Symfony Blog
New in Symfony 4.1: Misc. improvements (part 4)
In Symfony 4.1, AbstractController provides a getParameter() helper, anonymous services can be configured with PHP DSL, PropertyInfo can introspect information using the constructor arguments and the level of the PHP logger is configurable.
New in Symfony 4.1: Misc. improvements (part 3)
In Symfony 4.1, MoneyType rounding is configurable, updating LDAP entries is more efficient, query strings can be kept when redirecting and hassers are supported by the PropertyInfo component.
A week of symfony #595 (21-27 May 2018)
This week Symfony released 2.7.48, 2.8.41, 3.3.17, 3.4.11 and 4.0.11 versions to address several security vulnerabilities. Meanwhile Symfony 4.1.0 beta3 was published in preparation for next week's final release. Lastly, it was announced that the SymfonyLive USA 2018 conference will take place in San Francisco on October 11th and 12th.
CVE-2018-11408: Open redirect vulnerability on security handlers
CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
CVE-2018-11386: Denial of service when using PDOSessionHandler
CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.
CVE-2018-11385: Session Fixation Issue for Guard Authentication
CVE-2018-11385 fixes a session fixation issue when using Guard authentication.
CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password
CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.