phpc.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A server for PHP programmers & friends. Join us for discussions on the PHP programming language, frameworks, packages, tools, open source, tech, life, and more.

Administered by:

Server stats:

840
active users

Someone has created bogus CVE reports for Symfony (CVE-2024-36611 and CVE-2024-36610).

You might experience warnings from `composer audit` or other tools about these bogus CVEs when using Symfony components <7.1.

These MUST BE IGNORED, the reports are NOT security issues.

We're trying to find out how we can solve this. If someone has experience with this, please let us know!

Wouter de Jong

Fortunately, the biggest advisory databases in PHP have responded quickly and the bogus Symfony security advisories are withdrawn from Packagist, Roave and GitHub.

Hopefully this has mitigated the impact for all projects.

Thanks to everyone involved!