Laravel 5.5.11 Released with a Security Fix

Laravel 5.5.11 Released with a Security Fix

Laravel tagged a 5.5.11 release including a security fix. The fix is related to a possible timing attacks on the remember_me token verification process. Read the notes below for more information.

Version v5.5.10 also introduced the Route::respondWithRoute() method. Laravel developer Mohamed Said, the author of the new route features, wrote an article about the Route::respondWithRoute() and Route::fallback() methods, Better 404 Responses Using Laravel 5.5.

v5.5.11

Fixed

  • Fixed bug in EloquentUserProvider introduced in #21320 (#21323)

v5.5.10

Added

  • Added Route::respondWithRoute($name) method (#21299, 66c5e46)
  • Added $strict parameter to TestResponse::assertJson() (#21301)

Changed

Added “firmware” as an uncountable word (#21306)
Allow MorphTo::associate() accept null (#21318)
Changed __() signature to match Translation::trans() (10c013c)

Fixed

  • Add missing driver parameter to doctrine connection (#21297)

Security

  • Perform constant-time token comparison in DatabaseUserProvider (#21320)


Filed in: News


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Software Engineer - LAMP/PHP/MySQL/Laravel
Los Angeles / Remote
Ranker
Senior PHP/Laravel Developer: Your Dream Work Environment
Remote
iPhone Photography School
In-house Laravel Developer.
Gold Coast / Australia
MXstore
Laravel Developer
Oak Brook, IL
Tidal Commerce
Senior Backend Engineer
Santa Monica only
Saatchi Art
Senior Laravel Developer
San Francisco
Stitch Labs
Senior Software Developer
South Jordan, UT
Lendio