Laravel v5.4.32 is Released with a Security Fix for Image Uploads

Laravel v5.4.32 is Released with a Security Fix for Image Uploads

Laravel 5.4.32 is now released and it includes a security fix for apps that accept local image uploads and a revert on a recent change to the “BelongsToMany::create()” method.

If your app allows local image uploads you should upgrade to this version now. Below is a complete list of changes.

v5.4.32 Changelog:

Added

  • Added FilesystemAdapter::path() method (#20395)

Changed

  • Allow Collection::random() to return 0 items (#20396, #20402)
  • Accept options on FilesystemAdapter::temporaryUrl() (#20394)
  • Sync withoutOverlapping method on Event and CallbackEvent (#20389)
  • Prevent PHP file uploads by default unless explicitly allowed (#20392, #20400)
  • Allow other filesystem adapter to implement temporaryUrl() (#20398)

Fixed

  • Reverted breaking change on BelongsToMany::create() (#20407)


Filed in: News / Releases


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Web Application Developer
Independence, Ohio or Remote - US Based Only
Hurricane Labs
Graduate / Junior PHP Developer
Leamington Spa, Warwick
Synchro
Laravel Developer
Remote - US only
Pleio
Web Application Developer
Cleveland, OH
PS Lifestyle
Full-Stack Developer
Tampa, FL / Remote
Nu Image Medical
PHP Developer
Remote
X-Team
Full-Stack Developer
Sioux Falls, SD or Remote
Electric Pulp