Update dependency symfony/symfony to v5 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
symfony/symfony (source)	3.3.* → 5.4.*

---

Symfony Cross-site Scripting (XSS) vulnerability

CVE-2019-10909 / GHSA-g996-q5r8-w7g2

More information

Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Severity

• CVSS Score: 5.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10909
• https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
• https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
• https://symfony.com/cve-2019-10909
• https://www.drupal.org/sa-core-2019-005
• https://www.synology.com/security/advisory/Synology_SA_19_19
• https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
• https://github.com/advisories/GHSA-g996-q5r8-w7g2

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Unsafe Cache Serialization Could Enable RCE

CVE-2019-18889 / GHSA-79gr-58r3-pwm3

More information

Details

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

Severity

• CVSS Score: 9.8 / 10 (Critical)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-18889
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml
• https://github.com/symfony/symfony/releases/tag/v4.3.8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
• https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
• https://symfony.com/blog/symfony-4-3-8-released
• https://symfony.com/cve-2019-18889
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
• https://github.com/advisories/GHSA-79gr-58r3-pwm3

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Invalid HTTP method overrides allow possible XSS or other attacks in Symfony

CVE-2019-10913 / GHSA-x92h-wmg2-6hp7

More information

Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.

Severity

• CVSS Score: 9.8 / 10 (Critical)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10913
• https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
• https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
• https://symfony.com/cve-2019-10913
• https://github.com/advisories/GHSA-x92h-wmg2-6hp7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Argument injection in a MimeTypeGuesser in Symfony

CVE-2019-18888 / GHSA-xhh6-956q-4q69

More information

Details

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-18888
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
• https://github.com/symfony/symfony/releases/tag/v4.3.8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
• https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
• https://symfony.com/blog/symfony-4-3-8-released
• https://symfony.com/cve-2019-18888
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
• https://github.com/advisories/GHSA-xhh6-956q-4q69

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Deserialization of untrusted data in Symfony

CVE-2019-10912 / GHSA-w2fr-65vp-mxw3

More information

Details

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.

Severity

• CVSS Score: 7.1 / 10 (High)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10912
• https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
• https://seclists.org/bugtraq/2019/May/21
• https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
• https://symfony.com/cve-2019-10912
• https://typo3.org/security/advisory/typo3-core-sa-2019-016/
• https://www.debian.org/security/2019/dsa-4441
• https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
• https://typo3.org/security/advisory/typo3-core-sa-2019-016
• https://github.com/advisories/GHSA-w2fr-65vp-mxw3

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Improper authentication in Symfony

CVE-2019-10911 / GHSA-cchx-mfrc-fwqr

More information

Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10911
• https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
• https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
• https://symfony.com/cve-2019-10911
• https://www.synology.com/security/advisory/Synology_SA_19_19
• https://github.com/advisories/GHSA-cchx-mfrc-fwqr

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Http-Kernel has non-constant time comparison in UriSigner

CVE-2019-18887 / GHSA-q8hg-pf8v-cxrv

More information

Details

When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.

Severity

• CVSS Score: 8.1 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-18887
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
• https://github.com/symfony/symfony/releases/tag/v4.3.8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
• https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
• https://symfony.com/blog/symfony-4-3-8-released
• https://symfony.com/cve-2019-18887
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
• https://github.com/advisories/GHSA-q8hg-pf8v-cxrv

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony vulnerable to Session Fixation of CSRF tokens

CVE-2022-24895 / GHSA-3gv2-29qc-v67m

More information

Details

Description

When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation.

Resolution

Symfony removes all CSRF tokens from the session on successful login.

The patch for this issue is available here for branch 4.4.

Credits

We would like to thank Marco Squarcina for reporting the issue and Nicolas Grekas for fixing it.

Severity

• CVSS Score: 6.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

• https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
• https://symfony.com/cve-2022-24895
• https://nvd.nist.gov/vuln/detail/CVE-2022-24895
• https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
• https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
• https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
• https://github.com/advisories/GHSA-3gv2-29qc-v67m

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony storing cookie headers in HttpCache

CVE-2022-24894 / GHSA-h7vf-5wrv-9fhv

More information

Details

Description

The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses (including headers) and returns them to clients.

