Contributed by Nicolas Grekas in #62230

The Symfony Messenger component defines transports to send and receive messages, often through queueing systems like Doctrine, Redis, Amazon SQS, Beanstalkd, or AMQP.

If those queue systems are not properly secured, a malicious actor could inject forged payloads into the queue. This is particularly dangerous for messages that trigger commands or processes to run.

Although protecting your infrastructure is not Symfony's responsibility, Symfony 7.4 adds a new layer of defense. Messages can now be cryptographically signed to detect and discard any that have been tampered with.

To enable message signing, set the sign option to true in the handler that processes the message:

        1
2
3
4
5
6
7
8
9
10
11
12
13
14
        // src/MessageHandler/SmsNotificationHandler.php
namespace App\MessageHandler;

use App\Message\SmsNotification;
use Symfony\Component\Messenger\Attribute\AsMessageHandler;

#[AsMessageHandler(sign: true)]
class SmsNotificationHandler
{
    public function __invoke(SmsNotification $message): void
    {
        // ... handle message
    }
}
    

When signing is enabled, each message is signed using an HMAC signature computed with your application's secret key (kernel.secret parameter). The signature is added to the message headers (Body-Sign and Sign-Algo) when the message is sent, and verified automatically when it's received.

If the signature is missing or invalid, an InvalidMessageSignatureException is thrown and the message will not be processed.

Published in #Living on the edge

Michael Brauner said on Nov 15, 2025 at 23:55

That's awesome! Love it.

Alexandru Habasescu said on Nov 16, 2025 at 18:16

Even though Symfony is not responsible for protecting our infrastructure, it consistently provides the fundamental tools we need to build secure systems. These features make it much easier to design applications that are safe by default.

Symfony has always been seen as a more enterprise-level framework compared to many others and strong, thoughtful security features like this reinforce that reputation. Security should always come first, and Symfony keeps moving in the right direction.

Yasmany Cubela Medina said on Nov 17, 2025 at 20:41

Great feature, but it feels a bit off that signing is enabled on the Handler and not on the config, given that a message can have multiple Handlers and the Handler is not responsible for dispatching the message itself. It will be interesting to see the architectural approach chosen

JAWAD AIT BIHI Certified said on Dec 4, 2025 at 22:22

I really appreciate how Symfony keeps strengthening security across its components. Even if a malicious user somehow manages to reach our messaging layer, having this extra protection makes the whole system more resilient.

New in Symfony 7.4 Signing Messages

Comments

Become a Symfony contributor