Fedora Linux 8784 Published by

A php-symfony4 security update has been released for Fedora 32.



SECURITY: Fedora 32 Update: php-symfony4-4.4.13-1.fc32


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-16eb328853
2020-09-11 15:17:59.709196
--------------------------------------------------------------------------------

Name : php-symfony4
Product : Fedora 32
Version : 4.4.13
Release : 1.fc32
URL :   https://symfony.com
Summary : Symfony PHP framework (version 4)
Description :
Symfony PHP framework (version 4).

NOTE: Does not require PHPUnit bridge.

--------------------------------------------------------------------------------
Update Information:

**Version 4.4.13** (2020-09-02) * security **CVE-2020-15094** Remove headers
with internal meaning from HttpClient responses (mpdude) * bug #38024 [Console]
Fix undefined index for inconsistent command name definition (chalasr) * bug
#38023 [DI] fix inlining of non-shared services (nicolas-grekas) * bug #38020
[PhpUnitBridge] swallow deprecations (xabbuh) * bug #38010 [Cache] Psr16Cache
does not handle Proxy cache items (alex-dev) * bug #37937 [Serializer] fixed
fix encoding of cache keys with anonymous classes (michaelzangerle) ----
**Version 4.4.12** (2020-08-31) * bug #37966 [HttpClient][MockHttpClient][DX]
Throw when the response factory callable does not return a valid response
(fancyweb) * bug #37971 [PropertyInfo] Backport support for typed properties
(PHP 7.4) (dunglas) * bug #37970 [PhpUnitBridge] Polyfill new phpunit 9.1
assertions (phpfour) * bug #37960 [PhpUnit] Add polyfill for
assertMatchesRegularExpression() (dunglas) * bug #37949 [Yaml] fix more numeric
cases changing in PHP 8 (xabbuh) * bug #37921 [Yaml] account for is_numeric()
behavior changes in PHP 8 (xabbuh) * bug #37912 [ExpressionLanguage] fix
passing arguments to call_user_func_array() on PHP 8 (xabbuh) * bug #37907
[Messenger] stop using the deprecated schema synchronizer API (xabbuh) * bug
#37900 [Mailer] Fixed mandrill api header structure (wulff) * bug #37888
[Mailer] Reorder headers used to determine Sender (cvmiert) * bug #37872
[Sendgrid-Mailer] Fixed envelope recipients on sendgridApiTransport
(arendjantetteroo) * bug #37860 [Serializer][ClassDiscriminatorMapping] Fix
getMappedObjectType() when a discriminator child extends another one (fancyweb)
* bug #37853 [Validator] ensure that the validator is a mock object for
backwards-compatibility (xabbuh) * bug #36340 [Serializer] Fix configuration of
the cache key (dunglas) * bug #36810 [Messenger] Do not stack retry stamp
(jderusse) * bug #37849 [FrameworkBundle] Add missing mailer transports in xsd
(l-vo) * bug #37586 [ErrorHandler][DebugClassLoader] Add mixed and static
return types support (fancyweb) * bug #37845 [Serializer] Fix variadic support
when using type hints (fabpot) * bug #37841 [VarDumper] Backport handler lock
when using VAR_DUMPER_FORMAT (ogizanagi) * bug #37725 [Form] Fix Guess phpdoc
return type (franmomu) * bug #37771 Use PHPUnit 9.3 on php 8 (derrabus) * bug
#36140 [Validator] Add BC layer for notInRangeMessage when min and max are set
(l-vo) * bug #35843 [Validator] Add target guards for Composite nested
constraints (ogizanagi) * bug #37803 Fix for issue #37681 (Rav) * bug #37744
[Yaml] Fix for #36624; Allow PHP constant as first key in block (jnye) * bug
#37767 [Form] fix mapping errors from unmapped forms (xabbuh) * bug #37731
[Console] Table: support cells with newlines after a cell with colspan >= 2
(GMTA) * bug #37791 Fix redis connect with empty password (alexander-schranz)
* bug #37790 Fix deprecated libxml_disable_entity_loader (fabpot) * bug #37763
Fix deprecated libxml_disable_entity_loader (jderusse) * bug #37774 [Console]
Make sure we pass a numeric array of arguments to call_user_func_array()
(derrabus) * bug #37729 [FrameworkBundle] fail properly when the required
service is not defined (xabbuh) * bug #37701 [Serializer] Fix that it will
never reach DOMNode (TNAJanssen) * bug #37671 [Cache] fix saving no-expiry
items with ArrayAdapter (philipp-kolesnikov) * bug #37102 [WebProfilerBundle]
Fix error with custom function and web profiler routing tab (JakeFr) * bug
#37560 [Finder] Fix GitIgnore parser when dealing with (sub)directories and take
order of lines into account (Jeroeny) * bug #37700 [VarDumper] Improve previous
fix on light array coloration (l-vo) * bug #37705 [Mailer] Added the missing
reset tag to mailer.logger_message_listener (vudaltsov) * bug #37697
[Messenger] reduce column length for MySQL 5.6 compatibility (xabbuh) ---- -
fix path of doctrine/persistence 2 in autoloader
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 2 2020 Remi Collet - 4.4.13-1
- update to 4.4.13
* Mon Aug 31 2020 Remi Collet - 4.4.12-1
- update to 4.4.12
- allow doctrine/dbal 3.0
* Tue Aug 25 2020 Remi Collet - 4.4.11-3
- fix autoloader path for doctrine/persistence 2
* Tue Jul 28 2020 Fedora Release Engineering - 4.4.11-2
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-16eb328853' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys