In Symfony 7.2, we've improved many existing commands with new options and features.

Resolve Env Vars when Linting the Container

    Contributed by
                Gabriel…

https://symfony.com/blog/new-in-symfony-7-2-new-command-options?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 7.1.8 has just been released. Here is the list of the most important changes since 7.1.7:

security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)

security #cve-2024-51996 [Security] Check owner… https://symfony.com/blog/symfony-7-1-8-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Affected versions

Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.

The issue has been fixed in Symfony 5.4.47, 6.4.15, and 7.1.8.

Description

Whan consuming… https://symfony.com/blog/cve-2024-51996-authentication-bypass-via-persisted-rememberme-cookie?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it. https://symfony.com/blog/update-for-cve-2024-50342-internal-address-and-port-enumeration-allowed-by-noprivatenetworkhttpclient?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 7.2.0-RC1 has just been released. Here is the list of the most important changes since 7.2.0-BETA2:

feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)

feature #57630 [TypeInfo] Redesign Type methods and nullability (@mtarld) security… https://symfony.com/blog/symfony-7-2-0-rc1-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 5.4.47 has just been released. Here is the list of the most important changes since 5.4.46:

security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)

security #cve-2024-51996 [Security] Check owner… https://symfony.com/blog/symfony-5-4-47-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Symfony 6.4.15 has just been released. Here is the list of the most important changes since 6.4.14:

security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)

security #cve-2024-51996 [Security] Check owner… https://symfony.com/blog/symfony-6-4-15-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Contributed by Yonel Ceruto in

57408…

https://symfony.com/blog/new-in-symfony-7-2-simpler-single-file-symfony-applications?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

New Private Subnets Shortcut for Trusted Proxies

    Contributed by
                Nicolas Grekas
                                     in…

https://symfony.com/blog/new-in-symfony-7-2-simpler-trusted-proxies-configuration?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

This week, Symfony 5.4.46, 6.4.14, and 7.1.7, maintenance versions were released. In addition, we released the second beta version of Symfony 7.2 ahead of its final release at the end of November 2024. Lastly, we published eight security advisories to fix… https://symfony.com/blog/a-week-of-symfony-932-4-10-november-2024?utm_source=Symfony%20Blog%20Feed&utm_medium=feed