symfony 1.0.5 released (security fix)
I've just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380.
PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
Here are all bugs fixed in this release:
- r4387: fixed input_date_range_tag - Illegal attributes in input tags (#1883)
- r4385: fixed issue relating to lock files (#1874)
- r4380: fixed vulnerability in phpmailer with sender (#1871)
- r4323: fixed DOMDocument E_STRICT warning and trans-unit max id in XLIFF support
- r4320: fixed sfToolkit::isUTF8() broken for strings larger than some number
- r4305: added i18n schema for MySQL and SQLite in API documentation
As for every 1.0.X release, after upgrading to 1.0.5, don't forget to clear the cache of your projects.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.