Update to Drupal 8.0.2. For more information, see https://www.drupal.org/drupal-8.0.2-release-notes

core/lib/Drupal/Core/Template/TwigExtension.php

@@ -315,8 +315,8 @@ class TwigExtension extends \Twig_Extension {
    * ampersand ("&") which separates query params. Thus we cannot mark
    * the generated URL as always safe, but only when we are sure there won't be
    * multiple query params. This is the case when there are none or only one
-   * constant parameter given. E.g. we know beforehand this will not need to
-   * be escaped:
+   * constant parameter given. For instance, we know beforehand this will not
+   * need to be escaped:
    * - path('route')
    * - path('route', {'param': 'value'})
    * But the following may need to be escaped:

core/lib/Drupal/Core/Template/TwigSandboxPolicy.php

@@ -81,8 +81,10 @@ class TwigSandboxPolicy implements \Twig_Sandbox_SecurityPolicyInterface {
    * {@inheritdoc}
    */
   public function checkMethodAllowed($obj, $method) {
-    if (isset($this->whitelisted_classes[get_class($obj)])) {
-      return TRUE;
+    foreach ($this->whitelisted_classes as $class => $key) {
+      if ($obj instanceof $class) {
+        return TRUE;
+      }
     }
 
     // Return quickly for an exact match of the method name.

core/lib/Drupal/Core/Template/TwigTransTokenParser.php

@@ -84,7 +84,7 @@ class TwigTransTokenParser extends \Twig_TokenParser {
    *
    * @param \Twig_Node $body
    *   The expression to check.
-   * @param integer $lineno
+   * @param int $lineno
    *   The source line.
    *
    * @throws \Twig_Error_Syntax