Symfony Blog

A Week of Symfony #1009 (April 27 – May 3, 2026)

Javier Eguiluz — Sun, 03 May 2026 09:20:00 +0200

This week, Symfony released the maintained versions 6.4.37, 7.4.9, and 8.0.9. Meanwhile, we continued merging new features for the upcoming Symfony 8.1 version, such as the new TUI component. Lastly, we published an update about the recent SymfonyInsight improvements.

Symfony development highlights

This week, 65 pull requests were merged (62 in code and 3 in docs) and 50 issues were closed (50 in code and 0 in docs). Excluding merges, 24 authors made additions and deletions. See details for code and docs.

6.4 changelog:

a990dfd: [Dotenv] strip NUL byte placeholder from values passed to putenv()
884ba49: [AssetMapper] allow spaces in version constraints
579599f: [DoctrineBridge] fail with a clear exception when symfony/form is missing
f3eb6ec: [Validator] fix mapping properties using property hooks
bf55ada: [HttpClient] don't share CURL_LOCK_DATA_CONNECT to honor max_host_connections
42935b9: [Lock] avoid aborting outer PostgreSQL transaction on lock contention
5f8ed0a: [RateLimiter] keep token bucket alive while reservation debt is unpaid
7a771fc: [Cache] normalize default_lifetime for pools wrapped by ChainAdapter
9b4e0ba: [MonologBridge] guard against re-entrant calls in AbstractTokenProcessor
eab9413: [FrameworkBundle] apply tagged MIME type guessers in File::getMimeType()
49af6cc: [Mime] preserve inline part filename instead of overwriting it with the Content-ID
1b54941: [Config] allow env placeholders in NumericNode min/max checks
59d2a90: [Notifier] fix Basic auth header by keeping base64 padding in Ntfy
a0a4c4b: [Serializer] move type-mismatch and uninitialized-property handling into concrete normalizers
fe017f8: [Messenger] do not sleep after worker is stopped during idle cycle
37c3c42: [Messenger] alias the AMQP "user" connection option to "login"
d87ea79: [DependencyInjection] reject circular references through a factory builder's setup

7.4 changelog:

f5731dd: remove usages of named arguments in tests
8af7d2e: [Mailer] handle alternate error payload shapes for Payload Too Large in Postmark
532e9cb: [Messenger] keep deduplication lock when handler throws
1fc1587: [FrameworkBundle] fix mailer package check for bridges whose composer name does not match the service id
13420b5: [DoctrineBridge] catch any driver exception in the same-database check
9d2959e: [Config] fix array-shape generator dropping alternative types on nested PrototypedArrayNode
6c24463: [Form] preserve collection children added by PRE_SET_DATA listeners
4708a71: [Notifier] fix default boolean values SweegoTransportFactory
95ae294: [Uid] fix compat with ext-ds v2
ce04d4d: [Validator] simplify When::$expression’s closure PHPDoc

8.1 changelog:

28e35c1: [Tui] add the component
8af0042: [Messenger] release deduplication lock on definitive failure
27ba8df: [Serializer] improve NotNormalizableValueException message in BackedEnumNormalizer
949a300: [DependencyInjection] support autowiring env vars as closures or Stringable when using #[Autowire(env: 'FOO')]
8fa019f: [Runtime] add FRANKENPHP_RESET_KERNEL to reset the kernel between requests
82ee657: [Validator] make constraint validators reentrant instead of being stateful
ca35814: [MonologBridge] add $subjectMaxLength option to MailerHandler
9d8f068: [RateLimiter] add #[RateLimit] attribute to rate limit controllers declaratively
39ac8ed: [FrameworkBundle] add --sort option to debug:router command
bb9e429: [Workflow] remove bg_color and description from metadata text in GraphvizDumper
54d7bf9: [JsonStreamer] add DateTimeZone value object support
42d1138: [Workflow] add support for dumping listeners in Graphviz diagrams
11a5783: [ObjectMapper] fix #[Map] attribute breaking auto-mapping of other properties
4b49e5b: [VarDumper] add CSP nonce support to HtmlDumper
52db04c: [Form] use translation_domain for expanded ChoiceType placeholder
d96bbae: [Form] hide the placeholder in ChoiceType/select when not required
2a032cc: [Notifier] add bridge for Prelude
ff69ea3: [TwigBundle] add twig.safe_class resource tag to register safe classes for the escaper
409109c: [VarDumper] dump class-strings as class stubs with source location and static properties
ac97b50: [HttpFoundation] add SessionHasFlashMessage test constraint
2566d12: [Serializer] add AbstractObjectNormalizer::ENABLE_TYPE_CONVERSION for scalar type transformation
57e0c13: [VarDumper] skip built-in class names
9883d5e: [Console] add support for OSC 9;4 escape sequence for progress reporting
089fb07: [Serializer] add COLLECT_EXTRA_ATTRIBUTES_ERRORS and full deserialization path
6f09f3f: [ErrorHandler] trigger @method deprecation notices for abstract classes
645e8bc: [HttpKernel, VarDumper, WebProfilerBundle] forward CSP nonce to dump() instead of disabling CSP

