Symfony 4.1.3 released

Symfony 4.1.3 has just been released. Here is a list of the most important changes:

  • security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (@nicolas-grekas)
  • security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (@nicolas-grekas)
  • bug #28003 [HttpKernel] Fixes invalid REMOT _ADDR in inline subrequest when configuring trusted proxy with subnet (@netiul)
  • bug #28007 [FrameworkBundle] fixed guard event names for transitions (@destillat)
  • bug #28045 [HttpFoundation] Fix Cookie::isCleared (@ro0NL)
  • bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (@Phobetor)
  • bug #28059 [Messenger] Fix error message on undefined message class for non-subscriber handler (@chalasr)
  • bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (@nicolas-grekas)
  • bug #28014 [Messenger] Fix chaining senders with their aliases (@sroze)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.



j'ai un problème symfony 4.1 pour le mettre en production un hébergeur, en local mon site marche très bien même excellent, j'ai pas trouver les étapes a faire pour le mettre en mode prod merci

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.