Symfony 4.3.8 released
November 13, 2019 • Published by Fabien Potencier
Warning: Symfony 4.3 is no longer supported. Consider upgrading your applications to the most recent Symfony version.
Symfony 4.3.8 has just been released. Here is a list of the most important changes:
- bug #34344 [Console] Constant STDOUT might be undefined (@nicolas-grekas)
- security #cve-2019-18886 [SecurityCore] throw AccessDeniedException when switch user fails (@nicolas-grekas)
- security #cve-2019-18888 [Mime] fix guessing mime-types of files with leading dash (@nicolas-grekas)
- security #cve-2019-11325 [VarExporter] fix exporting some strings (@nicolas-grekas)
- security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (@nicolas-grekas)
- security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@nicolas-grekas)
- security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)
Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.