News

Aggregated news about Symfony

Symfony on Medium ·

7 days ago

From $_GET to #[ApiResource]: The Final Phase of a PHP Modernization

Symfony Blog ·

7 days ago

A Week of Symfony #1013 (May 25–31, 2026)

This week, Symfony 8.1 was released. In addition, we published dozens of security advisories and released the security updates Symfony 5.4.53, 6.4.41, 7.4.13, 8.0.13, Twig 3.27, Symfony...

Symfony Blog ·

8 days ago

Twig 3.27.1 released

Twig 3.27.1 is a patch release that fixes two regressions introduced by the sandbox hardening shipped in 3.27.0. Both involve how the sandbox inspects values that can be coerced to...

Symfony on Medium ·

8 days ago

SOwCode (Singular One-word Code) Design Pattern: Self‑Testing, Constraint‑Verified, Framework‑Aware

Symfony Blog ·

8 days ago

SymfonyOnline June 2026: Building MCP Servers with the Official PHP SDK

SymfonyOnline June 2026 is just around the corner on June 11-12, 2026. Get ready for high-quality pre-recorded talks followed by live Q&As! 🎤 Speaker announcement! JoWe are happy...

Symfony on Medium ·

9 days ago

184 Tables Renamed, 98 Routes Migrated: Bringing Symfony to a Legacy PHP Monolith

Symfony Blog ·

9 days ago

SymfonyOnline June 2026: Hunting Vulnerabilities in Symfony with LLMs

We are thrilled to welcome the global Symfony community online on June 11-12, 2026, for SymfonyOnline June 2026. Get ready for deep-dive technical tracks! 🎤 Speaker announcement!...

Symfony Blog ·

9 days ago

Symfony 8.1 curated new features

Symfony 8.1.0 is about to be released. As for any other Symfony release, our backward compatibility promise applies and this means that you should be able to upgrade easily to 8.1...

Symfony Blog ·

9 days ago

Symfony 8.1.0 released

Symfony 8.1.0 has just been released. Check the New in Symfony 8.1 posts on this blog to learn about the main features of this new stable release; or check the first beta release announcement...

Symfony Blog ·

9 days ago

CVE-2026-49208: Format-less date LiveProps parsed with the permissive DateTime constructor

Affected versions Symfony versions >=2.8.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has...

Symfony Blog ·

9 days ago

CVE-2026-49212: LiveComponentHydrator HMAC checksum lacks component and slot binding

Affected versions Symfony versions >=2.8.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has...

Symfony Blog ·

9 days ago

CVE-2026-49216: XSS in symfony/ux-autocomplete via unescaped AJAX response data

Affected versions Symfony versions >=2.2.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Autocomplete component are affected by this security issue. The issue has...

Symfony Blog ·

9 days ago

CVE-2026-49215: CSRF Protection Bypass in symfony/ux-live-component: Accept Header is CORS-Safelisted

Affected versions Symfony versions >=2.22.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue...

Symfony Blog ·

9 days ago

CVE-2026-49209: Denial of service in symfony/ux-live-component via unbounded batch action requests

Affected versions Symfony versions >=2.5.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has...

Symfony Blog ·

9 days ago

CVE-2026-49211: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Affected versions Symfony versions >=2.2.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Autocomplete component are affected by this security issue. The issue has...

Symfony Blog ·

9 days ago

CVE-2026-49210: XSS in symfony/ux-live-component via attacker-controlled child component tag

Affected versions Symfony versions >=2.8.0, <2.36.0, >=3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has...

Symfony on Medium ·

9 days ago

10 days ago

The Laravel Lang Supply Chain Attack

Latest jobs

🚐 Camping-Car Park 🚐

Lead Développeur·euse PHP/Symfony

Full time
Paris 2/3 Jours de TT + quelques déplacements à Pornic au début de la mission.

Webnet

Alternant PHP Symfony

Contract
Lyon, France

Webnet

Alternant PHP Symfony

Contract
Lyon, France

Webnet

Alternant PHP Symfony

Contract
Lyon, France

Groupe Figaro

Développeur Symfony / PHP 8 (H/F)

Full time
Paris, France

News

From $_GET to #[ApiResource]: The Final Phase of a PHP Modernization

A Week of Symfony #1013 (May 25–31, 2026)

Twig 3.27.1 released

SOwCode (Singular One-word Code) Design Pattern: Self‑Testing, Constraint‑Verified, Framework‑Aware

SymfonyOnline June 2026: Building MCP Servers with the Official PHP SDK

184 Tables Renamed, 98 Routes Migrated: Bringing Symfony to a Legacy PHP Monolith

SymfonyOnline June 2026: Hunting Vulnerabilities in Symfony with LLMs

Symfony 8.1 curated new features

Symfony 8.1.0 released

CVE-2026-49208: Format-less date LiveProps parsed with the permissive DateTime constructor

CVE-2026-49212: LiveComponentHydrator HMAC checksum lacks component and slot binding

CVE-2026-49216: XSS in symfony/ux-autocomplete via unescaped AJAX response data

CVE-2026-49215: CSRF Protection Bypass in symfony/ux-live-component: Accept Header is CORS-Safelisted

CVE-2026-49209: Denial of service in symfony/ux-live-component via unbounded batch action requests

CVE-2026-49211: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

CVE-2026-49210: XSS in symfony/ux-live-component via attacker-controlled child component tag

An Open-Source Log, Metrics, and Performance Suite for OroCommerce

Stop Answering the Same Support Tickets — Let Symfony AI Do It

SymfonyOnline June 2026: Giving voice to your agents, the Symfony AI way

The Laravel Lang Supply Chain Attack

Latest jobs