Symfony Blog

All about Symfony releases, new Symfony features, and other important announcements

Remembering Ryan Weaver: Teacher, Core Team Member, Friend

The full agenda for SymfonyLive New York is now online!

Discover the speaker line-up for SymfonyLive New York, don't miss this great event!
September 9, 2014 #Community #Conferences

September 1–7, 2014 A Week of Symfony #401

This week Symfony released 2.3.19, 2.4.9 and 2.5.4 maintenance version to address several potential security vulnerabilities. In addition, the import/export feature of the web profiler was replaced by a CLI tool.
September 7, 2014 #A week of symfony

FOSUserBundle: Entropy of generated tokens is lost

FOSUserBundle: Entropy of generated tokens is lost.
September 5, 2014 #Community

Symfony 2.5.4 released

Read release notes
September 3, 2014 #Releases

Symfony 2.4.9 released

Read release notes
September 3, 2014 #Releases

Symfony 2.3.19 released

Read release notes
September 3, 2014 #Releases

CVE-2014-6072: CSRF vulnerability in the Web Profiler

CVE-2014-6072 is about fixing a CSRF vulnerability in the Web Profiler.
September 3, 2014 #Security Advisories

CVE-2014-6061: Security issue when parsing the Authorization header

CVE-2014-6061 is about a potential security issue when parsing the Authorization header.
September 3, 2014 #Security Advisories

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

CVE-2014-5245 is about being able to access ESI URLs even behind a trusted proxy.
September 3, 2014 #Security Advisories

CVE-2014-5244: Denial of service with a malicious HTTP Host header

CVE-2014-5244 is about a potential denial of service with a malicious HTTP Host header.
September 3, 2014 #Security Advisories