▲ 44 r/laravel
The Laravel team needs to get better at relaying CVE information for its core dependencies.
Even though today's Symfony CVE announcements aren't directly Laravel's responsibility, it's a bit disappointing that there's absolutely no news coming from the Laravel team about it.
Especially right now, it's hard to explain to non-technical leaders why they should trust Laravel when there's no news shared with those leaders in mind. They are not checking Github security advisories. They see the headlines and notice Laravel's absence. That's it.
There should be clearer lines of communication for CVEs that affect Laravel. laravel.com/blog should be more than just marketing.
u/dergadoodle — 1 day ago