Newest issues and pull requests

Symfony Jobs

These are some of the most recent Symfony job offers:

DevOps for a Symfony project at Cloudpepper
Full-time - $150,000 – $180,000 / year
Full remote
View details
Lead Symfony Developer at SCTR Services
Full-time - $70,000 – $110,000 / year
Full remote
View details
Symfony Developer at Design Force Marketing
Full-time - $60,000 – $100,000 / year
Grand Haven Michigan, United States
View details
Backend Symfony Developer at ShipMonk
Contract / Freelance - $5,000 – $8,000 / month
Full remote
View details
Backend Symfony Developer at Vacatia
Full-time - $150,000 – $180,000 / year
Remote + part-time onsite (Portland, Oregon, United States)
View details

You can publish a Symfony job offer for free on symfony.com.

They talked about us

Upcoming Symfony Events

Web Summer Camp 2026: Opatija, Croatia (July 2, 2026 – July 4, 2026)

Call to Action

Follow Symfony on X, on Mastodon, on Bluesky and on Threads and share this article.
Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Sponsor the Symfony project.

Symfony 8.0.9 released

Fabien Potencier — Fri, 01 May 2026 10:14:53 +0200

Symfony 8.0.9 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Tip

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 8.0.8

bug #64090 [DependencyInjection] Reject circular references through a factory builder's setup (@nicolas-grekas)
bug #64088 [Uid] Fix compat with ext-ds v2 (@nicolas-grekas)
bug #64083 [Messenger] Alias the AMQP "user" connection option to "login" (@lacatoire)
bug #64084 [Messenger] Do not sleep after worker is stopped during idle cycle (@Toflar)
bug #63653 Fix default boolean values SweegoTransportFactory (@qdequippe)
bug #64043 [Form] Preserve collection children added by PRE_SET_DATA listeners (@dargor980)
bug #64042 [Config] Fix array-shape generator dropping alternative types on nested PrototypedArrayNode (@Amoifr)
bug #64025 [DoctrineBridge] Catch any driver exception in the same-database check (@lacatoire)
bug #64023 [FrameworkBundle] Fix mailer package check for bridges whose composer name does not match the service id (@lacatoire)
bug #63992 [Messenger] Keep deduplication lock when handler throws (@ousamabenyounes)
bug #63993 [Mailer][Postmark] Handle alternate error payload shapes for Payload Too Large (@ousamabenyounes)
bug #64067 [Serializer] Move type-mismatch and uninitialized-property handling into concrete normalizers (@ousamabenyounes)
bug #64065 [Notifier][Ntfy] Fix Basic auth header by keeping base64 padding (@ousamabenyounes)
bug #64045 [Config] Allow env placeholders in NumericNode min/max checks (@ousamabenyounes)
bug #64047 [Mime] Preserve inline part filename instead of overwriting it with the Content-ID (@ousamabenyounes)
bug #64044 [FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType() (@ousamabenyounes)
bug #64030 [MonologBridge] Guard against re-entrant calls in AbstractTokenProcessor (@ousamabenyounes)
bug #64060 [Cache] Normalize default_lifetime for pools wrapped by ChainAdapter (@ostrolucky)
bug #63996 [RateLimiter] Keep token bucket alive while reservation debt is unpaid (@ousamabenyounes)
bug #63975 [Lock] Avoid aborting outer PostgreSQL transaction on lock contention (@lacatoire)
