Symfony 3.3.17 released

May 25, 2018 Published by Avatar of Fabien Potencier Fabien Potencier

Warning: Symfony 3.3 is no longer supported. Consider upgrading your applications to the most recent Symfony version.

Symfony 3.3.17 has just been released. Here is a list of the most important changes:

  • security #cve-2018-11407 [Ldap] cast to string when checking empty passwords
  • security #cve-2018-11408 [SecurityBundle] Fail if security.htt _utils cannot be configured
  • security #cve-2018-11406 clear CSRF tokens when the user is logged out
  • security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener
  • security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.