Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Security Http
Release Notes

Security Http Laravel Package

symfony/security-http

Symfony Security HTTP integrates the Security Core with HTTP: firewalls, request handling, and authenticators to secure parts of your app and authenticate users. Install via composer require symfony/security-http.

View on GitHub
Deep Wiki
Context7
v8.0.8

Changelog (https://github.com/symfony/security-http/compare/v8.0.7...v8.0.8)

  • no significant changes
v7.4.8

Changelog (https://github.com/symfony/security-http/compare/v7.4.7...v7.4.8)

  • no significant changes
v8.0.6

Changelog (https://github.com/symfony/security-http/compare/v8.0.5...v8.0.6)

  • no significant changes
v7.4.6

Changelog (https://github.com/symfony/security-http/compare/v7.4.5...v7.4.6)

  • no significant changes
v6.4.34

Changelog (https://github.com/symfony/security-http/compare/v6.4.33...v6.4.34)

  • no significant changes
v8.0.4

Changelog (https://github.com/symfony/security-http/compare/v8.0.3...v8.0.4)

  • no significant changes
v7.4.4

Changelog (https://github.com/symfony/security-http/compare/v7.4.3...v7.4.4)

  • no significant changes
v7.3.10

Changelog (https://github.com/symfony/security-http/compare/v7.3.9...v7.3.10)

  • no significant changes
v8.0.3

Changelog (https://github.com/symfony/security-http/compare/v8.0.2...v8.0.3)

  • bug symfony/symfony#62796 [Security] do not use PHPUnit mock objects without configured expectations (@xabbuh)
v7.4.3

Changelog (https://github.com/symfony/security-http/compare/v7.4.2...v7.4.3)

  • bug symfony/symfony#62796 [Security] do not use PHPUnit mock objects without configured expectations (@xabbuh)
v7.3.9

Changelog (https://github.com/symfony/security-http/compare/v7.3.8...v7.3.9)

  • bug symfony/symfony#62796 [Security] do not use PHPUnit mock objects without configured expectations (@xabbuh)
v6.4.31

Changelog (https://github.com/symfony/security-http/compare/v6.4.30...v6.4.31)

  • bug symfony/symfony#62796 [Security] do not use PHPUnit mock objects without configured expectations (@xabbuh)
v8.0.1

Changelog (https://github.com/symfony/security-http/compare/v8.0.0...v8.0.1)

  • bug symfony/symfony#62495 [Security][Http] Fix OIDC discovery when multiple HttpClient instances are used (@Ali-HENDA)
  • bug symfony/symfony#62487 [Security] Fix UserBadge validation bypass via identifier normalizer (@yoeunes)
v7.4.1

Changelog (https://github.com/symfony/security-http/compare/v7.4.0...v7.4.1)

  • bug symfony/symfony#62495 [Security][Http] Fix OIDC discovery when multiple HttpClient instances are used (@Ali-HENDA)
v7.3.8

Changelog (https://github.com/symfony/security-http/compare/v7.3.7...v7.3.8)

  • bug symfony/symfony#62487 [Security] Fix UserBadge validation bypass via identifier normalizer (@yoeunes)
  • bug symfony/symfony#62093 [Security] Fix HttpUtils::createRequest() when the context’s base URL isn’t empty (@MatTheCat)
v6.4.30

Changelog (https://github.com/symfony/security-http/compare/v6.4.29...v6.4.30)

  • bug symfony/symfony#62093 [Security] Fix HttpUtils::createRequest() when the context’s base URL isn’t empty (@MatTheCat)
v7.4.0

Changelog (https://github.com/symfony/security-http/compare/v7.4.0-RC3...v7.4.0)

  • bug symfony/symfony#62487 [Security] Fix UserBadge validation bypass via identifier normalizer (@yoeunes)
  • feature symfony/symfony#62469 [Security] Keep SymfonyCasts as backers of the Security components v7.4 🤗 (@nicolas-grekas)
v8.0.0-RC2

