Symfony
a SensioLabs product
DOWNLOAD NOW

Archives

Master Symfony2 fundamentals

Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).
trainings.sensiolabs.com

Symfony hosting done right

ServerGrove, outstanding support at the right price for your Symfony hosting needs.
servergrove.com

Discover the SensioLabs Support

Access to the SensioLabs Competency Center for an exclusive and tailor-made support on Symfony
sensiolabs.com
Home » Blog » New symfony security policy
RSS comments
RSS posts
Twitter twitter

Blog

gravatar
New symfony security policy
by Nicolas Perriault – May 21, 2008 – 5 comments

Last week we've fixed a security bug allowing XSS attacks in certain circumstances. The related ticket was opened more than a year ago.

You may be wondering why it has been taking us such a long time to react. Here's the main reason: we had not a very strong security alert reporting and qualifying process. This has been fixed recently.

So as of now, if you find a security bug in symfony, please send an email to security at symfony-project.com, with as much details as you can and ideally a patch if you can provide one. Your message will be forwarded to the core team internal mailing-list, qualified and addressed as quickly as possible. The whole procedure is detailed in a dedicated section of the brand new how to contribute page in the symfony wiki.

By the way don't hesitate to read the whole how to contribute page on the wiki, as there's plenty of information on how you can help the symfony project.

Add a Comment

Connect to post a comment

Comments RSS

  • gravatar
    #1 Eric Bartels said on the 2008/05/21 at 10:03
    I'm glad to see that security is taken seriously!

    Thanks for that. Keep on your good work :)
  • gravatar
    #2 Joshua May said on the 2008/05/21 at 11:41
    pookey will be happy!

    But really, this is a good thing. Another reason symfony is #1, really.
  • gravatar
    #3 hadrien said on the 2008/05/21 at 13:38
    i think it's good you take care about security, but i wonder how you review tickets and affect priority to them...
  • gravatar
    #4 Ian P. Christian said on the 2008/05/21 at 13:58
    @notjosh - indeed - I am happy :)

    I was deliberately playing Devil's Advocate on my blog post related to this, in an effort to get things moving. I'm please we as a community have managed to get this ball rolling in the right direction.
  • gravatar
    #5 Hugo said on the 2008/05/21 at 17:15
    Great idea :D

NEWS FROM THE BLOG

Visit Symfony's blog

IN THE NEWS

Announcing the next Symfony Live Conference 2013 in Portland

UPCOMING TRAINING SESSIONS

View all sessions

sf - Symfony is a trademark of Fabien Potencier. All rights reserved.

What is Symfony?

Get Started

Learn Symfony

Marketplace

Community

Services

Blog

About