Data

Tools

Indexes

Applications

Experiments

Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / symfony/symfony issues and pull requests

Labelled with: Security

#54202 - Add getReachingRoleNames to RoleHierarchyInterface

Issue - State: closed - Opened by philepsybo over 1 year ago - 2 comments
Labels: Security, Feature

#54192 - RememberMe refresh can leave oudated token which leads to broken functionality

Issue - State: closed - Opened by heiglandreas over 1 year ago - 10 comments
Labels: Security, Bug, Status: Waiting feedback, Stalled

#54086 - [Security][Tests] Update functional tests to better reflect end-user scenarios

Pull Request - State: closed - Opened by llupa over 1 year ago - 1 comment
Labels: Security, Status: Reviewed

#54086 - [Security][Tests] Update functional tests to better reflect end-user scenarios

Pull Request - State: closed - Opened by llupa over 1 year ago - 1 comment
Labels: Security, Status: Reviewed

#54059 - [Security] Validate that CSRF token in form login is string similar to username/password

Pull Request - State: closed - Opened by glaubinix over 1 year ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#54059 - [Security] Validate that CSRF token in form login is string similar to username/password

Pull Request - State: closed - Opened by glaubinix over 1 year ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#54045 - [Config][Messenger][Security] Don't turn deprecations into exceptions when unserializing

Pull Request - State: closed - Opened by nicolas-grekas almost 2 years ago
Labels: Security, Bug, Config, Status: Reviewed, Messenger

#54045 - [Config][Messenger][Security] Don't turn deprecations into exceptions when unserializing

Pull Request - State: closed - Opened by nicolas-grekas almost 2 years ago
Labels: Security, Bug, Config, Status: Reviewed, Messenger

#54026 - "No User Loader Configured" error with rate limiter in multi-firewall setup

Issue - State: closed - Opened by oto-emo almost 2 years ago - 3 comments
Labels: Security, Bug, Status: Needs Review, Status: Waiting feedback, RateLimiter

#53998 - [Security] Add retrieval of encompassing role names

Pull Request - State: open - Opened by PierreCapel almost 2 years ago - 1 comment
Labels: Security, Feature, Status: Reviewed

#53956 - [Security] `form_only` also watches `multipart/form-data`

Issue - State: closed - Opened by ThomasLandauer almost 2 years ago - 3 comments
Labels: Security, Bug, Status: Needs Review, Stalled

#53875 - [Security] Fix impersonation exit route not used

Pull Request - State: closed - Opened by sakul95 almost 2 years ago - 7 comments
Labels: Security, Bug, Status: Needs Review

#53871 - [Security] Update CAS 2.0 AccessTokenHandler changelog version

Pull Request - State: closed - Opened by alamirault almost 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#53871 - [Security] Update CAS 2.0 AccessTokenHandler changelog version

Pull Request - State: closed - Opened by alamirault almost 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#53851 - [Security] Ignore empty username or password login attempts

Pull Request - State: closed - Opened by llupa almost 2 years ago - 27 comments
Labels: Security, Feature, Status: Reviewed

#53851 - [Security] Ignore empty username or password login attempts

Pull Request - State: closed - Opened by llupa almost 2 years ago - 11 comments
Labels: Security, Feature, Status: Reviewed

#53739 - [Security]  fix tests

Pull Request - State: closed - Opened by xabbuh almost 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#53739 - [Security]  fix tests

Pull Request - State: closed - Opened by xabbuh almost 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#53738 - [Security] fix tests

Pull Request - State: closed - Opened by xabbuh almost 2 years ago
Labels: Security, Status: Needs Review

#53738 - [Security] fix tests

Pull Request - State: closed - Opened by xabbuh almost 2 years ago
Labels: Security, Status: Needs Review

#53682 - [Security] Support RSA algorithm signature for OIDC tokens

Pull Request - State: closed - Opened by louismariegaborit almost 2 years ago - 18 comments
Labels: Security, Feature, Status: Reviewed, :snowflake: Feature Freeze

