Important Laravel Security Updates

Published on by

Important Laravel Security Updates image

The Laravel team released an important security update for Laravel 6 (v6.18.27) and Laravel 7 (v7.22.0) with a planned security release for Laravel 5.5 LTS forthcoming. You should update your applications to the latest patch releases as soon as possible, especially if you’re using the “cookie” session driver.

SECURITY: Laravel 6.18.27 and 7.22.0 have been released with a security related patch. All Laravel users should upgrade to these versions as soon as possible. https://t.co/uqtulq4H3f

— Laravel (@laravelphp) July 27, 2020

Laravel 6 is the current LTS version of Laravel. However, the previous LTS 5.5 version will receive essential security updates through the end of August 2020.

Laravel 5.5. users should avoid using the “cookie” session driver in production immediately:

Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the “cookie” session driver in their production deployments.

Further details are available on the Laravel Blog.

Paul Redmond photo

Full stack web developer. Author of Lumen Programming Guide and Docker for PHP Developers.

Filed in:
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Visit Laravel Forge
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $2500/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
LoadForge logo

LoadForge

Easy, affordable load testing and stress tests for websites, APIs and databases.

LoadForge
Paragraph logo

Paragraph

Manage your Laravel app as if it was a CMS – edit any text on any page or in any email without touching Blade or language files.

Paragraph
Lucky Media logo

Lucky Media

Bespoke software solutions built for your business. Partner with Lucky Media, your favorite Laravel Development Agency!

Lucky Media
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
Laravel Forge logo

Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Forge
Oh Dear logo

Oh Dear

Oh Dear is the best all-in-one monitoring tool for all your Laravel apps.

Oh Dear
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell

The latest

View all →
Get insights into all your Laravel notifications with Paragraphs new package image

Get insights into all your Laravel notifications with Paragraphs new package

Read article
FrankenPHP v1.0 is Here image

FrankenPHP v1.0 is Here

Read article
Self-healing URLs in Laravel image

Self-healing URLs in Laravel

Read article
Laravel 10.35 Released image

Laravel 10.35 Released

Read article
Solve n+1 queries in PHP with Scout APM image

Solve n+1 queries in PHP with Scout APM

Read article
Show Outdated Composer Dependencies in Laravel Pulse image

Show Outdated Composer Dependencies in Laravel Pulse

Read article