Andreas Forsblom reported two potential security issues on JsTranslationBundle: a path traversal attack and a code remote injection.
Archives for July 2014
Which community bundles are the most useful for your Symfony projects? Share them with us by filling in this survey.
This week Symfony increased its development activity significantly. The most important change was the introduction of SSI support. In addition, a memory leak was fixed in ValidatorBuilder and object initializers were fixed for the 2.5 version of the Validator.
After some time of reflection to decide which workshops we should (or should not) organize at SymfonyLive New York and SymfonyCon Madrid, we decided to directly ask you the question.
This week Symfony published three security releases to address a potential code injection issue in the way Symfony implements translation caching in FrameworkBundle. In addition, it fixed object initializers for Validator component and it removed spaceless blocks from Twig templates.
Symfony 2.6 adds support for embedding notes in XLIFF files. This will allow to include contextual information to improve translations.
Symfony 2.3.18, 2.4.8, and 2.5.2 have just been released; they contain a security fix for the Translator class provided by FrameworkBundle (CVE-2014-4931).
The American SymfonyLive conference is moving to the East Coast for the 1st time! Welcome to New York, October 9-10.
Building APIs with Symfony is not new, we have plenty libraries and bundles to write powerful REST APIs. However, it is not always easy to find out an up-to-date documentation or the right tool to integrate with Symfony. That's why a new working group has been created!
I'm very happy to welcome Christophe Coevoet as a new Symfony merger.
Symfony 2.6 adds the slice() method to DomCrawler component to make node filtering much more simplified and cleaner.