Clik here to view.
Symfony 2.7.38 released
Symfony 2.7.38 has just been released. Here is a list of the most important changes:security #24995 Validate redirect targets using the session cookie domain (@nicolas-grekas)security #24994 Prevent...
View ArticleClik here to view.
Symfony 3.2.14 released
Symfony 3.2.14 has just been released. Here is a list of the most important changes:security #24995 Validate redirect targets using the session cookie domain (@nicolas-grekas)security #24994 Prevent...
View ArticleClik here to view.
Symfony 2.8.31 released
Symfony 2.8.31 has just been released. Here is a list of the most important changes:security #24995 Validate redirect targets using the session cookie domain (@nicolas-grekas)security #24994 Prevent...
View ArticleClik here to view.
Symfony 3.3.13 released
Symfony 3.3.13 has just been released. Here is a list of the most important changes:security #24995 Validate redirect targets using the session cookie domain (@nicolas-grekas)security #24994 Prevent...
View ArticleClik here to view.
CVE-2017-16790: Ensure that submitted data are uploaded files
Affected versionsSymfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Form component are affected by this security issue.The issue has been fixed in...
View ArticleClik here to view.
CVE-2017-16654: Intl bundle readers breaking out of paths
Affected versionsSymfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Intl component are affected by this security issue.The issue has been fixed in...
View ArticleClik here to view.
CVE-2017-16652: Open redirect vulnerability on security handlers
Affected versionsSymfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Security component are affected by this security issue.The issue has been fixed...
View ArticleClik here to view.
CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS
Affected versionsSymfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Intl component are affected by this security issue.The issue has been fixed in...
View ArticleClik here to view.
A week of symfony #568 (13-19 November 2017)
This week, Symfony celebrated SymfonyCon, its annual global conference, in Cluj (Romania) with great success. Meanwhile, several maintenance versions were published to address some security advisories....
View ArticleClik here to view.
Get Ready for PHP 7.2
PHP 7.2 will be released on November 30th (the same day as Symfony 4). During the past SymfonyCon Cluj 2017 conference, Sara Golemon, release manager of PHP 7.2, explained that PHP 7.2 is not as...
View ArticleClik here to view.
Introducing the Symfony Maker Bundle
If you've been around the Symfony community for some time, odds are you know and have used the SensioGeneratorBundle. It's a popular bundle (+20 million downloads) that provides console commands to...
View ArticleClik here to view.
Symfony 4.0.0-RC1 released
Symfony 4.0.0-RC1 has just been released. Here is a list of the most important changes:bug #25077 [Bridge/Twig] Let getFlashes starts the session (@MatTheCat)bug #25082 [HttpKernel] Disable container...
View ArticleClik here to view.
Symfony 3.4.0-RC1 released
Symfony 3.4.0-RC1 has just been released. Here is a list of the most important changes:bug #25077 [Bridge/Twig] Let getFlashes starts the session (@MatTheCat)bug #25082 [HttpKernel] Disable container...
View ArticleClik here to view.
Symfony 3.4.0-RC2 released
Symfony 3.4.0-RC2 has just been released. Here is a list of the most important changes:bug #25146 [DI] Dont resolve envs in service ids (@nicolas-grekas)bug #25113 [Routing] Fix "config-file-relative"...
View ArticleClik here to view.
Symfony 4.0.0-RC2 released
Symfony 4.0.0-RC2 has just been released. Here is a list of the most important changes:bug #25146 [DI] Dont resolve envs in service ids (@nicolas-grekas)bug #25113 [Routing] Fix "config-file-relative"...
View ArticleClik here to view.
A week of symfony #569 (20-26 November 2017)
This week Symfony focused on fixing the issues and edge cases reported by Symfony 4 beta testers. In addition, the first release candidate versions for Symfony 3.4 and 4.0 were published, in advance of...
View ArticleClik here to view.
New Core Team Member, in charge of the Recipes
During my keynote at SymfonyCon Cluj, I talked about several new initiatives to help grow the Symfony ecosystem. One of them was about Symfony recipes. Having great recipes is key to the success of...
View ArticleClik here to view.
The Diversity Initiative
I like to say that docs are more important than code in a tech project. Docs are a challenge for any project as developers like to write code, not docs. But the real success of a project is best...
View ArticleClik here to view.
Symfony 3.4 curated new features
Symfony 3.4.0 is going to be released later today. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without...
View ArticleClik here to view.
Symfony 3.4.0 released
Symfony 3.4.0 has just been released. Here is a list of the most important changes:bug #25220 [HttpFoundation] Add Session::isEmpty(), fix MockFileSessionStorage to behave like the native one...
View Article