Security Advisories

Security releases (CVE-2014-4931): Symfony 2.3.18, 2.4.8, and 2.5.2 released

Symfony 2.3.18, 2.4.8, and 2.5.2 have just been released; they contain a security fix for the Translator class provided by FrameworkBundle (CVE-2014-4931).

Security releases (CVE-2013-5958): Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 released

Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 have just been released; they contain a security fix for the Security component (CVE-2013-5958).

CVE-2013-5750: Security issue in FOSUserBundle login form

A security issue has been discovered in FOSUserBundle (CVE-2013-5750).

Security releases: Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 released

Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 have just been released and they contain security fixes for the Validator component (CVE-2013-4751) and the HttpFoundation component (CVE-2013-4752).

Security release: Symfony 2.0.22 and 2.1.7 released

Symfony 2.0.22 and Symfony 2.1.7 have just been released and they both contain security fixes for the YAML component (CVE-2013-1348 and CVE-2013-1397).

Security release: Symfony 2.0.20 and 2.1.5 released

Symfony 2.0.20 and Symfony 2.1.5 have just been released and they both contain two security fixes.

Security release: Symfony 2.0.19 and 2.1.4

Symfony 2.0.18 and 2.1.4 have been released with a security issue fix.

Security release: symfony 1.4.20 released

symfony 1.4.20 has just been released. It contains a security fix.

Security Release: Symfony 2.0.17 released

Symfony 2.0.17 has just been released.

Security Release: symfony 1.4.18 released

symfony 1.4.18 has just been released. It contains a security fix.

Security Release: Symfony 2.0.11 released

Symfony 2.0.11 has just been released. Read the post as this release fixes a security vulnerability in the Serializer Component.

Security Release: Symfony 2.0.6

Symfony 2.0.6 addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge.

symfony 1.3.10 and 1.4.10: security releases

These releases include yesterday's Doctrine security release.

Security Release: symfony 1.3.6 and 1.4.6

This patch addresses a security vulnerability in the view cache that was introduced with symfony 1.3 and 1.4.

symfony 1.3.5 and 1.4.5

Read more about the latest versions of symfony 1.3 and 1.4 here.

Security Release: 1.2.12, 1.3.3 and 1.4.3

This release addresses a security vulnerability discovered earlier today.