Symfony 3.4.14 has just been released. Here is a list of the most
- security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (@nicolas-grekas)
- security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (@nicolas-grekas)
- bug #28003 [HttpKernel] Fixes invalid REMOT _ADDR in inline subrequest when configuring trusted proxy with subnet (@netiul)
- bug #28007 [FrameworkBundle] fixed guard event names for transitions (@destillat)
- bug #28045 [HttpFoundation] Fix Cookie::isCleared (@ro0NL)
- bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (@Phobetor)
- bug #28052 [HttpKernel] Fix merging bindings for controllers’ locators (@nicolas-grekas)
Want to upgrade to this new release? Fortunately, because Symfony protects
backwards-compatibility very closely, this should be quite easy.
Read our upgrade
documentation to learn more.
Want to be notified whenever a new Symfony release is published? Or when a
version is not maintained anymore? Or only when a security issue is fixed?
Consider subscribing to the Symfony Roadmap Notifications.
[risorsa: Symfony Blog https://ift.tt/2LZyvqB ]