Slim 4.15.2 released

We have released Slim 4.15.2 today that fixes a reflected cross-site scripting (XSS) vulnerability in Slim >= 4.4.0, <= 4.15.1 (CVE-2026-48157 - GHSA-53h4-8rc4-f539.

If you are using Slim 4.4.0, or any later version up to 4.15.1 and set untrusted/user-derived data into HttpException, please upgrade to Slim 4.15.2.

The full changelog can be seen here.

Return to Blog