Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
hello guys was question for me how know that our Laravel app should update for security reason, for example we have Laravel 9 application may found a bug in structure of laravel and laravel community give an update how noticed now realesed an security update ? im looking for reminder
You can keep track of the releases here
https://github.com/laravel/laravel/releases
And you should upgrade your projects every time there is a new major release.
The minor releases usually just require a composer update, which should never be ran in production without doing it in some staging server first.
Subscribing to the offical Laravel Youtube channel is also a good way to keep up with the new stuff.
https://www.youtube.com/playlist?list=PLcjapmjyX17hLQG3JEdrOFD0NNCBwekii
You can publish a copy of your project to github, and their dependabot will email you if a new security issue is announced with the framework or any packages you use.
BUT if you are concerned about security you SHOULD NOT still be running laravel 9 since it is out of support and no longer recieving security updates.
@dev.khosromanesh It’s a moot point because Laravel 9.x stopped receiving security fixes nearly a year ago: https://laravel.com/docs/9.x/releases#support-policy
You should be updating to supported versions of Laravel (and PHP). If you find a security vulnerability in a supported version of Laravel, then they have steps on how you can disclose it: https://github.com/laravel/framework/security/policy
Besides the fact that you should update your framework, as others have pointed out, there are a few ways to keep on top of security issues.
Composer has a command called composer audit. This will check all the packages in your project against a database with advisories about known vulnerabilities and will warn if you have installed anything that contains an issue.
You can check this before deployment, either manually or built it into your deployment pipeline if you have one.
You could even go a step further and add Roave/SecurityAdvisories to your composer.json. This package will render an installation conflict with any package listed in the advisory database . That way you are prevented from even installing anything with a known vulnerability.
Please or to participate in this conversation.