CVE-2017-11365: Empty passwords validation issue

CVE-2017-11365 fixes a regression which allows empty passwords to be always valid for any user.

Symfony 3.3.5 released

Read release notes

Symfony 3.2.12 released

Read release notes

Symfony 2.8.25 released

Read release notes

Symfony 2.7.32 released

Read release notes

A week of symfony #550 (10-16 July 2017)

This week, the upcoming Symfony 3.4 version added support for lazy-loaded console commands to improve performance. Meanwhile, Symfony 3.3 also improved performance by optimizing the profiler data generated by VarDumper. Lastly, we added support for the new types defined by Doctrine DBAL.

New in Symfony 3.4: Lazy commands

In Symfony 3.4, console commands can be lazy-loaded, so the application doesn't have to instantiate all of them when running any command.

New in Symfony 3.4: Stopwatch improvements

In Symfony 3.4, the Stopwatch component allows to reset all its time measures and removes the sub-millisecond restriction to allow time measures with arbitrary precision.

A week of symfony #549 (3-9 July 2017)

This week, Symfony published the 2.7.31, 2.8.24, 3.2.11 and 3.3.4 maintenance versions. Meanwhile, we fixed some edge cases in the Dotenv component, reduced the size of the profiler files and improved the error message shown when the debug toolbar cannot be displayed.

New in Symfony 3.4: Validator information in the Symfony profiler

In Symfony 3.4, the web debug toolbar and the profiler will include a new panel to collect information about validator calls.