Symfony Station Communiqué - 02 May 2025 - A look at Symfony, Drupal, PHP, and other programming news!
This communiqué originally appeared on Symfony Station. Welcome to this week's Symfony Station communiqué. It's your review of the essential news in the Symfony and PHP development communities focusing on protecting democracy. There's good content in all of our categories, so please take your time and enjoy the items most relevant and valuable to you. This is why we publish on Fridays. So you can savor it over your weekend. Or jump straight to your favorite section via our website. Symfony Universe PHP More Programming Defending Democracy Cybersecurity Fediverse Once again, thanks go out to Javier Eguiluz and the team at Symfony for sharing our communiqué in their Week of Symfony. My opinions will be in bold. And will often involve cursing. Because humans. Especially tech bros. Symfony As always, we will start with the official news from Symfony. This week, we kicked off the New in Symfony 7.3 blog series, highlighting all the exciting new features coming in this release. We also unveiled more details about some of the SymfonyOnline June 2025 conference talks and published the full replay of all the talks from the recent SymfonyLive Berlin 2025 event. April 21–27, 2025: A Week of Symfony #956 They also have: New in Symfony 7.3: Twig Extension Attributes New in Symfony 7.3: Slug and Twig Constraints New in Symfony 7.3: Arbitrary User Permission Checks New in Symfony 7.3: Extra Runtime Dot Env Files New in Symfony 7.3 Configurable Compound Rate Limiter SymfonyOnline June 2025 Efficient Web Scraping with Symfony & PHP SymfonyOnline June 2025: Multi-Tenantize the Symfony components SymfonyOnline June 2025: Automate Everything with Your Personal Army of Robots I mean, most AI and bots are horseshit. But, robots! ;) SymfonyOnline June 2025: Where Have the Women of Tech History Gone? An eMail Newsletter SensioLabs has: Dans les coulisses d’une formation SensioLabs Blackfire has: Check up on your Front-End Cache in TYPO3 – part 3 of 3 Featured Item TYPO3 notes: The first release of TYPO3 happened 27 years ago — the technological advancements since then have been staggering. TYPO3 predates the iPhone, YouTube, Instagram, and generative AI. Open source content management systems (CMSs) have already survived many successive waves of digital innovation — but how must they evolve to weather the next set of developments? T3CON Recap - The Future of Open Source Content Management Systems (CMS) This Week Lubna Altungi shows us how to: Generate PDFs in Symfony in a Few Minutes Vladislav Solntsev shows us: How to Confidently Update Legacy Code in Symfony Roman Huliak has: Migrating from PHPDoc to PHP attributes: A simple Symfony example Templating engines in PHP: An overview with best practices Bhavin Nakrani shares: Symfony 7.3 Unlocks User Permission Checks Kevin Wenger explores: Symfony Controller Request Data Mapping: A Modern Approach Tideways examines: Combining regular expressions with named capture groups to improve performance How Tos LaurentMN has: Stop Guessing, Start Testing: Best Practices for Symfony Bundles Building Advanced Twig Extensions in Symfony 7 with Real-Life Use Cases Symfony 7 + htmx: Next-Level Interactions PenTest Corp shows us: How to Prevent Remote Code Execution (RCE) Vulnerabilities in Symfony Prevent XXE Injection in Symfony: Code & Fix GuidePrevent XXE Injection in Symfony: Code & Fix Guide SSRF Vulnerability in Symfony Framework Explained eCommerce PrestaShop has: Codencode agency - contributing to work more sustainably over time PSDevCon2024: Cybersecurity – What No One Dares to Say Cyber Insider reports: Backdoor Activates in Magento Supply Chain Attack Impacting 1000 Stores CMSs Sulu has: A Picture Is Worth A Thousand Words: Advanced Media Management And Optimization Sulu Documentation available as Composer package TYPO3 has: Budget Idea Report: Integrate XHGui into DDEV Core Coders' Corner: April 2025 Pluswerk+ has an interview: TYPO3 for professionals and beginners Koehnlein show us how to: Sync TYPO3 Production to Staging with a Single Local Command B13 asks: What factors make a website load as quickly as possible? Great agency name. Joomla has: Zurücksetzen des Passworts für den Administrator von Joomla mit phpMyAdmin Passwort eines Joomla-Benutzers per Kommandozeile (CLI) zurücksetzen Drupal has: Marketplace Share Out #1: What We've Heard So Far Marketplace Share Out #2: Surfacing Critical Assumptions Extended Support on Drupal 7 vs. Drupal 10 Migration: Which Path Should You Take? Or migrate to Backdrop CMS. A Newsletter Drupal Easy looks at: Drupal development using Visual Studio Code connected directly to DDEV's web container Nuvole explores: More peace of mind when applying recipes or letting AI configure your site Annertech announces: Annertech ramps up LocalGov Drupal contributions The DropTimes reports: Blocked fro

This communiqué originally appeared on Symfony Station.
