Symfony Blog

All about Symfony releases, new Symfony features, and other important announcements

CVE-2018-11386 Denial of service when using PDOSessionHandler

CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.
May 25, 2018 #Security Advisories

CVE-2018-11408 Open redirect vulnerability on security handlers

CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
May 25, 2018 #Security Advisories

CVE-2018-11406 CSRF Token Fixation

CVE-2018-11406 fixes a possible CSRF token fixation.
May 25, 2018 #Security Advisories

Symfony 4.0.11 released

Read release notes
May 25, 2018 #Releases

Symfony 3.4.11 released

Read release notes
May 25, 2018 #Releases

Symfony 3.3.17 released

Read release notes
May 25, 2018 #Releases

Symfony 2.8.41 released

Read release notes
May 25, 2018 #Releases

Symfony 2.7.48 released

Read release notes
May 25, 2018 #Releases

New in Symfony 4.1 Misc. improvements (part 2)

In Symfony 4.1 there is a new choice_translation_locale option for some form types, a new command to delete cache items, allow_if expression can use custom expressions and you can use the new dd() debug helper.
May 25, 2018 #Living on the edge

New in Symfony 4.1 Misc. improvements (part 1)

Some small but nice new features added to Symfony 4.1: use csrf_token() without the Form component, parse env vars stored in CSV files, change progress bars dynamically and check more easily the contents of your .env files.
May 24, 2018 #Living on the edge