bug #64046 [HttpClient] Don't share CURL_LOCK_DATA_CONNECT to honor max_host_connections (@ousamabenyounes)
bug #64036 [Validator] fix mapping properties using property hooks (@mrossard)
bug #64024 [AssetMapper] Allow spaces in version constraints (@MatTheCat)
bug #64020 [Dotenv] Strip NUL byte placeholder from values passed to putenv() (@alexandre-daubois)
bug #63991 [FrameworkBundle] Strip --no-fill marker from every translation domain (@ousamabenyounes)
bug #63982 [Messenger] Respect SentToFailureTransportStamp when failure transports are configured (@ousamabenyounes)
bug #63990 [Messenger] Do not apply --max to --stats unless explicitly set (@ousamabenyounes)
bug #63979 [Serializer] Capture constructor TypeError when collecting denormalization errors (@lacatoire)
bug #64006 [DependencyInjection] Fix hidden dependency on symfony/config in PhpDumper (@GromNaN)
bug #63983 [Security] Throw BadCredentialsException on empty JSON login username/password (@ousamabenyounes)
bug #63981 [Routing] Honor the Request's method in UrlMatcher::matchRequest() (@ousamabenyounes)
bug #63980 [DependencyInjection] Log every build parameter removed during compilation (@ousamabenyounes)
bug #63974 [Serializer] Make BackedEnumNormalizer unconditionally return null on invalid value if allow_invalid_values is set (@MatTheCat)
bug #63964 [Cache] Ensure internal state is cleared in TagAwareAdapter::reset() … (@KevinMartinsDev)
bug #63955 [Dotenv] Fix variable corruption when loading env more than once (@nicolas-grekas)
bug #63959 [VarExporter] Don't warn for __sleep()-listed uninitialized declared properties (@nicolas-grekas)
bug #63918 [TypeInfo] Fix collectUses() to support grouped use imports (@Amoifr)
bug #63952 [Scheduler] Respect console.command DI tag command attribute (@nicolas-grekas)
bug #63951 [DependencyInjection] Fix autowiring nullable intersection types (@HypeMC)
bug #63948 [Scheduler] Support command aliases (@ambroisemaupate)
bug #63923 [CssSelector] Fix :is() and :where() combining conditions with parent selector (@lacatoire)
bug #63938 [Workflow] Fix HTML escaping in GraphvizDumper labels (@alexandre-daubois)
bug #63930 [WebProfilerBundle] Fix toolbar toggle button accessibility (@Nitram1123)
bug #63889 [ObjectMapper] Auto-inject ObjectMapper into ObjectMapperAwareInterface transforms (@Amoifr)
bug #63915 [Mailer] Fix handling of webhook.test verification event from MailerSend webhook (@mwansinck)
bug #63909 [Filesystem] Fix Path methods replacing backslashes on UNIX (@Amoifr)
bug #63922 [DependencyInjection] Fix excludeSelf not applied when using AutowireLocator (@GromNaN)
bug #63894 [Dotenv] Fix self-referencing variable resolution with suffix/prefix (@Amoifr)
bug #63883 [Serializer] Fix getAllowedAttributes() when groups contain wildcard '*' (@takashiraki)
bug #63876 [DependencyInjection] Fix instanceof autoconfiguration for anonymous classes (@jlabedo)
bug #63860 [Cache] Fix Psr16Cache::getMultiple() returning wrapper values when using TTL (@nicolas-grekas)
bug #63859 [Console] Fix shell completion when SHELL_VERBOSITY=-1 (@nicolas-grekas)
bug #63847 [EventDispatcher] Fix TraceableEventDispatcher when reset during dispatch (@aschempp)
data #63849 Remove needs-review flag for Afrikaans (af) (@payene)

Sponsor the Symfony project.