Welcome to this week's Symfony Station communiqué. It's your review of the essential news in the Symfony and PHP development communities focusing on protecting democracy.
There's good content in all of our categories, so please take your time and enjoy the items most relevant and valuable to you.
This is why we publish on Fridays. So you can savor it over your weekend.
Or jump straight to your favorite section via our website.
Once again, thanks go out to Javier Eguiluz and the team at Symfony for sharing our communiqué in their Week of Symfony.
My opinions will be in bold. And will often involve cursing. Because humans. Especially tech bros.
Symfony
As always, we will start with the official news from Symfony.
This week, we kicked off the New in Symfony 7.3 blog series, highlighting all the exciting new features coming in this release. We also unveiled more details about some of the SymfonyOnline June 2025 conference talks and published the full replay of all the talks from the recent SymfonyLive Berlin 2025 event.
April 21–27, 2025: A Week of Symfony #956
They also have:
New in Symfony 7.3: Twig Extension Attributes
New in Symfony 7.3: Slug and Twig Constraints
New in Symfony 7.3: Arbitrary User Permission Checks
New in Symfony 7.3: Extra Runtime Dot Env Files
New in Symfony 7.3 Configurable Compound Rate Limiter
SymfonyOnline June 2025 Efficient Web Scraping with Symfony & PHP
SymfonyOnline June 2025: Multi-Tenantize the Symfony components
SymfonyOnline June 2025: Automate Everything with Your Personal Army of Robots
I mean, most AI and bots are horseshit. But, robots! ;)
SymfonyOnline June 2025: Where Have the Women of Tech History Gone?
SensioLabs has:
Dans les coulisses d’une formation SensioLabs
Blackfire has:
Check up on your Front-End Cache in TYPO3 – part 3 of 3
Featured Item
TYPO3 notes:
The first release of TYPO3 happened 27 years ago — the technological advancements since then have been staggering. TYPO3 predates the iPhone, YouTube, Instagram, and generative AI. Open source content management systems (CMSs) have already survived many successive waves of digital innovation — but how must they evolve to weather the next set of developments?
T3CON Recap - The Future of Open Source Content Management Systems (CMS)
This Week
Lubna Altungi shows us how to:
Generate PDFs in Symfony in a Few Minutes
Vladislav Solntsev shows us:
How to Confidently Update Legacy Code in Symfony
Roman Huliak has:
Migrating from PHPDoc to PHP attributes: A simple Symfony example
Templating engines in PHP: An overview with best practices
Bhavin Nakrani shares:
Symfony 7.3 Unlocks User Permission Checks
Kevin Wenger explores:
Symfony Controller Request Data Mapping: A Modern Approach
Tideways examines:
Combining regular expressions with named capture groups to improve performance
How Tos
LaurentMN has:
Stop Guessing, Start Testing: Best Practices for Symfony Bundles
Building Advanced Twig Extensions in Symfony 7 with Real-Life Use Cases
Symfony 7 + htmx: Next-Level Interactions
PenTest Corp shows us:
How to Prevent Remote Code Execution (RCE) Vulnerabilities in Symfony
Prevent XXE Injection in Symfony: Code & Fix GuidePrevent XXE Injection in Symfony: Code & Fix Guide
SSRF Vulnerability in Symfony Framework Explained
eCommerce
PrestaShop has:
Codencode agency - contributing to work more sustainably over time
PSDevCon2024: Cybersecurity – What No One Dares to Say
Cyber Insider reports:
Backdoor Activates in Magento Supply Chain Attack Impacting 1000 Stores
CMSs
Sulu has:
A Picture Is Worth A Thousand Words: Advanced Media Management And Optimization
Sulu Documentation available as Composer package
TYPO3 has:
Budget Idea Report: Integrate XHGui into DDEV Core
Pluswerk+ has an interview:
TYPO3 for professionals and beginners
Koehnlein show us how to:
Sync TYPO3 Production to Staging with a Single Local Command
B13 asks:
What factors make a website load as quickly as possible?
Great agency name.
Joomla has:
Zurücksetzen des Passworts für den Administrator von Joomla mit phpMyAdmin
Passwort eines Joomla-Benutzers per Kommandozeile (CLI) zurücksetzen
Drupal has:
Marketplace Share Out #1: What We've Heard So Far
Marketplace Share Out #2: Surfacing Critical Assumptions
Extended Support on Drupal 7 vs. Drupal 10 Migration: Which Path Should You Take?
