Symfony 2.8.41 released

Symfony 2.8.41 has just been released. Here is a list of the most important changes:

  • bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (@nicolas-grekas)
  • security #cve-2018-11408 [SecurityBundle] Fail if security.htt _utils cannot be configured
  • security #cve-2018-11406 clear CSRF tokens when the user is logged out
  • security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
  • security #cve-2018-11385 Adding session strategy to ALL listeners to avoid any possible fixation
  • security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Comments

Thanks for the Update! The CVE-links are down though...
Ah, got it; was too soon to report the links were down. They are up now, now the relevant blog pages have been published.
Login with SensioLabsConnect to post a comment