« Twig » blog posts

Updates and new features of the Twig template language used in Symfony and PHP applications.

Twig CVE-2025-24374: Missing output escaping for the null coalesce operator

Twig CVE-2025-24374: Missing output escaping for the null coalesce operator
January 29, 2025 #Twig

Introducing the new Twig Playground

Introducing the new Twig Playground
December 26, 2024 #Twig ❤️ 16 👍 7 🚀 6 🎉 4

New in Twig 3.15 (part 2)

Twig 3.15 introduces dynamic dot operator support, named arguments in macros, argument unpacking, and universal arrow function usage.
December 19, 2024 #Twig ❤️ 16 👍 3 🚀 4 🎉 4

New in Twig 3.15 (part 1)

Twig 3.15 adds inline comments, the enum() function, the xor operator, improved operator precedence, JSON escaping, the guard tag, and enhanced deprecation handling.
December 17, 2024 #Twig ❤️ 16 👍 11 🚀 5

Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox

Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox
November 6, 2024 #Twig 👀 1

Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list

Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list
November 6, 2024 #Twig 🚀 1

Twig security release: Possible sandbox bypass

Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions.
September 9, 2024 #Twig ❤️ 7

The last Twig 2 release

The last Twig 2 release
December 22, 2023 #Twig

Twig 2 end of life

Twig 2 end of life is scheduled for the end of December 2023.
September 14, 2023 #Twig

Twig security release: Possibility to load a template outside a configured directory when using the filesystem loader

Twig security release: Possibility to load a template outside a configured directory when using the filesystem loader
September 28, 2022 #Twig