Symfony 7.4.9 released

Fabien Potencier — Fri, 01 May 2026 10:00:45 +0200

Symfony 7.4.9 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Tip

Changelog Since Symfony 7.4.8

bug #64090 [DependencyInjection] Reject circular references through a factory builder's setup (@nicolas-grekas)
bug #64088 [Uid] Fix compat with ext-ds v2 (@nicolas-grekas)
bug #64083 [Messenger] Alias the AMQP "user" connection option to "login" (@lacatoire)
bug #64084 [Messenger] Do not sleep after worker is stopped during idle cycle (@Toflar)
bug #63653 Fix default boolean values SweegoTransportFactory (@qdequippe)
bug #64043 [Form] Preserve collection children added by PRE_SET_DATA listeners (@dargor980)
bug #64042 [Config] Fix array-shape generator dropping alternative types on nested PrototypedArrayNode (@Amoifr)
bug #64025 [DoctrineBridge] Catch any driver exception in the same-database check (@lacatoire)
bug #64023 [FrameworkBundle] Fix mailer package check for bridges whose composer name does not match the service id (@lacatoire)
bug #63992 [Messenger] Keep deduplication lock when handler throws (@ousamabenyounes)
bug #63993 [Mailer][Postmark] Handle alternate error payload shapes for Payload Too Large (@ousamabenyounes)
bug #64067 [Serializer] Move type-mismatch and uninitialized-property handling into concrete normalizers (@ousamabenyounes)
bug #64065 [Notifier][Ntfy] Fix Basic auth header by keeping base64 padding (@ousamabenyounes)
bug #64045 [Config] Allow env placeholders in NumericNode min/max checks (@ousamabenyounes)
bug #64047 [Mime] Preserve inline part filename instead of overwriting it with the Content-ID (@ousamabenyounes)
bug #64044 [FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType() (@ousamabenyounes)
bug #64030 [MonologBridge] Guard against re-entrant calls in AbstractTokenProcessor (@ousamabenyounes)
bug #64060 [Cache] Normalize default_lifetime for pools wrapped by ChainAdapter (@ostrolucky)
bug #63996 [RateLimiter] Keep token bucket alive while reservation debt is unpaid (@ousamabenyounes)
bug #63975 [Lock] Avoid aborting outer PostgreSQL transaction on lock contention (@lacatoire)
bug #64046 [HttpClient] Don't share CURL_LOCK_DATA_CONNECT to honor max_host_connections (@ousamabenyounes)
bug #64036 [Validator] fix mapping properties using property hooks (@mrossard)
bug #64024 [AssetMapper] Allow spaces in version constraints (@MatTheCat)
bug #64020 [Dotenv] Strip NUL byte placeholder from values passed to putenv() (@alexandre-daubois)
bug #63991 [FrameworkBundle] Strip --no-fill marker from every translation domain (@ousamabenyounes)
bug #63982 [Messenger] Respect SentToFailureTransportStamp when failure transports are configured (@ousamabenyounes)
bug #63990 [Messenger] Do not apply --max to --stats unless explicitly set (@ousamabenyounes)
bug #63979 [Serializer] Capture constructor TypeError when collecting denormalization errors (@lacatoire)
bug #64006 [DependencyInjection] Fix hidden dependency on symfony/config in PhpDumper (@GromNaN)
bug #63983 [Security] Throw BadCredentialsException on empty JSON login username/password (@ousamabenyounes)
bug #63981 [Routing] Honor the Request's method in UrlMatcher::matchRequest() (@ousamabenyounes)
bug #63980 [DependencyInjection] Log every build parameter removed during compilation (@ousamabenyounes)
bug #63974 [Serializer] Make BackedEnumNormalizer unconditionally return null on invalid value if allow_invalid_values is set (@MatTheCat)
bug #63964 [Cache] Ensure internal state is cleared in TagAwareAdapter::reset() … (@KevinMartinsDev)
bug #63955 [Dotenv] Fix variable corruption when loading env more than once (@nicolas-grekas)
bug #63959 [VarExporter] Don't warn for __sleep()-listed uninitialized declared properties (@nicolas-grekas)
bug #63918 [TypeInfo] Fix collectUses() to support grouped use imports (@Amoifr)
bug #63952 [Scheduler] Respect console.command DI tag command attribute (@nicolas-grekas)
bug #63951 [DependencyInjection] Fix autowiring nullable intersection types (@HypeMC)
bug #63948 [Scheduler] Support command aliases (@ambroisemaupate)
bug #63923 [CssSelector] Fix :is() and :where() combining conditions with parent selector (@lacatoire)
bug #63938 [Workflow] Fix HTML escaping in GraphvizDumper labels (@alexandre-daubois)
bug #63930 [WebProfilerBundle] Fix toolbar toggle button accessibility (@Nitram1123)
bug #63889 [ObjectMapper] Auto-inject ObjectMapper into ObjectMapperAwareInterface transforms (@Amoifr)
bug #63915 [Mailer] Fix handling of webhook.test verification event from MailerSend webhook (@mwansinck)
bug #63909 [Filesystem] Fix Path methods replacing backslashes on UNIX (@Amoifr)
bug #63922 [DependencyInjection] Fix excludeSelf not applied when using AutowireLocator (@GromNaN)
bug #63894 [Dotenv] Fix self-referencing variable resolution with suffix/prefix (@Amoifr)
bug #63883 [Serializer] Fix getAllowedAttributes() when groups contain wildcard '*' (@takashiraki)
bug #63876 [DependencyInjection] Fix instanceof autoconfiguration for anonymous classes (@jlabedo)
bug #63860 [Cache] Fix Psr16Cache::getMultiple() returning wrapper values when using TTL (@nicolas-grekas)
bug #63859 [Console] Fix shell completion when SHELL_VERBOSITY=-1 (@nicolas-grekas)
bug #63847 [EventDispatcher] Fix TraceableEventDispatcher when reset during dispatch (@aschempp)
data #63849 Remove needs-review flag for Afrikaans (af) (@payene)

Sponsor the Symfony project.

