Changes.Watch
Know what changed in your dev stack before it affects you.
Audit your stack →

Laravel changelog digest

May 4 - May 10, 2026. Useful releases, risky migrations, and noisy updates from the Laravel channel.

Laravel updates in 2026-w19

Patched several remote‑code‑execution vulnerabilities (CVE‑2026‑23479, ‑25243, ‑23631, ‑25588, ‑25589) affecting unblock client flow, RESTORE, Lua, and Time‑Series modules.

Patched multiple critical Use‑After‑Free and invalid memory access vulnerabilities (CVE‑2026‑23479,‑25243,‑23631,‑25588‑25589) that could lead to remote code execution.

Patched multiple remote code execution vulnerabilities (CVE‑2026‑23479, 25243, 23631, 25588, 25589) affecting client flow, Lua, and RESTORE across modules.

Security patches address multiple RCE vulnerabilities (CVE‑2026‑23479, CVE‑2026‑25243, CVE‑2026‑23631) related to use‑after‑free and invalid memory access.

Fixed multiple remote code execution vulnerabilities (CVE‑2026‑23479, CVE‑2026‑25243, CVE‑2026‑23631) related to use‑after‑free and memory errors.

Fixed CVE‑2026‑25243: corrected invalid memory access in RESTORE to prevent remote code execution.