From 9c3023ee47a923976fd349ae26b0c9157ec3117b Mon Sep 17 00:00:00 2001 From: Antoine Makdessi Date: Fri, 30 Sep 2022 14:42:31 +0200 Subject: [PATCH] [Security] Add caution on symfony cli web server exposing env vars on private network --- setup/symfony_server.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/setup/symfony_server.rst b/setup/symfony_server.rst index 43bd1442749..44a1842e1fe 100644 --- a/setup/symfony_server.rst +++ b/setup/symfony_server.rst @@ -11,6 +11,13 @@ other features that sooner or later you'll need when developing web projects. Moreover, the server is not tied to Symfony and you can also use it with any PHP application and even with HTML or single page applications. +.. caution:: + + This server will automatically expose all environment variables available + in the CLI tool context, **which can lead to security issues**. + One should assert that its server is not accessible on local network without + consent. + Installation ------------