Symfony 6.4.37 released

Fabien Potencier — Fri, 01 May 2026 09:47:57 +0200

Symfony 6.4.37 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Tip

Changelog Since Symfony 6.4.36

bug #64090 [DependencyInjection] Reject circular references through a factory builder's setup (@nicolas-grekas)
bug #64083 [Messenger] Alias the AMQP "user" connection option to "login" (@lacatoire)
bug #64084 [Messenger] Do not sleep after worker is stopped during idle cycle (@Toflar)
bug #64067 [Serializer] Move type-mismatch and uninitialized-property handling into concrete normalizers (@ousamabenyounes)
bug #64065 [Notifier][Ntfy] Fix Basic auth header by keeping base64 padding (@ousamabenyounes)
bug #64045 [Config] Allow env placeholders in NumericNode min/max checks (@ousamabenyounes)
bug #64047 [Mime] Preserve inline part filename instead of overwriting it with the Content-ID (@ousamabenyounes)
bug #64044 [FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType() (@ousamabenyounes)
bug #64030 [MonologBridge] Guard against re-entrant calls in AbstractTokenProcessor (@ousamabenyounes)
bug #64060 [Cache] Normalize default_lifetime for pools wrapped by ChainAdapter (@ostrolucky)
bug #63996 [RateLimiter] Keep token bucket alive while reservation debt is unpaid (@ousamabenyounes)
bug #63975 [Lock] Avoid aborting outer PostgreSQL transaction on lock contention (@lacatoire)
bug #64046 [HttpClient] Don't share CURL_LOCK_DATA_CONNECT to honor max_host_connections (@ousamabenyounes)
bug #64036 [Validator] fix mapping properties using property hooks (@mrossard)
bug #64024 [AssetMapper] Allow spaces in version constraints (@MatTheCat)
bug #64020 [Dotenv] Strip NUL byte placeholder from values passed to putenv() (@alexandre-daubois)
bug #63982 [Messenger] Respect SentToFailureTransportStamp when failure transports are configured (@ousamabenyounes)
bug #63990 [Messenger] Do not apply --max to --stats unless explicitly set (@ousamabenyounes)
bug #63979 [Serializer] Capture constructor TypeError when collecting denormalization errors (@lacatoire)
bug #64006 [DependencyInjection] Fix hidden dependency on symfony/config in PhpDumper (@GromNaN)
bug #63981 [Routing] Honor the Request's method in UrlMatcher::matchRequest() (@ousamabenyounes)
bug #63980 [DependencyInjection] Log every build parameter removed during compilation (@ousamabenyounes)
bug #63974 [Serializer] Make BackedEnumNormalizer unconditionally return null on invalid value if allow_invalid_values is set (@MatTheCat)
bug #63964 [Cache] Ensure internal state is cleared in TagAwareAdapter::reset() … (@KevinMartinsDev)
bug #63955 [Dotenv] Fix variable corruption when loading env more than once (@nicolas-grekas)
bug #63959 [VarExporter] Don't warn for __sleep()-listed uninitialized declared properties (@nicolas-grekas)
bug #63952 [Scheduler] Respect console.command DI tag command attribute (@nicolas-grekas)
bug #63951 [DependencyInjection] Fix autowiring nullable intersection types (@HypeMC)
bug #63938 [Workflow] Fix HTML escaping in GraphvizDumper labels (@alexandre-daubois)
bug #63909 [Filesystem] Fix Path methods replacing backslashes on UNIX (@Amoifr)
bug #63922 [DependencyInjection] Fix excludeSelf not applied when using AutowireLocator (@GromNaN)
bug #63894 [Dotenv] Fix self-referencing variable resolution with suffix/prefix (@Amoifr)
bug #63883 [Serializer] Fix getAllowedAttributes() when groups contain wildcard '*' (@takashiraki)
bug #63876 [DependencyInjection] Fix instanceof autoconfiguration for anonymous classes (@jlabedo)
bug #63860 [Cache] Fix Psr16Cache::getMultiple() returning wrapper values when using TTL (@nicolas-grekas)
bug #63859 [Console] Fix shell completion when SHELL_VERBOSITY=-1 (@nicolas-grekas)
bug #63847 [EventDispatcher] Fix TraceableEventDispatcher when reset during dispatch (@aschempp)
data #63849 Remove needs-review flag for Afrikaans (af) (@payene)

Sponsor the Symfony project.

