Freek.dev

A critical security vulnerability was just disclosed for Livewire v3, as Stephen Rees-Carter wrote about on Securing Laravel. The vulnerability (CVE-2025-54068) allows unauthenticated attackers to achieve remote code execution in specific scenarios. What makes this particularly concerning is that exploitation doesn't require authentication or user interaction - just a component mounted and configured in a particular way.

This vulnerability affects all Livewire v3 versions up to 3.6.3. If you're running any version in that range, attackers could potentially run arbitrary PHP code on your server. Stephan warns us the open-source nature of the fix means attackers may already be reverse-engineering the patch to identify and abuse the exploit.

Many production apps are probably running vulnerable versions right now, with their developers completely unaware. This is where automated security monitoring becomes invaluable - using Laravel Health to check for vulnerabilities, and optionally services like Oh Dear to send you notifications when issues are detected.

Read more

Some interesting thoughts about caching.

Read more [buttondown.com]

The term "coroutine" often comes up when talking about asynchronous or non-blocking code, but what does it actually mean?

Read more [doeken.org]

PHP doesn’t let you serialize closures, but Laravel does, thanks to an underrated package that’s built into the framework.

Read more

Learn how to deploy your Inertia Vue SSR worker to the Cloudflare Workers platform without breaking a sweat.

Read more [geisi.dev]

We just tagged stable release for two new spatie packages: spatie/ping and spatie/simple-tcp-client. In this blogpost, I'd like to share why these were developed and how you can use them.

Read more

Even though I use Claude Code, I haven't used local models. It seems very convenient to be able to use Claude Code without an internet connection.

Read more [www.shawnmayzes.com]

The #[\NoDiscard] is a safety feature for PHP developers, making it easier to catch mistakes where ignoring a function’s return value could lead to bugs.

Read more [www.amitmerchant.com]

A deep dive on why projects always take longer and a framework to improve future estimation

Read more [davestewart.co.uk]

Continuous AI in software engineering involves integrating AI tooling automatically into existing development flows, such as automated PR reviews, issue labeling, and daily summaries.

Read more [www.seangoedecke.com]

say: complexity very, very bad

Read more [grugbrain.dev]

Git notes are a powerful feature for adding metadata to commits, blobs, and trees.

Read more [tylercipriani.com]

The term "coroutine" often comes up when talking about asynchronous or non-blocking code, but what does it actually mean? In this post, we will explore coroutines as a concept and see how PHP supports them through Generators and Fibers.

Read more [doeken.org]

Making a visually appealing range input based on Laravel Cloud's design, native HTML and only a few lines of JavaScript.

Read more [phare.io]

Brent is back with another update on the usage of PHP versions.

Read more [stitcher.io]

In this post, I'll share how I'm using PHPStan's type aliases feature to make validation rule typehints more readable and maintainable in our Laravel application.

Read more [ohdear.app]

It’s the start of a new fiscal year. Strategy season. That time when all the grand ideas come out and everyone is still hopefull.

Over the years, I’ve settled into a structure that helps me define projects that not only link to the strategy above but also looks at my own team’s enviroment, I thought I’d share it here.

Read more [frederickvanbrabant.com]

In this episode of the Quick Win Wednesday series, we're taking a look at the cases function on Enums.

Read more [youtu.be]

A good overview on how to build an AI agent. Explained without hype and good code examples.

Read more [ampcode.com]

A nice touch by Joel Clermont

Read more [masteringlaravel.io]