In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this header might be stored and returned to some other clients. An attacker can use this vulnerability to retrieve the victim's session.

Resolution

The HttpStore constructor now takes a parameter containing a list of private headers that are removed from the HTTP response headers.
The default value for this parameter is Set-Cookie, but it can be overridden or extended by the application.

The patch for this issue is available here for branch 4.4.

Credits

We would like to thank Soner Sayakci for reporting the issue and Nicolas Grekas for fixing it.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

References

• https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
• https://symfony.com/cve-2022-24894
• https://nvd.nist.gov/vuln/detail/CVE-2022-24894
• https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
• https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
• https://github.com/advisories/GHSA-h7vf-5wrv-9fhv

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Service IDs Allow Injection

CVE-2019-10910 / GHSA-pgwj-prpq-jpc2

More information

Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

Severity

• CVSS Score: 9.8 / 10 (Critical)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10910
• https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
• https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
• https://symfony.com/cve-2019-10910
• https://www.synology.com/security/advisory/Synology_SA_19_19
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
• https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
• https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
• https://github.com/advisories/GHSA-pgwj-prpq-jpc2

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Host Header Injection

CVE-2018-14774 / GHSA-66p6-7p29-55p9

More information

Details

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

Severity

• CVSS Score: 7.2 / 10 (High)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2018-14774
• https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a
• https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
• https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337
• https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956
• https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982
• https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba
• https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922
• https://github.com/symfony/symfony
• https://github.com/advisories/GHSA-66p6-7p29-55p9

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony DoS

CVE-2018-11386 / GHSA-r2rq-3h56-fqm4

More information

Details

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2018-11386
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
• https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
• https://www.debian.org/security/2018/dsa-4262
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
• https://symfony.com/cve-2018-11386
• https://github.com/advisories/GHSA-r2rq-3h56-fqm4

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Open Redirect

CVE-2018-11408 / GHSA-7hwc-2cq4-6x2w

More information

Details

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.

Severity

• CVSS Score: 6.1 / 10 (Medium)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2018-11408
• https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
• https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
• https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml
• https://symfony.com/cve-2018-11408
• https://github.com/advisories/GHSA-7hwc-2cq4-6x2w

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Path Disclosure

CVE-2018-19789 / GHSA-x3cf-w64x-4cp2

More information

Details

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method (e.g. setName(string $name)) of a class that's the data_class of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then UploadedFile::__toString() is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2018-19789
• https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ/
• https://seclists.org/bugtraq/2019/May/21
• https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
• https://www.debian.org/security/2019/dsa-4441
• https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249
• https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml
• https://symfony.com/cve-2018-19789
• https://github.com/advisories/GHSA-x3cf-w64x-4cp2

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Open Redirect

CVE-2017-16652 / GHSA-r7p7-qr7p-2rrf

More information

Details

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.

Severity

• CVSS Score: 6.1 / 10 (Medium)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2017-16652
• https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
• https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
• https://symfony.com/cve-2017-16652
• https://github.com/advisories/GHSA-r7p7-qr7p-2rrf

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters

CVE-2023-46734 / GHSA-q847-2q57-wmr3

More information

Details

Description

Some Twig filters in CodeExtension use "is_safe=html" but don't actually ensure their input is safe.

Resolution

Symfony now escapes the output of the affected filters.

The patch for this issue is available here for branch 4.4.

Credits

We would like to thank Pierre Rudloff for reporting the issue and to Nicolas Grekas for providing the fix.

