Data

Tools

Indexes

Applications

Experiments

Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / symfony/symfony issues and pull requests

Labelled with: Security

#62057 - [Security] AccessDecision::getMessage() has hardcoded literals that causes translation problem

Issue - State: open - Opened by Arkemlar about 1 month ago - 2 comments
Labels: Security

#62043 - [Security] Allow multiple OIDC discovery endpoints

Pull Request - State: open - Opened by ruudk about 1 month ago - 4 comments
Labels: Security, Feature, Status: Reviewed

#62033 - [Form][Security][Validator] sync nb translations with no translations

Pull Request - State: closed - Opened by xabbuh about 1 month ago
Labels: Form, Validator, Security, Status: Needs Review

#62013 - [Security] use PHPUnit attributes instead of annotations

Pull Request - State: closed - Opened by xabbuh about 1 month ago
Labels: Security, Status: Needs Review

#61824 - [Config][DependencyInjection][HttpFoundation][Security] declare new method parameters explicitly

Pull Request - State: closed - Opened by xabbuh about 2 months ago - 1 comment
Labels: Security, DependencyInjection, HttpFoundation, Config, Status: Needs Review

#61784 - [Security] make test forward compatible

Pull Request - State: closed - Opened by xabbuh 2 months ago
Labels: Security, Status: Needs Review

#61760 - [Security] remove the user FQCN from remember me cookies

Pull Request - State: closed - Opened by xabbuh 2 months ago - 4 comments
Labels: Security, Feature, Status: Reviewed

#61595 - [Security] Pass attributes to nested `ChainUserProvider`s

Pull Request - State: closed - Opened by valtzu 3 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#61548 - [Security] Fix attribute-based chained user providers

Pull Request - State: closed - Opened by valtzu 3 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#61542 - [Security] Allow subclassing `#[IsGranted]`

Pull Request - State: closed - Opened by nicolas-grekas 3 months ago
Labels: Security, Feature, Status: Reviewed

#61513 - [Security] update test to not use the deprecated API

Pull Request - State: closed - Opened by xabbuh 3 months ago - 3 comments
Labels: Security, Status: Needs Review

#61495 - [Security][Validator] Review translations

Pull Request - State: closed - Opened by yurguis 3 months ago - 2 comments
Labels: Validator, Security, Status: Needs Review

#61409 - [Security] Add bool return type to CustomCredentials callable parameter

Pull Request - State: closed - Opened by nicodemuz 3 months ago - 2 comments
Labels: Security, Bug, Status: Reviewed

#61379 - [Security][TwigBridge] Add `access_decision()` and `access_decision_for_user()`

Pull Request - State: closed - Opened by florentdestremau 3 months ago - 7 comments
Labels: Security, Feature, Status: Reviewed, TwigBridge

#61359 - [Security] Add `$methods` support to `#[IsGranted]` to restrict access by HTTP method

Pull Request - State: closed - Opened by santysisi 3 months ago - 3 comments
Labels: Security, Feature, Status: Reviewed

#61235 - Add support for Enums in Voters

Issue - State: closed - Opened by DRaichev 4 months ago - 1 comment
Labels: Security, Feature

#61204 - [Security] Support union type for `#[CurrentUser]` attribute

Pull Request - State: closed - Opened by VincentLanglet 4 months ago - 1 comment
Labels: Security, Feature, Status: Reviewed

#61057 - [Security] Improve performance of `RoleHierarchy::buildRoleMap` method

Pull Request - State: closed - Opened by simonjamain 4 months ago - 2 comments
Labels: Security, Status: Reviewed, Performance

#61057 - [Security] Improve performance of `RoleHierarchy::buildRoleMap` method

Pull Request - State: closed - Opened by simonjamain 4 months ago - 2 comments
Labels: Security, Status: Reviewed, Performance

#61034 - [Security][SecurityBundle] Dump role hierarchy as mermaid chart

Pull Request - State: closed - Opened by damienfern 5 months ago - 3 comments
Labels: Security, Feature, SecurityBundle, Status: Reviewed

#61034 - [Security][SecurityBundle] Dump role hierarchy as mermaid chart

Pull Request - State: open - Opened by damienfern 5 months ago - 2 comments
Labels: Security, Feature, SecurityBundle, Status: Needs Review

#61011 - [Security] Remove deprecated `RememberMeToken::getSecret()` and RememberMeToken's `$secret` property

Pull Request - State: open - Opened by ktherage 5 months ago - 3 comments
Labels: Security, Status: Needs Work, BC Layer removal

#60882 - [Security] Document `FirewallListenerInterface` as a firewall listener type

Pull Request - State: closed - Opened by MatTheCat 5 months ago - 1 comment
Labels: Security, Feature, Status: Reviewed

#60882 - [Security] Document `FirewallListenerInterface` as a firewall listener type

Pull Request - State: closed - Opened by MatTheCat 5 months ago - 1 comment
Labels: Security, Feature, Status: Reviewed

#60879 - [Security] Remove callable firewall listeners support

Pull Request - State: closed - Opened by MatTheCat 5 months ago - 3 comments
Labels: Security, Status: Needs Review

#60785 - [Security] Handle non-callable implementations of `FirewallListenerInterface`

Pull Request - State: closed - Opened by MatTheCat 5 months ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#60785 - [Security] Handle non-callable implementations of `FirewallListenerInterface`

Pull Request - State: closed - Opened by MatTheCat 5 months ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#60744 - [Security] Impossible to configure the storage service for login_throttling

Issue - State: closed - Opened by Nek- 5 months ago - 1 comment
Labels: Security, Feature, Status: Needs Review

#60742 - [Ldap][Security] Remove deprecated `eraseCredentials()` from (User|Token)Interface

Pull Request - State: open - Opened by chalasr 5 months ago
Labels: Security, Status: Reviewed, Ldap

#60742 - [Ldap][Security] Remove deprecated `eraseCredentials()` from (User|Token)Interface

Pull Request - State: closed - Opened by chalasr 5 months ago - 1 comment
Labels: Security, Status: Reviewed, Ldap

#60737 - [Security] remove no longer needed conflict rule on symfony/event-dispatcher

Pull Request - State: closed - Opened by xabbuh 6 months ago - 1 comment
Labels: Security, Status: Reviewed

#60714 - [Security] conflict with event-subscriber v8

Pull Request - State: closed - Opened by nicolas-grekas 6 months ago
Labels: Security, Status: Needs Review

#60688 - [Security] Keep roles when serializing tokens

Pull Request - State: closed - Opened by nicolas-grekas 6 months ago
Labels: Security, Bug, Status: Needs Review

#60660 - [Security] Add security:oidc-token:generate command

Pull Request - State: closed - Opened by Jean-Beru 6 months ago - 6 comments
Labels: Security, Feature, Status: Reviewed

#60660 - [Security] Add security:oidc-token:generate command

Pull Request - State: closed - Opened by Jean-Beru 6 months ago - 6 comments
Labels: Security, Feature, Status: Reviewed

#60656 - [Security] roles on token are ignored since 7.3

Issue - State: closed - Opened by dmaicher 6 months ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#60614 - [Security] Deprecate callable firewall listeners

Pull Request - State: closed - Opened by MatTheCat 6 months ago - 5 comments
Labels: Security, Status: Reviewed, Deprecation

#60614 - [Security] Deprecate callable firewall listeners

Pull Request - State: closed - Opened by MatTheCat 6 months ago - 5 comments
Labels: Security, Status: Reviewed, Deprecation

#60538 - [Security] Add ability for authenticators to explain why they didn’t support a request

Pull Request - State: open - Opened by MatTheCat 6 months ago - 10 comments
Labels: Security, Feature, Status: Needs Review

#60410 - [Security] Make data provider static

Pull Request - State: closed - Opened by alexandre-daubois 6 months ago - 1 comment
Labels: Security, Status: Needs Review

#60398 - [Security] Passing more than one Security attribute is not supported

Issue - State: closed - Opened by andreybolonin 6 months ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#60379 - [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie

Pull Request - State: closed - Opened by Seldaek 7 months ago - 3 comments
Labels: Security, Bug, Status: Reviewed

#60302 - [Security] Allow enums in `SignatureHasher::computeSignatureHash()`

Pull Request - State: open - Opened by BenMorel 7 months ago - 4 comments
Labels: Security, Feature, Status: Needs Review

#60266 - [Security] Exclude remember_me from default login authenticators

Pull Request - State: closed - Opened by santysisi 7 months ago - 10 comments
Labels: Security, Feature, Status: Reviewed

#60266 - [Security] Exclude remember_me from default login authenticators

Pull Request - State: closed - Opened by santysisi 7 months ago - 10 comments
Labels: Security, Feature, Status: Reviewed

#60245 - [Security] Add callable type to CustomCredentials

Pull Request - State: closed - Opened by BenMorel 7 months ago - 1 comment
Labels: Security, Status: Needs Review

#60245 - [Security] Add callable type to CustomCredentials

Pull Request - State: closed - Opened by BenMorel 7 months ago - 1 comment
Labels: Security, Status: Needs Review

#60221 - [Security] default `authenticatorName` for programmatic login

Issue - State: closed - Opened by kbond 7 months ago - 4 comments
Labels: Security, DX

#60166 - [Security] fix(security): fix OIDC user identifier

Pull Request - State: closed - Opened by vincentchalamon 8 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#60166 - [Security] fix(security): fix OIDC user identifier

Pull Request - State: closed - Opened by vincentchalamon 8 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#60162 - [Security] clarify what the tested code is expected to do