Or migrate to Backdrop CMS.
Drupal Easy looks at:
Drupal development using Visual Studio Code connected directly to DDEV's web container
Nuvole explores:
More peace of mind when applying recipes or letting AI configure your site
Annertech announces:
Annertech ramps up LocalGov Drupal contributions
The DropTimes reports:
Blocked from Contributing, Helped by a Veteran: How a Small Drupal Module Exposed a Bigger Problem
Centarro examines:
Revisiting semantic versioning in Drupal Commerce
NexTide looks at:
Interesting.
Jakob Rockowitz explores:
Back to the basics: Learning how to build a Drupal module using AI
Specbee examines:
Programmatically creating a Block in Drupal
Metadrop has:
Metadrop March 2025: content-first publishing, docker speedups, and Drupal evolution
Lullabot looks at:
Beyond Free: Choosing the Right Search Solution for Your Website
PHP
This Week
PHPStan shares:
Restricted Usage Extensions—You Don’t Always Need a Custom Rule
HashBangCode explores:
Protecting A Page From Being Directly Accessed With PHP
iQuipe Digital examines:
Simple PHP OOP for IP Blocking and Whitelisting
Daniel Ratter looks at:
Batch curl requests in PHP using multi handles
Andy Carter explores:
Readable /Reg(ular )?Ex(pressions)?/ in PHP
DDEV shares its:
Roberto Butti continues a series:
Parallel Processing with PHP (Part 2): Inter-Process Communication
Aleksei Aleinikov examines:
CI/CD for PHP Projects in 2025
Valerio Barbera looks at:
PHP, the Dark Horse No One Saw Coming In PHP AI Agents development
Muhammed Seri explores:
Settling the File Structure Debate
More Programming
Bert Hubert says:
Ars Technica reports:
AI-generated code could be a disaster for the software supply chain. Here’s why.
Uwe Friedrichsen starts a promising series:
Thoughts on AI and software development - Part 1
Long. But, great stuff.
Terrible Software examines:
404 Media reports:
Why AI Benchmarks are an 'Illusion'
Lorna Jane looks at:
BleepingComputer reports:
Hackers ramp up scans for leaked Git tokens and secrets
TechCrunch reports:
JetBrains releases Mellum, an ‘open’ AI coding model
Smashing Mag reports:
WCAG 3.0’s Proposed Scoring Model: A Shift In Accessibility Evaluation
Steve Frenzel explores:
Menu and navigation: The difference
CSS Tricks says:
Anchor Positioning Just Don’t Care About Source Order
Mario Hernandez examines:
Understanding The Owl Selector
Frontend Masters aks:
Seeking an Answer: Why can’t HTML alone do includes?
Antirez reports:
Redis has more:
Redis is now available under the AGPLv3 open source license
Fighting for Democracy
Here we feature several items from each section of Battalion's weekly "Defending Democracy" report.
Get all the news from the front of democracy's battle against autocracy via its latest "Defending Democracy" post. And please follow Battalion via RSS or on the Fediverse at battalion@battalion.mobileatom.net.
Please visit Symfony Stations Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually, like ending apartheid in South Africa).
The cyber response to Russia’s War Crimes, Techno Feudalism, and other douchebaggery
Tech Policy reports:
Labor Unions Can Counterbalance the Big Tech Oligarchy, But Only If They Rediscover Their Power
The Verge reports:
A judge just blew up Apple’s control of the App Store
The Evil Empire Strikes Back
BleepingComputer reports:
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
404 Media has:
This Is Palantir’s Justification for Building ICE’s Master Database
Cybersecurity/Privacy
Tech Policy Press reports:
Reverse Keyword Search Warrants and the Threat to Online Privacy
The Jacobin reports:
Big Tech Wants Free Rein to Sell Your Data
Fediverse
The Fediverse Report has:
ActivityPods shares:
Key learnings from building social apps with ActivityPods
Other Slightly Federated Social Media
The Fediverse Report has:
The Internet Review asks:
Where Does Bluesky Go from Here? What is the Bluesky of 2036?
CTAs (aka show us some free love)
- That’s it for this week. Please share this communiqué.
- Follow us on Flipboardor at @symfonystation@drupal.community on Mastodon for daily coverage.
Do you own or work for an organization that would be interested in our promotion opportunities? Or supporting our journalistic efforts? If so, please get in touch with us.
More importantly, if you are a Ukrainian company with coding-related products, we can offer free promotion on our Support Ukraine page. Or, if you know of one, get in touch.
You can find a vast array of curated evergreen content on our communiqués page.
Author
Reuben Walker
Founder
Symfony Station