Symfony 3.4.49 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr)
Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be notified whene
Symfony 4.4.24 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr) bug #41230 [FrameworkBundle][Validator] Fix deprecations from Doctrine Annotations+Cache (@derrabus) bug #41240 Fixed deprecation warnings about passing null as parameter (@derrabus) bug #41241 [Finder] Fix gitignore regex build with “” (@mvorisek) bug #41224 [HttpClient] fix adding q
Symfony 5.2.9 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr) bug #41275 Fixes Undefined method call (@faizanakram99) bug #41269 [SecurityBundle] Remove invalid unused service (@chalasr) bug #41139 [Security] [DataCollector] Remove allows anonymous information in datacollector (@ismail1432) bug #41230 [FrameworkBundle][Validator] Fix deprecations
Symfony 5.3.0-RC1 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr) bug #41275 Fixes Undefined method call (@faizanakram99) feature #41175 [Security] [RememberMe] Add support for parallel requests doing remember-me re-authentication (@Seldaek) bug #41269 [SecurityBundle] Remove invalid unused service (@chalasr) feature #41247 [Security] Deprecate t
SymfonyWorld 2021is coming next month! We've recently announced the first selected speakers, the first Keynotes and we've announced yesterday more talks and one other Keynote scheduled at the international conference on June 17 and 18.
The entire event, workshops and conference will be organized online in English. All talks will have English subtitles and will be available in replay as soon as the conference ends. Join us for an entire week of Symfony:
2-day online pre-conference workshops on
Contributed by Mathieu Santostefano in #38475.
The process of translating Symfony applications requires extracting all translatable contents from templates and code. This task is boring and error-prone; that’s why Symfony provides a translation:update command to extract contents and update catalogs automatically. This works great, unless your application uses external translation serv
Autowiring Iterators/Locators with Attributes¶
Contributed by
Alexander M. Turek
and Nicolas Grekas
in #40406.The traditional way of working with service tags in Symfony applications involves these steps: Apply some tag to one or more services (either manually or applying a tag automatically to all services that implement some interface); A
Contributed by Jesse Rushlow in #40323.
In Symfony applications there are several methods of passing data from the backend to the frontend. Some applications make Ajax requests whenever they need data and others prefer to pass it in Twig templates as HTML attributes or JavaScript variable values. In Symfony 5.3 we’ve added a simpler way of doing this: the new serialize Twig filter. Th
This week, Symfony 3.4.48, 4.4.23 and 5.2.8 maintenance versions were released to mitigate the CVE-2021-21424 security issue. In addition, the fourth beta of Symfony 5.3 was published and the first speakers of the SymfonyWorld 2021 conference were announced.
Symfony development highlights
This week, 61 pull requests were merged (56 in code and 5 in docs) and 37 issues were closed (30 in code and 7 in docs). Excluding merges, 25 authors made 397,998 additions and 353,391 deletions. See details
Contributed by Jérémy Derussé in #39919.
BREACH is a security exploit against HTTPS when using HTTP compression. This kind of compression side-channel attacks are used to read some data by knowing only the size of the compressed data. Your site is at risk if attackers can read the size of your encrypted traffic and can also make any number of HTTP requests with CSRF tokens. The tradit
