Laravel 5.5.11 Released with a Security Fix
News / September 21, 2017

Laravel 5.5.11 Released with a Security Fix

Laravel tagged a 5.5.11 release including a security fix. The fix is related to a possible timing attacks on the remember_me token verification process. Read the notes below for more information.

Version v5.5.10 also introduced the Route::respondWithRoute() method. Laravel developer Mohamed Said, the author of the new route features, wrote an article about the Route::respondWithRoute() and Route::fallback() methods, Better 404 Responses Using Laravel 5.5.

v5.5.11

Fixed

  • Fixed bug in EloquentUserProvider introduced in #21320 (#21323)

v5.5.10

Added

  • Added Route::respondWithRoute($name) method (#21299, 66c5e46)
  • Added $strict parameter to TestResponse::assertJson() (#21301)

Changed

Added “firmware” as an uncountable word (#21306)
Allow MorphTo::associate() accept null (#21318)
Changed __() signature to match Translation::trans() (10c013c)

Fixed

  • Add missing driver parameter to doctrine connection (#21297)

Security

  • Perform constant-time token comparison in DatabaseUserProvider (#21320)

This appeared first on Laravel News
Laravel News Partners

Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.