Reporting a Security Issue

Found a security issue in Symfony2? Don’t use the mailing-list or the bug tracker. All security issues must be sent to security [at] symfony-project.com instead. Emails sent to this address are forwarded to the Symfony core-team private mailing-list.

For each report, we first try to confirm the vulnerability. When it is confirmed, the core-team works on a solution following these steps:

  1. Send an acknowledgement to the reporter;
  2. Work on a patch;
  3. Write a post describing the vulnerability, the possible exploits, and how to patch/upgrade affected applications;
  4. Apply the patch to all maintained versions of Symfony;
  5. Publish the post on the official Symfony blog.

注解

While we are working on a patch, please do not reveal the issue publicly.

上一个主题

Submitting a Patch

下一个主题

Running Symfony2 Tests