Symfony Blog
CVE-2018-11406: CSRF Token Fixation
CVE-2018-11406 fixes a possible CSRF token fixation.
New in Symfony 4.1: Misc. improvements (part 2)
In Symfony 4.1 there is a new choice_translation_locale option for some form types, a new command to delete cache items, allow_if expression can use custom expressions and you can use the new dd() debug helper.
New in Symfony 4.1: Misc. improvements (part 1)
Some small but nice new features added to Symfony 4.1: use csrf_token() without the Form component, parse env vars stored in CSV files, change progress bars dynamically and check more easily the contents of your .env files.
New in Symfony 4.1: Configurable trailing slash on imported routes
In Symfony 4.1, when importing some routes under a common prefix, you can configure whether or not the root route adds a trailing slash to its path.