symfony 1.3.5 and 1.4.5
The symfony core team is happy to announce the immediate availability of symfony versions 1.3.5 and 1.4.5. Read on for the details.
Security Fix
A vulnerability was discovered in Doctrine and Propel form classes that allowed a user to update a record other than the one presented in the form. The primary key validators generated by symfony have been updated to disallow this from happening. Isolated patches for this fix are available on Trac for symfony 1.3 (raw) and 1.4 (raw).
Updated Libraries
The bundled version of Propel has been updated to 1.4.2 and the bundled version of lime has been updated to 1.0.9.
Some Other Changes
- Cleanup better: You can now rely on the handy
doctrine:clean
task to delete generated form classes for those models whose forms have since been disabled. - Traditional Chinese: We've added language files for Traditional Chinese to the admin generator (thanks rickysu!).
- 503 Service Temporarily Unavailable: symfony now responds to requests make while an application is locked with the HTTP 503 status code.
- Doctrine culture: The default culture for Doctrine model classes is now set much earlier in the stack during plugin initialization.
- Date and time widgets: The date and time widget classes now use the
id_format
option as you would expect.
How to Upgrade
If you've checked out a copy of the tag from Subversion you can switch
to
the latest version:
// symfony 1.3
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_3_5
// symfony 1.4
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_4_5
If you are using the PEAR package you can update using the pear
command:
// symfony 1.3
$ pear upgrade symfony/symfony-1.3.5
// symfony 1.4
$ pear upgrade symfony/symfony-1.4.5
Once that's done, rebuild your project's model and form classes and clear the cache:
// Doctrine
$ php symfony doctrine:build --all-classes
$ php symfony cache:clear
// Propel
$ php symfony propel:build --all-classes
$ php symfony cache:clear
Have you upgraded your app to 1.4?
Just a gentle reminder that the end of maintenance for symfony 1.3 is coming
up in November of this year. That's only
time_ago_in_words(strtotime('November 2010'))
away! You can start by running
the project:validate
task on your symfony 1.2 or 1.3 project and ping the
community via the symfony-users mailing list or on the IRC #symfony
channel with any questions.
Have found a security issue in Symfony? Send the details to security [at] symfony.com and don't disclose it publicly until we can provide a fix for it.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
Yeah - stability and reliability of orm distributed with symfony - people are depending on it.
If you want to use Propel 1.5 you can just install the plugin.
Regards,
M
Btw, i am already testing that on a small project,but i didn't know it wasn't considered stable or reliable.
AFAIK, it is easy to swap out 1.4 for 1.5.
I have problem with realease 1.4.5. Doctrine table inheritance (column_aggregation) doesn't work. =\