Laravel v5.4.32 is Released with a Security Fix for Image Uploads


August 3rd, 2017


Laravel 5.4.32 is now released and it includes a security fix for apps that accept local image uploads and a revert on a recent change to the “BelongsToMany::create()” method.

If your app allows local image uploads you should upgrade to this version now. Below is a complete list of changes.

v5.4.32 Changelog:


  • Added FilesystemAdapter::path() method (#20395)


  • Allow Collection::random() to return 0 items (#20396, #20402)
  • Accept options on FilesystemAdapter::temporaryUrl() (#20394)
  • Sync withoutOverlapping method on Event and CallbackEvent (#20389)
  • Prevent PHP file uploads by default unless explicitly allowed (#20392, #20400)
  • Allow other filesystem adapter to implement temporaryUrl() (#20398)


  • Reverted breaking change on BelongsToMany::create() (#20407)

Filed in:

Eric L. Barnes

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Laravel News Partners