July 17th, 2017 Symfony security fix in Security component (CVE-2017-11365) - Drupal not affected

Drupal Security Team's picture

Symfony contacted the Drupal Security team about today's Symfony security release addressing an issue in UserPasswordValidator. This announcement is to reassure the Drupal community that Drupal 8 is not affected by this fix, as it does not make use of this security component. There is no Drupal 8 release scheduled for this, and there is no action you need to take on your Drupal site(s).