Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Security Bundle
Release Notes

Security Bundle Laravel Package

symfony/security-bundle

Symfony SecurityBundle integrates the Security component into the Symfony full-stack framework, providing authentication, authorization, firewalls, user providers, and access control. Part of the main Symfony repository with established contribution and issue workflows.

View on GitHub
Deep Wiki
Context7
v8.0.8

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.7...v8.0.8)

v7.4.8

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.7...v7.4.8)

v6.4.36

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.35...v6.4.36)

v8.0.6

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.5...v8.0.6)

  • bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
  • bug #63439 Update security-1.0.xsd with missing oauth2 element (@welcoMattic)
v7.4.6

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.5...v7.4.6)

  • bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
  • bug #63439 Update security-1.0.xsd with missing oauth2 element (@welcoMattic)
v6.4.34

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.33...v6.4.34)

  • bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
v8.0.4

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.3...v8.0.4)

  • bug #62973 fix the security profiler template (@aurac)
v7.4.4

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.3...v7.4.4)

  • bug #62973 fix the security profiler template (@aurac)
v7.3.10

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.9...v7.3.10)

  • bug #62973 fix the security profiler template (@aurac)
v6.4.32

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.31...v6.4.32)

  • no significant changes
v7.3.8

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.7...v7.3.8)

  • no significant changes
v6.4.30

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.29...v6.4.30)

  • no significant changes
v7.4.0

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.0-RC3...v7.4.0)

  • no significant changes
v8.0.0

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.0-RC3...v8.0.0)

  • no significant changes
v8.0.0-RC2

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.0-RC1...v8.0.0-RC2)

  • bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@Ali-HENDA)
v7.4.0-RC2

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.0-RC1...v7.4.0-RC2)

  • bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@Ali-HENDA)
v8.0.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.0-BETA2...v8.0.0-RC1)

  • no significant changes
v7.4.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.0-BETA2...v7.4.0-RC1)

  • no significant changes
v8.0.0-BETA1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.4...v8.0.0-BETA1)

  • feature symfony/symfony#62090 [Config] Deprecate setting a default value to a node that is required (@GromNaN)
  • feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@ruudk)
  • feature symfony/symfony#61986 [DependencyInjection] remove getNamespace() and getXsdValidationBasePath() from ExtensionInterface (@xabbuh)
  • feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@Jean-Beru)
  • feature symfony/symfony#61930 [DependencyInjection][Routing] Remove support for the XML configuration format (@nicolas-grekas)
  • feature symfony/symfony#61919 [DependencyInjection] Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace() (@nicolas-grekas)
  • feature symfony/symfony#60568 [DependencyInjection][Routing] Deprecate XML configuration format (@MatTheCat)
  • feature symfony/symfony#61860 [Config][DependencyInjection][Routing] Deprecate using $this or the internal scope of the loader from PHP config files (@nicolas-grekas)
  • feature symfony/symfony#51273 [Config] Add ArrayNodeDefinition::acceptAndWrap() to list alternative types that should be accepted and wrapped in an array (@nicolas-grekas)
  • feature symfony/symfony#61718 [Config] Add argument $singular to NodeBuilder::arrayNode() to decouple plurals/singulars from XML (@nicolas-grekas)
  • feature symfony/symfony#61034 [Security][SecurityBundle] Dump role hierarchy as mermaid chart (@damienfern)
  • feature symfony/symfony#61379 [Security][TwigBridge] Add access_decision() and access_decision_for_user() (@florentdestremau)
  • feature symfony/symfony#61156 [FrameworkBundle][TwigBundle] Remove options session.sid_length session.sid_bits_per_character router.cache_dir validation.cache and base_template_class (@nicolas-grekas)
  • feature symfony/symfony#61155 [FrameworkBundle][SecurityBundle] Remove autowiring aliases for RateLimiterFactory (@nicolas-grekas)
  • feature symfony/symfony#61046 [SecurityBundle] configuration for the storage service for the login throttling rate limiter (@xabbuh)
  • feature symfony/symfony#61012 [SecurityBundle] remove the deprecated security.authentication.hide_user_not_found parameter (@xabbuh)
  • feature symfony/symfony#60929 [SecurityBundle] Remove deprecated OIDC token handler options algorithm and key (@OskarStark)
  • feature symfony/symfony#60928 [SecurityBundle] Remove deprecated hide_user_not_found option (@OskarStark)
  • feature symfony/symfony#60910 [DependencyInjection] Add argument $target to ContainerBuilder::registerAliasForArgument() (@nicolas-grekas)
  • feature symfony/symfony#60874 [FrameworkBundle] Allow using their name without added suffix when using #[Target] for custom services (@Valmonzo)
  • feature symfony/symfony#60879 [Security] Remove callable firewall listeners support (@MatTheCat)
  • feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@MatTheCat)
  • feature symfony/symfony#60742 [Ldap][Security] Remove deprecated eraseCredentials() from (User|Token)Interface (@chalasr)
  • feature symfony/symfony#60371 [SecurityBundle] register alias for argument for password hasher (@lyrixx, @chalasr)
  • feature symfony/symfony#60639 Bump Symfony 8 to PHP >= 8.4 (@nicolas-grekas)
v7.4.0-BETA1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.4...v7.4.0-BETA1)

