Symfony 3.4.26 released
![Avatar of Fabien Potencier](https://connect.symfony.com/api/images/4aed4f5d-e0cb-4320-902f-885fddaa7d15.png?format=28x28)
Warning: Symfony 3.4 is no longer supported. Consider upgrading your applications to the most recent Symfony version.
Symfony 3.4.26 has just been released. Here is a list of the most important changes:
- bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (@vermeirentony)
- bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)" (@chalasr)
- security #cve-2019-10910 [DI] Check service IDs are valid (@nicolas-grekas)
- security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (@stof)
- security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (@nicolas-grekas)
- security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (@pborreli)
- security #cve-2019-10913 [HttpFoundation] reject invalid method override (@nicolas-grekas)
Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments
![Avatar of Simo Heinonen](https://connect.symfony.com/api/images/3ea9af44-047c-4f9d-a8a3-b2a51f3ebe8a.png?format=48x48)
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.