New in Symfony 4.1: Misc. improvements (part 4)

In Symfony 4.1, AbstractController provides a getParameter() helper, anonymous services can be configured with PHP DSL, PropertyInfo can introspect information using the constructor arguments and the level of the PHP logger is configurable.

New in Symfony 4.1: Misc. improvements (part 3)

In Symfony 4.1, MoneyType rounding is configurable, updating LDAP entries is more efficient, query strings can be kept when redirecting and hassers are supported by the PropertyInfo component.

A week of symfony #595 (21-27 May 2018)

This week Symfony released 2.7.48, 2.8.41, 3.3.17, 3.4.11 and 4.0.11 versions to address several security vulnerabilities. Meanwhile Symfony 4.1.0 beta3 was published in preparation for next week's final release. Lastly, it was announced that the SymfonyLive USA 2018 conference will take place in San Francisco on October 11th and 12th.

Symfony 4.1.0-BETA3 released

Read release notes

CVE-2018-11406: CSRF Token Fixation

CVE-2018-11406 fixes a possible CSRF token fixation.

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.

CVE-2018-11385: Session Fixation Issue for Guard Authentication

CVE-2018-11385 fixes a session fixation issue when using Guard authentication.

CVE-2018-11386: Denial of service when using PDOSessionHandler

CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.

CVE-2018-11408: Open redirect vulnerability on security handlers

CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.

Symfony 4.0.11 released

Read release notes