This week, the upcoming Symfony 6.1 version added context builders to simplify the creation of serialization contexts. In addition, SymfonyCon announced that it's coming back as a physical conference at Disneyland Paris later this year (November 15-18, 2022).
Symfony development highlights
This week, 41 pull requests were merged (29 in code and 12 in docs) and 39 issues were closed (34 in code and 5 in docs). Excluding merges, 30 authors made 16,259 additions a
Affected versions
Twig >2.0.0,3.0.0, https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
The SymfonyCon Disneyland Paris was initially scheduled in 2020, then postponed to 2021. But at that time, we didn't have enough visibility to organize it properly with the Covid circumstances. We finally decided to cancel it instead of postponing it again without any guarantee to be able to organize it.
This year is different: we are super excited to announce the organization of the international Symfony conference as initially planned at Disneyland Par
Affected versions Symfony 5.3.14, 5.4.3, and 6.0.3 versions of the Symfony Framework Bundle is affected by this security issue. The issue has been fixed in Symfony 5.3.15, 5.4.4, and 6.0.4.
Description The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled wi
This week, Symfony 4.4.37, 5.3.14, 5.4.3 and 6.0.3 maintenance versions were released. In addition, a potential security vulnerability related to CSRF tokens in forms was found and fixed in security releases for all maintained versions.
Symfony development highlights
This week, 45 pull requests were merged (37 in code and 8 in docs) and 44 issues were closed (35 in code and 9 in docs). Excluding merges, 36 authors made 1,509 additions and 272 deletions. See det
Description The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded,
Symfony 5.3.15 has just been released. Here is the list of the most important changes since 5.3.14: security #cve-2022-xxxx [FrameworkBundle] Enable CSRF in FORM by default (@jderusse) Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be
Symfony 5.4.4 has just been released. Here is the list of the most important changes since 5.4.3: security #cve-2022-xxxx [FrameworkBundle] Enable CSRF in FORM by default (@jderusse) Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be no
Symfony 6.0.4 has just been released. Here is the list of the most important changes since 6.0.3: security #cve-2022-xxxx [FrameworkBundle] Enable CSRF in FORM by default (@jderusse) Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be no
Symfony 6.0.3 has just been released. Here is the list of the most important changes since 6.0.2: bug #45193 [FrameworkBundle] Fix missing arguments when a serialization default context is bound (@ArnoudThibaut) bug #44997 [Runtime] Fix --env and --no-debug with dotenv_overload (@fancyweb) bug #45188 [Dotenv] Fix bootEnv() override with .env.local.php when the env key already exists (@fancyweb) bug #45095 [Finder] Fix finding VCS re-included files in excluded dir
