This week, four important security releases were published, containing security fixes for the Validator and the HttpFoundation components of every Symfony major version. Meanwhile, a new 2.0 experimental branch was created to test the new features of the upcoming Twig 2.0 version.

Symfony2 development highlights

2.0 changelog:

  • 6d555bc: [Validator] fixed metadata serialization
  • c35cc5b: [FrameworkBundle] added trusted hosts check

2.2 changelog:

  • 322f880: replaced deprecated Twig features
  • 0b965fb: made the filesystem loader compatible with Twig 2.0
  • 1a73b44: [HttpFoundation] added missing support for the new output API in PHP 5.4+
  • 2769c9d: [ClassLoader] use strstr instead of strpos

2.3 changelog:

  • 8fa0453: [Intl] updated stubs to reflect ICU 51.2
  • 98f6969: [Process] fixed empty process argument escaping on Windows
  • e47657d: [Debug] made sure ContextErrorException is loaded during compile time errors
  • 6ed0fdf: [Form] moved auto_initialize option to the BaseType
  • 7eaaec1: [FrameworkBundle] made code more generic

Master changelog:

  • cb03a54: [SecurityBundle] adapted security collector template name to webprofiler conventions
  • 9acedb7: [DependencyInjection] test constants
  • 554f95f: [HttpKernel] added $event->isMasterRequest()
  • ce32981: [Console] added a way to set terminal dimensions
  • 0fa3a74: [Console] added more semantic commands to detect verbosity
  • 49c4a79: [DependencyInjection] optimized some unneeded casts (esp. when casting something to string for array access)
  • b28d280: [Process] added possibility to use array prefixes
  • 50435aa: [Propel1Bridge] refactored PropelLogger to implement BasicLogger interface
  • e6687d9: [DoctrineBridge] use custom cache namespace option if it is specified

They talked about us