Symfony 2.7.38 released

Warning: Symfony 2.7 is no longer supported. Consider upgrading your applications to the most recent Symfony version.

Symfony 2.7.38 has just been released. Here is a list of the most important changes:

  • security #24995 Validate redirect targets using the session cookie domain (@nicolas-grekas)
  • security #24994 Prevent bundle readers from breaking out of paths (@xabbuh)
  • security #24993 Ensure that submitted data are uploaded files (@xabbuh)
  • security #24992 Namespace generated CSRF tokens depending of the current scheme (@dunglas)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.


Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.