  • feature symfony/symfony#62090 [Config] Deprecate setting a default value to a node that is required (@GromNaN)
  • feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@ruudk)
  • feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@Jean-Beru)
  • feature symfony/symfony#61919 [DependencyInjection] Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace() (@nicolas-grekas)
  • feature symfony/symfony#60568 [DependencyInjection][Routing] Deprecate XML configuration format (@MatTheCat)
  • feature symfony/symfony#61860 [Config][DependencyInjection][Routing] Deprecate using $this or the internal scope of the loader from PHP config files (@nicolas-grekas)
  • feature symfony/symfony#51273 [Config] Add ArrayNodeDefinition::acceptAndWrap() to list alternative types that should be accepted and wrapped in an array (@nicolas-grekas)
  • feature symfony/symfony#61718 [Config] Add argument $singular to NodeBuilder::arrayNode() to decouple plurals/singulars from XML (@nicolas-grekas)
  • feature symfony/symfony#61034 [Security][SecurityBundle] Dump role hierarchy as mermaid chart (@damienfern)
  • feature symfony/symfony#61379 [Security][TwigBridge] Add access_decision() and access_decision_for_user() (@florentdestremau)
  • feature symfony/symfony#61046 [SecurityBundle] configuration for the storage service for the login throttling rate limiter (@xabbuh)
  • feature symfony/symfony#60910 [DependencyInjection] Add argument $target to ContainerBuilder::registerAliasForArgument() (@nicolas-grekas)
  • feature symfony/symfony#60874 [FrameworkBundle] Allow using their name without added suffix when using #[Target] for custom services (@Valmonzo)
  • feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@MatTheCat)
  • feature symfony/symfony#60371 [SecurityBundle] register alias for argument for password hasher (@lyrixx, @chalasr)
v7.3.4

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.3...v7.3.4)

  • bug symfony/symfony#61714 [SecurityBundle] Fix semantic configuration for singulars/plurals in XML (@nicolas-grekas)
  • bug symfony/symfony#61701 [SecurityBundle] Add missing fixXmlConfig() call for issuer (@OskarStark)
  • bug symfony/symfony#61614 [SecurityBundle] Prevent accessing the tracked token storage when collecting data (@MatTheCat)
v6.4.26

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.25...v6.4.26)

  • bug symfony/symfony#61614 [SecurityBundle] Prevent accessing the tracked token storage when collecting data (@MatTheCat)
v7.3.3

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.2...v7.3.3)

  • no significant changes
v6.4.25

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.24...v6.4.25)

  • no significant changes
v7.3.2

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.1...v7.3.2)

  • bug symfony/symfony#61194 [Security] Fix added $token argument to UserCheckerInterface::checkPostAuth() (@nicolas-grekas)
v7.2.9

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.8...v7.2.9)

  • bug symfony/symfony#61194 [Security] Fix added $token argument to UserCheckerInterface::checkPostAuth() (@nicolas-grekas)
v6.4.24

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.23...v6.4.24)

  • no significant changes
v7.3.1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0...v7.3.1)

  • no significant changes
v7.2.8

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.7...v7.2.8)

  • no significant changes
v6.4.23

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.22...v6.4.23)

  • no significant changes
v7.3.0

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0-RC1...v7.3.0)

  • no significant changes
v7.2.7

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.6...v7.2.7)

  • bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@santysisi)
  • bug symfony/symfony#58643 [SecurityBundle] Use Composer InstalledVersions to check if flex is installed (@andyexeter)
v6.4.22

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.21...v6.4.22)

  • bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@santysisi)
v7.3.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0-BETA2...v7.3.0-RC1)

  • bug symfony/symfony#60419 [SecurityBundle] normalize string values to a single ExposeSecurityLevel instance (@xabbuh)
  • bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@santysisi)
v7.3.0-BETA2

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0-BETA1...v7.3.0-BETA2)

  • bug symfony/symfony#58643 [SecurityBundle] Use Composer InstalledVersions to check if flex is installed (@andyexeter)
v7.3.0-BETA1

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.6...v7.3.0-BETA1)

  • feature symfony/symfony#59762 [Config] Add NodeDefinition::docUrl() (@alexandre-daubois)
  • feature symfony/symfony#60069 [FrameworkBundle] Deprecate setting the collect_serializer_data to false (@mtarld)
  • feature symfony/symfony#54932 [Security][SecurityBundle] OIDC discovery (@vincentchalamon)
  • feature symfony/symfony#50027 [Security] OAuth2 Introspection Endpoint (RFC7662) (@Spomky)
  • feature symfony/symfony#59805 [Security] Improve DX of recent additions (@nicolas-grekas)
  • feature symfony/symfony#59150 [Security] Allow using a callable with #[IsGranted] (@alexandre-daubois)
  • feature symfony/symfony#59771 [Security] Add ability for voters to explain their vote (@nicolas-grekas)
  • feature symfony/symfony#52181 [Security] Ability to add roles in form_login_ldap by ldap group (@Spomky)
  • feature symfony/symfony#59682 [Security] Deprecate UserInterface & TokenInterface's eraseCredentials() (@chalasr, @nicolas-grekas)
  • feature symfony/symfony#58300 [Security][SecurityBundle] Show user account status errors (@core23)
  • feature symfony/symfony#57721 [Security][SecurityBundle] Add encryption support to OIDC tokens (@Spomky)
  • feature symfony/symfony#59129 [SecurityBundle][TwigBridge] Add is_granted_for_user() function (@natewiebe13)
  • feature symfony/symfony#48142 [Security][SecurityBundle] User authorization checker (@natewiebe13)
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport