Dev Tools · 1h ago
Laravel 13.15 Patches Date Validation Bypass, Adds Typed Translations
Laravel 13.15 fixes a security hole in the date_equals validation rule where invalid dates could bypass checks due to loose PHP comparison. The release also introduces typed translation accessors for stricter static analysis, JSON Schema unions, and a dedicated Cloud queue driver. All changes are backward-compatible and can be applied via composer update.
Meridian48 take
The date_equals fix is the real story here—validation bypasses are the kind of quiet bug that can lead to serious exploits, and this one was trivial to trigger.
laravelsecurity-patch