Kris Wallsmith
The symfony core team is happy to announce the immediate availability of symfony versions 1.3.5 and 1.4.5. Read on for the details.
Security Fix
A vulnerability was discovered in Doctrine and Propel form classes that allowed a user to update a record other than the one presented in the form. The primary key validators generated by symfony have been updated to disallow this from happening. Isolated patches for this fix are available on Trac for symfony 1.3 (raw) and 1.4 (raw).
Updated Libraries
The bundled version of Propel has been updated to 1.4.2 and the bundled version of lime has been updated to 1.0.9.
Some Other Changes
- Cleanup better: You can now rely on the handy
doctrine:cleantask to delete generated form classes for those models whose forms have since been disabled. - Traditional Chinese: We've added language files for Traditional Chinese to the admin generator (thanks rickysu!).
- 503 Service Temporarily Unavailable: symfony now responds to requests make while an application is locked with the HTTP 503 status code.
- Doctrine culture: The default culture for Doctrine model classes is now set much earlier in the stack during plugin initialization.
- Date and time widgets: The date and time widget classes now use the
id_formatoption as you would expect.
How to Upgrade
If you've checked out a copy of the tag from Subversion you can switch to
the latest version:
// symfony 1.3
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_3_5
// symfony 1.4
$ svn switch http://svn.symfony-project.com/tags/RELEASE_1_4_5
If you are using the PEAR package you can update using the pear command:
// symfony 1.3
$ pear upgrade symfony/symfony-1.3.5
// symfony 1.4
$ pear upgrade symfony/symfony-1.4.5
Once that's done, rebuild your project's model and form classes and clear the cache:
// Doctrine
$ php symfony doctrine:build --all-classes
$ php symfony cache:clear
// Propel
$ php symfony propel:build --all-classes
$ php symfony cache:clear
Have you upgraded your app to 1.4?
Just a gentle reminder that the end of maintenance for symfony 1.3 is coming
up in November of this year. That's only
time_ago_in_words(strtotime('November 2010')) away! You can start by running
the project:validate task on your symfony 1.2 or 1.3 project and ping the
community via the symfony-users mailing list or on the IRC #symfony
channel with any questions.
Is there a reason why it is not included propel 1.5 ?
@M.
Yeah - stability and reliability of orm distributed with symfony - people are depending on it.
If you want to use Propel 1.5 you can just install the plugin.
Regards, M
It was just for information: since propel site states that it is stable and retro-compatible, i was wondering if you have some info that negates that...
Btw, i am already testing that on a small project,but i didn't know it wasn't considered stable or reliable.
You have to install the Plugin to use Propel 1.5, otherwise it won't work
M. - Propel 1.5 is stable, but symfony has a policy of not introducing new features in minor updates. Upgrading Propel would expose a new API to peoples' code. AFAIK the same API is available between 1.4 and 1.5 (plus new features not available in 1.4) but it is a higher risk than just including security updates and bug fixes.
AFAIK, it is easy to swap out 1.4 for 1.5.
Hello! I have problem with realease 1.4.5. Doctrine table inheritance (column_aggregation) doesn't work. =\