🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes (FrankenPHP, RoadRunner, Swoole).
Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now.
github.com/api-platform...
### Impact
`#[ApiProperty(security: ...)]` is evaluated per request to decide whether a property is exposed. The `componentsCache` arrays in `ApiPlatform\JsonApi\Serializer\ItemNormalizer` and `Ap...
The docs also cover how to add Claude Code back if you still want to use it. OpenCode can also be used with any proprietary provider (Anthropic, OpenAI, Google...).
lnkd.in/ekU8GMYv
Let's face it: coding agents work pretty well these days, and Claude Code is the leader. That's why I recently patched Symfony Docker to support it out of the box.
FrankenPHP 1.12.4 is out, a security hardening release.
Underscore header spoofing is now blocked at the server layer (Caddy 2.11.4), bundled Mercure 0.24.2 security fixes land, plus worker-mode crash and race fixes. Every user should upgrade.
github.com/php/frankenp...
Ready to code at the speed of thought? ⚡
Forget Docker headaches and slow cache warmups. At #SymfonOnline, I’m showing how FrankenPHP redefines @symfony.com DX with instant setups, true hot reloading via Mercure, and sandboxed AI agent integration.
📅 June 12
🎟️ live.symfony.com/2026-online-...
This is exactly why we built FrankenPHP's extension infrastructure!
Check out FrankenScriptling: a new extension that lets you use the Scriptling scripting language (Python-like) inside PHP.
Since Scriptling is in Go, FrankenPHP makes embedding it seamless. Love seeing this! 🐘🐹
Consequently, I just unbundled Claude Code from Symfony Docker and added docs explaining how to install OpenCode with open-weight models (like Mistral Medium 3.5, GLM-5.2, DeepSeek AI v4), locally or remotely.
Use a French hosting provider to benefit from a greener power grid!
Mercure 0.24.2 is out: a security hardening release. Rejects SSE field injection (CWE-93) via id/type, blocks reserved-namespace forgery, fixes a Last-Event-ID leak, caps element counts against DoS. Upgrade your hub.
github.com/dunglas/merc...
Today we published our Impact and Transparency Report for 2025. We are incredibly grateful for our sponsors, partners, contractors, & individual financial contributors for without them, none of our work would be possible. thephp.foundation/blog/2026/05...
#php #opensource
Antoine Bluchet @soyuka
This link will take you to a page that’s not on LinkedIn
lnkd.in
This link will take you to a page that’s not on LinkedIn
However, I wasn't comfortable shipping a proprietary tool using proprietary models controlled by a hostile state, all while having a heavy environmental impact. The sudden Fable ban finally convinced me this wasn't the way.
Community Mercure 0.24.2 is a security hardening release. It closes an SSE field-injection vector (CWE-93), blocks forgery of the hub's reserved subscription-event topics, fixes a metadata leak in ...
github.com
The PHP Foundation — Supporting, Advancing, and Developing the PHP Language
thephp.foundation
A dive into embedding a Python-like scripting language into PHP via a Go-based web server. Because why not.
FrankenPHP 1.12.4 is a hardening and stability release. It pulls in upstream security fixes from Caddy 2.11.4 and Mercure 0.24.2, closes a class of HTTP header spoofing, and fixes several crashes a...
