fabpot
Repos
70
Followers
12580

The Symfony PHP framework

27475
8589

Twig, the flexible, fast, and secure template language for PHP

7613
1127

Split a repository to read-only standalone repositories

1412
65

The Symfony CLI tool

353
53

Events

pull request opened
Add missing CVE
Created at 18 hours ago
fabpot create branch twig-cve
Created at 18 hours ago
issue comment
[Mime] deprecate attach/embed methods in favor of Email::addPart()

I would at least keep the removal of using these methods internally and I would advocate for adding the addPart() method to replace the attachPart one.

Created at 22 hours ago
issue comment
Wrong version constraint for security release?

Typo fixed there.

Created at 22 hours ago
closed issue
Wrong version constraint for security release?

https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader states that

The issue has been fixed in Twig 1.44.7, 2.15.3 and 3.4.3.

~But the version constraint doesn't reflect it~ (I read the constraint wrong, it actually does reflect it):

Twig >1.0.0,<1.44.7 || >2.0.0,<2.15.3 || >3.0.0,<3.4.3 are affected by this security issue.

~which means~ but https://github.com/enlightn/security-checker detects 2.15.3 as an insecure version. This is also reflected on https://packagist.org/packages/twig/twig: image

Created at 22 hours ago
pull request opened
Add Twig sec issue
Created at 23 hours ago
fabpot create branch twig-sec
Created at 23 hours ago

Bump version

Created at 23 hours ago

Bump version

Created at 23 hours ago
create tag
fabpot create tag v3.4.3
Created at 23 hours ago

Update CHANGELOG

Prepare the 2.15.3 release

Merge branch '2.x' into 3.x

  • 2.x: Prepare the 2.15.3 release Update CHANGELOG

Prepare the 3.4.3 release

Created at 23 hours ago
create tag
fabpot create tag v2.15.3
Created at 23 hours ago

Update CHANGELOG

Prepare the 2.15.3 release

Created at 23 hours ago
create tag
fabpot create tag v1.44.7
Created at 23 hours ago

Prepare the 1.44.7 release

Created at 23 hours ago

Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

security #cve- Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) (fabpot)

This PR was merged into the 1.x branch.

Merge branch '1.x' into 2.x

  • 1.x: Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

Merge branch '2.x' into 3.x

  • 2.x: Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
Created at 23 hours ago

Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

security #cve- Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) (fabpot)

This PR was merged into the 1.x branch.

Merge branch '1.x' into 2.x

  • 1.x: Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
Created at 23 hours ago
delete branch
fabpot delete branch twig-security-fix
Created at 23 hours ago
pull request closed
Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
Created at 23 hours ago

Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

security #cve- Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) (fabpot)

This PR was merged into the 1.x branch.

Created at 23 hours ago
pull request opened
Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
Created at 23 hours ago
create branch
fabpot create branch twig-security-fix
Created at 23 hours ago
issue comment
[Mime] deprecate attach/embed methods in favor of Email::addPart()

As mentioned in the related PR, I'm not sure this is worth it either. That's just a proposal. The current names are slightly wrong; that's why it might make sense to deprecate them. But again, not 100% convinced.

Created at 23 hours ago
pull request opened
[Mime] deprecate attach/embed methods in favor of Email::addPart()

| Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | n/a | License | MIT | Doc PR | -

#47462 follow-up

Created at 1 day ago