Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.2k
Documented the security:check command#4651
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Documented the security:check command#4651
Uh oh!
There was an error while loading.Please reload this page.
Conversation
javiereguiluz commentedDec 14, 2014
| Q | A |
|---|---|
| Doc fix? | no |
| New docs? | yes |
| Applies to | all |
| Fixed tickets | #4051 |
We need to be careful, to only merge this into the |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| .. versionadded:: 2.6 | ||
| The ``security:check`` command was introduced in Symfony 2.6. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It's actually available in Symfony 2.5 too (it's part of SensioDistributionBundle in version3.0 which is compatible with Symfony2.5 and higher).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thanks! Fixed.
Thanks for your work@javiereguiluz. I'm just wondering if we should also add a note in |
A comment to the doc merger (probably@weaverryan): I wrongly made this PR against 2.3 and it should be 2.5 because |
| @@ -38,6 +38,8 @@ confirmed, the core-team works on a solution following these steps: | |||
| 8. Publish the post on the official Symfony `blog`_ (it must also be added to | |||
| the "`Security Advisories`_" category); | |||
| 9. Update the security advisory list (see below). | |||
| 10. Update the public `security advisories database`_ maintained by the | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
You'll have to add the referenced URL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Fixed. Thanks.
I thought we could also add a note at "Security Advisories" which explains that you can use the |
I'm afraid that I do't understand your last comment. Where else should we mention this |
I thought about adding the following block in ..tip:: You can check your Symfony application for known security vulnerabilities using the ``security:check`` command. This might be valuable because issues not only occur in the Symfony core, but do also happen in third-party bundle code. |
| When using lots of dependencies in your Symfony projects, odds are that some of | ||
| them contain security vulnerabilities. That's why Symfony includes a command | ||
| called ``security:check`` that checks whether any of your installed dependencies | ||
| contain a known security vulnerability: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
you should add a note that the command is provided by SensioDistributionBundle, so it will be available only when it is registered
ping@javiereguiluz |
847b8ce tofdfb1a0Compare@wouterj I've rebased the PR and fixed everything that reviewers told me. If you agree, we can move this PR to |
| .. versionadded:: 2.5 | ||
| The ``security:check`` command was introduced in Symfony 2.5. This command is | ||
| included in ``SensioDistributionBundle``, which has to be registered in your | ||
| application in order to use this command. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The reference to the SensioDistributionBundle should probably also be added in the installation chapter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Do you really think is necessary? The installation chapter is for people that know nothing about Symfony. They're going to use the installer and they're going to install the standard edition, so everything works out of the box. My feel is that this note is only for advanced users doing custom installations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Hm, I guess you're right now that I think about it again.
This PR was merged into the 2.3 branch.Discussion----------Documented the security:check command| Q | A| ------------- | ---| Doc fix? | no| New docs? | yes| Applies to | all| Fixed tickets |#4051Commits-------897dc70 Added a lot of changes suggested by reviewersfdfb1a0 Added a note about the SensioDistributionBundle necessary for security:check3c9a962 Added a note about the security:check commande552369 Added a missing link reference0e7d0cd Added a note about the security advisories database36d3f2b This command is available sin Symfony 2.57f3fb71 Documented the security:check command
Thanks Javier! I merged this in and am fixing the build error right now :) |
* 2.3: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command
* 2.5: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command
* 2.7: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command
This PR was merged into the 2.3 branch.Discussion----------Revert#4651 for 2.3 branch| Q | A| ------------- | ---| Doc fix? | yes| New docs? | no| Applies to | 2.3 (only)| Fixed tickets |#4651 was merged in 2.3 but should be 2.5 as mentioned in#4651 (comment). This PR reverts the changes for the 2.3 branch.Commits-------f2d3223 Revert#4651 for 2.3 branch
* 2.3: Revert#4651 for 2.3 branch
* 2.5: fix merge after removing @Security in 2.3 Reverting a commit on 2.5 branch, as it was only meant to be on 2.3 (so reverting after the merge) [#4735] Reverting what was left on the 2.5 branch after the merge conflict had already put back some of it Typo Fix: "allows to" should be "allows you to" move cautions to make them visible bump required PHPUnit version remove @Security annotation for Symfony 2.3 Revert#4651 for 2.3 branch Use AppBundle whenever it's possibleConflicts:components/console/helpers/map.rst.inccookbook/form/create_custom_field_type.rstcookbook/form/dynamic_form_modification.rstcookbook/form/form_customization.rstcookbook/profiler/matchers.rstcookbook/security/custom_authentication_provider.rstcookbook/security/securing_services.rst