Symfony Remote Code Access Vulnerabilities
* Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7
* Symfony 2.3.x after 2.3.35, 2.6.x after 2.6.12, and 2.7.x after 2.7.7
Several potential remote timing attack vulnerabilities were discovered in classes from the Symfony Security component and in the legacy CSRF implementation from the Symfony Form component.
Original release date: 12/07/2015
Last revised: 12/08/2015