//
sign in
Post
by @danabra.mov
PostEmbed
by @danabra.mov
Record
by @jimpick.com
Record
by @atsui.org
+ new component
Post
🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes (FrankenPHP, RoadRunner, Swoole). Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. github.com/api-platform...
18d
### Impact `#[ApiProperty(security: ...)]` is evaluated per request to decide whether a property is exposed. The `componentsCache` arrays in `ApiPlatform\JsonApi\Serializer\ItemNormalizer` and `Ap...
github.com
Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate
Antoine Bluchet @soyuka