Fedora Linux 8772 Published by

A php-symfony4 security update has been released for Fedora 32.



SECURITY: Fedora 32 Update: php-symfony4-4.4.7-1.fc32


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-fade6a8df7
2020-04-09 14:41:13.795324
--------------------------------------------------------------------------------

Name : php-symfony4
Product : Fedora 32
Version : 4.4.7
Release : 1.fc32
URL :   https://symfony.com
Summary : Symfony PHP framework (version 4)
Description :
Symfony PHP framework (version 4).

NOTE: Does not require PHPUnit bridge.

--------------------------------------------------------------------------------
Update Information:

**Version 4.4.7** (2020-03-30) * security #cve-2020-5255 [HttpFoundation] Do
not set the default Content-Type based on the Accept header (yceruto) *
security #cve-2020-5275 [Security] Fix access_control behavior with unanimous
decision strategy (chalasr) * bug #36262 [DI] fix generating TypedReference
from PriorityTaggedServiceTrait (nicolas-grekas) * bug #36252 [Security/Http]
Allow setting cookie security settings for delete_cookies (wouterj) * bug
#36261 [FrameworkBundle] revert to legacy wiring of the session when circular
refs are detected (nicolas-grekas) * bug #36259 [DomCrawler] Fix BC break in
assertions breaking Panther (dunglas) * bug #36181 [BrowserKit] fixed missing
post request parameters in file uploads (codebay) * bug #36216 [Validator]
Assert Valid with many groups (phucwan91) * bug #36222 [Console] Fix
OutputStream for PHP 7.4 (guillbdx) ---- **Version 4.4.6** (2020-03-27) *
bug #36169 [HttpKernel] fix locking for PHP 7.4+ (nicolas-grekas) * bug #36175
[Security/Http] Remember me: allow to set the samesite cookie flag (dunglas) *
bug #36173 [Http Foundation] Fix clear cookie samesite (guillbdx) * bug #36176
[Security] Check if firewall is stateless before checking for session/previous
session (koenreiniers) * bug #36149 [Form] Support customized intl php.ini
settings (jorrit) * bug #36172 [Debug] fix for PHP 7.3.16+/7.4.4+ (nicolas-
grekas) * bug #36151 [Security] Fixed hardcoded value of
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE (lyrixx) * bug #36141 Prevent warning
in proc_open() (BenMorel) * bug #36143 [FrameworkBundle] Fix Router Cache
(guillbdx) * bug #36103 [DI] fix preloading script generation (nicolas-grekas)
* bug #36118 [Security/Http] don't require the session to be started when
tracking its id (nicolas-grekas) * bug #36108 [DI] Fix CheckTypeDeclarationPass
(guillbdx) * bug #36121 [VarDumper] fix side-effect by not using mt_rand()
(nicolas-grekas) * bug #36073 [PropertyAccess][DX] Improved errors when reading
uninitialized properties (HeahDude) * bug #36063 [FrameworkBundle] start
session on flashbag injection (William Arslett) * bug #36031 [Console] Fallback
to default answers when unable to read input (ostrolucky) * bug #36083
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
(wouterj) * bug #36026 [Mime] Fix boundary header (guillbdx) * bug #36020
[Form] ignore microseconds submitted by Edge (xabbuh) * bug #36038 [HttpClient]
disable debug log with curl 7.64.0 (nicolas-grekas) * bug #36041 fix import
from config file using type: glob (Tobion) * bug #35987
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
(fancyweb) * bug #35949 [DI] Fix container lint command when a synthetic
service is used in an expression (HypeMC) * bug #36023 [HttpClient] fix
requests to hosts that idn_to_ascii() cannot handle (nicolas-grekas) * bug
#35938 [Form] Handle false as empty value on expanded choices (fancyweb) * bug
#36030 [SecurityBundle] Minor fix in LDAP config tree builder (HeahDude) * bug
#35993 Remove int return type from FlattenException::getCode (wucdbm) * bug
#36004 [Yaml] fix dumping strings containing CRs (xabbuh) * bug #35982 [DI] Fix
XmlFileLoader bad error message (przemyslaw-bogusz) * bug #35957 [DI] ignore
extra tags added by autoconfiguration in PriorityTaggedServiceTrait (nicolas-
grekas) * bug #35937 Revert "bug symfony#28179 [DomCrawler] Skip disabled
fields processing in Form" (dmaicher) * bug #35928 [Routing] Prevent localized
routes _locale default & requirement from being overridden (fancyweb) * bug
#35912 [FrameworkBundle] register only existing transport factories (xabbuh) *
bug #35899 [DomCrawler] prevent deprecation being triggered from assertion
(xabbuh) * bug #35910 [SecurityBundle] Minor fixes in configuration tree
builder (HeahDude)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 31 2020 Remi Collet - 4.4.7-1
- update to 4.4.7
* Fri Mar 27 2020 Remi Collet - 4.4.6-1
- update to 4.4.6
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-fade6a8df7' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys