Security threat within symfony/twig-bridge
aharabara opened this issue · comments
Link to the threat description: GHSA-q847-2q57-wmr3
Link to the Symfony blog post: https://symfony.com/blog/cve-2023-46734-potential-xss-vulnerabilities-in-codeextension-filters
We use Symfony 6.2 (the highest version compatible with Sonata project) and latest versions of bundles and packages related to Sonata project, but the only version that is patched on Symfony side is 6.3.*
. Do you plan to address this security issue and if yes, then how soon we can expect it?
Hi @aharabara ,
we are using Sonata Admin with Symfony 6.3 without any problems.
May i ask what makes you think Sonata Admin is only compatible with Symfony 6.2?
The composer.json
requires Symfony ^6.2
meaning that all symfony versions starting with 6.2 are compatible, meaning also 6.3 and, when it gets released, also 6.4.
Sonata is compatible wih Sf 6.3.
Hi @aharabara. You are right, I was confused with low-level dependencies and thought that the limitation was on the side of sonata bundles, but I was wrong. Thank you for help 🙇