Software Update: Symfony 4.3.8 / 4.2.12 / 3.4.35 / 2.8.52

Symfony is a PHP web application framework and is available under the mit license. In addition to a framework and reusable components offers Symfony a philosophy, methodology and community, supported by SensioLabs. Various topics can also be found on our Forum. The developers have released versions 4.3.8, 4.2.12, 3.4.35 and 2.8.52 with the following changes:

Symfony 4.3.8 released

Symfony 4.3.8 has just been released. Here is a list of the most important changes:

  • bug # 34344 [Console] Constant STDOUT might be undefined (@ nicolas-grekas)
  • security # cve-2019-18886 [SecurityCore] throw AccessDeniedException when switch user fails (@ nicolas-grekas)
  • security # cve-2019-18888 [Mime] fix guessing mime-types of files with leading dash (@ nicolas-grekas)
  • security # cve-2019-11325 [VarExporter] fix exporting some strings (@ nicolas-grekas)
  • security # cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (@ nicolas-grekas)
  • security # cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@ nicolas-grekas)
  • security # cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)

Symfony 4.2.12 released

Symfony 4.2.12 has just been released. Here is a list of the most important changes:

  • security # cve-2019-18886 [SecurityCore] throw AccessDeniedException when switch user fails (@ nicolas-grekas)
  • security # cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (@ nicolas-grekas)
  • security # cve-2019-11325 [VarExporter] fix exporting some strings (@ nicolas-grekas)
  • security # cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@ nicolas-grekas)
  • security # cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)

Symfony 3.4.35 released

Symfony 3.4.35 has just been released. Here is a list of the most important changes:

  • bug # 34344 [Console] Constant STDOUT might be undefined (@ nicolas-grekas)
  • security # cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (@ nicolas-grekas)
  • security # cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@ nicolas-grekas)
  • security # cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)

Symfony 2.8.52 released

Symfony 2.8.52 has just been released. Here is a list of the most important changes:

  • security # cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@ nicolas-grekas)
  • security # cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)

Version number 4.3.8 / 4.2.12 / 3.4.35 / 2.8.
Release status Final
Operating systems Script language
Website Symfony
Download https://symfony.com/download
License type Conditions (GNU / BSD / etc.)
Comments
Loading...