#53682 - [Security] Support RSA algorithm signature for OIDC tokens

Pull Request - State: closed - Opened by louismariegaborit almost 2 years ago - 18 comments
Labels: Security, Feature, Status: Reviewed, :snowflake: Feature Freeze

#53679 - [Security] SwitchUser: add dynamic redirection path over config redirection

Pull Request - State: closed - Opened by 94noni almost 2 years ago - 7 comments
Labels: Security, Feature, Status: Needs Review

#53679 - [Security] SwitchUser: add dynamic redirection path over config redirection

Pull Request - State: closed - Opened by 94noni almost 2 years ago - 5 comments
Labels: Security, Feature, Status: Needs Review

#53617 - Impersonation events

Issue - State: closed - Opened by DavidPetrasek almost 2 years ago - 5 comments
Labels: Security, Feature

#53587 - [Security] fix tests

Pull Request - State: closed - Opened by xabbuh almost 2 years ago
Labels: Security, Status: Needs Review

#53587 - [Security] fix tests

Pull Request - State: closed - Opened by xabbuh almost 2 years ago
Labels: Security, Status: Needs Review

#53555 - Skip cacheable voters in AccessDecisionManager::getVoters

Issue - State: closed - Opened by oadam almost 2 years ago - 5 comments
Labels: Security, Feature, Stalled

#53510 - Use security voter with a #[MapRequestPayload] controller argument

Issue - State: closed - Opened by tsantos84 almost 2 years ago - 8 comments
Labels: Security, Bug, HttpKernel, Status: Needs Review, Stalled

#53509 - [Security] Fix `AuthenticationUtils::getLastUsername()` returning null

Pull Request - State: closed - Opened by alexandre-daubois almost 2 years ago - 2 comments
Labels: Security, Bug, Status: Reviewed

#53509 - [Security] Fix `AuthenticationUtils::getLastUsername()` returning null

Pull Request - State: closed - Opened by alexandre-daubois almost 2 years ago - 2 comments
Labels: Security, Bug, Status: Reviewed

#53503 - AuthenticationUtils::getLastUsername(): Return value must be of type string, null returned

Issue - State: closed - Opened by r3dge almost 2 years ago - 3 comments
Labels: Security, Bug, Status: Needs Review

#53502 - [Security] do not mock the RequestStack class

Pull Request - State: closed - Opened by xabbuh almost 2 years ago
Labels: Security, Status: Needs Review

#53502 - [Security] do not mock the RequestStack class

Pull Request - State: closed - Opened by xabbuh almost 2 years ago
Labels: Security, Status: Needs Review

#53491 - `JWKSet` support for `OIDCTokenHandler`

Issue - State: closed - Opened by adzfaulkner almost 2 years ago - 7 comments
Labels: Security, Feature

#53427 - [Form][Security][Validator] prevent incompatible Translator implementations to be used

Pull Request - State: closed - Opened by xabbuh almost 2 years ago - 1 comment
Labels: Form, Validator, Security, Bug, Status: Needs Review

#53427 - [Form][Security][Validator] prevent incompatible Translator implementations to be used

Pull Request - State: closed - Opened by xabbuh almost 2 years ago - 1 comment
Labels: Form, Validator, Security, Bug, Status: Needs Review

#53404 - [Form][Security][Validator] Normalize translation files

Pull Request - State: closed - Opened by nicolas-grekas almost 2 years ago - 8 comments
Labels: Form, Validator, Security, Status: Reviewed

#53404 - [Form][Security][Validator] Normalize translation files

Pull Request - State: closed - Opened by nicolas-grekas almost 2 years ago - 7 comments
Labels: Form, Validator, Security, Status: Reviewed

#53338 - [Security] Added missing Albanian translations

Pull Request - State: closed - Opened by thunderer almost 2 years ago - 1 comment
Labels: Security, Status: Needs Review

#53338 - [Security] Added missing Albanian translations

Pull Request - State: closed - Opened by thunderer almost 2 years ago - 1 comment
Labels: Security, Status: Needs Review

