Skip to content

v5.0.7

Compare
Choose a tag to compare
@fabpot fabpot released this 30 Mar 15:09
· 22119 commits to 7.1 since this release
v5.0.7
93313a0

Changelog (v5.0.6...v5.0.7)

  • security #cve-2020-5255 [HttpFoundation] Do not set the default Content-Type based on the Accept header (@yceruto)
  • security #cve-2020-5275 [Security] Fix access_control behavior with unanimous decision strategy (@chalasr)
  • bug #36262 [DI] fix generating TypedReference from PriorityTaggedServiceTrait (@nicolas-grekas)
  • bug #36252 [Security/Http] Allow setting cookie security settings for delete_cookies (@wouterj)
  • bug #36261 [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected (@nicolas-grekas)
  • bug #36259 [DomCrawler] Fix BC break in assertions breaking Panther (@dunglas)
  • bug #36181 [BrowserKit] fixed missing post request parameters in file uploads (@codebay)
  • bug #36216 [Validator] Assert Valid with many groups (@phucwan91)
  • bug #36222 [Console] Fix OutputStream for PHP 7.4 (@guillbdx)

[PR] #36269
[SECURITY] Security release