ux-autocomplete security release + LiveComponent bugs
·
1469 commits
to 2.x
since this release
v2.11.2
weaverryan
Ryan Weaver
This tag was signed with the committer’s verified signature.
weaverryan
Ryan Weaver
Hi!
This release contains an important security release for symfony/ux-autocomplete: https://symfony.com/blog/cve-2023-41336-symfony-ux-autocomplete-prevent-injection-of-invalid-entity-ids-for-autocomplete-fields
If you are using symfony/ux-autocomplete, you should upgrade immediately:
composer update symfony/ux-autocomplete
Other changes:
LiveComponents
- [bug] Only consider Live components in InterceptChildComponentRenderSubscriber by @sneakyvv in #1097
- [bug] Don't store ux_live_component URLs in setTargetPath of the security component by @gbere in #1096
New Contributors
- @andersmateusz made their first contribution in #1100
- @mariecharles made their first contribution in #1058
- @gbere made their first contribution in #1096
Full Changes: v2.11.1...v2.11.2
Contributors
gbere, sneakyvv, and 2 other contributors