Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
phpc.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A server for PHP programmers & friends. Join us for discussions on the PHP programming language, frameworks, packages, tools, open source, tech, life, and more.

Administered by:

Server stats:

837
active users

phpc.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Public *
Wouter de Jong

Someone has created bogus CVE reports for Symfony (CVE-2024-36611 and CVE-2024-36610).

You might experience warnings from `composer audit` or other tools about these bogus CVEs when using Symfony components <7.1.

These MUST BE IGNORED, the reports are NOT security issues.

We're trying to find out how we can solve this. If someone has experience with this, please let us know!

#symfony
Public
Ruth Cheesley (she/her)

@wouterj Mautic became a CNA for this reason, there's a bit of training involved and processes to follow but it's minimal really, and perfectly manageable if you've got an existing security team.

Wouter de Jong

@rcheesley thank you for the suggestion! We've started investigating this path today.

Aside: I'm a bit sad that OSS projects have to go through lengths like this to protect their users.

Dec 04, 2024, 10:41 AM·Public
0boosts·1favorite
Public
Ruth Cheesley (she/her)

@wouterj yeah indeed, happy to chat if it's any help, we signed up a few years back now.

SearchLive feeds
About