Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 06d3b2c

Browse filesBrowse files
fabpotfabpot
authored
data #64306 Release v8.0.12
 Release v8.0.12
2 parents 16e026c + 1ff9eac commit 06d3b2c
Copy full SHA for 06d3b2c

2 files changed

+33-2Lines changed: 33 additions & 2 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎CHANGELOG-8.0.md‎

Copy file name to clipboardExpand all lines: CHANGELOG-8.0.md
+31Lines changed: 31 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,37 @@ in 8.0 minor versions.
77
To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
88
To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v8.0.0...v8.0.1
99

10+
* 8.0.12 (2026-05-20)
11+
12+
* security #cve-2026-46626 [Runtime] Fix CVE-2024-50340 patch bypass by gating argv on $_SERVER['QUERY_STRING'] (nicolas-grekas)
13+
* security #cve-2026-45754 [Notifier][Lox24] Reject webhooks with missing or invalid token (nicolas-grekas)
14+
* security #cve-2026-47212 [Notifier][Twilio] Reject webhooks with missing or invalid HMAC signature (nicolas-grekas)
15+
* security #cve-2026-45753 [HtmlSanitizer] Sanitize URLs in action, formaction, poster and cite attributes (nicolas-grekas)
16+
* security #cve-2026-45754 [Mailer][Mailjet] Reject webhooks with missing or invalid Basic credentials (alexandre-daubois)
17+
* security #cve-2026-45072 [TwigBridge] Fix XSS issue in CodeExtension::fileExcerpt() (nicolas-grekas)
18+
* security #cve-2026-45064 [HtmlSanitizer] Reject BiDi override characters and percent-encode spaces in URLs (nicolas-grekas)
19+
* security #cve-2026-45066 [HtmlSanitizer] Fix `allowLinkHosts`/`allowMediaHosts` bypass via URL parser differentials and `<area>` misclassification (alexandre-daubois)
20+
* security #cve-2026-45069 [Security] Add missing claims in `OidcTokenHandler` (alexandre-daubois)
21+
* bug #64258 [DomCrawler] Fix `ChoiceFormField::addChoice()` clobbering values on multi-selects (nicolas-grekas)
22+
* bug #64261 [Messenger] Fix PhpSerializer::getMessageType() when getting payload with Serializable instances (nicolas-grekas)
23+
* bug #64207 [MonologBridge] Fix `interactive_only` not preventing propagation (philbates35)
24+
* bug #64214 [HttpKernel] Preserve named-attribute override on Request/Session value resolvers (nicolas-grekas)
25+
* security #cve-2026-45305 [Yaml] Harden the Parser::cleanup() regexes against catastrophic backtracking (nicolas-grekas)
26+
* security #cve-2026-45304 [Yaml] Bound collection-alias resolution in the parser (nicolas-grekas)
27+
* security #cve-2026-45133 [Yaml] Bound recursion depth in the parser (nicolas-grekas)
28+
* security #cve-2026-45071 [DomCrawler] Fix XXE in addXmlContent() by not enabling `validateOnParse` (alexandre-daubois)
29+
* security #cve-2026-45068 [Mailer] Add end-of-options separator before recipients in SendmailTransport; reject addresses starting with a dash (alexandre-daubois)
30+
* security #cve-2026-45063 [Security] Anchor emailAddress regex to RDN boundary in X509Authenticator (alexandre-daubois)
31+
* security #cve-2026-45065 [Routing] Fix regex alternation anchoring in `UrlGenerator` requirement validation (alexandre-daubois)
32+
* security #cve-2026-45067 [Mime] Reject email addresses containing line breaks in Address (alexandre-daubois)
33+
* security #cve-2026-45073 [Cache] Validate the prefix given to AbstractAdapter::clear() (nicolas-grekas)
34+
* security #cve-2026-45077 [MonologBridge] Bind server:log to localhost by default (nicolas-grekas)
35+
* security #cve-2026-45755 [Mailer][Mailtrap] Reject webhooks with missing or invalid HMAC signature (alexandre-daubois)
36+
* security #cve-2026-45756 [JsonPath] Cap regex backtracking in `match()`/`search()` to prevent ReDoS (alexandre-daubois)
37+
* security #cve-2026-45074 [Security] Require configuring trusted hosts when using CAS authentication (nicolas-grekas)
38+
* security #cve-2026-45075 [Security][HttpKernel] Fix HEAD requests bypassing methods filter in `IsGranted`, `IsCsrfTokenValid` and `IsSignatureValid` attributes (nicolas-grekas)
39+
* bug #64213 [Security] Fix impersonation being deauthenticated on every request (nicolas-grekas)
40+
1041
* 8.0.11 (2026-05-13)
1142

1243
* bug #64198 [SecurityBundle] Allow defining security provider factories without config (hockdudu)
Collapse file

‎src/Symfony/Component/HttpKernel/Kernel.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Kernel.php
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,12 +72,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl
7272
*/
7373
private static array $freshCache = [];
7474

75-
public const VERSION = '8.0.12-DEV';
75+
public const VERSION = '8.0.12';
7676
public const VERSION_ID = 80012;
7777
public const MAJOR_VERSION = 8;
7878
public const MINOR_VERSION = 0;
7979
public const RELEASE_VERSION = 12;
80-
public const EXTRA_VERSION = 'DEV';
80+
public const EXTRA_VERSION = '';
8181

8282
public const END_OF_MAINTENANCE = '07/2026';
8383
public const END_OF_LIFE = '07/2026';

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.