Laravel 5.5.11 Released with a Security Fix

Laravel 5.5.11 Released with a Security Fix

Laravel tagged a 5.5.11 release including a security fix. The fix is related to a possible timing attacks on the remember_me token verification process. Read the notes below for more information.

Version v5.5.10 also introduced the Route::respondWithRoute() method. Laravel developer Mohamed Said, the author of the new route features, wrote an article about the Route::respondWithRoute() and Route::fallback() methods, Better 404 Responses Using Laravel 5.5.

v5.5.11

Fixed

  • Fixed bug in EloquentUserProvider introduced in #21320 (#21323)

v5.5.10

Added

  • Added Route::respondWithRoute($name) method (#21299, 66c5e46)
  • Added $strict parameter to TestResponse::assertJson() (#21301)

Changed

Added “firmware” as an uncountable word (#21306)
Allow MorphTo::associate() accept null (#21318)
Changed __() signature to match Translation::trans() (10c013c)

Fixed

  • Add missing driver parameter to doctrine connection (#21297)

Security

  • Perform constant-time token comparison in DatabaseUserProvider (#21320)

Filed in: News
Laravel News Partners

Laravel Jobs

Backend Software Engineer (PHP Developer)
Austin TX, Bonita Springs FL
Certified eSupport Corp
Laravel Developer
Glendale, CA (COVID Remote)
Jogg, Inc
Senior PHP Engineer
Remote, USA Only
Kittyhawk
Full Stack Engineer
Remote
Shelterluv
Kickass LaraDev!
Remote
Megaverse

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.