Severity

• CVSS Score: 6.1 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

• https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
• https://nvd.nist.gov/vuln/detail/CVE-2023-46734
• https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
• https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
• https://symfony.com/cve-2023-46734
• https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
• https://github.com/advisories/GHSA-q847-2q57-wmr3

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony CSRF Vulnerability

CVE-2017-16653 / GHSA-92x6-h2gr-8gxq

More information

Details

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2017-16653
• https://github.com/symfony/symfony/pull/24992
• https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
• https://www.debian.org/security/2018/dsa-4262
• https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml
• https://symfony.com/cve-2017-16653
• https://github.com/advisories/GHSA-92x6-h2gr-8gxq

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Directory Traversal

CVE-2017-16654 / GHSA-c49r-8gj6-768r

More information

Details

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2017-16654
• https://github.com/symfony/symfony/pull/24994
• https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
• https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
• https://www.debian.org/security/2018/dsa-4262
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml
• https://symfony.com/cve-2017-16654
• https://github.com/advisories/GHSA-c49r-8gj6-768r

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Symfony Session Fixation Vulnerability

CVE-2018-11385 / GHSA-g4rg-rw65-8hfg

More information

Details

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

Severity

• CVSS Score: 8.1 / 10 (High)
• Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2018-11385
• https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
• https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
• https://www.debian.org/security/2018/dsa-4262
• https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
• https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
• https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
• https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
• https://symfony.com/cve-2018-11385
• https://github.com/advisories/GHSA-g4rg-rw65-8hfg

This data is provided by the [GitHub Advisory Database](https://redirect.github.com/

✂ Note

PR body was truncated to here.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update symfony/symfony:5.4.52 --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Deprecation Notice: Composer\Command\ShowCommand::printPackageInfo(): Implicitly marking parameter $latestPackage as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Command/ShowCommand.php:586
Deprecation Notice: Composer\Command\ShowCommand::printMeta(): Implicitly marking parameter $latestPackage as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Command/ShowCommand.php:614
Deprecation Notice: Composer\Command\ShowCommand::printPackageInfoAsJson(): Implicitly marking parameter $latestPackage as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Command/ShowCommand.php:762
Deprecation Notice: Composer\Command\ArchiveCommand::archive(): Implicitly marking parameter $composer as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Command/ArchiveCommand.php:108
Deprecation Notice: Constant E_STRICT is deprecated since 8.4, the error level was removed in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/Silencer.php:36
Deprecation Notice: Composer\Json\JsonFile::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Json/JsonFile.php:51
Deprecation Notice: Composer\Json\JsonFile::__construct(): Implicitly marking parameter $io as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Json/JsonFile.php:51
Deprecation Notice: JsonSchema\Constraints\BaseConstraint::__construct(): Implicitly marking parameter $factory as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/BaseConstraint.php:41
Deprecation Notice: JsonSchema\Constraints\BaseConstraint::addError(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/BaseConstraint.php:46
Deprecation Notice: JsonSchema\Constraints\BaseConstraint::addError(): Implicitly marking parameter $more as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/BaseConstraint.php:46
Deprecation Notice: JsonSchema\Constraints\Factory::__construct(): Implicitly marking parameter $schemaStorage as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Factory.php:77
Deprecation Notice: JsonSchema\Constraints\Factory::__construct(): Implicitly marking parameter $uriRetriever as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Factory.php:78
Deprecation Notice: JsonSchema\Constraints\Constraint::incrementPath(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:42
Deprecation Notice: JsonSchema\Constraints\Constraint::checkArray(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:68
Deprecation Notice: JsonSchema\Constraints\Constraint::checkObject(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:86
Deprecation Notice: JsonSchema\Constraints\Constraint::checkType(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:103
Deprecation Notice: JsonSchema\Constraints\Constraint::checkUndefined(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:119
Deprecation Notice: JsonSchema\Constraints\Constraint::checkString(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:136
Deprecation Notice: JsonSchema\Constraints\Constraint::checkNumber(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:152
Deprecation Notice: JsonSchema\Constraints\Constraint::checkEnum(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:168
Deprecation Notice: JsonSchema\Constraints\Constraint::checkFormat(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php:184
Deprecation Notice: JsonSchema\Constraints\ConstraintInterface::addError(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ConstraintInterface.php:43
Deprecation Notice: JsonSchema\Constraints\ConstraintInterface::addError(): Implicitly marking parameter $more as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ConstraintInterface.php:43
Deprecation Notice: JsonSchema\Constraints\ConstraintInterface::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ConstraintInterface.php:64
Deprecation Notice: JsonSchema\SchemaStorage::__construct(): Implicitly marking parameter $uriRetriever as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php:20
Deprecation Notice: JsonSchema\SchemaStorage::__construct(): Implicitly marking parameter $uriResolver as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php:21
Deprecation Notice: JsonSchema\Constraints\SchemaConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/SchemaConstraint.php:31
Deprecation Notice: JsonSchema\Constraints\UndefinedConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/UndefinedConstraint.php:34
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/Retrievers/FileGetContents.php:55
Deprecation Notice: JsonSchema\Constraints\TypeConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/TypeConstraint.php:42
Deprecation Notice: JsonSchema\Constraints\ObjectConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ObjectConstraint.php:30
Deprecation Notice: JsonSchema\Constraints\ObjectConstraint::validatePatternProperties(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ObjectConstraint.php:54
Deprecation Notice: JsonSchema\Constraints\ObjectConstraint::validateElement(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ObjectConstraint.php:93
Deprecation Notice: JsonSchema\Constraints\ObjectConstraint::validateProperties(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ObjectConstraint.php:135
Deprecation Notice: JsonSchema\Constraints\ObjectConstraint::validateMinMaxConstraint(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/ObjectConstraint.php:177
Deprecation Notice: JsonSchema\Constraints\StringConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/StringConstraint.php:25
Deprecation Notice: JsonSchema\Constraints\FormatConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/FormatConstraint.php:27
Deprecation Notice: JsonSchema\Constraints\EnumConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/EnumConstraint.php:25
Deprecation Notice: JsonSchema\Constraints\CollectionConstraint::check(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/CollectionConstraint.php:25
Deprecation Notice: JsonSchema\Constraints\CollectionConstraint::validateItems(): Implicitly marking parameter $path as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/CollectionConstraint.php:64
Deprecation Notice: Composer\Config::prohibitUrlByConfig(): Implicitly marking parameter $io as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Config.php:450
Deprecation Notice: Composer\Util\ProcessExecutor::__construct(): Implicitly marking parameter $io as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/ProcessExecutor.php:31
