see below | License | MIT | Doc PR | - `filter_var` returns the value if it passes the applied filters. This leads to `IpUtils::checkIp4()` returning the address part of the CIDR notation (instead of `true` which is expected) if it is a valid IPv4 address with subnet mask 0. This change fixes this behaviour. Commits ------- f694aa8 [HttpFoundation] Fix bad return type in IpUtils::checkIp4()
Commits on Jan 30, 2023
-
* 4.4: [Security/Http] Remove CSRF tokens from storage on successful login [HttpKernel] Remove private headers before storing responses with HttpCache
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 6c934e6...7f9c726