This week Symfony published 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14 and 4.1.3 security releases to fix two security vulnerabilities related to HTTP headers.
Symfony development highlights
- 9d0ff4f: [HttpKernel] fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
- 6604978: [HttpFoundation] removed support for legacy and risky HTTP headers
- 0f7667d: [HttpKernel] fixed trusted headers management in HttpCache and InlineFragmentRenderer
- 5d8bf16: [HttpFoundation] removed the Expires header when calling Response::expire()
- 470ac26: [PropertyInfo] allowed nested collections
- fbe4bc1: [Yaml] save preg_match() calls when possible
- 924f7f9: [DomCrawler] made the base URI optional when elements use absolute URIs
- 6198223: [WebProfilerBundle] append new ajax request to the end of the list
- dd2f830: [Form] added options for separate date/time labels in DateTimeType
Newest issues and pull requests
- Allow to explicitly choose argon2id variant - Argon2idPasswordEncoder?
- [Console] Sort alphabetically command arguments and options while describing definition
- Accepting callbacks for symfony/options-resolver -> setAllowedValues()
They talked about us
- Using Symfony Security voters to check user permissions with ease
- Atlas ORM Integration with Symfony
- Découvrez Panther : un testeur de navigateur et une bibliothèque d’extraction de contenu pour PHP et Symfony
Upcoming Symfony Events
- Treffen der Symfony User Group Hamburg: Hamburg, Germany (August 7, 2018)
- Symfony trifft Kiel: Kiel, Germany (August 20, 2018)
- Symfony UG Frankfurt am Main 2018: Frankfurt, Germany (August 28-29, 2018)
- Chicago Symfony & React Meetup - August 2018: Chicago, USA (August 29, 2018)
- SymfonyDay 2018: Verona, Italy (October 19, 2018)
Call to Action
- Follow Symfony on Twitter and retweet this article.
- Follow Symfony on Medium and clap for this article.
- Subscribe to the Symfony blog RSS and never miss a Symfony story again
Published in
#A week of symfony