Laravel 5.5.11 Released with a Security Fix

Laravel 5.5.11 Released with a Security Fix

Laravel tagged a 5.5.11 release including a security fix. The fix is related to a possible timing attacks on the remember_me token verification process. Read the notes below for more information.

Version v5.5.10 also introduced the Route::respondWithRoute() method. Laravel developer Mohamed Said, the author of the new route features, wrote an article about the Route::respondWithRoute() and Route::fallback() methods, Better 404 Responses Using Laravel 5.5.

v5.5.11

Fixed

  • Fixed bug in EloquentUserProvider introduced in #21320 (#21323)

v5.5.10

Added

  • Added Route::respondWithRoute($name) method (#21299, 66c5e46)
  • Added $strict parameter to TestResponse::assertJson() (#21301)

Changed

Added “firmware” as an uncountable word (#21306)
Allow MorphTo::associate() accept null (#21318)
Changed __() signature to match Translation::trans() (10c013c)

Fixed

  • Add missing driver parameter to doctrine connection (#21297)

Security

  • Perform constant-time token comparison in DatabaseUserProvider (#21320)


Filed in: News


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Software Engineer Lead (PHP)
Remote
CivicPlus, LLC
Full-time Senior Web Developer
Detroit, MI
Wayne State University
Senior Software Engineer
Sydney, Australia
FoodByUs
Full Stack Engineer
Remote or Medford, Oregon
Empire Medical
Laravel Developer (fulltime - Dutch only)
Netherlands
Qbixx | Webservices
Full Stack or Back-End Developer
Alexandria, VA; Tallahassee, FL; Orlando, FL
Marketing for Change
Senior Quality Assurance Engineer
Remote
Bisnow Media