Pull Request - State: closed - Opened by xabbuh 8 months ago - 1 comment
Labels: Security, Status: Needs Review

#60162 - [Security] clarify what the tested code is expected to do

Pull Request - State: closed - Opened by xabbuh 8 months ago - 1 comment
Labels: Security, Status: Needs Review

#60085 - [Security] improve VoteObject adding extraData for give more possibilities to AccessDecicsionStrategy

Pull Request - State: open - Opened by eltharin 8 months ago
Labels: Security, Feature, Status: Needs Review

#60085 - [Security] improve VoteObject adding extraData for give more possibilities to AccessDecicsionStrategy

Pull Request - State: closed - Opened by eltharin 8 months ago - 3 comments
Labels: Security, Feature, Status: Reviewed

#60007 - [Security] Add methods param in IsCsrfTokenValid attribute

Pull Request - State: closed - Opened by Oviglo 8 months ago - 9 comments
Labels: Security, Feature, Status: Reviewed

#59982 - [Security] Fix typos in OIDC methods

Pull Request - State: closed - Opened by valtzu 8 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#59982 - [Security] Fix typos in OIDC methods

Pull Request - State: closed - Opened by valtzu 8 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#59853 - Full authentication required on /api/login_check after Symfony 6.4.18 upgrade

Issue - State: closed - Opened by maximgubar 9 months ago - 6 comments
Labels: Security, Bug, Status: Needs Review, Status: Waiting feedback

#59816 - Lazy firewall on public routes with remember me causes undue CSRF clearing

Issue - State: open - Opened by apollisa 9 months ago
Labels: Security, Bug, Status: Needs Review

#59805 - [Security] Improve DX of recent additions

Pull Request - State: closed - Opened by nicolas-grekas 9 months ago - 5 comments
Labels: Security, Status: Reviewed

#59805 - [Security] Improve DX of recent additions

Pull Request - State: closed - Opened by nicolas-grekas 9 months ago - 5 comments
Labels: Security, Status: Reviewed

#59793 - [Security] Merge `UserAuthorizationCheckerInterface` into `AuthorizationCheckerInterface`

Pull Request - State: closed - Opened by nicolas-grekas 9 months ago - 1 comment
Labels: Security, Feature, Status: Needs Review

#59793 - [Security] Merge `UserAuthorizationCheckerInterface` into `AuthorizationCheckerInterface`

Pull Request - State: open - Opened by nicolas-grekas 9 months ago
Labels: Security, Feature, Status: Needs Review

#59771 - [Security] Add ability for voters to explain their vote

Pull Request - State: closed - Opened by nicolas-grekas 9 months ago - 4 comments
Labels: Security, Status: Reviewed

#59682 - [Security] Deprecate UserInterface & TokenInterface's `eraseCredentials()`

Pull Request - State: closed - Opened by nicolas-grekas 10 months ago - 2 comments
Labels: Security, Feature, Status: Reviewed, Deprecation

#59682 - [Security] Deprecate UserInterface & TokenInterface's `eraseCredentials()`

Pull Request - State: closed - Opened by nicolas-grekas 10 months ago - 2 comments
Labels: Security, Feature, Status: Reviewed, Deprecation

#59640 - [Security] Return null instead of empty username to fix deprecation notice

Pull Request - State: closed - Opened by phasdev 10 months ago - 2 comments
Labels: Security, Bug, Status: Reviewed

#59640 - [Security] Return null instead of empty username to fix deprecation notice

Pull Request - State: closed - Opened by phasdev 10 months ago - 2 comments
Labels: Security, Bug, Status: Reviewed

#59637 - [Security Bundle] Logging in programmatically broken after upgrade to 7.2

Issue - State: closed - Opened by Lorenzschaef 10 months ago - 2 comments
Labels: Security, Bug, Status: Needs Review, Status: Waiting feedback

#59590 - [Security] Throw an explicit error when refreshing a token with a null user

Pull Request - State: closed - Opened by alexandre-daubois 10 months ago - 3 comments
Labels: Security, Bug, Status: Reviewed

#59590 - [Security] Throw an explicit error when refreshing a token with a null user

Pull Request - State: closed - Opened by alexandre-daubois 10 months ago - 3 comments
Labels: Security, Bug, Status: Reviewed

#59586 - [Security] Return null instead of empty username to fix deprecation notice

Pull Request - State: open - Opened by phasdev 10 months ago - 4 comments
Labels: Security, Bug, Status: Needs Review

#59586 - [Security] Return null instead of empty username to fix deprecation notice

Pull Request - State: closed - Opened by phasdev 10 months ago - 5 comments
Labels: Security, Bug, Status: Needs Review

#59585 - [Security] Fixed the Hebrew translation in the security.he file

Pull Request - State: closed - Opened by Gil-Had 10 months ago - 2 comments
Labels: Security, Bug, Status: Reviewed, Missing translations

#59585 - [Security] Fixed the Hebrew translation in the security.he file

Pull Request - State: closed - Opened by Gil-Had 10 months ago - 2 comments
Labels: Security, Bug, Status: Reviewed, Missing translations

#59573 - [Security] Continuation : Add messages on votes

Pull Request - State: open - Opened by eltharin 10 months ago
Labels: Security, Feature, Status: Needs Review

#59573 - [Security] Continuation : Add messages on votes

Pull Request - State: closed - Opened by eltharin 10 months ago - 3 comments
Labels: Security, Feature, Status: Needs Review

#59571 - Stateless CSFR not working with mixed forms in app - some within turbo frames and some outside turbo frames

Issue - State: closed - Opened by zalesak 10 months ago - 4 comments
Labels: Form, Security, Bug, Status: Needs Review

#59562 - [Security] Support hashing the hashed password using crc32c when putting the user in the session

Pull Request - State: open - Opened by nicolas-grekas 10 months ago - 2 comments
Labels: Security, Feature, Status: Reviewed

#59562 - [Security] Support hashing the hashed password using crc32c when putting the user in the session

Pull Request - State: closed - Opened by nicolas-grekas 10 months ago - 3 comments
Labels: Security, Feature, Status: Reviewed

#59560 - [Security] Avoid refreshing user when `TokenInterface::getUser()` returns null

Pull Request - State: closed - Opened by alexandre-daubois 10 months ago - 13 comments
Labels: Security, Bug, Status: Needs Review

#59560 - [Security] Avoid refreshing user when `TokenInterface::getUser()` returns null

Pull Request - State: closed - Opened by alexandre-daubois 10 months ago - 8 comments
Labels: Security, Bug, Status: Needs Review

#59559 - [Security-Http] ContextListener.refreshUser does not handle null users

Issue - State: closed - Opened by jorrit 10 months ago - 5 comments
Labels: Security, Bug, Status: Needs Review

#59558 - [Security] Unset token roles when serializing it and user implements EquatableInterface

Pull Request - State: open - Opened by nicolas-grekas 10 months ago - 2 comments
Labels: Security, Status: Reviewed

#59539 - [Security] Don't invalidate the user when the password was not stored in the session

Pull Request - State: open - Opened by nicolas-grekas 10 months ago - 5 comments
Labels: Security, Status: Reviewed

#59520 - [Security] [Validators] Review Slovenian translations.

Pull Request - State: closed - Opened by zanvd 10 months ago - 2 comments
Labels: Security, Status: Reviewed

#59347 - [Security] Fix triggering session tracking from ContextListener

Pull Request - State: closed - Opened by nicolas-grekas 11 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#59347 - [Security] Fix triggering session tracking from ContextListener

Pull Request - State: closed - Opened by nicolas-grekas 11 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#59343 - [Security] Adjust parameter order in exception message

Pull Request - State: closed - Opened by Link1515 11 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#59343 - [Security] Adjust parameter order in exception message

Pull Request - State: closed - Opened by Link1515 11 months ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#59277 - [Security] Sync Security\ExpressionLanguage constructor with parent

Pull Request - State: open - Opened by kor3k 11 months ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#59232 - [Security] Hiding userFqcn in RememberMe cookie

Pull Request - State: open - Opened by thereisnobugs 11 months ago - 12 comments
Labels: Security, Status: Needs Review

#59232 - [Security] Hiding userFqcn in RememberMe cookie

Pull Request - State: closed - Opened by thereisnobugs 11 months ago - 13 comments
Labels: Security, Status: Needs Review

#59214 - [Security][SecurityBundle] rename userIsGranted() to isGrantedForUser()

Pull Request - State: closed - Opened by xabbuh 11 months ago - 1 comment
Labels: Security, SecurityBundle, Status: Reviewed

#59214 - [Security][SecurityBundle] rename userIsGranted() to isGrantedForUser()

Pull Request - State: closed - Opened by xabbuh 11 months ago - 1 comment
Labels: Security, SecurityBundle, Status: Reviewed

#59150 - [Security] Allow using a callable with `#[IsGranted]`

Pull Request - State: open - Opened by alexandre-daubois 11 months ago - 7 comments
Labels: Security, Feature, DX, Status: Reviewed

#59146 - [Security] Use the session only if it is started when using `SameOriginCsrfTokenManager`

Pull Request - State: closed - Opened by Crovitche-1623 11 months ago - 5 comments
Labels: Security, Bug, Status: Reviewed

#59106 - [Security] Deprecate `UserInterface` & `TokenInterface`'s `eraseCredentials()`

Pull Request - State: closed - Opened by chalasr 12 months ago - 23 comments
Labels: Security, Status: Reviewed, Deprecation