Changelog (https://github.com/symfony/security-http/compare/v8.0.0-RC1...v8.0.0-RC2)

  • bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@Ali-HENDA)
v7.4.0-RC2

Changelog (https://github.com/symfony/security-http/compare/v7.4.0-RC1...v7.4.0-RC2)

  • bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@Ali-HENDA)
v7.4.0-RC1

Changelog (https://github.com/symfony/security-http/compare/v7.4.0-BETA2...v7.4.0-RC1)

  • bug symfony/symfony#62093 [Security] Fix HttpUtils::createRequest() when the context’s base URL isn’t empty (@MatTheCat)
v7.3.5

Changelog (https://github.com/symfony/security-http/compare/v7.3.4...v7.3.5)

  • bug symfony/symfony#62037 Fix generating logout link with stateless csrf (@pierredup)
v8.0.0-BETA1

Changelog (https://github.com/symfony/security-http/compare/v7.3.4...v8.0.0-BETA1)

  • feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@ruudk)
  • feature symfony/symfony#61949 [HttpFoundation] Deprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE (@nicolas-grekas)
  • feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@Jean-Beru)
  • feature symfony/symfony#61948 [HttpFoundation] Deprecate Request::get() in favor of using properties ->attributes, query or request directly (@nicolas-grekas)
  • feature symfony/symfony#61789 [Security] deprecate extending RememberMeDetails using legacy constructor signature (@xabbuh)
  • feature symfony/symfony#61760 [Security] remove the user FQCN from remember me cookies (@xabbuh)
  • feature symfony/symfony#61743 [Security] deprecate the FQCN properties of PersistentToken and RememberMeDetails (@xabbuh)
  • feature symfony/symfony#61694 [Security] Add $tokenSource argument to #[IsCsrfTokenValid] to support reading tokens from the query string or headers (@webda2l)
  • feature symfony/symfony#61654 [Security] Deprecate PersistentToken::getClass() and RememberMeDetails::getUserFqcn() in order to remove the user FQCN from the remember-me cookie in 8.0 (@nicolas-grekas)
  • feature symfony/symfony#61542 [Security] Allow subclassing #[IsGranted] (@nicolas-grekas)
  • feature symfony/symfony#61504 [SecurityHttp] Removes final keyword from IsGranted attribute (@crtl)
  • feature symfony/symfony#61359 [Security] Add $methods support to #[IsGranted] to restrict access by HTTP method (@santysisi)
  • feature symfony/symfony#61204 [Security] Support union type for #[CurrentUser] attribute (@VincentLanglet)
  • feature symfony/symfony#61187 Declare new parameters on interfaces and methods explicitly (@nicolas-grekas)
  • feature symfony/symfony#61183 [Security] Throw when passing an empty string as $userIdentifier and tighten AuthenticatorManager and OidcTokenHandler arguments (@nicolas-grekas)
  • feature symfony/symfony#61011 [Security] Remove deprecated RememberMeToken::getSecret() (@ktherage)
  • feature symfony/symfony#60879 [Security] Remove callable firewall listeners support (@MatTheCat)
  • feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@MatTheCat)
  • feature symfony/symfony#60742 [Ldap][Security] Remove deprecated eraseCredentials() from (User|Token)Interface (@chalasr)
  • feature symfony/symfony#60697 Enforce return types on all components (@nicolas-grekas)
  • feature symfony/symfony#60639 Bump Symfony 8 to PHP >= 8.4 (@nicolas-grekas)
v7.4.0-BETA1

Changelog (https://github.com/symfony/security-http/compare/v7.3.4...v7.4.0-BETA1)

  • feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@ruudk)
  • feature symfony/symfony#61949 [HttpFoundation] Deprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE (@nicolas-grekas)
  • feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@Jean-Beru)
  • feature symfony/symfony#61948 [HttpFoundation] Deprecate Request::get() in favor of using properties ->attributes, query or request directly (@nicolas-grekas)
  • feature symfony/symfony#61789 [Security] deprecate extending RememberMeDetails using legacy constructor signature (@xabbuh)
  • feature symfony/symfony#61743 [Security] deprecate the FQCN properties of PersistentToken and RememberMeDetails (@xabbuh)
  • feature symfony/symfony#61694 [Security] Add $tokenSource argument to #[IsCsrfTokenValid] to support reading tokens from the query string or headers (@webda2l)
  • feature symfony/symfony#61654 [Security] Deprecate PersistentToken::getClass() and RememberMeDetails::getUserFqcn() in order to remove the user FQCN from the remember-me cookie in 8.0 (@nicolas-grekas)
  • feature symfony/symfony#61542 [Security] Allow subclassing #[IsGranted] (@nicolas-grekas)
  • feature symfony/symfony#61504 [SecurityHttp] Removes final keyword from IsGranted attribute (@crtl)
  • feature symfony/symfony#61359 [Security] Add $methods support to #[IsGranted] to restrict access by HTTP method (@santysisi)
  • feature symfony/symfony#61204 [Security] Support union type for #[CurrentUser] attribute (@VincentLanglet)
  • feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@MatTheCat)
v7.3.4

Changelog (https://github.com/symfony/security-http/compare/v7.3.3...v7.3.4)

  • bug symfony/symfony#61659 [Security] Fix HttpUtils::createRequest() when the base request is forwarded (@MatTheCat)
v6.4.26

Changelog (https://github.com/symfony/security-http/compare/v6.4.25...v6.4.26)

  • bug symfony/symfony#61659 [Security] Fix HttpUtils::createRequest() when the base request is forwarded (@MatTheCat)
v7.3.3

Changelog (https://github.com/symfony/security-http/compare/v7.3.2...v7.3.3)

  • feature symfony/symfony#61486 [Security] Ignore target route when exiting impersonation (@MatTheCat)
v6.4.25

Changelog (https://github.com/symfony/security-http/compare/v6.4.24...v6.4.25)

  • feature symfony/symfony#61486 [Security] Ignore target route when exiting impersonation (@MatTheCat)
v7.3.2

Changelog (https://github.com/symfony/security-http/compare/v7.3.1...v7.3.2)

  • no significant changes
v7.2.9

Changelog (https://github.com/symfony/security-http/compare/v7.2.8...v7.2.9)

  • no significant changes
v6.4.24

Changelog (https://github.com/symfony/security-http/compare/v6.4.23...v6.4.24)

  • no significant changes
v7.3.1

Changelog (https://github.com/symfony/security-http/compare/v7.3.0...v7.3.1)

  • bug symfony/symfony#60785 [Security] Handle non-callable implementations of FirewallListenerInterface (@MatTheCat)
v7.2.8

Changelog (https://github.com/symfony/security-http/compare/v7.2.7...v7.2.8)

  • bug symfony/symfony#60785 [Security] Handle non-callable implementations of FirewallListenerInterface (@MatTheCat)
v6.4.23

Changelog (https://github.com/symfony/security-http/compare/v6.4.22...v6.4.23)

  • bug symfony/symfony#60785 [Security] Handle non-callable implementations of FirewallListenerInterface (@MatTheCat)
v7.3.0

Changelog (https://github.com/symfony/security-http/compare/v7.3.0-RC1...v7.3.0)

  • no significant changes
v7.2.7

Changelog (https://github.com/symfony/security-http/compare/v7.2.6...v7.2.7)

  • bug symfony/symfony#60379 [Security] Avoid failing when PersistentRememberMeHandler handles a malformed cookie (@Seldaek)
  • bug symfony/symfony#60350 [Security][LoginLink] Throw InvalidLoginLinkException on invalid parameters (@davidszkiba)
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport