From f2d3223ce28df3e0456b6730b6f03d032ccdbd29 Mon Sep 17 00:00:00 2001 From: Alexander Schwenn Date: Sat, 3 Jan 2015 10:26:36 +0100 Subject: [PATCH] Revert #4651 for 2.3 branch --- book/installation.rst | 12 ------------ book/security.rst | 29 ----------------------------- contributing/code/security.rst | 8 -------- 3 files changed, 49 deletions(-) diff --git a/book/installation.rst b/book/installation.rst index e270eb87815..4e625492a00 100644 --- a/book/installation.rst +++ b/book/installation.rst @@ -288,18 +288,6 @@ them all at once: Depending on the complexity of your project, this update process can take up to several minutes to complete. -.. tip:: - - Symfony provides a command to check whether your project's dependencies - contain any know security vulnerability: - - .. code-block:: bash - - $ php app/console security:check - - A good security practice is to execute this command regularly to be able to - update or replace compromised dependencies as soon as possible. - .. _installing-a-symfony2-distribution: Installing a Symfony Distribution diff --git a/book/security.rst b/book/security.rst index daecfa876c4..b714aca3838 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1230,34 +1230,6 @@ cookie will be ever created by Symfony): .. _book-security-checking-vulnerabilities: -Checking for Known Security Vulnerabilities in Dependencies -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. versionadded:: 2.5 - The ``security:check`` command was introduced in Symfony 2.5. This command is - included in ``SensioDistributionBundle``, which has to be registered in your - application in order to use this command. - -When using lots of dependencies in your Symfony projects, some of them may -contain security vulnerabilities. That's why Symfony includes a command called -``security:check`` that checks your ``composer.lock`` file to find any known -security vulnerability in your installed dependencies: - -.. code-block:: bash - - $ php app/console security:check - -A good security practice is to execute this command regularly to be able to -update or replace compromised dependencies as soon as possible. Internally, -this command uses the public `security advisories database`_ published by the -FriendsOfPHP organization. - -.. tip:: - - The ``security:check`` command terminates with a non-zero exit code if - any of your dependencies is affected by a known security vulnerability. - Therefore, you can easily integrate it in your build process. - Final Words ----------- @@ -1286,4 +1258,3 @@ Learn more from the Cookbook .. _`online tool`: https://www.dailycred.com/blog/12/bcrypt-calculator .. _`frameworkextrabundle documentation`: http://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html -.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories diff --git a/contributing/code/security.rst b/contributing/code/security.rst index 0cf3bb3cfb3..8275729972b 100644 --- a/contributing/code/security.rst +++ b/contributing/code/security.rst @@ -38,8 +38,6 @@ confirmed, the core-team works on a solution following these steps: #. Publish the post on the official Symfony `blog`_ (it must also be added to the "`Security Advisories`_" category); #. Update the security advisory list (see below). -#. Update the public `security advisories database`_ maintained by the - FriendsOfPHP organization and which is used by the ``security:check`` command. .. note:: @@ -95,11 +93,6 @@ of the downstream projects included in this process: Security Advisories ------------------- -.. tip:: - - You can check your Symfony application for known security vulnerabilities - using the ``security:check`` command. See :ref:`book-security-checking-vulnerabilities`. - This section indexes security vulnerabilities that were fixed in Symfony releases, starting from Symfony 1.0.0: @@ -129,4 +122,3 @@ releases, starting from Symfony 1.0.0: .. _Git repository: https://github.com/symfony/symfony .. _blog: http://symfony.com/blog/ .. _Security Advisories: http://symfony.com/blog/category/security-advisories -.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories