eZ Platform Discussions

Symfony security advisories


Symfony has published two security advisories which also affects the version eZ Platform runs on. Keep that in mind, in case you spot (new) unexpected problems. Do report them on Slack or our forum here, or even better on jira.ez.no when you are able to pin point the problem to these patches. See http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers and http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache.