This communiqué originally appeared on Symfony Station.
Welcome to this week's Symfony Station communiqué. It's your review of the essential news in the Symfony and PHP development communities focusing on protecting democracy.
There's good content in all of our categories, so please take your time and enjoy the items most relevant and valuable to you.
This is why we publish on Fridays. So you can savor it over your weekend.
Or jump straight to your favorite section via our website.
Once again, thanks go out to Javier Eguiluz and the team at Symfony for sharing our communiqué in their Week of Symfony.
My opinions will be in bold. And will often involve cursing. Because humans. Especially tech bros.
Symfony
As always, we will start with the official news from Symfony.
This week, development activity focused on polishing Symfony 7.3 ahead of its final release in two weeks. We also continued publishing articles highlighting the new features of Symfony 7.3 and shared updates about the upcoming SymfonyOnline June 2025 conference.
May 12–18, 2025: A Week of Symfony #959
They also have:
Symfony UX CVE-2025-47946: Unsanitized HTML attribute injection via ComponentAttributes
New in Symfony 7.3 Yaml Improvements
New in Symfony 7.3: JsonStreamer Component
New in Symfony 7.3: Routing Improvements
New in Symfony 7.3: Messenger Improvements
New in Symfony 7.3 New Bridges and Improved Integrations
SensioLabs has a case study:
Yuka : Une montée de version saine et équilibrée sur Symfony
Featured Item
Victor Prudhomme has:
Boosting Performance with Symfony HttpClient and Parallel Requests
Requêtes HTTP asynchrone avec Symfony
The same en francais.
This Week
CVE Feed reports:
CVE-2025-47946: Symfony UX Twig Component Attribute Injection XSS
Floran Pagliai explores:
Scaling to 3 Billion Monthly API Requests Without Microservices: A Pragmatic DevOps Journey
You see. Simple yet scalable is possible.
How Tos
LaurentMN examines:
Symfony IDE Showdown: PhpStorm vs VS Code vs NetBeans — Which One Powers Your Symfony Workflow Best?
PenTest Corp shares:
MitM Attack in Symfony: Prevention with Secure Coding
Prevent Path Manipulation Vulnerability in Symfony
Roman Huliak has:
A Pragmatic guide to SOLID principles in Symfony
Platforms
Securing Laravel has:
Security Tip: What Can We Learn from CommonMark's XSS?
Other
Mautic looks at:
Open Source, AI, and the Future of Marketing Automation
eCommerce
Sylius announces:
Longly awaited Sylius CMS Plugin!
Cool.
CMSs
TYPO3 has:
TYPO3 Association Supports an EU Sovereign Tech Fund
Drupal and Joomla also joined the effort.
TYPO3 Trademark Usage: What’s Allowed and What’s Not
Using TYPO3 for Small Projects Pt.1
Pluswerk+ reviews:
TYPO3 Camp Vienna: Visions and networking 2025
NITSAN compares:
TYPO3 vs Drupal: A CMS comparison
Wolfgang Wagner previews T3CON:
Warum ich nach Jahren wieder zur T3CON fahre - und warum du mitkommen solltest
Vision Bites has a case study:
TYPO3 Website für den Gastronomieservice gut&gerne der Ategris-Gruppe
T3Planet shows us how to:
Install TYPO3 on Rocky Linux – Complete Setup Guide/
Joomla has:
Highlights include:
No Overrides: Four creative ways to modify your content using CSS grid
Tools to build a Component - 9: Overview and Conclusion
Case Study: K2 to Joomla core migration
Drupal has:
DrupalCon Vienna 2025: A Hub for Innovation and Collaboration
International Drupal Federation Initiative
Nicolai Schwarz shares:
A Recipe for Slightly Raised Eyebrows
Project Browser and Automatic Updates don't work for me in DrupalCMS either, so it's a work in progress. Which is why I'm moving this site to Grav CMS rather than waiting on DrupalCMS.
Very nice site design BTW, Nicolai.
Jakob Rockowitz looks at:
Drupal, Schema.org, and AI for Government
ImageX continues a series:
Drupal Image Optimization, Part 2: Performance Booster Modules
Amazee shares:
From Monoliths to Multi-Sites: Two Stories of Enterprise Drupal Website Migrations Done Right
Specbee has:
7 Impactful tips to enhance your website's accessibility (and how Drupal helps)
Markie (not Mark) asks:
Need LocalGov Drupal Training? Here's what you need to consider.
