Archives for September 2014

New in Symfony 2.6: AJAX requests in the web debug toolbar

In Symfony 2.6, the web debug toolbar will include a new panel called AJAX to boost your productivity while debugging applications. This panel shows in real-time the number of AJAX requests performed in the page being displayed.

Getting ready for SymfonyLive Berlin 2014

SymfonyLive Berlin 2014 is coming fast!

New in Symfony 2.6: Simpler Security Voters

Symfony 2.6 will allow to define much simpler security voters thanks to the new AbstractVoter class.

Symfony 2.5.5 released

Read release notes

Symfony 2.4.10 released

Read release notes

Symfony 2.3.20 released

Read release notes

A week of symfony #404 (22->28 September 2014)

This week finished the development phase for the upcoming Symfony 2.6 version. Development activity was frantic to include all the great features that will be polished during the two month stabilization phase. Meanwhile, the Symfony Live London 2014 conference took place with great success. Next conference: Symfony Live New York 2014

New in Symfony 2.6: Date support for Validator constraints

Comparing dates is one of the most frequently requested functionalities for the Symfony Validator component. That's why Symfony 2.6 will include date support for comparison and range constraints.

New in Symfony 2.6: New shortcut methods for controllers

Symfony 2.6 will add five new helpers to the base controller class: redirectToRoute(), addFlash(), isGranted(), denyAccessUnlessGranted() and isCsrfTokenValid().

New in Symfony 2.6: LockHandler

Symfony 2.6 will introduce a new LockHandler that provides a simple abstraction to lock anything by means of a file lock. It's most common use case is to avoid race conditions by locking commands, so the same command cannot be executed concurrently by different processes.

New in Symfony 2.6: Smarter assets:install command

Starting from Symfony 2.6, the behavior of the assets:install command will be smarter. Now, when your system doesn't support symbolic links or if there is any other problem, the command will silently fall back to make a hard copy of the assets and it will inform you about this.

Symfony 2.6 fast approaching its stabilization phase

We are a few days from the end of Symfony 2.6 development phase. Therefore, this is our last chance to finish all the pending pull requests in time for Symfony 2.6.

A week of symfony #403 (15->21 September 2014)

This week, the development activity of Symfony increased significantly because we are approaching the end of the development phase for 2.6 version, which is scheduled for the end of this month. As part of the DX initiative, Symfony added four new shortcuts for controllers and simplified a bit the configuration of Twig form themes.

Thelia, a Symfony-based e-commerce solution

An interview with Manuel Raynaud, lead developer of Thelia, a Symfony-based e-commerce solution. Introducing the new Thelia 2 and how it's in perfect harmony with Symfony.

A week of symfony #402 (08->14 September 2014)

This week, Symfony project focused on the Intl component, adding some features and proposing a few changes to make it easier to use. Meanwhile, the discussions about the new Symfony installer continued and more changes for Symfony 3.0 were proposed.

The full agenda for SymfonyLive New York is now online!

Discover the speaker line-up for SymfonyLive New York, don't miss this great event!

A week of symfony #401 (01->07 September 2014)

This week Symfony released 2.3.19, 2.4.9 and 2.5.4 maintenance version to address several potential security vulnerabilities. In addition, the import/export feature of the web profiler was replaced by a CLI tool.

FOSUserBundle: Entropy of generated tokens is lost

FOSUserBundle: Entropy of generated tokens is lost.

Symfony 2.5.4 released

Read release notes

Symfony 2.4.9 released

Read release notes

Symfony 2.3.19 released

Read release notes

CVE-2014-6072: CSRF vulnerability in the Web Profiler

CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.

CVE-2014-6061: Security issue when parsing the Authorization header

CVE-2014-6061 is about a potential security issue when parsing the Authorization header.

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

CVE-2014-5245 is about being able to access ESI URLs even behind a trusted proxy.

CVE-2014-5244: Denial of service with a malicious HTTP Host header

CVE-2014-5244 is about a potential denial of service with a malicious HTTP Host header.