symfony 1.3.10 and 1.4.10: security releases

The core team would like to announce the immediate availability of symfony 1.3.10 and 1.4.10. These are security releases in response to Doctrine's security release over the weekend. We recommend everyone update immediately.

From the Doctrine blog:

Because of a SQL injection possibility we urge users of Doctrine 1.2 and 2 to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2.

This release also marks the end of support for the 1.3 branch. We will continue to support symfony 1.4 until November 2012, per the policy outlined here.

How to Upgrade

If you've checked out a copy of the tag from Subversion you can switch to the latest version:

// symfony 1.3
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_3_10

// symfony 1.4
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_4_10

If you are using the PEAR package you can update using the pear command:

// symfony 1.3
$ pear upgrade symfony/symfony-1.3.10

// symfony 1.4
$ pear upgrade symfony/symfony-1.4.10
If you have found a security issue in Symfony, please send the details to security [at] symfony.com and don't disclose it publicly until we can provide a fix for it.

Comments

Is there an official git repo to clone? i used to use a repo but it stop to sync 2 month ago :s
@eMerzh: This is the git repo, which is updating periodically - http://github.com/vjousse/symfony-1.4
Do propel user need to install this update too?
@Anton: Yes but it's not up-to-date :/
Seems that this release breaks multiple database access. I have a project with two database configurations that backups data from one to another, and since the upgrade, doesn't work anymore. All the tables are related to the first database configuration in databases.yml, despite the value of the param connection in the schema.
http://trac.symfony-project.org/ticket/9092#comment:22

The multiple doctrine database management does not work any more
@Andi thanks for pointing out the ticket, not doubt this is a major problem.
It's good to know!

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.