Symfony includes two components dedicated to working with JSON: JsonStreamer encodes PHP data into JSON and decodes JSON back into PHP objects by streaming the contents, which provides high performance and low memory usage even for large payloads; JsonPath…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded __toString()…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description The per-template filter, tag and function allow-list check is compiled into the checkSecurity() method of each Template…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded __toString()…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow() to take a boolean $isSandboxed…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface…
A thoughtful review of AI-generated frontend code in a real product: strong in isolated spots, but increasingly inconsistent at the system level. It also makes the case for using AI as a candidate generator and validator, not as the reviewer with the final opinion. Read more
Executive Summary PHP turned 30 in 2025. With The PHP Foundation's support, the PHP project marked the year by shipping PHP 8.5. The PHP Foundation also launched PIE 1.0, initiated a project to modernize PHP's stream layer, and authored roughly 42% of all commits to PHP's core. This work was supported by 536 sponsors and individual contributors, and it could not have happened without them. At the end of 2025, The PHP Foundation consisted of 8 volunteer board members, an Executive Director…
Get ready for SymfonyOnline June 2026 This event will bring the international PHP community together online from June 11 to 12, 2026. This year, we are shaking things up with a brand-new format: one full day dedicated to AI and another full day focus…
Affected versions Symfony versions >=1.17.1, <1.38.1 of the Symfony Polyfill and Symfony Polyfill Intl Idn components are affected by this security issue. The issue has been fixed in Symfony 1.38.1. Description symfony/polyfill-intl-idn provides…
Polyfill 1.38.1 is a security release that fixes a vulnerability in symfony/polyfill-intl-idn. All users of this polyfill (directly or through symfony/polyfill) should upgrade as soon as possible. The release also bundles a handful of correctness fixes for…
A good piece on using AI to understand a large existing codebase instead of generating more code. It shares practical onboarding tactics and prompts that help map domains, dependencies, and architecture faster. Read more
Join the Symfony community in Montreal on June 4, 2026, at L'Espace Quartier Latin (UQAM). This edition features 9 expert talks in a single day! Register now. 🎤 Speaker announcement! We are happy to welcome Thomas Durand, Architect, Code Owner,…
Symfony 8.1 ships many features related to the Console component, such as HTTP-less Symfony applications, method-based commands, and console argument resolvers. In addition, it includes several improvements to console command input handling. Pasting Images…
An interesting take on how AI changes the build-versus-buy decision for packages. Shared problems can often be generated, while hard, external, or opinionated problems still benefit from well-maintained packages. Read more