Andreas Forsblom reported two potential security issues on JsTranslationBundle: a path traversal attack and a code remote injection.
The Symfony Blog
Which community bundles are the most useful for your Symfony projects? Share them with us by filling in this survey.
This week Symfony increased its development activity significantly. The most important change was the introduction of SSI support. In addition, a memory leak was fixed in ValidatorBuilder and object initializers were fixed for the 2.5 version of the Validator.
After some time of reflection to decide which workshops we should (or should not) organize at SymfonyLive New York and SymfonyCon Madrid, we decided to directly ask you the question.
This week Symfony published three security releases to address a potential code injection issue in the way Symfony implements translation caching in FrameworkBundle. In addition, it fixed object initializers for Validator component and it removed spaceless blocks from Twig templates.
Symfony 2.6 adds support for embedding notes in XLIFF files. This will allow to include contextual information to improve translations.
Symfony 2.3.18, 2.4.8, and 2.5.2 have just been released; they contain a security fix for the Translator class provided by FrameworkBundle (CVE-2014-4931).
- « Previous Page
- Next Page »