Symfony 6.0.20 released
Warning: Symfony 6.0 is no longer supported. Consider upgrading your applications to the most recent Symfony version.
Symfony 6.0.20 has just been released. Here is the list of the most important changes since 6.0.19:
- bug #49141 [HttpFoundation] Fix bad return type in IpUtils::checkIp4() (@tristankretzer)
- bug #49126 [DependencyInjection] Fix order of arguments when mixing positional and named ones (@nicolas-grekas)
- bug #49104 [HttpClient] Fix collecting data non-late for the profiler (@nicolas-grekas)
- bug #49103 [Security/Http] Fix compat of persistent remember-me with legacy tokens (@nicolas-grekas)
- security #cve-2022-24895 [Security/Http] Remove CSRF tokens from storage on successful login (@nicolas-grekas)
- security #cve-2022-24894 [HttpKernel] Remove private headers before storing responses with HttpCache (@nicolas-grekas)
WARNING: 6.0.20 is the last version for the Symfony 6.0 branch. If some of your projects are still using this version, consider upgrading as soon as possible. However, if you can't upgrade soon, note that we still provide security issue releases according to our release policy.
Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.