symfony 1.0.16 is out

symfony 1.0.16 is out and fixes an important security breach. This is the shortest changelog one may find between two releases: a one line file.

  • r8922: fixed yml validator file can be overriden by a remote attacker (#1617)

The issue is described in ticket #1617.

An attacker could bypass the validation process and get unsecure data through your actions. Your applications are only vulnerable is you use the :action placeholder in your routing rules. This is the case if you rely on the default symfony routing rule (/:module/:action/*).

If you use symfony 1.1, your applications are only vulnerable if you use the 1.0 compat layer.

Everybody is encouraged to upgrade as soon as possible.

For 1.0 : You can apply the patch directly from here or upgrade to 1.0.16 either by using the PEAR package (pear upgrade symfony/symfony-1.0.16) or by using the Debian package.

For 1.1 : You can apply the patch available here The patch will be part of the next 1.1 release candidate.


If you have found a security issue in Symfony, please send the details to security [at] and don't disclose it publicly until we can provide a fix for it.


Great job!
I tried to upgrade, but I got:

WARNING: failed to download, version "1.0.16", will instead download version 1.0.15, stability "stable"
Hello All,
I have made a new module in apps of MyProject
using symfony propel-generate-crud Foldername programname ProgramName.

But it didn't generate generator.yml in config folder.

Then I used the command

symfony propel-init-admin FolderName programname ProgramName.

It generated generator.yml.
I added the code


Since there are 2 data in the perticular table.

But the Pagination doesn't display, which was suppose to by default.

Please suggest as sson as process for the process to make the pagination work from actions.class.php, layout.php or any other template page, and myclass.php.

I need this help as soon as possible.
@Suparno - the comments on the blog are an inappropriate place for general support questions. I believe you have also asked this on the fora, so please await an answer there, or ask on the users' mailing list.
My Symfony 1.0 is now up to date ! Thanks a lot for this important version ;)
Oh, this is huge!
This is why every website should reconsider revealing a "powered by Symfony" signature.
There are a few issues in Symfony that should be discourage for production, only encouraged for RAD prototyping

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.