This week, the upcoming Symfony 8.1 version added new options to the messenger:consume command, introduced a way to retrieve the original command input arguments and options, and added an option to map empty data using MapQueryString and MapRequestPayload.…
As of March 21, 2026, the CanisterWorm supply chain attack has expanded to 135 malicious package artifacts spanning more than 64 unique packages. We are tracking the incident on Socket’s dedicated CanisterWorm supply chain attack page: https://socket.dev/supply-chain-attacks/canisterworm. According to the Wiz investigation report released on March 20, 2026, the attack is attributed to “TeamPCP”, a threat actor behind the earlier Aqua Security's Trivy attacks [1 and 2]. We continue to monitor…
A thorough walkthrough of building a RAG system in Laravel using the new AI SDK, Postgres for vector storage, and Livewire 4 for a streaming chat UI. Covers everything from what RAG is and how semantic search works to embedding documents and querying them. Read more
Update — March 22, 2026: Additional compromised Trivy artifacts have been identified in Docker Hub. New image tags (0.69.5 and 0.69.6), along with the previously identified 0.69.4, were found to contain the same infostealer payload, with latest pointing to a malicious image during the exposure window. Read our full update on the Docker image compromise here: https://socket.dev/blog/trivy-docker-images-compromised A new supply chain attack targeting Trivy has been disclosed today by Paul…
The PHP Podcast streams live, typically every Thursday at 3 PM PT. Come join us and subscribe to our YouTube channel. Another fun episode of the PHP Podcast! Here’s what we covered: 🎙️ Elizabeth Barron’s New Role – We discussed Elizabeth Barron’s appointment as Executive Director of the PHP Foundation and recommended checking out the […] The post The PHP Podcast 2026.03.19 appeared first on PHP Architect.
In this episode of PHP Alive and Kicking, hosted by Mike and Chris (from PHP Architect), featuring their guest Elizabeth Barron, the newly appointed Executive Director of the PHP Foundation. The conversation covers Elizabeth’s origin story in PHP (self-teaching in the late 1990s), her vision for the Foundation beyond just funding core developers […] The post PHP Alive And Kicking: Episode 26 Elizabeth Barron appeared first on PHP Architect.
Daniel Coulbourne walks through building an MCP server with the official laravel/mcp package. He built one for his blog in about 20 minutes, then used it to write and publish the post you're reading. Read more
A practical look at why you should populate essential data from migrations instead of seeders. Once your app is live, manually running seeders becomes a deployment risk. Migrations are deterministic, automatic, and roll back cleanly. Read more
Twig 3.24.0 has just been released with a major new feature for working with HTML attributes, improved null-safe operator behavior, and variable renaming in object destructuring. The html_attr function Building HTML attributes in templates has always been…
Christoph Rumpel reflects on how AI tools are changing the way developers work. The core message: take the shortcuts that cut out mechanical work, but don't outsource the parts that make your work yours. Read more
SymfonyLive Paris 2026, conference in French language only, will take place from March 26 to 27! The schedule is currently being revealed as we go along. More details are available here. SymfonyLive Paris 2026 approche à grands pas ! Dans une…
We just released v7 of spatie/laravel-query-builder, our package that makes it easy to build flexible API endpoints. If you're building an API with Laravel, you'll almost certainly need to let consumers filter results, sort them, include relationships and select specific fields. Writing that logic by hand for every endpoint gets repetitive fast, and it's easy to accidentally expose columns or relationships you didn't intend to. Our query builder takes care of all of that. It reads query…
A deep dive into "Clinejection", where an attacker injected a prompt into a GitHub issue title, which an AI triage bot interpreted as an instruction. The resulting chain led to cache poisoning, credential theft, and a compromised npm package that silently installed a second AI agent on 4,000 developer machines. Read more
This week, the upcoming Symfony 8.1 version deprecated the erase credentials security feature, added a new MapRequestHeader attribute, introduced a deep cloner in the VarExporter component, and added support for defining custom functions in the JsonPath component.…
We gave all the settings screens in Flare a fresh coat of paint. Consistent layouts, better forms, improved navigation and plenty of small details that make the experience calmer and more focused. Read more