EZSA-2019-006 Rules to disable executable access are ignored on Platform.sh (eZ Cloud)

PKSA-mwr1-dmvn-p871

Affected version: >=2.5.0,<2.5.4|>=1.13.0,<1.13.5.1|>=1.7.0,<1.7.9.1

Reported by:
FriendsOfPHP/security-advisories

EZSA-2019-007 Prevent accepting app.php in URL in Platform.sh

PKSA-19g4-dw1s-118z

Affected version: >=2.5.0,<2.5.4|>=1.13.0,<1.13.5.1|>=1.7.0,<1.7.9.1

Reported by:
FriendsOfPHP/security-advisories

[HIGH] EZSA-2019-004 CSRF token in login form is disabled by default

PKSA-t91s-b3w1-3n4m GHSA-2rh5-jvgx-pgw3

Affected version: >=2.5.0,<2.5.4

Reported by:
FriendsOfPHP/security-advisories, GitHub