The core team would like to announce the immediate availability of symfony 1.3.10 and 1.4.10. These are security releases in response to Doctrine's security release over the weekend. We recommend everyone update immediately.
From the Doctrine blog:
Because of a SQL injection possibility we urge users of Doctrine 1.2 and 2 to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2.
This release also marks the end of support for the 1.3 branch. We will continue to support symfony 1.4 until November 2012, per the policy outlined here.
How to Upgrade
If you've checked out a copy of the tag from Subversion you can switch
to
the latest version:
// symfony 1.3
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_3_10
// symfony 1.4
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_4_10
If you are using the PEAR package you can update using the pear
command:
// symfony 1.3
$ pear upgrade symfony/symfony-1.3.10
// symfony 1.4
$ pear upgrade symfony/symfony-1.4.10
Is there an official git repo to clone? i used to use a repo but it stop to sync 2 month ago :s
@eMerzh: This is the git repo, which is updating periodically - http://github.com/vjousse/symfony-1.4
Do propel user need to install this update too?
@Anton: Yes but it's not up-to-date :/
Seems that this release breaks multiple database access. I have a project with two database configurations that backups data from one to another, and since the upgrade, doesn't work anymore. All the tables are related to the first database configuration in databases.yml, despite the value of the param connection in the schema.
http://trac.symfony-project.org/ticket/9092#comment:22
The multiple doctrine database management does not work any more
@Andi thanks for pointing out the ticket, not doubt this is a major problem.
It's good to know!