Symfony Blog

All about Symfony releases, new Symfony features, and other important announcements

FOSUserBundle: Entropy of generated tokens is lost

FOSUserBundle: Entropy of generated tokens is lost.
September 5, 2014 #Community

Symfony 2.5.4 released

Read release notes
September 3, 2014 #Releases

Symfony 2.4.9 released

Read release notes
September 3, 2014 #Releases

Symfony 2.3.19 released

Read release notes
September 3, 2014 #Releases

CVE-2014-6072: CSRF vulnerability in the Web Profiler

CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.
September 3, 2014 #Security Advisories

CVE-2014-6061: Security issue when parsing the Authorization header

CVE-2014-6061 is about a potential security issue when parsing the Authorization header.
September 3, 2014 #Security Advisories

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

CVE-2014-5245 is about being able to access ESI URLs even behind a trusted proxy.
September 3, 2014 #Security Advisories

CVE-2014-5244: Denial of service with a malicious HTTP Host header

CVE-2014-5244 is about a potential denial of service with a malicious HTTP Host header.
September 3, 2014 #Security Advisories

August 25–31, 2014 A Week of Symfony #400

This week, "A Week of Symfony" achieves an incredible milestone: its 400th issue! That means that we've been publishing a weekly digest for almost eight years, without missing a single week.
August 31, 2014 #A week of symfony

New in Symfony 2.6 The security:check command

Symfony 2.6 will include a new security:check command, which looks for known security vulnerabilities in your project's dependencies.
August 26, 2014 #Living on the edge