Filter posts by publication date
Christopher will tour the official Symfony AI initiative, exploring the Platform component and its uniform API across LLM providers, the Agent component with its multi-agent orchestration, and the Store component for RAG, complete with live demos featuring webcams and a look at the v1 roadmap.
May 26, 2026
#Conferences
symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
May 26, 2026
#Security Advisories
#Symfony
Thomas Durand will explore how to put the CLI at the heart of your development workflow, leveraging the full power of Symfony Console to automate tasks and improve developer productivity
May 26, 2026
#Conferences
Symfony 8.1 improves console input with image pasting, interactive choice questions, answer validation, and raw input forwarding.
May 26, 2026
#Living on the edge
❤️ 10
👍 2
🚀 6
🎉 6
This week, Symfony released 36 security advisories and published security releases 5.4.52, 6.4.40, 7.4.12, 8.0.12, 8.1.0 BETA3 and Twig 3.26.0. We also published an article about how we used Claude Mythos to analyze the Symfony and Twig codebases and uncover many of these security issues. Lastly, we announced that the Symfony UX 2.x branch is now in security-fixes-only maintenance mode and shared more details about the SymfonyOnline June 2026 conference.
May 24, 2026
#A week of symfony
🚀 2
Mathias Arlaud will take a deep dive into the internals of Symfony's HTTP layer to explain the performance implications of how we handle responses and how to optimize your controllers for maximum efficiency
May 22, 2026
#Conferences
Symfony UX 2.x is now in security-only maintenance mode. Going forward, all new features and bug fixes will target Symfony UX 3.x, while security updates for 2.x will continue until January 1, 2027. Learn what this means for existing projects and why now is the right time to plan your upgrade to Symfony UX 3.x.
May 22, 2026
#Other
❤️ 2
🚀 2
Symfony 8.1 improves Messenger with batch fetching, AMQP priorities, smarter retries, and configurable resets.
May 22, 2026
#Living on the edge
❤️ 6
👍 7
🚀 4
🎉 3
Claude Mythos Preview, Anthropic's unreleased model, audited Symfony and Twig code and reported 19 vulnerabilities. All of them turned out to be real.
May 21, 2026
#Symfony
👀 1
❤️ 28
👍 11
🚀 11
🎉 3
Email Header Injection via Non-Token Characters in Mime Parameter Names
May 20, 2026
#Security Advisories
#Symfony
Johannes introduces Symfony Mate, an MCP server that exposes a curated, deterministic view of your running Symfony application (container, services, profiler, logs) to any MCP-aware client
May 20, 2026
#Conferences
🚀 1
Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
May 20, 2026
#Security Advisories
#Symfony
SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
May 20, 2026
#Security Advisories
#Symfony
Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection
May 20, 2026
#Security Advisories
#Symfony
JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS
May 20, 2026
#Security Advisories
#Symfony
Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection
May 20, 2026
#Security Advisories
#Symfony
YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
May 20, 2026
#Security Advisories
#Symfony
SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
May 20, 2026
#Security Advisories
#Symfony
HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
May 20, 2026
#Security Advisories
#Symfony
Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
May 20, 2026
#Security Advisories
#Symfony
HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and Misclassification
May 20, 2026
#Security Advisories
#Symfony
Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
May 20, 2026
#Security Advisories
#Symfony
UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
May 20, 2026
#Security Advisories
#Symfony
Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
May 20, 2026
#Security Advisories
#Symfony
HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)
May 20, 2026
#Security Advisories
#Symfony
Identity Spoofing via Unanchored DN Regex in X509Authenticator
May 20, 2026
#Security Advisories
#Symfony
YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
May 20, 2026
#Security Advisories
#Symfony
YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings
May 20, 2026
#Security Advisories
#Symfony
Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
May 20, 2026
#Security Advisories
#Symfony
OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
May 20, 2026
#Security Advisories
#Symfony
CVE-2026-45071 XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
May 20, 2026
#Security Advisories
#Symfony
Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
May 20, 2026
#Security Advisories
#Symfony
HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
May 20, 2026
#Security Advisories
#Symfony
CVE-2026-47732 Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
May 20, 2026
#Security Advisories
#Twig
Sandbox property and method bypass via object-destructuring assignment
May 20, 2026
#Security Advisories
#Twig
The `spaceless` filter implicitly marks its output as safe
May 20, 2026
#Security Advisories
#Twig
Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments
May 20, 2026
#Security Advisories
#Twig
PHP code injection via `{% use %}` template name
May 20, 2026
#Security Advisories
#Twig
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
May 20, 2026
#Security Advisories
#Twig
`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
May 20, 2026
#Security Advisories
#Twig
Sandbox property allowlist bypass via the `column` filter (array_column on objects)
May 20, 2026
#Security Advisories
#Twig
`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
May 20, 2026
#Security Advisories
#Twig
XSS in profiler HtmlDumper via unescaped template and profile names
May 20, 2026
#Security Advisories
#Twig
Sandbox does not protect against resource exhaustion
May 20, 2026
#Security Advisories
#Twig
Arbitrary PHP code execution via `_self.()` macro-reference compilation
May 20, 2026
#Security Advisories
#Twig
Possible sandbox bypass when using a source policy
May 20, 2026
#Security Advisories
#Twig
Twig 3.26.0 released
May 20, 2026
#Releases
#Security Advisories
#Twig
❤️ 2
🚀 3
Learn with Arnaud Oltra where to start without breaking everything. An honest retrospective full of real-world constraints, false good ideas, and practical migration tips! 🙌
May 19, 2026
#Conferences
Symfony 8.1 improves the Validator component with new constraints, Clock support, and reentrant validators.
