Laravel v5.4.32 is Released with a Security Fix for Image Uploads

Laravel v5.4.32 is Released with a Security Fix for Image Uploads

Laravel 5.4.32 is now released and it includes a security fix for apps that accept local image uploads and a revert on a recent change to the “BelongsToMany::create()” method.

If your app allows local image uploads you should upgrade to this version now. Below is a complete list of changes.

v5.4.32 Changelog:

Added

  • Added FilesystemAdapter::path() method (#20395)

Changed

  • Allow Collection::random() to return 0 items (#20396, #20402)
  • Accept options on FilesystemAdapter::temporaryUrl() (#20394)
  • Sync withoutOverlapping method on Event and CallbackEvent (#20389)
  • Prevent PHP file uploads by default unless explicitly allowed (#20392, #20400)
  • Allow other filesystem adapter to implement temporaryUrl() (#20398)

Fixed

  • Reverted breaking change on BelongsToMany::create() (#20407)

Filed in: News / Releases
Laravel News Partners

Laravel Jobs

Laravel Developer
Remote
Enjin
Senior Laravel Backend Engineer
Remote, USA Only
Kittyhawk.io, Inc.
Senior Laravel Developer
Remote, EU timezones only
Mindbeat
Experienced Laravel Developer
Remote
SolidProfessor
Full Time ad Remote - Experienced Laravel Developer
Europe Only
Thunderbite

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.