Affected Versions¶

Symfony 2.3.0 to 2.3.36, 2.6.0 to 2.6.12, 2.7.0 to 2.7.8 versions of the Security component are affected by this security issue when used with PHP 5.x without the paragonie/random_compat library listed in your Composer dependencies. Projects using PHP 7 are not affected.

This issue has been fixed in Symfony 2.3.37, 2.6.13, and 2.7.9. Note that no fixes are provided for Symfony 2.4 and 2.5 as they are not maintained anymore. Symfony 2.8 and 3.0 are not affected.