Is "Social Delegation" (someone the user trusts) the next factor in MFA?

After 5 years of development, 3,000,000 downloads, and 58 releases, I'm extremely pleased to announce that league/commonmark version 1.0.0 has been released!

This weekend I've tagged the first pre-releases of the 1.x branch! I strongly encourage everyone to test their applications and extensions against this beta and provide any feedback. (Helpful information can be found in the upgrading guide.) Unless there are any major issues we'll plan on releasing a stable 1.0.0 version in the coming weeks!

A cross-site scripting (XSS) vulnerability was found in the PHP League's CommonMark library (league/commonmark) versions 0.15.6 through 0.18.x before 0.18.1. It allows remote attackers to insert unsafe URLs into <a> tags (even if allow_unsafe_links is false) by adding an encoded newline character in the middle (e.g., writing javascript as javascri%0Apt).

PHP 7.3 has been released, bringing some great new features to the language such as trailing commas in function calls, throwing errors when JSON parsing fails, array_key_first() / array_key_last() functions, and much more!

I'm pleased to share that my PHP 7 Upgrade Guide ebook has been featured in the Ultimate Programmer Super Stack bundle! This is a hand-curated collection of 25+ premium ecourses, bestselling ebooks, and bonus resources that will help new programmers:

This month I released updates for a few of my open-source projects including league/commonmark, league/html-to-markdown, and colinodell/json5.

Prevent Composer from updating your Symfony components to unsupported versions with the colinodell/symfony-lts-or-current metapackage.

After using phpbrew to manage my local PHP versions for a while, I got tired of re-compiling PHP after every release and decided to install multiple PHP versions side-by-side with Ondřej Surý's PPA. One of the features I missed from phpbrew was the ability to run a command like phpbrew use php-7.2.8 to automatically change the php command to that version, so I ended up implementing this feature myself using symlinks and shell aliases.

As you may know, Git is not a single application, but rather a toolkit containing many small programs and scripts that can manipulate the repository. This makes it trivial to chain those components into more-powerful, custom commands which can be defined as git aliases.

Here are some of the more-useful aliases I use on a daily basis: