« Twig » blog posts

Updates and new features of the Twig template language used in Symfony and PHP applications.

Twig CVE-2025-24374: Missing output escaping for the null coalesce operator

January 29, 2025#Twig👍1

Introducing the new Twig Playground

December 26, 2024#Twig❤️17👍7🚀7🎉4

New in Twig 3.15 (part 2)

Twig 3.15 introduces dynamic dot operator support, named arguments in macros, argument unpacking, and universal arrow function usage.

December 19, 2024#Twig❤️16👍3🚀4🎉4

New in Twig 3.15 (part 1)

Twig 3.15 adds inline comments, the enum() function, the xor operator, improved operator precedence, JSON escaping, the guard tag, and enhanced deprecation handling.

December 17, 2024#Twig❤️16👍11🚀5

Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox

November 6, 2024#Twig👀1

Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list

November 6, 2024#Twig🚀1

Twig security release: Possible sandbox bypass

Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions.

September 9, 2024#Twig❤️7

The last Twig 2 release

December 22, 2023#Twig

Twig 2 end of life

Twig 2 end of life is scheduled for the end of December 2023.

September 14, 2023#Twig

Twig security release: Possibility to load a template outside a configured directory when using the filesystem loader

September 28, 2022#Twig

Movatterモバイル変換