The Symfony Blog

A week of symfony #402 (08->14 September 2014)

This week, Symfony project focused on the Intl component, adding some features and proposing a few changes to make it easier to use. Meanwhile, the discussions about the new Symfony installer continued and more changes for Symfony 3.0 were proposed.

The full agenda for SymfonyLive New York is now online!

Discover the speaker line-up for SymfonyLive New York, don't miss this great event!

A week of symfony #401 (01->07 September 2014)

This week Symfony released 2.3.19, 2.4.9 and 2.5.4 maintenance version to address several potential security vulnerabilities. In addition, the import/export feature of the web profiler was replaced by a CLI tool.

FOSUserBundle: Entropy of generated tokens is lost

FOSUserBundle: Entropy of generated tokens is lost.

Symfony 2.5.4 released

Read release notes

Symfony 2.4.9 released

Read release notes

Symfony 2.3.19 released

Read release notes

CVE-2014-6061: Security issue when parsing the Authorization header

CVE-2014-6061 is about a potential security issue when parsing the Authorization header.

CVE-2014-6072: CSRF vulnerability in the Web Profiler

CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

CVE-2014-5245 is about being able to access ESI URLs even behind a trusted proxy.