Closed
Description
In #15503 we're revamping Security docs. This meta-issue lists all security-related issues that are still pending. That way we can quickly check them and see if we've already fixed them in the new docs or even if we can ignore them because they are not relevant for docs:
- (5.4) [Security] make TokenInterface::getUser() nullable to tell about unauth… #15733
- (5.4) [Security] Deprecate legacy remember me services #15721
- (5.4) [Security] Deprecate built-in authentication entry points #15719
- (5.4) [Security] Deprecate remaining anonymous checks #15625
- (5.4) [Security] Deprecate AnonymousToken, non-UserInterface users, and token… #15622
- (5.4) [SecurityBundle] Create a smooth upgrade path for security factories #15598
- (5.3) [Security] [RememberMe] Add support for parallel requests doing remembe… #15357
- (5.3) [Security] Add passport to AuthenticationTokenCreatedEvent #15251
- (5.3) [Security] Deprecate using UsageTrackingTokenStorage outside the reques… #15230
- (5.3) [Security] Add concept of required passport badges #15203
- (5.3) [Security] Decouple passwords from UserInterface #15065
- (5.3) [Security] The described Guard authenticator is vulnerable to modified form input types #15059
- (5.3) [Security] Missing PHP example of configuration #15574
- (5.3) API token used as user identifier in custom authenticator example #15886
- (5.2) [Security] Better explain the Remember Me functionality #15133
- (5.2) [Security] [DX] Automatically add PasswordUpgradeBadge + default suppor… #14634
- (5.2) [Security] Automatically register custom authenticator as entry_point (… #14628
- (5.2) [Security] Pass Passport to LoginFailureEvent #14117
- (5.2) [Security] The 'entry_point' setting is well-hidden, error message not helpful #14704
- (3.4) Missing security.form_login.logout reference in documentation #12243
- (3.4) Success/failure handlers are not documented #4258