Symfony 2.8.6 has just been released. Here is a list of the most important changes:

  • security #18736 Fixed issue with blank password with Ldap (csarrazi) - CVE-2016-2403
  • security #18733 limited the maximum length of a submitted username (fabpot) - CVE-2016-4423
  • bug #18730 [FrameworkBundle] prevent calling get() for service_container service (xabbuh)
  • bug #18705 added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+ (fabpot)
  • bug #18709 [DependencyInjection] top-level anonymous services must be public (xabbuh)
  • bug #18388 [EventDispatcher] check for method to exist (xabbuh)
  • bug #18699 [DependencyInjection] Use the priority of service decoration on service with parent (hason)
  • bug #18692 add @Event annotation for KernelEvents (Haehnchen)
  • bug #18246 [DependencyInjection] fix ambiguous services schema (backbone87)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to check the integrity of this new version? Read my blog post about signing releases .

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases