Symfony 2.8.41 released
![Avatar of Fabien Potencier](https://connect.symfony.com/api/images/4aed4f5d-e0cb-4320-902f-885fddaa7d15.png?format=28x28)
Warning: Symfony 2.8 is no longer supported. Consider upgrading your applications to the most recent Symfony version.
Symfony 2.8.41 has just been released. Here is a list of the most important changes:
- bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (@nicolas-grekas)
- security #cve-2018-11408 [SecurityBundle] Fail if security.htt _utils cannot be configured
- security #cve-2018-11406 clear CSRF tokens when the user is logged out
- security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
- security #cve-2018-11385 Adding session strategy to ALL listeners to avoid any possible fixation
- security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments
![Avatar of Leon Hagendijk](https://connect.symfony.com/api/images/0b8d185e-8a52-4102-8b1a-5ea61c52caca.png?format=48x48)
![Avatar of Leon Hagendijk](https://connect.symfony.com/api/images/0b8d185e-8a52-4102-8b1a-5ea61c52caca.png?format=48x48)
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.