The core team would like to announce the immediate availability of symfony 1.3.10 and 1.4.10. These are security releases in response to Doctrine's security release over the weekend. We recommend everyone update immediately.

From the Doctrine blog:

Because of a SQL injection possibility we urge users of Doctrine 1.2 and 2 to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2.

This release also marks the end of support for the 1.3 branch. We will continue to support symfony 1.4 until November 2012, per the policy outlined here.

How to Upgrade

If you've checked out a copy of the tag from Subversion you can switch to the latest version:

// symfony 1.3
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_3_10

// symfony 1.4
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_4_10

If you are using the PEAR package you can update using the pear command:

// symfony 1.3
$ pear upgrade symfony/symfony-1.3.10

// symfony 1.4
$ pear upgrade symfony/symfony-1.4.10