The flexible, fast, and secure
template language for PHP

Twig 1.6.2 has just been released.

This release mainly fixes the sandbox mode when used with a template using inheritance. In this specific case, the security check for the child template was not executed resulting in the possibility to use forbidden filters/tags/functions even if they were not explicitly allowed in the security policy.

If you are using the sandbox mode and allow people to use the extend tag, you must upgrade as soon as possible. The patch is here: https://github.com/fabpot/Twig/commit/50e73b20cb2cf21c06042cdb4ccd7393b8808385