Symfony Insight Adds 11 New Rules

Javier Eguiluz — Mon, 27 Apr 2026 09:29:00 +0200

Symfony Insight helps you continuously assess and improve the quality of your PHP projects (Symfony, Laravel, and generic PHP) through automated code analysis. In the past weeks we've added 11 new rules, bringing the total to 141 checks across areas such as security, reliability, productivity, and more.

These rules are designed to catch issues that are easy to miss during reviews, while keeping feedback actionable and relevant for day-to-day development.

New Security Rules

Five new rules focus on patterns that have repeatedly led to real-world vulnerabilities such as remote code execution, object injection, or weak cryptography:

Detect usage of functions prone to command injection (system(), shell_exec(), proc_open(), and many more) and suggest safer alternatives;
Flag insecure random functions like mt_rand(), srand(), and others when stronger PHP options are available;
Identify unsafe usages of functions such as extract(), parse_str(), and unserialize() (e.g. when you don't pass certain parameters to them) highlighting cases where input handling may lead to vulnerabilities.

New Reliability Rules

Reliability rules target code that works today but may fail in subtle or hard-to-debug ways later. Two additions focus on common sources of issues:

Encourage the use of immutable date-time objects instead of \DateTime to avoid unintended side effects;
Promote strict array checks when searching or validating the existence of elements.

New Productivity Rules

Productivity rules aim to keep codebases easier to read, maintain, and evolve over time. Two new rules guide projects towards modern PHP idioms:

Suggest more expressive PHP string functions to replace patterns based on strpos(), substr(), or preg_match() where appropriate;
Recommend first-class callable syntax over legacy array callables or Closure::fromCallable(), enabling clearer code and earlier validation.

New Data Leak Rules

A new data leak rule focuses on secret detection in your repository. It scans committed files to identify sensitive artifacts that should not be versioned.

This goes beyond .env files and includes items such as credentials.json, auth.json, private keys and certificates (.pem, .key, .p12), and other commonly overlooked files.

New Legal Rules

SymfonyInsight goes way beyond PHP code analysis. The Legal category now includes a rule that checks your dependencies for license incompatibilities.

These issues are difficult to detect during regular development but can have significant consequences if left unnoticed.

Symfony Insight runs a growing set of automated checks on every analysis, and we continue to expand its coverage. These new rules are already enabled for all projects analyzed with Insight and can be configured as needed.

If you haven't tried it yet, join SymfonyInsight today and see how it fits into your development workflow.

Sponsor the Symfony project.

A Week of Symfony #1008 (April 20–26, 2026)

Javier Eguiluz — Sun, 26 Apr 2026 09:17:00 +0200

This week, SymfonyCasts announced a new course on Doctrine inheritance. In addition, we published the schedule for the SymfonyDay Montreal 2026 conference. Lastly, we continued polishing the new features of the upcoming Symfony 8.1 version, ahead of its release in five weeks.

Symfony development highlights

This week, 23 pull requests were merged (8 in code and 15 in docs) and 15 issues were closed (11 in code and 4 in docs). Excluding merges, 14 authors made 454 additions and 197 deletions. See details for code and docs.

6.4 changelog:

1aaa206: [DependencyInjection] fix hidden dependency on symfony/config in PhpDumper
76d480b: [Serializer] capture constructor TypeError when collecting denormalization errors
1c609aa: [Messenger] do not apply --max to --stats unless explicitly set
76436cd: [Messenger] respect SentToFailureTransportStamp when failure transports are configured
4144ca3: [FrameworkBundle] strip --no-fill marker from every translation domain

8.1 changelog:

e201c8a: improve phpdoc types
66145d5: [Routing] fefactor inline defaults regex to use the /x modifier for requirment

Newest issues and pull requests

Symfony Jobs

These are some of the most recent Symfony job offers:

Lead Symfony Developer at SCTR Services
Full-time - $70,000 – $110,000 / year
Full remote
View details
Symfony Developer at Design Force Marketing
Full-time - $60,000 – $100,000 / year
Grand Haven Michigan, United States
View details
Backend Symfony Developer at ShipMonk
Contract / Freelance - $5,000 – $8,000 / month
Full remote
View details
Backend Symfony Developer at Vacatia
Full-time - $150,000 – $180,000 / year
Remote + part-time onsite (Portland, Oregon, United States)
View details
Backend Symfony Developer at POLAVIS
Full-time - €30 – €45 / hour
Full remote
View details

You can publish a Symfony job offer for free on symfony.com.

SymfonyCasts Updates

SymfonyCasts is the official way to learn Symfony. Select a track for a guided path through 100+ video tutorial courses about Symfony, PHP and JavaScript.

This week, SymfonyCasts published the following updates:

(Video) Doctrine Inheritance: Class Hierarchy in the Database: Bonus: Custom DQL Function
New course announced: Upgrading to Symfony 8

They talked about us

Upcoming Symfony Events

Sylius Meetup & Hackathon Mannheim 2026: Mannheim, Germany (April 30, 2026)
Web Summer Camp 2026: Opatija, Croatia (July 2, 2026 – July 4, 2026)

Call to Action

Follow Symfony on X, on Mastodon, on Bluesky and on Threads and share this article.
Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Sponsor the Symfony project.

New SymfonyCasts Course: Doctrine Inheritance - Class Hierarchy in the Database

Kevin Bond — Fri, 24 Apr 2026 09:15:00 +0200

Modeling inheritance in your code is natural - but how does that translate to your database?

We're excited to announce a new SymfonyCasts course:

👉 Doctrine Inheritance: Class Hierarchy in the Database

In this course, we explore how Doctrine ORM handles inheritance and how to map class hierarchies to your database in a clean, efficient way. You'll learn the different strategies available, when to use each one, and the trade-offs involved.

By the end, you'll be able to confidently model complex relationships using inheritance and understand exactly how Doctrine is handling things behind the scenes.

What This Course Covers

This course takes a practical, example-driven approach to one of Doctrine's more advanced topics.

Some of the key topics include:

Understanding the concept of inheritance in Doctrine ORM
Using mapped superclasses for shared fields and behavior
Implementing single table inheritance (STI) and how it works internally
Exploring joined table inheritance and when it makes sense
Comparing inheritance strategies and choosing the right one for your use case
Querying across inheritance hierarchies with DQL
Working with associations that target parent or child classes
Understanding limitations and edge cases of inheritance mappings

And in a special bonus chapter, we go even further:

Extending Doctrine with a custom DQL function to work around a real limitation when querying inheritance hierarchies

The goal is not just to understand the features, but to know when - and when not - to use them.

Who Is This For?

This course is perfect if you:

Use Doctrine ORM and want to model more complex domain logic
Have encountered inheritance in Doctrine but aren't fully confident using it
Want to understand the trade-offs between different mapping strategies
Have hit limitations with Doctrine queries and want to go deeper

If inheritance in Doctrine has ever felt confusing or full of hidden pitfalls, this course will help make it clear and predictable.

What's Next on SymfonyCasts?

If you enjoy going deeper into Symfony and Doctrine internals, there's more on the way.

We're currently working on two upcoming courses:

Symfony Security: The Basics – a practical introduction to Symfony's security system, covering authentication, login forms, user providers, and core security concepts.
Upgrading to Symfony 8 – a focused guide to upgrading your applications, including key changes, deprecations, and modern best practices.

Stay tuned - there are more deep dives into the tools you and I use every day coming soon!

Sponsor the Symfony project.

SymfonyDay Montreal 2026 - Schedule is Live!

Eloïse Charrier — Mon, 20 Apr 2026 06:44:00 +0200

The moment you’ve all been waiting for has finally arrived. After weeks of reviewing great proposals, we are thrilled to announce that the official schedule for SymfonyDay Montreal 2026 taking place on June 4, 2026 is now available!

🙏 A Huge Merci to Our Community

First and foremost, we want to extend a massive thank you to everyone who submitted a proposal during our Call for Papers. While we couldn't fit everyone into the schedule, your passion and expertise are what make the Symfony ecosystem so vibrant.

🎤 What’s on the Menu?

From deep dives into the latest Symfony components to best practices in API development and cloud architecture, this year’s lineup is designed to sharpen your skills and inspire your next project.

Building TUIs in PHP: The Symfony Terminal Component by Fabien Potencier
Reconfiguring Symfony in real time with sidekicks by Nicolas Grekas
CQRS in Symfony: yes, but calm down by Oskar Barcz
Symfony 8: The Hexagonal Track by Robin Chalas
Migrating Legacy Symfony in Production by Arnaud Oltra
The Hidden Cost of return new Response() by Mathias Arlaud
CLI-Driven Development: An Ode to Symfony Console by Thomas Durand
Empower creativity with ExpressionLanguage by Florian Merle

Read more details on our schedule page.