May 19, 2026
#Living on the edge
❤️ 1
👍 8
🚀 3
🎉 3
Join Nicolas Grekas to learn advanced techniques for adjusting your app's behavior on the fly! 🍁
May 18, 2026
#Conferences
👀 1
Symfony 8.1 improves the request payload mapper with support for uploaded files inside DTOs, variadic arguments, empty payloads, and dynamic validation groups.
May 18, 2026
#Living on the edge
❤️ 7
👍 5
🚀 5
🎉 5
This week, Symfony published maintenance versions 6.4.39, 7.4.11, and 8.0.11. In addition, we announced the second beta release of Symfony 8.1. Finally, we shared the schedule for the SymfonyOnline June 2026 conference and more details about SymfonyDay Montreal 2026.
May 17, 2026
#A week of symfony
Robin Chalas will demonstrate how Symfony 8 leverages modern PHP to make hexagonal architecture and DDD patterns practical and natural, allowing you to build scalable applications that put your business logic first!
May 15, 2026
#Conferences
Symfony 8.1 improves translations with broader XLIFF support, more flexible locale configuration, and better placeholder handling.
May 14, 2026
#Living on the edge
❤️ 6
👍 5
🚀 3
🎉 3
The schedule has landed: 2 days and 13 expert speakers! View the full lineup & grab your seat.
May 13, 2026
#Conferences
👍 2
🚀 1
Symfony 8.1 introduces dynamic controller attributes, making them easier to override at runtime, consume from event listeners, and extend with custom attribute-based features.
May 13, 2026
#Living on the edge
👀 2
❤️ 3
👍 3
🚀 4
🎉 2
In this talk, Fabien Potencier will dive into the brand-new Symfony Terminal component, demonstrating how to build rich Text User Interfaces (TUIs) directly in PHP, moving beyond simple CLI commands to create immersive terminal experiences.
May 12, 2026
#Conferences
Symfony 8.1 adds a new Serialize attribute that automatically serializes controller return values into the appropriate response format.
May 12, 2026
#Living on the edge
❤️ 7
👍 3
🚀 6
🎉 5
Symfony 8.1 improves the Cache attribute with new expression variables, closure support, and conditional application.
May 11, 2026
#Living on the edge
👀 1
❤️ 8
👍 7
🚀 6
🎉 5
This week, Symfony 6.4.38, 7.4.10, and 8.0.10 maintenance versions were released. In addition, we published the first beta of Symfony 8.1 so you can test it before its final release in three weeks. Meanwhile, we shared more information about the SymfonyDay Montreal 2026 conference and started publishing the New in Symfony 8.1 blog series.
May 10, 2026
#A week of symfony
❤️ 2
Oskar Barcz will provide a pragmatic look at Command Query Responsibility Segregation, explaining when it adds value and how to implement it in Symfony without over-engineering your architecture!
May 8, 2026
#Conferences
Symfony 8.1 introduces argument resolvers for console commands, automatically converting CLI arguments and options into typed values and objects.
May 8, 2026
#Living on the edge
❤️ 9
👍 7
🚀 7
🎉 6
Learn how to make your applications more flexible and configurable by leveraging the ExpressionLanguage component with Florian Merle!
May 7, 2026
#Conferences
Symfony 8.1 introduces DeepCloner, a fast and memory-efficient way to deep-clone complex PHP object graphs.
May 7, 2026
#Living on the edge
❤️ 9
👍 8
🚀 15
🎉 5
In Symfony 8.1, you can group multiple console commands in a single class, sharing their dependencies and simplifying maintenance.
May 6, 2026
#Living on the edge
👀 2
❤️ 11
👍 9
🚀 8
🎉 6
Symfony 8.1 enables building applications with the full dependency injection container without depending on HttpKernel, simplifying non-HTTP Symfony apps.
May 5, 2026
#Living on the edge
👀 1
❤️ 18
👍 7
🚀 14
🎉 8
This week, Symfony released the maintained versions 6.4.37, 7.4.9, and 8.0.9. Meanwhile, we continued merging new features for the upcoming Symfony 8.1 version, such as the new TUI component. Lastly, we published an update about the recent SymfonyInsight improvements.
May 3, 2026
#A week of symfony
👍 1