[SECURITY] Fedora 32 Update: php-symfony4-4.4.7-1.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-fade6a8df7 2020-04-09 14:41:13.795324 -------------------------------------------------------------------------------- Name : php-symfony4 Product : Fedora 32 Version : 4.4.7 Release : 1.fc32 URL : https://symfony.com Summary : Symfony PHP framework (version 4) Description : Symfony PHP framework (version 4). NOTE: Does not require PHPUnit bridge. -------------------------------------------------------------------------------- Update Information: **Version 4.4.7** (2020-03-30) * security #cve-2020-5255 [HttpFoundation] Do not set the default Content-Type based on the Accept header (yceruto) * security #cve-2020-5275 [Security] Fix access_control behavior with unanimous decision strategy (chalasr) * bug #36262 [DI] fix generating TypedReference from PriorityTaggedServiceTrait (nicolas-grekas) * bug #36252 [Security/Http] Allow setting cookie security settings for delete_cookies (wouterj) * bug #36261 [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected (nicolas-grekas) * bug #36259 [DomCrawler] Fix BC break in assertions breaking Panther (dunglas) * bug #36181 [BrowserKit] fixed missing post request parameters in file uploads (codebay) * bug #36216 [Validator] Assert Valid with many groups (phucwan91) * bug #36222 [Console] Fix OutputStream for PHP 7.4 (guillbdx) ---- **Version 4.4.6** (2020-03-27) * bug #36169 [HttpKernel] fix locking for PHP 7.4+ (nicolas-grekas) * bug #36175 [Security/Http] Remember me: allow to set the samesite cookie flag (dunglas) * bug #36173 [Http Foundation] Fix clear cookie samesite (guillbdx) * bug #36176 [Security] Check if firewall is stateless before checking for session/previous session (koenreiniers) * bug #36149 [Form] Support customized intl php.ini settings (jorrit) * bug #36172 [Debug] fix for PHP 7.3.16+/7.4.4+ (nicolas- grekas) * bug #36151 [Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE (lyrixx) * bug #36141 Prevent warning in proc_open() (BenMorel) * bug #36143 [FrameworkBundle] Fix Router Cache (guillbdx) * bug #36103 [DI] fix preloading script generation (nicolas-grekas) * bug #36118 [Security/Http] don't require the session to be started when tracking its id (nicolas-grekas) * bug #36108 [DI] Fix CheckTypeDeclarationPass (guillbdx) * bug #36121 [VarDumper] fix side-effect by not using mt_rand() (nicolas-grekas) * bug #36073 [PropertyAccess][DX] Improved errors when reading uninitialized properties (HeahDude) * bug #36063 [FrameworkBundle] start session on flashbag injection (William Arslett) * bug #36031 [Console] Fallback to default answers when unable to read input (ostrolucky) * bug #36083 [DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict) (wouterj) * bug #36026 [Mime] Fix boundary header (guillbdx) * bug #36020 [Form] ignore microseconds submitted by Edge (xabbuh) * bug #36038 [HttpClient] disable debug log with curl 7.64.0 (nicolas-grekas) * bug #36041 fix import from config file using type: glob (Tobion) * bug #35987 [DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type (fancyweb) * bug #35949 [DI] Fix container lint command when a synthetic service is used in an expression (HypeMC) * bug #36023 [HttpClient] fix requests to hosts that idn_to_ascii() cannot handle (nicolas-grekas) * bug #35938 [Form] Handle false as empty value on expanded choices (fancyweb) * bug #36030 [SecurityBundle] Minor fix in LDAP config tree builder (HeahDude) * bug #35993 Remove int return type from FlattenException::getCode (wucdbm) * bug #36004 [Yaml] fix dumping strings containing CRs (xabbuh) * bug #35982 [DI] Fix XmlFileLoader bad error message (przemyslaw-bogusz) * bug #35957 [DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait (nicolas- grekas) * bug #35937 Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form" (dmaicher) * bug #35928 [Routing] Prevent localized routes _locale default & requirement from being overridden (fancyweb) * bug #35912 [FrameworkBundle] register only existing transport factories (xabbuh) * bug #35899 [DomCrawler] prevent deprecation being triggered from assertion (xabbuh) * bug #35910 [SecurityBundle] Minor fixes in configuration tree builder (HeahDude) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2020 Remi Collet <remi(a)remirepo.net&gt; - 4.4.7-1 - update to 4.4.7 * Fri Mar 27 2020 Remi Collet <remi(a)remirepo.net&gt; - 4.4.6-1 - update to 4.4.6 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fade6a8df7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------