« Twig » blog posts

Updates and new features of the Twig template language used in Symfony and PHP applications.

Twig 3.24.0 released

Twig 3.24.0 has just been released with a major new feature for working with HTML attributes, improved null-safe operator behavior, and variable renaming in object destructuring.
March 18, 2026 #Twig ❤️ 10 👍 5 🚀 12 🎉 4

Twig 3.23: Introducing new operators and destructuring support

Twig 3.23: Introducing new operators and destructuring support
January 23, 2026 #Twig ❤️ 27 👍 7 🚀 6 🎉 7

Twig CVE-2025-24374: Missing output escaping for the null coalesce operator

Twig CVE-2025-24374: Missing output escaping for the null coalesce operator
January 29, 2025 #Twig 👍 1

Introducing the new Twig Playground

Introducing the new Twig Playground
December 26, 2024 #Twig ❤️ 17 👍 7 🚀 7 🎉 4

New in Twig 3.15 (part 2)

Twig 3.15 introduces dynamic dot operator support, named arguments in macros, argument unpacking, and universal arrow function usage.
December 19, 2024 #Twig ❤️ 16 👍 3 🚀 4 🎉 4

New in Twig 3.15 (part 1)

Twig 3.15 adds inline comments, the enum() function, the xor operator, improved operator precedence, JSON escaping, the guard tag, and enhanced deprecation handling.
December 17, 2024 #Twig ❤️ 16 👍 11 🚀 5

Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox

Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox
November 6, 2024 #Twig 👀 1

Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list

Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list
November 6, 2024 #Twig 🚀 1

Twig security release: Possible sandbox bypass

Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions.
September 9, 2024 #Twig ❤️ 7

The last Twig 2 release

The last Twig 2 release
December 22, 2023 #Twig