- 🇫🇷France prudloff Lille
I see the Symfony issues have been closed as wontfix.
Should we close this as well?
A number of issues have been opened to mitigate potential host header vulnerabilities:
Some of the protections are in addition to ones in Symfony. There is currently active discussion on the Symfony side about increasing protections in Request::getHost(), or in PHP itself.
If some of these changes get in, some code in Drupal, such as the host header length test, may removed as redundant.
Keep aware of changes in Symfony and PHP. Open child issues as necessary.
Active
11.0 🔥
base system
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I see the Symfony issues have been closed as wontfix.
Should we close this as well?