Affected versions Symfony versions >=2.2.0, =3.0.0, <3.1.0 of the Symfony UX Autocomplete component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description The Stimulus controller shipped…
Affected versions Symfony versions >=2.8.0, =3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description When a #[LiveProp] is typed…
Affected versions Symfony versions >=2.22.0, =3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description When using symfony/ux-live-component,…
Affected versions Symfony versions >=2.2.0, =3.0.0, <3.1.0 of the Symfony UX Autocomplete component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause()…
Affected versions Symfony versions >=2.8.0, =3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml()…
Affected versions Symfony versions >=2.5.0, =3.0.0, <3.1.0 of the Symfony UX Live Component component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description Symfony\UX\LiveComponent\Controller\BatchActionController::__invoke()…
Release: datasette 1.0a31 Another significant alpha release, with two new headline features. Datasette now offers users with the necessary permissions the ability to both execute write queries against their database and to save stored queries (renamed from "canned queries") both privately and for use by other members of their Datasette instance. There's more detail in SQL write queries and stored queries in Datasette 1.0a31 on the Datasette blog, which now has three posts introducing new…
The most interesting thing about Anthropic's $65B Series H announcement is this line (emphasis mine): Since our Series G in February, adoption has continued to grow across global enterprise customers, and our run-rate revenue crossed $47 billion earlier this month. Anthropic have made a bit of a habit of sharing their "run-rate revenue" in this kind of announcement, which is an annualized projection of their current revenue - typically calculated by taking the most recent month and multiplying…
Anthropic shipped Claude Opus 4.8 today. My favourite thing about it is this note in the release announcement: Users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There’s still more to be done: we’re working on developing and releasing models that provide many of the same capabilities as Opus at a lower cost. It's so refreshing to see an AI lab honestly describe a release as a minor incremental improvement over the previous model! Honesty seems to be a theme.…
Release: llm-anthropic 0.25.1 New model: Claude Opus 4.8 (claude-opus-4.8). New -o fast 1 option for fast mode, for organizations with that feature enabled on their account. Default max_tokens for each model now defaults to that model's maximum output rather than 8,192. #72 See also my notes on Opus 4.8 - I used this new release of llm-anthropic to generate the pelicans.
Tool: markdown-svg-renderer A slightly customized Markdown rendering tool with special treatment for fenced code SVG blocks - it both renders the image and provides a tab for switching to the code view. You can paste in Markdown or give it a URL to a CORS-enabled Markdown file or Gist. Here's an example where it loads a Markdown file full of LLM pelican logs for Opus 4.8. Tags: svg, tools, markdown, cors
Sicoob.Sdk releases 2.0.0 through 2.0.4 exfiltrate client IDs, PFX passwords, and base64-encoded PFX certificate archive contents through a third-party Sentry endpoint. The linked GitHub repository appears to be a clean-source façade for the malicious NuGet artifact. We analyzed a Sicoob-branded NuGet package, Sicoob.Sdk, that claimed to be an official C# SDK for Sicoob API integrations. Sicoob, formally the Sistema de Cooperativas de Crédito do Brasil, is one of Brazil’s largest cooperative…
Save the date! SymfonyOnline June 2026 will take place online on June 11-12, 2026, with 15 expert speakers streaming directly to you. 🎤 Speaker announcement! Guillaume Loulier, Technical Expert, SensioLabs, will be taking the virtual stage to present…
The DependencyInjection component keeps evolving in Symfony 8.1 with several quality-of-life improvements for autowiring, service decoration, tagged services, and env vars. Autowiring Env Vars as Closures or Stringables…
A fun look at making coding assistants talk less, and what that actually saves in practice. The main takeaway is that shorter replies help, but most token cost still comes from the actual work: reading, reasoning, coding, and checking. Read more