Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Security Bundle
Release Notes

Security Bundle Laravel Package

symfony/security-bundle

Symfony SecurityBundle tightly integrates the Symfony Security component into the full-stack framework, providing authentication, authorization, firewalls, user providers, and access control with seamless configuration and framework-level tooling.

View on GitHub
Deep Wiki
Context7
v8.1.0

Changelog (https://github.com/symfony/security-bundle/compare/v8.1.0-RC1...v8.1.0)

  • no significant changes
v8.1.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v8.1.0-BETA3...v8.1.0-RC1)

v8.0.13

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.12...v8.0.13)

v7.4.13

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.12...v7.4.13)

v6.4.41

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.39...v6.4.41)

v8.1.0-BETA3

Changelog (https://github.com/symfony/security-bundle/compare/v8.1.0-BETA2...v8.1.0-BETA3)

  • bug #64274 Various fixes and hardenings (@nicolas-grekas)
  • security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
v8.0.12

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.11...v8.0.12)

  • security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
v7.4.12

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.11...v7.4.12)

  • security #cve-2026-45074 Require configuring trusted hosts when using CAS authentication (@nicolas-grekas)
v8.1.0-BETA2

Changelog (https://github.com/symfony/security-bundle/compare/v8.1.0-BETA1...v8.1.0-BETA2)

  • bug #64198 Allow defining security provider factories without config (@hockdudu)
v8.0.11

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.8...v8.0.11)

  • bug #64198 Allow defining security provider factories without config (@hockdudu)
v7.4.11

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.8...v7.4.11)

  • bug #64198 Allow defining security provider factories without config (@hockdudu)
v6.4.39

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.36...v6.4.39)

  • bug #64198 Allow defining security provider factories without config (@hockdudu)
v8.1.0-BETA1
v8.0.8

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.7...v8.0.8)

v7.4.8

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.7...v7.4.8)

v6.4.36

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.35...v6.4.36)

v8.0.6

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.5...v8.0.6)

  • bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
  • bug #63439 Update security-1.0.xsd with missing oauth2 element (@welcoMattic)
v7.4.6

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.5...v7.4.6)

  • bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
  • bug #63439 Update security-1.0.xsd with missing oauth2 element (@welcoMattic)
v6.4.34

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.33...v6.4.34)

  • bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
v8.0.4

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.3...v8.0.4)

  • bug #62973 fix the security profiler template (@aurac)
v7.4.4

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.3...v7.4.4)

  • bug #62973 fix the security profiler template (@aurac)
v7.3.10

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.9...v7.3.10)

  • bug #62973 fix the security profiler template (@aurac)
v6.4.32

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.31...v6.4.32)

  • no significant changes
v7.3.8

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.7...v7.3.8)

  • no significant changes
v6.4.30

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.29...v6.4.30)

  • no significant changes
v7.4.0

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.0-RC3...v7.4.0)

  • no significant changes
v8.0.0

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.0-RC3...v8.0.0)

  • no significant changes
v8.0.0-RC2

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.0-RC1...v8.0.0-RC2)

  • bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@Ali-HENDA)
v7.4.0-RC2

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.0-RC1...v7.4.0-RC2)

  • bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@Ali-HENDA)
v8.0.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v8.0.0-BETA2...v8.0.0-RC1)

  • no significant changes
v7.4.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v7.4.0-BETA2...v7.4.0-RC1)

  • no significant changes
v8.0.0-BETA1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.4...v8.0.0-BETA1)

  • feature symfony/symfony#62090 [Config] Deprecate setting a default value to a node that is required (@GromNaN)
  • feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@ruudk)
  • feature symfony/symfony#61986 [DependencyInjection] remove getNamespace() and getXsdValidationBasePath() from ExtensionInterface (@xabbuh)
  • feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@Jean-Beru)
  • feature symfony/symfony#61930 [DependencyInjection][Routing] Remove support for the XML configuration format (@nicolas-grekas)
  • feature symfony/symfony#61919 [DependencyInjection] Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace() (@nicolas-grekas)
  • feature symfony/symfony#60568 [DependencyInjection][Routing] Deprecate XML configuration format (@MatTheCat)
  • feature symfony/symfony#61860 [Config][DependencyInjection][Routing] Deprecate using $this or the internal scope of the loader from PHP config files (@nicolas-grekas)
  • feature symfony/symfony#51273 [Config] Add ArrayNodeDefinition::acceptAndWrap() to list alternative types that should be accepted and wrapped in an array (@nicolas-grekas)
  • feature symfony/symfony#61718 [Config] Add argument $singular to NodeBuilder::arrayNode() to decouple plurals/singulars from XML (@nicolas-grekas)
  • feature symfony/symfony#61034 [Security][SecurityBundle] Dump role hierarchy as mermaid chart (@damienfern)
  • feature symfony/symfony#61379 [Security][TwigBridge] Add access_decision() and access_decision_for_user() (@florentdestremau)
  • feature symfony/symfony#61156 [FrameworkBundle][TwigBundle] Remove options session.sid_length session.sid_bits_per_character router.cache_dir validation.cache and base_template_class (@nicolas-grekas)
  • feature symfony/symfony#61155 [FrameworkBundle][SecurityBundle] Remove autowiring aliases for RateLimiterFactory (@nicolas-grekas)
  • feature symfony/symfony#61046 [SecurityBundle] configuration for the storage service for the login throttling rate limiter (@xabbuh)
  • feature symfony/symfony#61012 [SecurityBundle] remove the deprecated security.authentication.hide_user_not_found parameter (@xabbuh)
  • feature symfony/symfony#60929 [SecurityBundle] Remove deprecated OIDC token handler options algorithm and key (@OskarStark)
  • feature symfony/symfony#60928 [SecurityBundle] Remove deprecated hide_user_not_found option (@OskarStark)
  • feature symfony/symfony#60910 [DependencyInjection] Add argument $target to ContainerBuilder::registerAliasForArgument() (@nicolas-grekas)
  • feature symfony/symfony#60874 [FrameworkBundle] Allow using their name without added suffix when using #[Target] for custom services (@Valmonzo)
  • feature symfony/symfony#60879 [Security] Remove callable firewall listeners support (@MatTheCat)
  • feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@MatTheCat)
  • feature symfony/symfony#60742 [Ldap][Security] Remove deprecated eraseCredentials() from (User|Token)Interface (@chalasr)
  • feature symfony/symfony#60371 [SecurityBundle] register alias for argument for password hasher (@lyrixx, @chalasr)
  • feature symfony/symfony#60639 Bump Symfony 8 to PHP >= 8.4 (@nicolas-grekas)
v7.4.0-BETA1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.4...v7.4.0-BETA1)

  • feature symfony/symfony#62090 [Config] Deprecate setting a default value to a node that is required (@GromNaN)
  • feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@ruudk)
  • feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@Jean-Beru)
  • feature symfony/symfony#61919 [DependencyInjection] Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace() (@nicolas-grekas)
  • feature symfony/symfony#60568 [DependencyInjection][Routing] Deprecate XML configuration format (@MatTheCat)
  • feature symfony/symfony#61860 [Config][DependencyInjection][Routing] Deprecate using $this or the internal scope of the loader from PHP config files (@nicolas-grekas)
  • feature symfony/symfony#51273 [Config] Add ArrayNodeDefinition::acceptAndWrap() to list alternative types that should be accepted and wrapped in an array (@nicolas-grekas)
  • feature symfony/symfony#61718 [Config] Add argument $singular to NodeBuilder::arrayNode() to decouple plurals/singulars from XML (@nicolas-grekas)
  • feature symfony/symfony#61034 [Security][SecurityBundle] Dump role hierarchy as mermaid chart (@damienfern)
  • feature symfony/symfony#61379 [Security][TwigBridge] Add access_decision() and access_decision_for_user() (@florentdestremau)
  • feature symfony/symfony#61046 [SecurityBundle] configuration for the storage service for the login throttling rate limiter (@xabbuh)
  • feature symfony/symfony#60910 [DependencyInjection] Add argument $target to ContainerBuilder::registerAliasForArgument() (@nicolas-grekas)
  • feature symfony/symfony#60874 [FrameworkBundle] Allow using their name without added suffix when using #[Target] for custom services (@Valmonzo)
  • feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@MatTheCat)
  • feature symfony/symfony#60371 [SecurityBundle] register alias for argument for password hasher (@lyrixx, @chalasr)
v7.3.4

