Blog Tutorials Packages Newsletter Podcasts

Partners Links Your Account

Important Laravel Security Updates

Published on July 28th, 2020 by Paul Redmond

Important Laravel Security Updates image

The Laravel team released an important security update for Laravel 6 (v6.18.27) and Laravel 7 (v7.22.0) with a planned security release for Laravel 5.5 LTS forthcoming. You should update your applications to the latest patch releases as soon as possible, especially if you’re using the “cookie” session driver.

SECURITY: Laravel 6.18.27 and 7.22.0 have been released with a security related patch. All Laravel users should upgrade to these versions as soon as possible. https://t.co/uqtulq4H3f

— Laravel (@laravelphp) July 27, 2020

Laravel 6 is the current LTS version of Laravel. However, the previous LTS 5.5 version will receive essential security updates through the end of August 2020.

Laravel 5.5. users should avoid using the “cookie” session driver in production immediately:

Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the “cookie” session driver in their production deployments.

Further details are available on the Laravel Blog.

Staff writer at Laravel News. Full stack web developer and author.

Github

Filed in:

News

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

Full Stack Engineer - Laravel

Design Focused Front-End Developer

Sr. Laravel Developer & Solutions Architect

Humbly Confident Senior Laravel Engineer

Vue / Nuxt Developer

Tinkerwell

Enjoy coding and debugging in an editor designed for fast feedback and quick iterations. It's like a shell for your application – but with multi-line editing, code completion, and more.

Partners

View all →

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $9500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

Providing innovation and stability to ensure your web application succeeds.

Easily create and manage your servers and deploy your Laravel applications in seconds.

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

The latest

View all →

Generate Short, URL-Safe IDs From Numbers With Sqids image

Generate Short, URL-Safe IDs From Numbers With Sqids

Scheduler List: A Web Dashboard for Laravel's Scheduled Tasks image

Scheduler List: A Web Dashboard for Laravel's Scheduled Tasks

Community Laravel Extension for Zed image

Community Laravel Extension for Zed

Advanced Eloquent Query Filtering with Filterable image

Advanced Eloquent Query Filtering with Filterable

Bulk Job Dispatching with Bus::bulk() in Laravel 13.13 image

Bulk Job Dispatching with Bus::bulk() in Laravel 13.13

Audit Laravel Apps for Security Issues with Checkpoint image

Audit Laravel Apps for Security Issues with Checkpoint