Hello krzysiekpiasecki,

Your parameters_heroku.yml file has been compromised and your login/pwd are now visible on this this project
to remove it from your history:
https://help.github.com/articles/removing-sensitive-data-from-a-repository/

Change your login/pwd on all your projects...

I recommand you also to use a gitignore file on the root of your Symfony project:
https://github.com/github/gitignore/blob/master/Symfony.gitignore
This will automatically ignore your parameters.yml file, your vendors ...

I also recommand you to plug your open source symfony project to sensioInsight...It's free and help you find all security, performance or quality issue on each commit

https://insight.sensiolabs.com/

Hope this will help you :)

@ousamabenyounes Thank you for reporting.

Fortunately, the passwords were generated by the system. They are not used anywhere else, I also have to check if there is a remote connection to the database. It seemed to me that there was no such possibility.

| I recommand you also to use a gitignore file on the root of your Symfony project:

Oh, I'm even a contributor to this file. Thank you also for all given tips.

@krzysiekpiasecki It is a great pleasure for me to share those critical informations.
I'm looking on symfony projects on github to find security issues on it.
And i'm happy when I see it helps people to protect them from hacking.
Hackers works hards on github to get credentials, personnal informations and use theim to take control of our projects. We trying to do some "Ethical hacking" and try to help other developers :).

I discovered Gentelella some weeks ago, and I'm implementing it on my project https://github.com/ousamabenyounes/log2test

I am a Symfony developper, and I was thinking to use it on my Symfony next projects.
So I must thank you for this really nice project you began one year ago :) (Apr 10, 2016)...
Be sure that i'll try to use it, and I would be very happy to be one of your contributors because I'm sure this project will help symfony community :).

If you can't follow github recommandation to remove login & password from your repository, https://help.github.com/articles/removing-sensitive-data-from-a-repository just remove it and change your login password...

I'm forking your project now and I'll plug sensioInsight so I'll send you some fixes maybe .

Regards

I just plugged my fork of your project on SensioInsight
best application to get insight on your project on each commit.

https://insight.sensiolabs.com/projects/3df20694-e737-4cdc-8fb0-e92a369295d3/analyses/2

You'll have lot of details and once done, you'll be able to add the sensioInsight Badge showing your project respect symfony standards, security recommandtions, quality ...

Unfortunately for a short while I will not be able to devote myself to following your comments, but be sure that your intellectual input will be used. Thank you very much @ousamabenyounes

Removing the project should not be done because you'll lose your 47 stars :(
I'll try to follow the github recommandation if I get some time.
For the moment we should just add parameters_heroku.yml on gitIgnore and remove it from projet

Removing & changing your Heroku credential allows you to close this issue I think.

Not yet please, until new application deploy to Heroku.

@ousamabenyounes Heroku environment was deleted at dev-master and next deploy will be safe. Once again thanks for the important issue.