Symfony 2.7.7 has just been released. Here is a list of the most important changes:

  • security #16631 `CVE-2015-8124 <http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature>`_: Session Fixation in the "Remember Me" Login Feature (xabbuh)
  • security #16630 `CVE-2015-8125 <http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service>`_: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service (xabbuh)
  • bug #16588 Sent out a status text for unknown HTTP headers. (dawehner)
  • bug #16295 [DependencyInjection] Unescape parameters for all types of injection (Nicofuma)
  • bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas)
  • bug #16578 [Console] Fix bug in windows detection (kbond)
  • bug #16546 [Serializer] ObjectNormalizer: don't serialize static methods and props (dunglas)
  • bug #16352 Fix the server variables in the router_*.php files (leofeyer)
  • bug #16537 [Validator] Allow an empty path with a non empty fragment or a query (jakzal)
  • bug #16528 [Translation] Add support for Armenian pluralization. (marcosdsanchez)
  • bug #16510 [Process] fix Proccess run with pts enabled (ewgRa)
  • bug #16292 fix race condition at mkdir (#16258) (ewgRa)
  • bug #15945 [Form] trigger deprecation warning when using empty_value (xabbuh)
  • bug #16384 [FrameworkBundle] JsonDescriptor - encode container params only once (xabbuh)
  • bug #16480 [VarDumper] Fix PHP7 type-hints compat (nicolas-grekas)
  • bug #16463 [PropertyAccess] Port of the performance optimization from 2.3 (dunglas)
  • bug #16462 [PropertyAccess] Fix dynamic property accessing. (dunglas)
  • bug #16454 [Serializer] GetSetNormalizer shouldn't set/get static methods (boekkooi)
  • bug #16453 [Serializer] PropertyNormalizer shouldn't set static properties (boekkooi)
  • bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas)
  • bug #16294 [PropertyAccess] Major performance improvement (dunglas)
  • bug #16331 fixed Twig deprecation notices (fabpot)
  • bug #16306 [DoctrineBridge] Fix issue which prevent the profiler to explain a query (Baachi)
  • bug #16359 Use mb_detect_encoding with $strict = true (nicolas-grekas)
  • bug #16144 [Security] don't allow to install the split Security packages (xabbuh)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to check the integrity of this new version? Read my blog post about signing releases .

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases