Symfony 5.3.2 has just been released. has just been released with over 30 bug fix. This is the second release in the 5.3 branch, first released in May 2021 with end of life by January 2022, the last short maintenance release before the long term support which should be the 5.4. Here is a list of the most important changes in the first Symfony 5.3.2 :

Symfony 5.3.2

Changes in Symfony 5.3.2

  • security #cve-2021-32693 [SecurityHttp] Fix “Authentication granted with multiple firewalls” (@wouterj)
  • bug #41693 [Uid] fix performance and prevent collisions with the real cloc _seq (@nicolas-grekas)
  • bug #41700 [Security] Fix deprecation notice on TokenInterface::getUser() stringable return (@tscni)
  • bug #41703 [Security] Restore extension point in MessageDigestPasswordEncoder (@derrabus)
  • bug #41716 [Messenger] Fix RequestContext not updated (@jderusse)
  • bug #41616 [Messenger] Remove TLS related options when not using TLS (@odolbeau)
  • bug #41719 [FrameworkBundle] fix Could not find service “test.servic _container” (@smilesrg)
  • bug #41686 [Console] Fix using #[AsCommand] without DI (@nicolas-grekas)
  • bug #41673 [DependencyInjection] fix parsing classes for attributes (@nicolas-grekas)
  • bug #41675 [Runtime] fix overriding –env|-e with single-command apps (@nicolas-grekas)
  • bug #41674 [HttpClient] fix compat with cURL <= 7.37 (@nicolas-grekas)
  • bug #41680 [Console] fix managing signals when commands are lazy loaded (@nicolas-grekas)
  • bug #41678 [PasswordHasher] Fix missing PasswordHasherAwareInterface allowed type (@chalasr)
  • bug #41656 [HttpClient] throw exception when AsyncDecoratorTrait gets an already consumed response (@nicolas-grekas)
  • bug #41600 [Notifier] Escape . char for Telegram transport (@Clément)
  • bug #41644 [Config] fix tracking attributes in ReflectionClassResource (@nicolas-grekas)
  • bug #41621 [Process] Fix incorrect parameter type (@bch36)
  • bug #41624 [HttpClient] Revert bindto workaround for unaffected PHP versions (@derrabus)
  • bug #41597 [DependencyInjection] fix when@{env} inside imported files (@nusje2000)
  • bug #41553 [Messenger] fix BC for FrameworkBundle 4.4 with a non-existence alias being used (@monteiro)
  • bug #41582 Fix not null get collection key types (@dragosprotung)
  • bug #41572 [PasswordHasher] Prevent PHP fatal error when using auto algorithm (@matason)
  • bug #41549 [Security] Fix opcache preload with alias classes (@jderusse)
  • bug #41491 [Serializer] Do not allow to denormalize string with spaces only to valid a DateTime object (@sidz)
  • bug #41535 [Console] Fix negated options not accessible (@jderusse)
  • bug #41472 [Validator] remove service if its class doesn’t exist (@xabbuh)
  • bug #41218 [DependencyInjection] Update loader’s directory when calling ContainerConfigurator::withPath (@MatTheCat)
  • bug #41505 [FrameworkBundle] fix KernelBrowser::loginUser with a stateless firewall (@dunglas)
  • bug #41509 [SecurityBundle] Link UserProviderListener to correct firewall dispatcher (@Matth–)
  • bug #41386 [Console] Escape synopsis output (@jschaedl)
  • bug #41523 [Notifier] [Bridge] Remove hidden dependency on HttpFoundation for SmsBiurasTransport (@fre5h)
  • bug #41512 Relax requirement on symfony/runtime (@lyrixx)

Symfony 5.3.2 is a maintenance release so you are encouraged to download and test. Symfony protects backwards-compatibility very closely, upgrading should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read the upgrade documentation to learn more.

Notice that the LTS versions is the 4.4 branch will be supported until November 2022 and then November 2023 for security updates, while support for the Symfony 5.2.6 will end by July 2021.

Symfony is an open source PHP Framework released under an MIT license. More information at


Please enter your comment!
Please enter your name here