Affected versions
Twig versions >=3.16.0,<3.19.0 are affected by this security issue.
The issue has been fixed in Twig 3.19.0.
Description
When using the null coalesce operator (??), output escaping was missing for the expression on the left side of… https://symfony.com/blog/twig-cve-2025-24374-missing-output-escaping-for-the-null-coalesce-operator?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Accedi per aggiungere un commento
Altri post in questo gruppo
SymfonyLive Berlin 2025, conference held in English, will take place from April 1 to 4! The schedule is being revealed gradually. More details are available here. 🚨 Enjoy the last day before t
This week, Symfony 6.4.19 and 7.2.4 maintenance versions were released. In addition, the upcoming Symfony 7.3 version added a helper to render directory trees in the console. Lastly, we welcomed four
SymfonyLive Paris 2025, conference in French language only, will take place from March 27 to 28! The schedule is currently being revealed as we go along. More details are available here.
Al
SymfonyLive Berlin 2025, conference held in English, will take place from April 1 to 4! The schedule is being revealed gradually. More details are available here. 🚨 Enjoy the last few days bef
SymfonyLive Paris 2025, conference in French language only, will take place from March 27 to 28! The schedule is currently being revealed as we go along. More details are available here. 🚨 Tod
Symfony 6.4.19 has just been released. Here is the list of the most important changes since 6.4.18:
bug #59198 [Messenger] Filter out non-consumable receivers when registering ConsumeMessagesComm
Symfony 7.2.4 has just been released. Here is the list of the most important changes since 7.2.3:
bug #59198 [Messenger] Filter out non-consumable receivers when registering ConsumeMessagesComman