Affected versions Symfony versions >=5.4.21, <5.4.31, and >= 6.2.7, < 6.3.8 of the Symfony Security HTTP component are affected by this security issue. The issue has been fixed in Symfony 5.4.31, 6.3.8. Description SessionStrategyListener does… https://symfony.com/blog/cve-2023-46733-possible-session-fixation?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 6.4.0-BETA3 has just been released. Here is the list of the most important changes since 6.4.0-BETA2:

bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)

bug #52524 [AssetMapper]… https://symfony.com/blog/symfony-6-4-0-beta3-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions Symfony versions >=6.3.0, <6.3.8 of the Symfony Webhook component are affected by this security issue. The issue has been fixed in Symfony 6.3.8. Description The error message in WebhookController returns unescaped user-submitted… https://symfony.com/blog/cve-2023-46735-potential-xss-in-webhookcontroller?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 7.0.0-BETA3 has just been released. Here is the list of the most important changes since 7.0.0-BETA2:

bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)

bug #52524 [AssetMapper]… https://symfony.com/blog/symfony-7-0-0-beta3-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

SymfonyCon Brussels 2023 is just around the corner and will start on:

December 5-6: Workshop days. It is possible to attend 1 two-day training or 2 one-day trainings! December 7-8: Conference days with 3 parallels tracks and 1 unconference track… https://symfony.com/blog/symfonycon-brussels-2023-from-chaos-to-control-exception-handling-in-symfony?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 5.4.31 has just been released. Here is the list of the most important changes since 5.4.30:

security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)

security #cve-2023-46733… https://symfony.com/blog/symfony-5-4-31-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 4.4.51 has just been released. Here is the list of the most important changes since 4.4.50:

security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)

Want to upgrade to this… https://symfony.com/blog/symfony-4-4-51-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 6.3.8 has just been released. Here is the list of the most important changes since 6.3.7:

bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)

security #cve-2023-46734 [TwigBridge]… https://symfony.com/blog/symfony-6-3-8-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Contributed by Kevin Bond in #49813,

49814

        and #49815.

The Messenger component is designed around two main concepts: messages (which are… https://symfony.com/blog/new-in-symfony-6-4-more-built-in-message-handlers?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

SymfonyCon Brussels 2023 is just around the corner and will start on:

December 5-6: Workshop days. It is possible to attend 1 two-day training or 2 one-day trainings! December 7-8: Conference days with 3 parallels tracks and 1 unconference track… https://symfony.com/blog/symfonycon-brussels-2023-multi-tenant-applications-using-symfony-for-real?utm_source=Symfony%20Blog%20Feed&utm_medium=feed