Affected versions
Twig versions >=3.16.0,<3.19.0 are affected by this security issue.
The issue has been fixed in Twig 3.19.0.
Description
When using the null coalesce operator (??), output escaping was missing for the expression on the left side of… https://symfony.com/blog/twig-cve-2025-24374-missing-output-escaping-for-the-null-coalesce-operator?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Chcete-li přidat komentář, přihlaste se
Ostatní příspěvky v této skupině
🎤 Take the stage at SymfonyCon Amsterdam 2025, on your own terms!
The Unconference track is back and more dynamic than ever!
This unique, participant-driven format invites attendees to shape
This week, Symfony completed the migration to PHPUnit 12 in the 7.4 branch, which required many changes during the past weeks, such as replacing annotations with attributes. In addition, we updated th
🧑💻HACKDAY IS COMING!
Get ready to code, collaborate, and contribute, Symfony Hackday is back!
Join us in Amsterdam on Saturday, November 29th, for a hands-on hackathon designed to bring the
This week, Symfony released the maintenance versions 6.4.24, 7.2.9, and 7.3.2. Meanwhile, we began deprecating the XML configuration format in some components, enhanced the YAML configuration format t
Symfony 6.4.24 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in you
Symfony 7.2.9 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your
Symfony 7.3.2 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your
