A week of symfony #605 (30 July - 5 August 2018)

This week Symfony published 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14 and 4.1.3 security releases to fix two security vulnerabilities related to HTTP headers.

Symfony development highlights

2.8 changelog:

  • 9d0ff4f: [HttpKernel] fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
  • 6604978: [HttpFoundation] removed support for legacy and risky HTTP headers
  • 0f7667d: [HttpKernel] fixed trusted headers management in HttpCache and InlineFragmentRenderer
  • 5d8bf16: [HttpFoundation] removed the Expires header when calling Response::expire()
  • 470ac26: [PropertyInfo] allowed nested collections

Master changelog:

  • fbe4bc1: [Yaml] save preg_match() calls when possible
  • 924f7f9: [DomCrawler] made the base URI optional when elements use absolute URIs
  • 6198223: [WebProfilerBundle] append new ajax request to the end of the list
  • dd2f830: [Form] added options for separate date/time labels in DateTimeType

Newest issues and pull requests

They talked about us

Upcoming Symfony Events

Call to Action

Comments

Login with SensioLabsConnect to post a comment