This week, Symfony 5.4.46, 6.4.14, and 7.1.7, maintenance versions were released. In addition, we released the second beta version of Symfony 7.2 ahead of its final release at the end of November 2024. Lastly, we published eight security advisories to fix some reported security issues in Symfony and Twig.

Symfony development highlights

This week, 63 pull requests were merged (54 in code and 9 in docs) and 31 issues were closed (29 in code and 2 in docs). Excluding merges, 27 authors made 110,464 additions and 83,806 deletions. See details for code and docs.

5.4 changelog:

81bffdf: [Process] return built-in cmd.exe commands directly in ExecutableFinder
f9c3a00: [Process] ignore case of built-in cmd.exe commands
3f16033: [Process] improve test cleanup by unlinking in a finally block
de6090a, 69e69a1: [Process] fix the directory separator being used
5865f28: [Process] fix escaping /X arguments on Windows
25c9cbe: [WebProfilerBoundle] form data collector check passed and resolved options are defined
e37bdf0: [Config] handle Phar absolute path in FileLocator
5ebc4c3: [Cache] fix clear() when using Predis
c905bb4: [Security] store original token in token storage when implicitly exiting impersonation
d2ba257: [RateLimiter] fix DateInterval normalization
5d5e728: [VarDumper] fix detecting anonymous exception classes on Windows and PHP 7
30810ed: [Runtime] security #cve-2024-50340: do not read from argv on non-CLI SAPIs
ad0a241: [HttpFoundation] security #cve-2024-50345: reject URIs that contain invalid characters
3fc5471: [HttpClient] security #cve-2024-50342: filter private IPs before connecting when Host == IP
eb79fc2: [Process] security #cve-2024-51736: use %PATH% before %CD% to load the shell on Windows
e1da961: [DoctrineBridge] backport detection fix of Xml/Yaml driver in DoctrineExtension
7fc0b9e: [Process] normalize paths to avoid failures if a path is referenced by different names
67e9009: [Console] skip autocomplete test when stty is not available
05ab010: [PropertyInfo] fix support for phpstan/phpdoc-parser 2
d51863d: update ICU data from 75.1 to 76.1
d77f5d9: relax format assertions for fstat() results on Windows
da4eb8b: [RateLimiter] handle error results of DateTime::modify()

6.4 changelog:

a7aa4b1: [WebProfilerBundle] re-add missing Profiler shortcuts on Profiler homepage
7e1af9f: [HttpFoundation] require Cache component versions compatible with Redis 6.1
91acfa8: [Messenger, RateLimiter] fix additional message handled when using a rate limiter
6fb5163: [Twitter, Notifier] fix post INIT upload
d9cecb7: [AssetMapper] fix JavaScriptImportPathCompiler regex for non-latin characters
c15a195: [RateLimiter] fix bucket size reduced when previously created with bigger size
8dabfd7: [Serializer] fixed object normalizer for a class with cancel method

7.1 changelog:

d846c6e: [Notifier] fix test with hard coded date in SmsboxTransportTest
4829c82: [HttpFoundation] fix support for SplTempFileObject in BinaryFileResponse
e713ac2: [Serializer] revert Default groups

7.2 changelog:

dd8c233: [Routing] rename annotations to attribute in AttributeClassLoader
3b5f623: [Mime] don’t require passing the encoder name to TextPart
5557736: [TwigBridge] use reproducible variable names in the default domain node visitor
352786c: [DependencyInjection, HttpClient, Routing] reject URIs that contain invalid characters
19f89d6: [Validator] improve type for the mode property of the Bic constraint
d8f8080: [Mailer] use microsecond precision SMTP logging
2f57eaf: [Runtime] negate register_argc_argv when On
861a84e: [Messenger] use official YAML media type
4e682e4: [Messenger] extend SQS visibility timeout for messages that are still being processed

Newest issues and pull requests

[FrameworkBundle] Add the config() function
[VarDumper] Add dq() function for SQL query debugging
Add a command to dump static error pages
[WebProfilerBundle] add debugbar on StreamedResponse
[Mailer], add support for custom headers in Amazon ses+api

Symfony Jobs

These are some of the most recent Symfony job offers:

Backend Symfony Developer at Ticketpark Ltd.
Full-time – €60,000 – €80,000 / year
Full remote
View details
Backend Symfony Developer at Cobbleweb
Full-time – €40,000 – €60,000 / year
Full remote
View details
Technical Expert for a Symfony project at SensioLabs
Full-time – €55,000 – €80,000 / year
Full remote
View details

You can publish a Symfony job offer for free on symfony.com.

SymfonyCasts Updates

SymfonyCasts is the official way to learn Symfony.
Select a track for a guided path through 100+ video tutorial courses about
Symfony, PHP and JavaScript.

This week, SymfonyCasts published the following updates:

New course announced: Mailer and Webhook with Mailtrap
(Video) Dependency Injection Attributes: Lazy Services
(Video) Dependency Injection Attributes: More Laziness Attributes

They talked about us

Supercharge Your Symfony App with Smart Device Detection
New in EasyAdmin: Pretty URLs

Call to Action

Follow Symfony on X, on Mastodon, on Bluesky and on Threads and share this article.
Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Symfony Blog

Read More