Symfony 2.8.41 released

Symfony 2.8.41 has just been released. Here is a list of the most important changes:

  • bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (@nicolas-grekas)
  • security #cve-2018-11408 [SecurityBundle] Fail if security.htt _utils cannot be configured
  • security #cve-2018-11406 clear CSRF tokens when the user is logged out
  • security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
  • security #cve-2018-11385 Adding session strategy to ALL listeners to avoid any possible fixation
  • security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Comments

Thanks for the Update! The CVE-links are down though...
Ah, got it; was too soon to report the links were down. They are up now, now the relevant blog pages have been published.

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.