Category: Laravel, MySQL

We think you might be interested in this job:

Lead Full-Stack Developer

SPARK Business Works

Today we have released security patches via Laravel 6.20.26 and 8.40.0. These patches resolve a security vulnerability that allowed SQL injection when unfiltered user input was passed directly to the limit and offset methods of the Laravel query builder and the user was also using Microsoft SQL Server as their database. Other database drivers such as MySQL and Postgres do not appear to be affected by this problem at this time. All Laravel users are encouraged to update immediately, or, if you are unable to update to these versions, ensure that you are only passing integers to the limit and offset methods. This security vulnerability has been published as a GitHub security advisory: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j
Newsletter

Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week

Fathom Analytics | Fast, simple and privacy-focused website analytics. Fathom Analytics | Fast, simple and privacy-focused website analytics.
Community Partners