Symfony 8.0.11 released
Symfony 8.0.11 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project. Tip…
Lire
Symfony 7.4.11 released
Symfony 7.4.11 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project. Tip…
Lire
Symfony 6.4.39 released
Symfony 6.4.39 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project. Tip…
Lire
Quoting Boris Mann
Quoting Boris Mann
“11 AI agents” is meaningless as a phrase. If I said “I have 11 spreadsheets” or “I have 11 browser tabs” to do my work, it means about the same thing. — Boris Mann Tags: ai-agents, ai, agent-definitions
Lire
Packagist Urges Immediate Composer Update After GitHub Actions Token Leak
Packagist is urgently warning PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. Composer 2.9.8, 2.2.28 LTS, and 1.10.28 fix a vulnerability where Composer could print the full contents of GitHub Actions-issued GITHUB_TOKEN values or GitHub App installation tokens to stderr when the token failed Composer’s validation check. The issue was triggered by GitHub’s rollout of a new token format that includes a hyphen, which…
Lire
Our hackathon project: Live at Spatie
At our latest hackathon, we built Live at Spatie, a Laravel and React wrapper around Owntone that lets the whole team queue music, see what's playing, and control the office speakers. The nicest touch is the Slack bot: thanks to an MCP server powered by laravel/mcp and OpenClaw, you can ask it to queue music right from Slack. Read more
Lire
SymfonyOnline June 2026: The schedule is live!
The wait is over! After reviewing many high-quality proposals, we are excited to announce the schedule for SymfonyOnline June 2026, taking place online from June 11 to 12, 2026! 🙏 A huge thank you to our community First and foremost, we want to…
Lire
New in Symfony 8.1: Dynamic Controller Attributes
Controller attributes such as #[Cache], #[IsGranted], #[Template] and #[MapRequestPayload] are a core part of modern Symfony applications. Technically, they are static reflection metadata resolved from source code. Symfony 8.1 introduces several improvements…
Lire
CSP Allow-list Experiment
Tool: CSP Allow-list Experiment An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see previous note) and have a custom fetch() that intercepts CSP errors and passes them up to the parent window... which can then prompt the user to add that domain to an allow-list and then refresh the page. I built this one with GPT-5.5 xhigh running in the Codex desktop app. Tags: content-security-policy, iframes, security
Lire
GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government
Socket's threat research team is tracking a suspicious RubyGems campaign we’re calling GemStuffer, involving more than 100 gems that appear to use the RubyGems registry as a data transport mechanism rather than a conventional malware distribution channel. The packages do not appear designed for mass developer compromise. Many have little or no download activity, and the payloads are repetitive, noisy, and unusually self-contained. Instead, the scripts fetch pages from UK local government…
Lire
datasette 1.0a29
datasette 1.0a29
Release: datasette 1.0a29 New TokenRestrictions.abbreviated(datasette) utility method for creating "_r" dictionaries. #2695 Table headers and column options are now visible even if a table contains zero rows. #2701 Fixed bug with display of column actions dialog on Mobile Safari. #2708 Fixed bug where tests could crash with a segfault due to a race condition between Datasette.close() and Datasette.close(). #2709 That segfault bug was gnarly. I added a mechanism to Datasette recently that would…
Lire
Quoting Mo Bitar
Quoting Mo Bitar
Now, if your CEO has never heard the phrase Ralph Loop, oh man, you are less than 30 days away from your next promotion. I'm not even exaggerating. Walk into his office, close the door, and say, hey chief, been experimenting with something. It's called Ralph Loops. And I think it could change literally everything. And he's gonna say, what's a Ralph loop? And you will say, give me $18,000 worth of API credits and I'll show you. Now you won't actually do anything, because you can't do anything.…
Lire
Quoting Mitchell Hashimoto
Quoting Mitchell Hashimoto
The thing about 90% of TDMs [Technical Decision Makers] is that they're motivated primarily by NOT GETTING FIRED. These aren't people who browser Lobsters or push to GH on the weekend. These are people that work 9 to 5, get paid, go home, and NEVER THINK ABOUT WORK AGAIN. So to achieve all that, they follow secular trends supported by analysts and broad public sentiment. Oh, Gartner said that "AI strategy" is most important? McKinsey said "context" needs to be managed? Well, "Context Engine for…
Lire
llm 0.32a2
llm 0.32a2
Release: llm 0.32a2 A bunch of useful stuff in this LLM alpha, but the most important detail is this one: Most reasoning-capable OpenAI models now use the /v1/responses endpoint instead of /v1/chat/completions. This enables interleaved reasoning across tool calls for GPT-5 class models. #1435 This means you can now see the summarized reasoning tokens when you run prompts against an OpenAI model, displayed in a different color to standard error. Use the -R or --hide-reasoning flags if you don't…
Lire
SymfonyDay Montreal 2026: Building TUIs in PHP: The Symfony Terminal Component
We are excited to welcome the Symfony community to Montreal on June 4, 2026, at L'Espace Quartier Latin (UQAM). Join us for a day dedicated to expertise and innovation in the heart of the city! See more details about SymfonyDay Montreal 2026. 🎤 Speaker…
Lire