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.3...v7.3.4)

  • bug symfony/symfony#61714 [SecurityBundle] Fix semantic configuration for singulars/plurals in XML (@nicolas-grekas)
  • bug symfony/symfony#61701 [SecurityBundle] Add missing fixXmlConfig() call for issuer (@OskarStark)
  • bug symfony/symfony#61614 [SecurityBundle] Prevent accessing the tracked token storage when collecting data (@MatTheCat)
v6.4.26

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.25...v6.4.26)

  • bug symfony/symfony#61614 [SecurityBundle] Prevent accessing the tracked token storage when collecting data (@MatTheCat)
v7.3.3

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.2...v7.3.3)

  • no significant changes
v6.4.25

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.24...v6.4.25)

  • no significant changes
v7.3.2

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.1...v7.3.2)

  • bug symfony/symfony#61194 [Security] Fix added $token argument to UserCheckerInterface::checkPostAuth() (@nicolas-grekas)
v7.2.9

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.8...v7.2.9)

  • bug symfony/symfony#61194 [Security] Fix added $token argument to UserCheckerInterface::checkPostAuth() (@nicolas-grekas)
v6.4.24

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.23...v6.4.24)

  • no significant changes
v7.3.1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0...v7.3.1)

  • no significant changes
v7.2.8

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.7...v7.2.8)

  • no significant changes
v6.4.23

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.22...v6.4.23)

  • no significant changes
v7.3.0

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0-RC1...v7.3.0)

  • no significant changes
v7.2.7

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.6...v7.2.7)

  • bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@santysisi)
  • bug symfony/symfony#58643 [SecurityBundle] Use Composer InstalledVersions to check if flex is installed (@andyexeter)
v6.4.22

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.21...v6.4.22)

  • bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@santysisi)
v7.3.0-RC1

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0-BETA2...v7.3.0-RC1)

  • bug symfony/symfony#60419 [SecurityBundle] normalize string values to a single ExposeSecurityLevel instance (@xabbuh)
  • bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@santysisi)
v7.3.0-BETA2

Changelog (https://github.com/symfony/security-bundle/compare/v7.3.0-BETA1...v7.3.0-BETA2)

  • bug symfony/symfony#58643 [SecurityBundle] Use Composer InstalledVersions to check if flex is installed (@andyexeter)
v7.3.0-BETA1

Changelog (https://github.com/symfony/security-bundle/compare/v7.2.6...v7.3.0-BETA1)

  • feature symfony/symfony#59762 [Config] Add NodeDefinition::docUrl() (@alexandre-daubois)
  • feature symfony/symfony#60069 [FrameworkBundle] Deprecate setting the collect_serializer_data to false (@mtarld)
  • feature symfony/symfony#54932 [Security][SecurityBundle] OIDC discovery (@vincentchalamon)
  • feature symfony/symfony#50027 [Security] OAuth2 Introspection Endpoint (RFC7662) (@Spomky)
  • feature symfony/symfony#59805 [Security] Improve DX of recent additions (@nicolas-grekas)
  • feature symfony/symfony#59150 [Security] Allow using a callable with #[IsGranted] (@alexandre-daubois)
  • feature symfony/symfony#59771 [Security] Add ability for voters to explain their vote (@nicolas-grekas)
  • feature symfony/symfony#52181 [Security] Ability to add roles in form_login_ldap by ldap group (@Spomky)
  • feature symfony/symfony#59682 [Security] Deprecate UserInterface & TokenInterface's eraseCredentials() (@chalasr, @nicolas-grekas)
  • feature symfony/symfony#58300 [Security][SecurityBundle] Show user account status errors (@core23)
  • feature symfony/symfony#57721 [Security][SecurityBundle] Add encryption support to OIDC tokens (@Spomky)
  • feature symfony/symfony#59129 [SecurityBundle][TwigBridge] Add is_granted_for_user() function (@natewiebe13)
  • feature symfony/symfony#48142 [Security][SecurityBundle] User authorization checker (@natewiebe13)
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope