If you're keeping track of symfony for the past years you know that symfony has an excellent track record as it comes to security. Where security is important for Open Source applications, it is possibly even more so important for a framework, because when an issue is found in a framework there may not just be a single point that can be abused, but the hole might be present throughout the application built on top of this framework.
An excellent advantage of Open Source is the fact that many people read the project code. Many people reading the code makes the chance much bigger that bugs and security vulnerabilities are caught. And symfony as a project is no exception to that, we have many people to thank for creating tickets and even contributing code patches.
However, there is always a chance that something slips. And of course that isn't good. Since security is one of our main concerns, we have decided to have a security audit done on both the Symfony2 and the Twig code. Both codebases are such an important part in the future of symfony, that we don't want to take a risk. And when you're talking about security and PHP code, there is one logical party to approach to do such an audit: Sektion Eins. Sektion Eins are one of the major experts when it comes to PHP and security.
Obviously, such an audit has a price. The price in this case is 6000 euro. For this specific cause, we decided to turn to the community and ask for your donation towards a secure future of Symfony2 and Twig. Every contribution is important for a project such as ours, whether it is code, reporting bugs, documentation, anything is possible. Yet another way is to contribute by donating some money towards this security audit. And this is what we're currently asking from you. And don't be afraid that your donation isn't enough for this, every single Euro, Dollar, Pound, Yen, or whatever currency you pay with is more than welcome! So please, donate now. If we raise over 6000 euro from the donations, don't be afraid. We will use the additional money to order more audits for libraries that Symfony2 uses. Doctrine for instance would be a good candidate for such an audit.
And to make it even more interesting, you can also show off your donation! If you are interested in being listed together with all the other people who donated, please forward your Paypal payment confirmation, accompanied with a name and URL, to Stefan (dot) Koopmanschap [at] symfony-project (dot) org, and when the donation drive ends, I will publish a blogpost listing those that have donated. Note: Only your name and URL will be published, not the donated amount or any additional information.
Thank you for your donation and support of the project!