//
sign in
Post
by @danabra.mov
PostEmbed
by @danabra.mov
Record
by @jimpick.com
Record
by @atsui.org
+ new component
Post
🔒 Security patch out for API Platform Core (CVE-2026-54164): a type-confusion bug let writable relations accept a wrong-type IRI. Upgrade to 4.1.30 / 4.2.26 / 4.3.12+. Details: github.com/api-platform...
9d
## Summary The API Platform serializer's `AbstractItemNormalizer` does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an uninte...
github.com
Relation IRIs are not type-checked: a related resource can be denormalised as the wrong resource type (type confusion)
Antoine Bluchet @soyuka