Script security-checker security:check returned with error code 1

[ZielinskiLukasz]

Project created using:
composer create-project symfony/symfony-demo

Composer version 1.7.2

returns an error:

Executing script security-checker security:check [KO]
 [KO]
Script security-checker security:check returned with error code 1
!!  
!!  Symfony Security Check Report
!!  =============================
!!  
!!   // Checked file: symfony-demo/composer.lock
!!  
!!   [ERROR] 1 packages have known vulnerabilities.                                 
!!  
!!  symfony/http-foundation (v4.1.1)
!!  --------------------------------
!!  
!!   * CVE-2018-14773: CVE-2018-14773: Remove support for legacy and risky HTTP headers
!!     https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
!!  
!!   ! [NOTE] This checker can only detect vulnerabilities that are referenced in   
!!   !        the SensioLabs security advisories database. Execute this command     
!!   !        regularly to check the newly discovered vulnerabilities.              
!!  
!!  
Script @auto-scripts was called via post-install-cmd

Composer update
fixes the problem

[meysholdt]

just ran into this, too.

[ZielinskiLukasz]

Forcing http-foundation version > v4.1.1 would help.

[stof]

that's because #846 is not merged yet

[javiereguiluz]

Closing because #846 has just been merged. Please, report any other issue that you may find related to this. Thanks!