If you believe you've found something in symfony4 stack which has security implications, please do not raise the issue in Github issue tracker or other public forums.

Send a description of the issue via email to security@try.direct. The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.