Symfony 5.4.31 has just been released. Here is the list of the most important changes since 5.4.30:

  • security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
  • security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
  • bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
  • bug #52502 [Config] Prefixing FileExistenceResource::__toString() to avoid conflict with FileResource (@weaverryan)
  • bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
  • bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
  • bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
  • bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
  • bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
  • bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
  • bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
  • bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
  • bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
  • bug #52329 [HttpClient] Psr18Client: parse HTTP Reason Phrase for Response (@Hanmac)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases