Symfony Blog
All about Symfony releases, new Symfony features, and other important announcements
SymfonyMakerBundle is a new code generator bundle created as an alternative to SensioGeneratorBundle for modern Symfony applications.
PHP 7.2 will be released on November 30th (the same day as Symfony 4). We've been working for more than one year to make all Symfony versions (from 2.7 to 4.0) fully compatible with PHP 7.2.
This week, Symfony celebrated SymfonyCon, its annual global conference, in Cluj (Romania) with great success. Meanwhile, several maintenance versions were published to address some security advisories. Lastly, the community gathered around the SymfonyCon Hack Day to help preparing for Symfony 4 bundle support.
CVE-2017-16653 fixes CSRF protection which did not use different tokens for HTTP and HTTPS.
CVE-2017-16652 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler
CVE-2017-16654 fixes the possibility for the Intl bundle reader to break out of paths.
CVE-2017-16790 checks that submitted data are uploaded files.