Laravel v5.4.32 is Released with a Security Fix for Image Uploads

Laravel v5.4.32 is Released with a Security Fix for Image Uploads

Laravel 5.4.32 is now released and it includes a security fix for apps that accept local image uploads and a revert on a recent change to the “BelongsToMany::create()” method.

If your app allows local image uploads you should upgrade to this version now. Below is a complete list of changes.

v5.4.32 Changelog:

Added

  • Added FilesystemAdapter::path() method (#20395)

Changed

  • Allow Collection::random() to return 0 items (#20396, #20402)
  • Accept options on FilesystemAdapter::temporaryUrl() (#20394)
  • Sync withoutOverlapping method on Event and CallbackEvent (#20389)
  • Prevent PHP file uploads by default unless explicitly allowed (#20392, #20400)
  • Allow other filesystem adapter to implement temporaryUrl() (#20398)

Fixed

  • Reverted breaking change on BelongsToMany::create() (#20407)

Filed in: News / Releases

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Full Stack PHP Developer (Laravel)
Remote
MAPPEN
Senior Laravel Developer
Remote
ACTO
Senior Full-Stack Engineer
[REMOTE: USA Only]
Curricula
Developers for B2B eCommerce SaaS, AWS serverless, Laravel, Vue, Python
Remote, full time EU only
ES Tech Group
Senior PHP Developer (Laravel)
Remote
The Interaction Design Foundation