The Laravel team released an important security update for Laravel 6 (v6.18.27) and Laravel 7 (v7.22.0) with a planned security release for Laravel 5.5 LTS forthcoming. You should update your applications to the latest patch releases as soon as possible, especially if you’re using the “cookie” session driver.
SECURITY: Laravel 6.18.27 and 7.22.0 have been released with a security related patch. All Laravel users should upgrade to these versions as soon as possible. https://t.co/uqtulq4H3f
— Laravel (@laravelphp) July 27, 2020
Laravel 6 is the current LTS version of Laravel. However, the previous LTS 5.5 version will receive essential security updates through the end of August 2020.
Laravel 5.5. users should avoid using the “cookie” session driver in production immediately:
Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the “cookie” session driver in their production deployments.
Further details are available on the Laravel Blog.Filed in: News
- Laravel Developer
- Senior Laravel Backend Engineer
Remote, USA Only
- Senior Laravel Developer
Remote, EU timezones only
- Experienced Laravel Developer
- Full Time ad Remote - Experienced Laravel Developer
Join 31,000+ others and never miss out on new tips, tutorials, and more.
Laravel’s Growing Community of Women Developers
Larabelles is a community launching later this year that focuses on reducing barriers for women to enter the world of…
How to make a Laravel app multi-tenant in minutes
In this tutorial, learn how to make your Laravel app multi-tenant using the Tenancy for Laravel package