#53201 - [Security] Reduce log level in case of UserNotFoundException in ContextListener

Pull Request - State: closed - Opened by VincentLanglet almost 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#53186 - [Security] Prevent timing attacks on authentication

Issue - State: closed - Opened by raziel057 almost 2 years ago - 7 comments
Labels: Security, RFC

#52961 - [Security][SecurityBundle] Add `#[IsCsrfTokenValid]` attribute

Pull Request - State: closed - Opened by yguedidi almost 2 years ago - 10 comments
Labels: Security, SecurityBundle, Status: Reviewed, Hack Day

#52947 - What about an `IsCsrfTokenValid` attribute?

Issue - State: closed - Opened by yguedidi almost 2 years ago - 2 comments
Labels: Security, Feature

#52908 - [Security] InMemoryUserProvider configuration missing "enabled" parameter

Issue - State: closed - Opened by klkvsk almost 2 years ago - 5 comments
Labels: Security, Feature, Status: Needs Review, Stalled

#52833 - [Security][SecurityBundle] Add `LogoutUrlGeneratorInterface` and autowiring alias

Pull Request - State: closed - Opened by GromNaN almost 2 years ago - 4 comments
Labels: Security, Feature, SecurityBundle, Status: Reviewed

#52772 - Allow impersonation to take a path

Issue - State: closed - Opened by tacman almost 2 years ago - 6 comments
Labels: Security, Feature, Stalled

#52747 - [Security] Document BC break with $secret parameter introduction

Pull Request - State: closed - Opened by wouterj almost 2 years ago - 3 comments
Labels: Security, Status: Reviewed

#52724 - [Security] make secret required for DefaultLoginRateLimiter

Pull Request - State: closed - Opened by RobertMe about 2 years ago - 1 comment
Labels: Security, Bug, Status: Needs Review, Deprecation

#52661 - [Security] remove conflict with symfony/security-guard

Pull Request - State: closed - Opened by alamirault about 2 years ago - 3 comments
Labels: Security, Status: Reviewed

#52625 - [Security] set configured claim as userIdentifier on OidcUser using OidcUserInfoTokenHandler

Pull Request - State: open - Opened by smatyas about 2 years ago
Labels: Security, Bug, Status: Needs Review

#52625 - [Security] set configured claim as userIdentifier on OidcUser using OidcUserInfoTokenHandler

Pull Request - State: closed - Opened by smatyas about 2 years ago - 2 comments
Labels: Security, Bug, Status: Needs Review

#52412 - [Security] Facilitate the management of user sessions

Pull Request - State: open - Opened by Spomky about 2 years ago - 3 comments
Labels: Security, Feature, Status: Needs Review

#52412 - [Security] Facilitate the management of user sessions

Pull Request - State: closed - Opened by Spomky about 2 years ago - 4 comments
Labels: Security, Feature, Status: Needs Review

#52242 - [Security][Validator] Missing translations for Luxembourgish

Pull Request - State: closed - Opened by crownbackend about 2 years ago - 2 comments
Labels: Validator, Security, Bug, Status: Needs Review, Missing translations

#52181 - [Security] Ability to add roles in `form_login_ldap` by ldap group

Pull Request - State: closed - Opened by Spomky about 2 years ago - 4 comments
Labels: Security, Feature, Status: Reviewed

#52181 - [Security] Ability to add roles in `form_login_ldap` by ldap group

Pull Request - State: open - Opened by Spomky about 2 years ago - 3 comments
Labels: Security, Feature, Status: Reviewed

#52099 - [Security] Handle placeholders in role hierarchy

Pull Request - State: open - Opened by squrious about 2 years ago - 16 comments
Labels: Security, Feature, Status: Needs Review

#52082 - [Security] Update `InteractiveAuthenticatorInterface` description

Pull Request - State: closed - Opened by alamirault about 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#52082 - [Security] Update `InteractiveAuthenticatorInterface` description

Pull Request - State: closed - Opened by alamirault about 2 years ago - 1 comment
Labels: Security, Status: Reviewed

