Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week
Source: blog.laravel.com
Security Release: Laravel 6.18.34, 7.23.2Category: Laravel
Today we released a security patch for Laravel 6.x and 7.x. In previous releases of Laravel, it was possible to mass assign Eloquent attributes that included the model's table name: When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent and was not documented.
For this reason, we have removed the automatic stripping of table names from mass-asignment operations so that the attributes go through the typical "fillable" / "guarded" logic.
Since this feature was relatively unknown and undocumented, we expect the vast majority of Laravel applications to be able to upgrade without issues.
For this reason, we have removed the automatic stripping of table names from mass-asignment operations so that the attributes go through the typical "fillable" / "guarded" logic.
Since this feature was relatively unknown and undocumented, we expect the vast majority of Laravel applications to be able to upgrade without issues.
Newsletter
Glimpse
Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.
Community Partners
Laravel/PHP Careers