Symfony 4.1.12 has just been released. Here is a list of the most important changes:

  • security #cve-2019-10910 [DI] Check service IDs are valid (@nicolas-grekas)
  • security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (@stof)
  • security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (@nicolas-grekas)
  • security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (@pborreli)
  • security #cve-2019-10913 [HttpFoundation] reject invalid method override (@nicolas-grekas)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases