The Laravel team released an important security update for Laravel 6 (v6.18.27) and Laravel 7 (v7.22.0) with a planned security release for Laravel 5.5 LTS forthcoming. You should update your applications to the latest patch releases as soon as possible, especially if you’re using the “cookie” session driver.
SECURITY: Laravel 6.18.27 and 7.22.0 have been released with a security related patch. All Laravel users should upgrade to these versions as soon as possible. https://t.co/uqtulq4H3f
— Laravel (@laravelphp) July 27, 2020
Laravel 6 is the current LTS version of Laravel. However, the previous LTS 5.5 version will receive essential security updates through the end of August 2020.
Laravel 5.5. users should avoid using the “cookie” session driver in production immediately:
Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the “cookie” session driver in their production deployments.
Further details are available on the Laravel Blog.