🎟️ Register Now – Limited Seating!

Don't wait until the last minute—seats are limited for this edition, and they are going fast! To ensure you don't miss out on this gathering of the Symfony & PHP community, make sure to grab your ticket today. Register here!

📍 Our Venue: L’Espace Quartier Latin

We are gathering at L’Espace Quartier Latin at UQAM! The venue is extremely easy to reach, both by public transport and by private transport.

🤲 L’apéro – Let’s Celebrate Together

After a full day of learning, it’s time to relax. We invite all attendees to join us for a community drink in the evening. It’s a wonderful opportunity to chat with the speakers, meet fellow developers, and enjoy the unique Montreal atmosphere. Santé !

We can’t wait to see you on June 4th!

Join us online!

💡Follow the "conference" blog posts to not miss anything!

Want the latest Symfony updates? Follow us and tune in from wherever you are 🌎

Sponsor the Symfony project.

A Week of Symfony #1007 (April 13–19, 2026)

Javier Eguiluz — Sun, 19 Apr 2026 09:16:00 +0200

This week, Symfony UX released the 2.35 maintenance version and the new 3.0 major version, which removes all deprecated features and updates the PHP and Symfony requirements. In addition, we published more information about the upcoming SymfonyLive Berlin and SymfonyOnline June confernces.

Symfony development highlights

This week, 30 pull requests were merged (25 in code and 5 in docs) and 14 issues were closed (13 in code and 1 in docs). Excluding merges, 15 authors made 900 additions and 741 deletions. See details for code and docs.

6.4 changelog:

8ad4dea: [Workflow] fix HTML escaping in GraphvizDumper labels
4d1b5f6: [DependencyInjection] fix autowiring nullable intersection types
1d24039: [Scheduler] respect console.command DI tag command attribute
25e48fd: [VarExporter] don't warn for __sleep()-listed uninitialized declared properties
10e2fa9: [Dotenv] fix variable corruption when loading env more than once

7.4 changelog:

0c74307: [WebProfilerBundle] fix toolbar toggle button accessibility
713fc0a: [CssSelector] fix :is() and :where() combining conditions with parent selector
5332d44: [Scheduler] support command aliases
9a75a83: [TypeInfo] fix collectUses() to support grouped use imports
8e0580e: [Tests] fix "Incomplete version" PHPUnit warnings

8.1 changelog:

c971708: [FrameworkBundle] deprecate calling FrameworkExtension::load() directly without first loading ServicesBundle's extension
c21f342: [WebProfilerBundle] improve profiler pages accessibility semantics
8b75188: [WebProfilerBundle] improve toolbar accessibility for screen reader
1c92483: [DependencyInjection] fix empty bundle cache when container is rebuilt
2fc5fbe: [DependencyInjection] allow inline Definition as factory and configurator
b096b08: [Contracts] fix tests requirement using full semver in #[RequiresPhp]

Newest issues and pull requests

Symfony Jobs

These are some of the most recent Symfony job offers:

Symfony Developer at Design Force Marketing
Full-time - $60,000 – $100,000 / year
Grand Haven Michigan, United States
View details
Backend Symfony Developer at ShipMonk
Contract / Freelance - $5,000 – $8,000 / month
Full remote
View details
Backend Symfony Developer at Vacatia
Full-time - $150,000 – $180,000 / year
Remote + part-time onsite (Portland, Oregon, United States)
View details
Backend Symfony Developer at POLAVIS
Full-time - €30 – €45 / hour
Full remote
View details
Backend Symfony Developer at Travis International Road Services
Full-time - €3,800 – €4,500 / month
Remote + part-time onsite (Tilburg, Netherlands)
View details

You can publish a Symfony job offer for free on symfony.com.

SymfonyCasts Updates

SymfonyCasts is the official way to learn Symfony. Select a track for a guided path through 100+ video tutorial courses about Symfony, PHP and JavaScript.

This week, SymfonyCasts published the following updates:

(Video) Doctrine Inheritance: Class Hierarchy in the Database: Doctrine Inheritance and Relationships

They talked about us

Upcoming Symfony Events

Sylius Meetup & Hackathon Mannheim 2026: Mannheim, Germany (April 30, 2026)
Web Summer Camp 2026: Opatija, Croatia (July 2, 2026 – July 4, 2026)

Call to Action

Follow Symfony on X, on Mastodon, on Bluesky and on Threads and share this article.
Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Sponsor the Symfony project.