#51986 - [Security] Do not match request twice in `HttpUtils`

Pull Request - State: closed - Opened by Toflar about 2 years ago - 1 comment
Labels: Security, Bug, Status: Reviewed, Performance

#51974 - [Console][EventDispatcher][Security][Serializer][Workflow] Add PHPDoc to attribute classes and properties

Pull Request - State: closed - Opened by alexandre-daubois about 2 years ago - 5 comments
Labels: Security, Serializer, Feature, Console, EventDispatcher, Status: Reviewed, Workflow

#51909 - [Security] Add FirewallMap::getNamedFirewallConfig()

Pull Request - State: closed - Opened by ro0NL about 2 years ago - 1 comment
Labels: Security, Feature, Status: Needs Review

#51906 - [Security] Provide user providers as a map

Issue - State: closed - Opened by ro0NL about 2 years ago - 1 comment
Labels: Security, Feature

#51858 - [Security] Fix resetting traceable listeners

Pull Request - State: closed - Opened by chalasr about 2 years ago - 2 comments
Labels: Security, Bug, Status: Needs Review

#51813 - [Security] Deprecated ROLE_PREVIOUS_ADMIN

Pull Request - State: closed - Opened by mfadul24 about 2 years ago - 3 comments
Labels: Security, Bug, Status: Needs Review, Deprecation

#51804 - [Security] Make `impersonation_path()` argument mandatory and add `impersonation_url()`

Pull Request - State: closed - Opened by alexandre-daubois about 2 years ago - 4 comments
Labels: Security, Bug, Status: Reviewed

#51744 - [Security] Add a normalization step for the user-identifier in firewalls

Pull Request - State: open - Opened by Spomky about 2 years ago - 8 comments
Labels: Security, Bug, Feature, Status: Reviewed

#51724 - [Security] Add CSRF migration strategy

Pull Request - State: closed - Opened by Spomky about 2 years ago - 2 comments
Labels: Security, Feature, Status: Needs Review

#51711 - Update InteractiveAuthenticatorInterface description wording to match documentation

Pull Request - State: closed - Opened by bobvandevijver about 2 years ago - 1 comment
Labels: Security

#51665 - [Security] OidcTokenHandler support JWKSet

Pull Request - State: closed - Opened by louismariegaborit about 2 years ago - 10 comments
Labels: Security, Feature, Status: Needs Review

#51635 - [Security] Fixing deprecation message

Pull Request - State: closed - Opened by weaverryan about 2 years ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#51627 - [Security] Fix security tests

Pull Request - State: closed - Opened by vtsykun about 2 years ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#51612 - [Security] Fix for TraceableAuthenticator debug when no Auth

Pull Request - State: closed - Opened by PhilETaylor about 2 years ago - 3 comments
Labels: Security, Bug, Status: Reviewed

#51585 - [Security] Add badge resolution to profiler

Pull Request - State: closed - Opened by Jean-Beru about 2 years ago - 5 comments
Labels: Security, Feature, DX, Status: Reviewed

#51572 - [Security] Update Passport.php

Pull Request - State: closed - Opened by JFO-SNPS about 2 years ago - 5 comments
Labels: Security, Bug, Status: Needs Review

#51551 - [Security] Add changelog note about calling the constructor of `DefaultLoginRateLimiter` with an empty secret

Pull Request - State: closed - Opened by alexandre-daubois about 2 years ago - 2 comments
Labels: Security, Status: Reviewed, Deprecation

#51550 - [Security] Calling the constructor of `DefaultLoginRateLimiter` with an empty secret throws an `InvalidArgumentException`

Pull Request - State: closed - Opened by alexandre-daubois about 2 years ago - 1 comment
Labels: Security, Status: Needs Review

#51547 - [SecurityHttp] safelyUnserialize method seems to conflict with Proxy relations

Issue - State: closed - Opened by VincentLanglet about 2 years ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#51534 - [DoctrineBridge][Security] Rename `loadUserByUsername` tests to `loadUserByIdentifier`

