This week, four Symfony2 security releases were published to address a potential DOS attack related to the security component. In addition, the first beta of Symfony 2.4.0 was released, containing more than 1,000 new commits and a lot of great new features, while maintaining backwards compatibility with Symfony 2.3.

Development mailing list

Symfony2 development highlights

2.0 changelog:

  • 13d7d3a: [Security] limited the password length passed to encoders to 4096

2.2 changelog:

  • 6659d7d: [Propel1 Bridge] fixed guessed OneToMany relations
  • 64a0b40: [Process] fixed random failure on pipes tests
  • 6f48f8e: [FrameworkBundle] assets:install command should mirror dotfiles such as .htaccess
  • af369ae: [Yaml] fixed the escaping of strings starting with a dash when dumping

2.3 changelog:

  • e01461d: [HttpKernel] fixed a test (compiler pass class name has been changed)
  • 304c7b6: [HttpFoundation] removed unnecessary continue from Request

Master changelog:

  • d4bb5f4: [Security] split CsrfTokenGenerator into CsrfTokenManager and TokenGenerator
  • ea91533: [form] fixed missing use statement for exception UnexpectedTypeException
  • ecee5c2: [Debug] fixed ClassNotFoundFatalErrorHandler

They talked about us

Published in #A week of symfony