Projects must not depend on dependencies with known security issues

  • Critical
  • Security

More information: https://insight.symfony.com/what-we-analyse/composer.security_issue_in_composer

The checker detected 2 security issues in package symfony/symfony installed in version 3.0.5.0
1) CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password.
2) CVE-2016-4423: Large username storage in session.

Time to fix: about 1 day
Open Issue Permalink
Collective