github symfony/ux v2.36.0
on GitHub

latest release: v3.1.0
14 hours ago

Changelog (v2.35.0...v2.36.0)

  • security #557 [LiveComponent] Require X-Requested-With header to prevent CSRF (@Kocal)
  • security #cve-2026-49216 [Autocomplete] Fix XSS via unescaped AJAX response data (@Kocal)
  • security #cve-2026-49208 [LiveComponent] Parse format-less date LiveProps strictly with RFC 3339 (@Kocal)
  • security #cve-2026-49209 [LiveComponent] Cap the number of actions per _batch request (@Kocal)
  • security #cve-2026-49210 [LiveComponent] Reject malicious child component tags (@Kocal)
  • security #cve-2026-49212 [LiveComponent] Bind HMAC checksum to component name and slot (@Kocal)
  • security #cve-2026-49211 [Autocomplete] Escape LIKE wildcards in the search query (@Amoifr)
Check out latest releases or
releases around symfony/ux v2.36.0

Don't miss a new ux release

NewReleases is sending notifications on new releases.

Get notifications