Pull Request - State: closed - Opened by alamirault about 2 years ago - 1 comment
Labels: Security, Status: Reviewed, DoctrineBridge

#51521 - [Security] Private Access Token support

Issue - State: closed - Opened by Spomky about 2 years ago - 2 comments
Labels: Security, Feature, Stalled

#51499 - [Security] Remove `isAuthenticated` and `setAuthenticated` token methods in tests

Pull Request - State: open - Opened by alamirault about 2 years ago
Labels: Security, Status: Reviewed

#51490 - [Security] Support for OIDC token handler with discovery endpoint

Issue - State: closed - Opened by guillaumesmo about 2 years ago - 2 comments
Labels: Security, Feature

#51447 - [Security] Do not call `UserBadge->setUserLoader(UserProvider...)` when the loader is already provided by `AccessTokenHandler` implementation

Pull Request - State: closed - Opened by kaznovac over 2 years ago - 3 comments
Labels: Security, Bug, Status: Needs Review

#51446 - [Security] `UserBadge->userLoader` always overwritten by `AccessTokenAuthenticator->userProvider` when later is set regardless of former

Issue - State: closed - Opened by kaznovac over 2 years ago - 2 comments
Labels: Security, Bug, Status: Needs Review

#51445 - [Security] FormLoginAuthenticator: fail for non-string password

Pull Request - State: closed - Opened by dmaicher over 2 years ago - 1 comment
Labels: Security, Bug, Status: Reviewed

#51441 - [Security] FormLoginAuthenticator fails when password is an array

Issue - State: closed - Opened by dmaicher over 2 years ago - 1 comment
Labels: Security, Bug, Status: Needs Review

#51434 - [Security] [Throttling] Hide username and client ip in logs

Pull Request - State: closed - Opened by Spomky over 2 years ago - 1 comment
Labels: Security, Bug, Feature, Status: Reviewed

#51382 - [Security] AbstractLoginFormAuthenticator supports function makes no sense with HttpUtils ?

Issue - State: open - Opened by Hanmac over 2 years ago - 10 comments
Labels: Security, Bug, Status: Needs Review

#51364 - Extend CustomCredentials and similar with custom messages

Issue - State: closed - Opened by Hanmac over 2 years ago - 6 comments
Labels: Security, Feature, Stalled

#51350 - [Security] Prevent creating session in stateless firewalls

Pull Request - State: closed - Opened by Seb33300 over 2 years ago - 6 comments
Labels: Security, Bug, Status: Reviewed

#51319 - Session created by default handlers on stateless firewalls

Issue - State: closed - Opened by Seb33300 over 2 years ago
Labels: Security, Bug, Status: Needs Review

#51313 - Avoid redirects from onAuthenticationSuccess to /logout

Issue - State: closed - Opened by SiestaCat over 2 years ago - 5 comments
Labels: Security, Stalled

#51225 - [Security] Ability to add roles in `form_login_ldap` by ldap group

Issue - State: closed - Opened by RTUnreal over 2 years ago - 2 comments
Labels: Security, Feature

#51104 - [Security] Fix loading user from UserBadge

Pull Request - State: closed - Opened by guillaumesmo over 2 years ago - 7 comments
Labels: Security, Bug, Status: Reviewed

#50964 - [Security] Using IsGranted in combination with MapRequestPayload passes incorrect subject to voter

Issue - State: closed - Opened by DjordyKoert over 2 years ago - 6 comments
Labels: Security, Feature, Status: Needs Review, Stalled

#50927 - [Security] access_control bypassed when url does not matches any firewall pattern

Issue - State: closed - Opened by alcalyn over 2 years ago - 3 comments
Labels: Security, Bug, Status: Needs Review, Stalled

#50920 - [Security] Automatically create logout route if it does not exists

Issue - State: closed - Opened by wouterj over 2 years ago - 2 comments
Labels: Security, Feature

#50901 - Security->login() creates two sessions, cannot access it

Issue - State: closed - Opened by nevez over 2 years ago - 3 comments
Labels: Security, Bug, Status: Waiting feedback