On 17.01.2011, at 09:51, Lukas Kahwe Smith wrote: > Hi, > > Here are the open issues I see in the security layer: > 1) rememberme > https://github.com/fabpot/symfony/pull/254 > > 2) csrf missing in form_login > http://groups.google.com/group/symfony-devs/browse_thread/thread/a6050244c09a42ea/f306a4241aa18e8c?#f306a4241aa18e8c > > 3) password in clear text in the session > http://groups.google.com/group/symfony-devs/browse_thread/thread/268c603699a7e0b5/56f5b7eed853d413 > > 4) Extension refactoring > http://groups.google.com/group/symfony-devs/browse_thread/thread/a1252a0f232c6692# > http://groups.google.com/group/symfony-devs/browse_thread/thread/c4e6ffc7ecbcf708# > > 5) other pull requests > https://github.com/fabpot/symfony/pull/386 > https://github.com/fabpot/symfony/pull/395 > > 6) open tickets > http://trac.symfony-project.org/ticket/9301 > http://trac.symfony-project.org/ticket/9300 > http://trac.symfony-project.org/ticket/9275 http://trac.symfony-project.org/ticket/9350 > > 7) not sure if we want to include it here, but there are a couple tickets > about listeners in general > http://trac.symfony-project.org/ticket/9250 > http://trac.symfony-project.org/ticket/9249 > http://trac.symfony-project.org/ticket/9248
regards, Lukas Kahwe Smith [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
