Level 50
Complete non-issue.
Feb 4, 2026
2
Level 2
The PsySH tool
Latest framework update made some security and workflow changes to the PsySH library used in Tinker. Now, the first time we start the Tinker we are greeted with the confirmation dialog. This looks like a major shift from a usage perspective. I understand they are tackling the security issue, but not sure if the library is the one that should be displaying the dialog. What are your thoughts on this?
Level 2
I can see why it feels like a change, but the first-time confirmation actually makes sense. PsySH had a security issue (CVE‑2026‑25129) where it could unintentionally load and execute a .psysh.php file from the current directory. The dialog helps make users aware of this risk before running Tinker interactively.
It’s really just a one-time prompt, so after confirming, your usual workflow continues unchanged. I think it’s a small adjustment for a legitimate security reason, and having the library handle the prompt seems appropriate.
Please or to participate in this conversation.