updated CHANGELOG for 2.7.48

2018-05-25 13:45:30 +02:00 · 2018-05-25 13:45:30 +02:00 · 548f1cbf73
parent ab32125187
commit 548f1cbf73
1 changed files with 8 additions and 0 deletions
--- a/CHANGELOG-2.7.md
+++ b/CHANGELOG-2.7.md
@ -7,6 +7,14 @@ in 2.7 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.7.0...v2.7.1

+* 2.7.48 (2018-05-25)
+
+ * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas)
+ * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured
+ * security #cve-2018-11406 clear CSRF tokens when the user is logged out
+ * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation
+ * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
+
 * 2.7.47 (2018-05-21)

 * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov)