Commit5befc45

committed

Merge branch '2.5' into 2.6

* 2.5: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command

2 parents3470c87 +4d848d7 commit5befc45Copy full SHA for 5befc45

File tree

4 files changed

+54

-3

lines changed

book
- installation.rst
- security.rst
contributing/code
- security.rst
reference/forms/types/options
- by_reference.rst.inc

4 files changed

+54

-3

lines changed

`‎book/installation.rst‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -287,6 +287,18 @@ them all at once:`
`287`	`287`	`Depending on the complexity of your project, this update process can take up to`
`288`	`288`	`several minutes to complete.`
`289`	`289`
	`290`	`+..tip::`
	`291`	`+`
	`292`	`+ Symfony provides a command to check whether your project's dependencies`
	`293`	`+ contain any know security vulnerability:`
	`294`	`+`
	`295`	`+ ..code-block::bash`
	`296`	`+`
	`297`	`+ $ php app/console security:check`
	`298`	`+`
	`299`	`+ A good security practice is to execute this command regularly to be able to`
	`300`	`+ update or replace compromised dependencies as soon as possible.`
	`301`	`+`
`290`	`302`	`.. _installing-a-symfony2-distribution:`
`291`	`303`
`292`	`304`	`Installing a Symfony Distribution`

`‎book/security.rst‎`

Lines changed: 31 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1298,6 +1298,36 @@ cookie will be ever created by Symfony):`
`1298`	`1298`	`If you use a form login, Symfony will create a cookie even if you set`
`1299`	`1299`	``stateless`` to ``true``.
`1300`	`1300`
	`1301`	`+.. _book-security-checking-vulnerabilities:`
	`1302`	`+`
	`1303`	`+Checking for Known Security Vulnerabilities in Dependencies`
	`1304`	`+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
	`1305`	`+`
	`1306`	`+..versionadded::2.5`
	`1307`	+ The ``security:check`` command was introduced in Symfony 2.5. This command is
	`1308`	+ included in ``SensioDistributionBundle``, which has to be registered in your
	`1309`	`+ application in order to use this command.`
	`1310`	`+`
	`1311`	`+When using lots of dependencies in your Symfony projects, some of them may`
	`1312`	`+contain security vulnerabilities. That's why Symfony includes a command called`
	`1313`	+``security:check`` that checks your ``composer.lock`` file to find any known
	`1314`	`+security vulnerability in your installed dependencies:`
	`1315`	`+`
	`1316`	`+..code-block::bash`
	`1317`	`+`
	`1318`	`+ $ php app/console security:check`
	`1319`	`+`
	`1320`	`+A good security practice is to execute this command regularly to be able to`
	`1321`	`+update or replace compromised dependencies as soon as possible. Internally,`
	`1322`	+this command uses the public `security advisories database`_ published by the
	`1323`	`+FriendsOfPHP organization.`
	`1324`	`+`
	`1325`	`+..tip::`
	`1326`	`+`
	`1327`	+ The ``security:check`` command terminates with a non-zero exit code if
	`1328`	`+ any of your dependencies is affected by a known security vulnerability.`
	`1329`	`+ Therefore, you can easily integrate it in your build process.`
	`1330`	`+`
`1301`	`1331`	`Final Words`
`1302`	`1332`	`-----------`
`1303`	`1333`
`@@ -1326,3 +1356,4 @@ Learn more from the Cookbook`
`1326`	`1356`
`1327`	`1357`	.. _`online tool`:https://www.dailycred.com/blog/12/bcrypt-calculator
`1328`	`1358`	.. _`frameworkextrabundle documentation`:http://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html
	`1359`	+.. _`security advisories database`:https://github.com/FriendsOfPHP/security-advisories

`‎contributing/code/security.rst‎`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,8 @@ confirmed, the core-team works on a solution following these steps:`
`38`	`38`	#. Publish the post on the official Symfony `blog`_ (it must also be added to
`39`	`39`	the "`Security Advisories`_" category);
`40`	`40`	`#. Update the security advisory list (see below).`
	`41`	+#. Update the public `security advisories database`_ maintained by the
	`42`	+ FriendsOfPHP organization and which is used by the ``security:check`` command.
`41`	`43`
`42`	`44`	`..note::`
`43`	`45`
`@@ -93,6 +95,11 @@ of the downstream projects included in this process:`
`93`	`95`	`Security Advisories`
`94`	`96`	`-------------------`
`95`	`97`
	`98`	`+..tip::`
	`99`	`+`
	`100`	`+ You can check your Symfony application for known security vulnerabilities`
	`101`	+ using the ``security:check`` command. See:ref:`book-security-checking-vulnerabilities`.
	`102`	`+`
`96`	`103`	`This section indexes security vulnerabilities that were fixed in Symfony`
`97`	`104`	`releases, starting from Symfony 1.0.0:`
`98`	`105`
`@@ -119,6 +126,7 @@ releases, starting from Symfony 1.0.0:`
`119`	`126`	* March 21, 2008: `symfony 1.0.12 is (finally) out !<http://symfony.com/blog/symfony-1-0-12-is-finally-out>`_
`120`	`127`	* June 25, 2007: `symfony 1.0.5 released (security fix)<http://symfony.com/blog/symfony-1-0-5-released-security-fix>`_
`121`	`128`
`122`		`-.. _Git repository:https://github.com/symfony/symfony`
`123`		`-.. _blog:http://symfony.com/blog/`
	`129`	`+.. _Git repository:https://github.com/symfony/symfony`
	`130`	`+.. _blog:http://symfony.com/blog/`
`124`	`131`	`.. _Security Advisories:http://symfony.com/blog/category/security-advisories`
	`132`	+.. _`security advisories database`:https://github.com/FriendsOfPHP/security-advisories

`‎reference/forms/types/options/by_reference.rst.inc‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -42,4 +42,4 @@ call the setter on the parent object.`
`42`	`42`	Similarly, if you're using the :doc:`collection</reference/forms/types/collection>`
`43`	`43`	`form type where your underlying collection data is an object (like with Doctrine's`
`44`	`44`	``ArrayCollection``), then ``by_reference`` must be set to ``false`` if you
`45`		-need thesetter(e.g. ``setAuthors()``) to be called.
	`45`	+need theadder and remover(e.g. ``addAuthor()`` and ``removeAuthor()``) to be called.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit5befc45

File tree

4 files changed

4 files changed

`‎book/installation.rst‎`

`‎book/security.rst‎`

`‎contributing/code/security.rst‎`

`‎reference/forms/types/options/by_reference.rst.inc‎`

0 commit comments