Laravel 7.1.2 is released to address a possible XSS related attack vector in Blade Components

Laravel 7.1.2 is released to address a possible XSS related attack vector in Blade Components

Laravel v7.1.2 has just been tagged and released to address a security issue in the Blade Component tag attributes:

Today we released Laravel 7.1.2 to address a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

We would like to thank community member Anders Fajerson for bringing this to our attention.

It’s recommended everyone update as soon as possible. Typically just a composer update laravel/framework if you are running any version of Laravel 7.

Filed in: News
Laravel News Partners

Laravel Jobs

Backend Software Engineer (PHP Developer)
Austin TX, Bonita Springs FL
Certified eSupport Corp
Laravel Developer
Glendale, CA (COVID Remote)
Jogg, Inc
Senior PHP Engineer
Remote, USA Only
Kittyhawk
Full-Stack Engineer (Mid to Senior)
Remote (EST, CST)
Voxie
Senior Laravel Developer (AI Applications)
Remote from anywhere in the UK or from our London office
GreenShoot Labs

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.