The Solidity team recently announced a bugfix on the most recent version (v0.5.7) for an issue that has been present since at least the last v0.4 releases (including v0.4.25). Additionally, v0.5.6 introduced fixes for bugs created in v0.5.5.
One of our objectives in OpenZeppelin is to make it very hard to write incorrect code. While all of these bugs have a low probability of occurrence, we’d rather be extra-careful and force our users to use the latest Solidity version (v0.5.7) by updating the
pragma solidity statement in all our contracts.
This is something we’ve discussed in the past, and is listed in our stability guarantees, but we still wanted to give a heads-up, in case this turns out to be an issue for someone (who e.g. had their code audited under an older compiler version). Please reply here if that is the case, and if not do tell us what you think about this decision anyway!