New in Symfony 4.3: URL Helper

Contributed by Valentin Udaltsov in #30862. Generating absolute (and relative) URLs for a given path is a common need in lots of applications. In Twig templates this is trivial thanks to the absolute_url() and relative_path() functions (don’t mistake them for the path() and url() functions that generate URLs using route names). In Symfony 4.3 we’ve…

New in Symfony 4.3: URL Helper

Contributed by Valentin Udaltsov in #30862. Generating absolute (and relative) URLs for a given path is a common need in lots of applications. In Twig templates this is trivial thanks to the absolute_url() and relative_path() functions (don’t mistake them for the path() and url() functions that generate URLs using route names). In Symfony 4.3 we’ve…

A Week of Symfony #642 (15-21 April 2019)

This week, Symfony 2.7.51, 2.8.50, 3.4.26, 4.1.12 and 4.2.7 versions were released to address some security issues. Meanwhile, the upcoming Symfony 4.3 version added a native password hasher which chooses the best hashing algorithm automatically. Symfony development highlights This week, 44 pull requests were merged (33 in code and 11 in docs) and 52 issues…

CVE-2019-10910: Check service IDs are valid

Affected versions Symfony 2.7.0 to 2.7.50, 2.8.0 to 2.8.49, 3.4.0 to 3.4.25, 4.1.0 to 4.1.11 and 4.2.0 to 4.2.6 versions of the Symfony Dependency Injection component are affected by this security issue. The issue has been fixed in Symfony 2.7.51, 2.8.50, 3.4.26, 4.1.12 and 4.2.7. Note that no fixes are provided for Symfony 3.0, 3.1,…

CVE-2019-10913: Reject invalid HTTP method overrides

Affected versions Symfony 2.7.0 to 2.7.50, 2.8.0 to 2.8.49, 3.4.0 to 3.4.25, 4.1.0 to 4.1.11 and 4.2.0 to 4.2.6 versions of the Symfony HttpFoundation component are affected by this security issue. The issue has been fixed in Symfony 2.7.51, 2.8.50, 3.4.26, 4.1.12 and 4.2.7. Note that no fixes are provided for Symfony 3.0, 3.1, 3.2,…

Symfony 4.2.7 released

Symfony 4.2.7 has just been released. Here is a list of the most important changes: bug #31107 [Routing] fix trailing slash redirection with non-greedy trailing vars (@nicolas-grekas) bug #31108 [FrameworkBundle] decorate the ValidatorBuilder’s translator with LegacyTranslatorProxy (@nicolas-grekas) bug #31121 [HttpKernel] Fix get session when the request stack is empty (@yceruto) bug #31084 [HttpFoundation] Make MimeTypeExtensionGuesser…

Symfony 4.1.12 released

Symfony 4.1.12 has just been released. Here is a list of the most important changes: security #cve-2019-10910 [DI] Check service IDs are valid (@nicolas-grekas) security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (@stof) security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (@nicolas-grekas) security #cve-2019-10911 [Security]…