Deprecation Notice: Composer\Util\RemoteFilesystem::__construct(): Implicitly marking parameter $config as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:60
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:329
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:332
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:333
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:338
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:338
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:342
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:346
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:347
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:367
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:368
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:398
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:399
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:400
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:431
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:441
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:442
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:456
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:562
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:580
Deprecation Notice: Composer\Util\RemoteFilesystem::getRemoteContents(): Implicitly marking parameter $responseHeaders as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:595
Deprecation Notice: The predefined locally scoped $http_response_header variable is deprecated, call http_get_last_response_headers() instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/RemoteFilesystem.php:604
Deprecation Notice: Composer\CaBundle\CaBundle::getSystemCaRootBundlePath(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:67
Deprecation Notice: Composer\CaBundle\CaBundle::validateCaFile(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:161
Deprecation Notice: Composer\CaBundle\CaBundle::caFileUsable(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:341
Deprecation Notice: Composer\CaBundle\CaBundle::caDirUsable(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:354
Deprecation Notice: Composer\CaBundle\CaBundle::isFile(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:367
Deprecation Notice: Composer\CaBundle\CaBundle::isDir(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:382
Deprecation Notice: Composer\CaBundle\CaBundle::isReadable(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:397
Deprecation Notice: Composer\CaBundle\CaBundle::glob(): Implicitly marking parameter $logger as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/vendor/composer/ca-bundle/src/CaBundle.php:412
Deprecation Notice: Composer\EventDispatcher\EventDispatcher::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/EventDispatcher/EventDispatcher.php:59
Deprecation Notice: Composer\EventDispatcher\EventDispatcher::dispatch(): Implicitly marking parameter $event as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/EventDispatcher/EventDispatcher.php:75
Deprecation Notice: Composer\Repository\RepositoryFactory::fromString(): Implicitly marking parameter $rm as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:65
Deprecation Notice: Composer\Repository\RepositoryFactory::createRepo(): Implicitly marking parameter $rm as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:78
Deprecation Notice: Composer\Repository\RepositoryFactory::defaultRepos(): Implicitly marking parameter $io as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:94
Deprecation Notice: Composer\Repository\RepositoryFactory::defaultRepos(): Implicitly marking parameter $config as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:94
Deprecation Notice: Composer\Repository\RepositoryFactory::defaultRepos(): Implicitly marking parameter $rm as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:94
Deprecation Notice: Composer\Repository\RepositoryFactory::manager(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:119
Deprecation Notice: Composer\Repository\RepositoryFactory::manager(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryFactory.php:119
Deprecation Notice: Composer\Repository\RepositoryManager::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryManager.php:38
Deprecation Notice: Composer\Repository\RepositoryManager::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/RepositoryManager.php:38
Deprecation Notice: Composer\Package\Loader\RootPackageLoader::__construct(): Implicitly marking parameter $parser as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Package/Loader/RootPackageLoader.php:55
Deprecation Notice: Composer\Package\Loader\RootPackageLoader::__construct(): Implicitly marking parameter $versionGuesser as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Package/Loader/RootPackageLoader.php:55
Deprecation Notice: Composer\Package\Loader\RootPackageLoader::__construct(): Implicitly marking parameter $io as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Package/Loader/RootPackageLoader.php:55
Deprecation Notice: Composer\Package\Loader\ArrayLoader::__construct(): Implicitly marking parameter $parser as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Package/Loader/ArrayLoader.php:32
Deprecation Notice: Composer\Package\Loader\ValidatingArrayLoader::__construct(): Implicitly marking parameter $parser as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Package/Loader/ValidatingArrayLoader.php:38
Deprecation Notice: Composer\Repository\PlatformRepository::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/PlatformRepository.php:46
Deprecation Notice: Composer\Util\Git::getVersion(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/Git.php:412
Deprecation Notice: Composer\Package\Link::__construct(): Implicitly marking parameter $constraint as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Package/Link.php:58
Deprecation Notice: Composer\Repository\ComposerRepository::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/ComposerRepository.php:66
Deprecation Notice: Composer\Repository\ComposerRepository::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Repository/ComposerRepository.php:66
Deprecation Notice: Composer\Cache::__construct(): Implicitly marking parameter $filesystem as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Cache.php:40
Deprecation Notice: Composer\Util\Filesystem::__construct(): Implicitly marking parameter $executor as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/Filesystem.php:28
