Laravel 5.5.11 Released with a Security Fix

Laravel tagged a 5.5.11 release including a security fix. The fix is related to a possible timing attacks on the remember_me token verification process. Read the notes below for more information.

Version v5.5.10 also introduced the Route::respondWithRoute() method. Laravel developer Mohamed Said, the author of the new route features, wrote an article about the Route::respondWithRoute() and Route::fallback() methods, Better 404 Responses Using Laravel 5.5.

v5.5.11

Fixed

Fixed bug in EloquentUserProvider introduced in #21320 (#21323)

v5.5.10

Added

Added Route::respondWithRoute($name) method (#21299, 66c5e46)

method (#21299, 66c5e46) Added $strict parameter to TestResponse::assertJson() (#21301)

Changed

Added “firmware” as an uncountable word (#21306)

Allow MorphTo::associate() accept null (#21318)

Changed __() signature to match Translation::trans() (10c013c)

Fixed

Add missing driver parameter to doctrine connection (#21297)

Security

Perform constant-time token comparison in DatabaseUserProvider (#21320)

Filed in: News