Darren Oh demos:
SH to your Drupal Forge development environment
Electric Citizen says:
Keep Your Website Pixel-Perfect With Backstop Generator
Drunomics has:
The European Accessibility Act Impacts Everyone
Noah's promotes:
The Free Drupal Page Builder That Keeps Evolving: What’s New in Noah’s
Previous Weeks
Tac Tacelosky shows us how to:
Enhance your Symfony application README in 30 seconds
Konstantin Bogomolov shows us how to:
Deploy Symfony Projects with Gitlab CI/CD
Guillame explores:
Pentest shows us how to:
Prevent Session Fixation in Symfony Securely
PHP
This Week
IndieHackers has:
Building the impossible and making $100k in the first three months
Jose Pico asks:
Still Writing PHP in 2025? Absolutely, (even with AI) and here’s why.
PhpStorm announces:
PhpStorm 2025.2 Early Access Program Is Now Open
Kévin Dunglas announces:
Daily Refactor examines:
PHP 3 to 8: The Evolution of a Codebase
Sergii Demianchuk looks at:
Dragan Rapić shares:
Modern PHP Practices in 2025: What Every Developer Should Know
Building Microservices in PHP: Pros, Cons, and Practical Examples
Luis Carlos shows us how to:
Ajax!
Atakan Demircioğlu explores the:
Doğan Ucar examines the:
PHP 8.5 Pipe Operator RFC: What It Means for Developers
Victor Prudhomme asks:
Les Traits en PHP, un outil puissant trop peu utilisé?
Roman Huliak shares:
Starting with PHPStan: A guide for beginners
More Programming
DarkReading reports:
CVE Disruption Threatens Foundations of Defensive Security
GitLab's AI Assistant Opened Devs to Code Theft
Ars Technica reports:
Researchers cause GitLab AI developer assistant to turn safe code malicious
Uwe Friedrichsen continues a fantastic if slightly depressing series:
Thoughts on AI and software development - Part 2
Pivot to AI reports:
GitHub wants to spam open source projects with AI slop
The Register reports:
GitHub Copilot angles for promotion from assistant to agent
Ummh, no.
If you absolutely have to go that route, Mistral announces:
Devstral: Introducing the best open-source model for coding agents
A Data Scientist reports:
Postman is logging all your secrets and environment variables
Ah, Postman. No so pleasant memories from bootcamp.
Windows announces:
The Windows Subsystem for Linux is now open source
Kai Gertz compares:
Web components - standards vs. proprietary JavaScript frameworks
CSS Tricks answers:
A Reader’s Question on Nested Lists
Smashing Mag continues a series:
Smashing Animations Part 3: SMIL’s Not Dead Baby, SMIL’s Not Dead
Just fucking use HTML has:
I see my alter-ego escaped prison and built a website. ;)
Fighting for Democracy
Here we feature several items from each section of Battalion's weekly "Defending Democracy" report.
Get all the news from the front of democracy's battle against autocracy via its latest "Defending Democracy" post. And please follow Battalion via RSS or on the Fediverse at [email protected].
Please visit Symfony Stations Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually, like ending apartheid in South Africa).
The cyber response to Russia’s War Crimes, Techno Feudalism, and other douchebaggery
Tuta shows us:
Best private Google alternatives: The ultimate list to De-Google your life in 2025.
Signal says:
By Default, Signal Doesn't Recall
The Evil Empire Strikes Back
Reuters reports:
So-called newspaper, The Washington Post reports:
Police secretly monitored New Orleans with facial recognition cameras
Cybersecurity/Privacy
Reuters reports:
So-called newspaper, The Washington Post reports:
Police secretly monitored New Orleans with facial recognition cameras
Fediverse
The Fediverse Report has:
TechCrunch reports:
Open social web browser Surf makes it easier for anyone to build custom feeds
Other Slightly Federated Social Media
The Fediverse Report has:
Leaflet Lab announces:
We're making a social publishing platform built on Bluesky
Kind of like Ghost with ActivityPub.
CTAs (aka show us some free love)
- That’s it for this week. Please share this communiqué.
- Follow us on Flipboardor at @[email protected] on Mastodon for daily coverage.
Do you own or work for an organization that would be interested in our promotion opportunities? Or supporting our journalistic efforts? If so, please get in touch with us.
More importantly, if you are a Ukrainian company with coding-related products, we can offer free promotion on our Support Ukraine page. Or, if you know of one, get in touch.
You can find a vast array of curated evergreen content on our communiqués page.
Author
Reuben Walker
Founder
Symfony Station
Top comments (0)