Deprecation Notice: Constant E_STRICT is deprecated since 8.4, the error level was removed in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/Silencer.php:36
Deprecation Notice: Constant E_STRICT is deprecated since 8.4, the error level was removed in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Util/Silencer.php:36
Deprecation Notice: Composer\Downloader\DownloadManager::__construct(): Implicitly marking parameter $filesystem as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/DownloadManager.php:40
Deprecation Notice: Composer\Downloader\GitDownloader::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/GitDownloader.php:33
Deprecation Notice: Composer\Downloader\GitDownloader::__construct(): Implicitly marking parameter $fs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/GitDownloader.php:33
Deprecation Notice: Composer\Downloader\VcsDownloader::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/VcsDownloader.php:38
Deprecation Notice: Composer\Downloader\VcsDownloader::__construct(): Implicitly marking parameter $fs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/VcsDownloader.php:38
Deprecation Notice: Composer\Downloader\ZipDownloader::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/ZipDownloader.php:39
Deprecation Notice: Composer\Downloader\ZipDownloader::__construct(): Implicitly marking parameter $cache as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/ZipDownloader.php:39
Deprecation Notice: Composer\Downloader\ZipDownloader::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/ZipDownloader.php:39
Deprecation Notice: Composer\Downloader\ZipDownloader::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/ZipDownloader.php:39
Deprecation Notice: Composer\Downloader\FileDownloader::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/FileDownloader.php:59
Deprecation Notice: Composer\Downloader\FileDownloader::__construct(): Implicitly marking parameter $cache as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/FileDownloader.php:59
Deprecation Notice: Composer\Downloader\FileDownloader::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/FileDownloader.php:59
Deprecation Notice: Composer\Downloader\FileDownloader::__construct(): Implicitly marking parameter $filesystem as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/FileDownloader.php:59
Deprecation Notice: Composer\Downloader\RarDownloader::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/RarDownloader.php:36
Deprecation Notice: Composer\Downloader\RarDownloader::__construct(): Implicitly marking parameter $cache as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/RarDownloader.php:36
Deprecation Notice: Composer\Downloader\RarDownloader::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/RarDownloader.php:36
Deprecation Notice: Composer\Downloader\RarDownloader::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/RarDownloader.php:36
Deprecation Notice: Composer\Downloader\GzipDownloader::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/GzipDownloader.php:33
Deprecation Notice: Composer\Downloader\GzipDownloader::__construct(): Implicitly marking parameter $cache as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/GzipDownloader.php:33
Deprecation Notice: Composer\Downloader\GzipDownloader::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/GzipDownloader.php:33
Deprecation Notice: Composer\Downloader\GzipDownloader::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/GzipDownloader.php:33
Deprecation Notice: Composer\Downloader\XzDownloader::__construct(): Implicitly marking parameter $eventDispatcher as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/XzDownloader.php:33
Deprecation Notice: Composer\Downloader\XzDownloader::__construct(): Implicitly marking parameter $cache as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/XzDownloader.php:33
Deprecation Notice: Composer\Downloader\XzDownloader::__construct(): Implicitly marking parameter $process as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/XzDownloader.php:33
Deprecation Notice: Composer\Downloader\XzDownloader::__construct(): Implicitly marking parameter $rfs as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Downloader/XzDownloader.php:33
Deprecation Notice: Composer\Autoload\AutoloadGenerator::__construct(): Implicitly marking parameter $io as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Autoload/AutoloadGenerator.php:62
Deprecation Notice: Composer\Installer\LibraryInstaller::__construct(): Implicitly marking parameter $filesystem as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Installer/LibraryInstaller.php:50
Deprecation Notice: Composer\Installer\LibraryInstaller::__construct(): Implicitly marking parameter $binaryInstaller as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Installer/LibraryInstaller.php:50
Deprecation Notice: Composer\Installer\BinaryInstaller::__construct(): Implicitly marking parameter $filesystem as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Installer/BinaryInstaller.php:42
Deprecation Notice: Composer\Plugin\PluginManager::__construct(): Implicitly marking parameter $globalComposer as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Plugin/PluginManager.php:56
Deprecation Notice: Composer\Installer::createPool(): Implicitly marking parameter $lockedRepository as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Installer.php:878
Deprecation Notice: Composer\Installer::processDevPackages(): Implicitly marking parameter $operations as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Installer.php:985
Deprecation Notice: Composer\Installer\SuggestedPackagesReporter::output(): Implicitly marking parameter $installedRepo as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/Installer/SuggestedPackagesReporter.php:99
Deprecation Notice: Composer\DependencyResolver\Pool::whatProvides(): Implicitly marking parameter $constraint as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/DependencyResolver/Pool.php:191
Deprecation Notice: Composer\DependencyResolver\Pool::match(): Implicitly marking parameter $constraint as nullable is deprecated, the explicit nullable type must be used instead in phar:///opt/containerbase/tools/composer/1.10.27/bin/composer/src/Composer/DependencyResolver/Pool.php:334
Package "symfony/symfony:5.4.52" listed for update is not installed. Ignoring.
Loading composer repositories with package information