🚨 Slim Framework released a patch fixing a reflected XSS vulnerability in the HTML error renderer.

Affected versions:

>=v4.4.0, <=v4.15.1

If you are passing unsanitized user input into HttpException, upgrade to Slim v4.15.2 immediately!

https://www.slimframework.com/2026/05/22/slim-security-advisory.html

https://github.com/slimphp/Slim/security/advisories/GHSA-53h4-8rc4-f539

#SlimPHP #SlimFramework #PHP #XSS #Vulnerability

Security Advisory: Reflected XSS vulnerability in Slim >= 4.4.0, <= 4.15.1 (CVE-2026-48157)

Missing HTML encoding in the HTML error renderer allows reflected XSS attacks affects Slim 4.4.0 to 4.15.1 inclusive. Please update to Slim 4.15.2 to resolve this issue.

Slim Framework

Use StructArmed v0.7.0+ for a consistent PSR-15 naming convention, structures and contracts across your codebase with the new PSR-15 Preset.

https://github.com/boundwize/structarmed

Written by the co-maintainer of #codeigniter4, #Laminas, #Mezzio, and #RectorPHP packages: @samsonasik

https://github.com/sponsors/samsonasik

#PHP #DotKernel #SlimPHP #PSR15 #PSR12 #PSR7 #PSR4 #OpenSource

GitHub - boundwize/structarmed: Configurable PHP architecture guards — define your layers and rules, then keep them enforced

Configurable PHP architecture guards — define your layers and rules, then keep them enforced - boundwize/structarmed

GitHub

@itworldcup PHP is not too far behind.

But check out the vote count!

700 votes cast so far. This is the most voted on head to head so far.

Come on #php #phpc #symfony #laravel #wordpress #WordPressDev #drupal #doctrine #cakephp #magento #laminas #slimphp devs.

We can win this.

I suspect that #Theo is correct and #LLM word calculators will end up happiest & most productive in the ‘heavy’ framework space, #next, #nuxt, #vue, #react, #laravel etc. That shouldn’t mean that ‘light’ frameworks like #solid, #astro, #slimphp #tempest have no future. The toolset decision has many factors, they shouldn’t be reduced to just one #AI based one.

Je ne sais plus si j'en avais parlé, mais mon projet #devperso #PHP #slimphp avance plutôt bien.
Je peux générer
- des squelettes de modules,
- des fichiers de models,
- des squelettes de templates,
- des squelettes de fonctions, dans un contrôleur, associée ou non à un template
- toute la partie ACL
- toute la partie associée à la gestion de compte (register, confirm, login, logout, reset password, change password, communication par mail)

Je vais pouvoir l'utiliser pour mes autres projets.

Activités du moment :

Création : framework #PHP basé sur #slimphp, avec un core doté d'1 orm perso léger basé sur #PDO, des aspects de sécurité, d'envoi de msg, des générateurs (contrôleurs, templates, modules, routes, models...), etc.

Possibilités : #restful, #microservice, #monolithique ou tout à la fois.

Utilité : un projet de site pour des copains (ils participeront au dev) et mes propres besoins.

Présentation : GIT, langages, outils de prog (pour des néophyte motivés)

#enmodedev #dev

Fixed a bug in my #slimphp application with the flash messages by simply removing the twig global variable for the flash messages and calling the flash message manager from the session manager interface. Scoping and bootstrapping was a l pain in the ass to resolve.

Yesterday i'm fixed some error in @slimphp starter-skeleton package 📦 and it is support #PHP8.4. can i upload my project on #github ?

#slimphp
#php84

Oy. Decision fatigue with #php frameworks. I started with #laminas. As a reflex, I started coding with the #mojojs mental model but quickly got stumped. Starting over with #slimPHP to see how that pans out...

I released Slim 4.14.0 yesterday. It tidies the plain text error renderer and also adds template generics to the classes where we expose the PSR-11 container. #php #slimphp

https://www.slimframework.com/2024/06/13/slim-4.14.0-release.html

Slim 4.14.0 released

Slim 4.14.0 released

Slim Framework