A week of symfony #605 (30 July - 5 August 2018)

This week Symfony published 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14 and 4.1.3 security releases to fix two security vulnerabilities related to HTTP headers.

Symfony development highlights

2.8 changelog:

  • 9d0ff4f: [HttpKernel] fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
  • 6604978: [HttpFoundation] removed support for legacy and risky HTTP headers
  • 0f7667d: [HttpKernel] fixed trusted headers management in HttpCache and InlineFragmentRenderer
  • 5d8bf16: [HttpFoundation] removed the Expires header when calling Response::expire()
  • 470ac26: [PropertyInfo] allowed nested collections

Master changelog:

  • fbe4bc1: [Yaml] save preg_match() calls when possible
  • 924f7f9: [DomCrawler] made the base URI optional when elements use absolute URIs
  • 6198223: [WebProfilerBundle] append new ajax request to the end of the list
  • dd2f830: [Form] added options for separate date/time labels in DateTimeType

Newest issues and pull requests

They talked about us

Upcoming Symfony Events

Call to Action


Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.