Documented the security:check command #4651
Conversation
javiereguiluz
commented
Dec 14, 2014
javiereguiluz
commented
| Q | A |
|---|---|
| Doc fix? | no |
| New docs? | yes |
| Applies to | all |
| Fixed tickets | #4051 |
|
We need to be careful, to only merge this into the |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| .. versionadded:: 2.6 | ||
| The ``security:check`` command was introduced in Symfony 2.6. |
There was a problem hiding this comment.
It's actually available in Symfony 2.5 too (it's part of SensioDistributionBundle in version 3.0 which is compatible with Symfony 2.5 and higher).
|
Thanks for your work @javiereguiluz. I'm just wondering if we should also add a note in |
|
A comment to the doc merger (probably @weaverryan): I wrongly made this PR against 2.3 and it should be 2.5 because |
| @@ -38,6 +38,8 @@ confirmed, the core-team works on a solution following these steps: | |||
| 8. Publish the post on the official Symfony `blog`_ (it must also be added to | |||
| the "`Security Advisories`_" category); | |||
| 9. Update the security advisory list (see below). | |||
| 10. Update the public `security advisories database`_ maintained by the | |||
There was a problem hiding this comment.
You'll have to add the referenced URL.
|
I thought we could also add a note at "Security Advisories" which explains that you can use the |
I'm afraid that I do't understand your last comment. Where else should we mention this |
|
I thought about adding the following block in .. tip::
You can check your Symfony application for known security vulnerabilities
using the ``security:check`` command.This might be valuable because issues not only occur in the Symfony core, but do also happen in third-party bundle code. |
| When using lots of dependencies in your Symfony projects, odds are that some of | ||
| them contain security vulnerabilities. That's why Symfony includes a command | ||
| called ``security:check`` that checks whether any of your installed dependencies | ||
| contain a known security vulnerability: |
There was a problem hiding this comment.
you should add a note that the command is provided by SensioDistributionBundle, so it will be available only when it is registered
|
ping @javiereguiluz |
javiereguiluz
force-pushed
the
document_security_check_command
branch
from
847b8ce to
fdfb1a0
Compare
|
@wouterj I've rebased the PR and fixed everything that reviewers told me. If you agree, we can move this PR to |
| .. versionadded:: 2.5 | ||
| The ``security:check`` command was introduced in Symfony 2.5. This command is | ||
| included in ``SensioDistributionBundle``, which has to be registered in your | ||
| application in order to use this command. |
There was a problem hiding this comment.
The reference to the SensioDistributionBundle should probably also be added in the installation chapter.
There was a problem hiding this comment.
Do you really think is necessary? The installation chapter is for people that know nothing about Symfony. They're going to use the installer and they're going to install the standard edition, so everything works out of the box. My feel is that this note is only for advanced users doing custom installations.
There was a problem hiding this comment.
Hm, I guess you're right now that I think about it again.
This PR was merged into the 2.3 branch. Discussion ---------- Documented the security:check command | Q | A | ------------- | --- | Doc fix? | no | New docs? | yes | Applies to | all | Fixed tickets | #4051 Commits ------- 897dc70 Added a lot of changes suggested by reviewers fdfb1a0 Added a note about the SensioDistributionBundle necessary for security:check 3c9a962 Added a note about the security:check command e552369 Added a missing link reference 0e7d0cd Added a note about the security advisories database 36d3f2b This command is available sin Symfony 2.5 7f3fb71 Documented the security:check command
|
Thanks Javier! I merged this in and am fixing the build error right now :) |
* 2.3: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command
* 2.5: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command
* 2.7: fixing bad link Fixing bad merge - this section should not have been left in [#4651] Fixing build error Update by_reference.rst.inc Added a lot of changes suggested by reviewers Added a note about the SensioDistributionBundle necessary for security:check Added a note about the security:check command Added a missing link reference Added a note about the security advisories database This command is available sin Symfony 2.5 Documented the security:check command
This PR was merged into the 2.3 branch. Discussion ---------- Revert #4651 for 2.3 branch | Q | A | ------------- | --- | Doc fix? | yes | New docs? | no | Applies to | 2.3 (only) | Fixed tickets | #4651 was merged in 2.3 but should be 2.5 as mentioned in #4651 (comment). This PR reverts the changes for the 2.3 branch. Commits ------- f2d3223 Revert #4651 for 2.3 branch
* 2.3: Revert #4651 for 2.3 branch
* 2.5: fix merge after removing @Security in 2.3 Reverting a commit on 2.5 branch, as it was only meant to be on 2.3 (so reverting after the merge) [#4735] Reverting what was left on the 2.5 branch after the merge conflict had already put back some of it Typo Fix: "allows to" should be "allows you to" move cautions to make them visible bump required PHPUnit version remove @Security annotation for Symfony 2.3 Revert #4651 for 2.3 branch Use AppBundle whenever it's possible Conflicts: components/console/helpers/map.rst.inc cookbook/form/create_custom_field_type.rst cookbook/form/dynamic_form_modification.rst cookbook/form/form_customization.rst cookbook/profiler/matchers.rst cookbook/security/custom_authentication_provider.rst cookbook/security/securing_services.rst
