This week, Symfony 8.1 was released. In addition, we published dozens of security advisories and released the security updates Symfony 5.4.53, 6.4.41, 7.4.13, 8.0.13, Twig 3.27, Symfony UX 2.36 and 3.1, and Polyfill 1.38.1. We also published more information about the upcoming SymfonyOnline June 2026 conference.
May 31, 2026
#A week of symfony
👍 1
Tobias Nyholm will introduce the Model Context Protocol (MCP), an open specification that lets AI clients discover your app's tools, and demonstrate the new official PHP mcp-sdk co-built by the Symfony AI initiative, showing how easily you can secure routes and leverage Symfony's bundle integration
May 30, 2026
#Conferences
Vincent Amstoutz will explore the practical reality of using AI as an autonomous security researcher to uncover complex injection paths, broken access control, and logic flaws that traditional rulesets miss, giving you a battle-tested strategy to weaponize LLMs against your own technical debt.
May 29, 2026
#Conferences
XSS in symfony/ux-live-component via attacker-controlled child component tag
May 29, 2026
#Security Advisories
#Symfony UX
LiveComponentHydrator HMAC checksum lacks component and slot binding
May 29, 2026
#Security Advisories
#Symfony UX
👍 1
CVE-2026-49215 CSRF Protection Bypass in symfony/ux-live-component: Accept Header is CORS-Safelisted
CSRF Protection Bypass in symfony/ux-live-component: Accept Header is CORS-Safelisted
May 29, 2026
#Security Advisories
#Symfony UX
XSS in symfony/ux-autocomplete via unescaped AJAX response data
May 29, 2026
#Security Advisories
#Symfony UX