Laravel 5.5.11 Released with a Security Fix

Laravel 5.5.11 Released with a Security Fix

Laravel tagged a 5.5.11 release including a security fix. The fix is related to a possible timing attacks on the remember_me token verification process. Read the notes below for more information.

Version v5.5.10 also introduced the Route::respondWithRoute() method. Laravel developer Mohamed Said, the author of the new route features, wrote an article about the Route::respondWithRoute() and Route::fallback() methods, Better 404 Responses Using Laravel 5.5.

v5.5.11

Fixed

  • Fixed bug in EloquentUserProvider introduced in #21320 (#21323)

v5.5.10

Added

  • Added Route::respondWithRoute($name) method (#21299, 66c5e46)
  • Added $strict parameter to TestResponse::assertJson() (#21301)

Changed

Added “firmware” as an uncountable word (#21306)
Allow MorphTo::associate() accept null (#21318)
Changed __() signature to match Translation::trans() (10c013c)

Fixed

  • Add missing driver parameter to doctrine connection (#21297)

Security

  • Perform constant-time token comparison in DatabaseUserProvider (#21320)


Filed in: News


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Lead Front End Developer
Remote
continued
Full-Stack Laravel Developer
Cologne
Revive Interior
Intermediate PHP Developer (Full Stack | CakePHP | Laravel | Vue | jQuery)
Remote
continued
Senior PHP Developer (Full Stack | CakePHP | Laravel | Vue | jQuery)
Remote
continued
Laravel Developer
Amsterdam (partially remote possible)
Let's Book
Web Developer (Laravel)
Tweed Heads, New South Wales, AUSTRALIA
Tursa Employment & Training
Laravel Experts needed-Remote position
Remote
Golden Sky ROI