This week Symfony published three security releases to address a potential code injection issue in the way Symfony implements translation caching in FrameworkBundle. In addition, it fixed object initializers for Validator component and it removed spaceless blocks from Twig templates.
Symfony2 development highlights
- 8f9ed3e: [Twig Bridge] removed Spaceless Blocks from Twig Form Templates
- 06fc97e: [HttpFoundation] prevented magic bytes injection in JSONP responses (CVE-2014-4671)
- 06a80fb, 3176f8b: validate locales sets into translator
- d418935: [Process] fixed unit tests on Windows platform
- 91e32f8: [Process] use correct test for empty string in UnixPipes
- 291cbf9: [Validator] object initializers are called only once per object
- 793a083: removed Spaceless Blocks From Twig Templates
- 2ac1bb4: [Console] removed estimated field from debug_nomax
- 705d67b: [Form] solved dependency to ValidatorInterface
Newest issues and pull requests
- [FrameworkBundle] adding single translation debug information in the translator:debug command
- [DependencyInjection] Self-referenced 'service_container' service breaks garbage collection
- Issue with ExecutableFinder with file paths in basedir
- [Validator] Made sure that context changes don't leak out of (Contextual)ValidatorInterface
- [HttpFoundation] Update QUERY_STRING when overrideGlobals
- [Routing] support for array values in route defaults
- RecursiveContextualValidator forces a ClassMetadataInterface
- [Console] added a way to dispatch events on any command
They talked about us
- [Video] REST dans le monde Symfony
- SensioLabsProfiler, analizando y mejorando el rendimiento de las aplicaciones PHP
- The PHP testing experience: Interview by Fernando Arconada
- Делаем простейший фильтр по свойствам товаров с помощью ElasticSearch на Symfony2
- Sylius 0.10.0 released
- Choose owning side in OneToOne relation
- Se publican las actualizaciones de seguridad 2.3.18, 2.4.8 y 2.5.2
- Mettre en place un projet symfony 2 avec netbeans 8
- How To Install Symfony Framework On Ubuntu Operating System
- 3 Bundles to get started with REST in Symfony 2 and some tips
- Using the Symfony Validator as a standalone component
Published in
#A week of symfony
Any news regarding the CNET hack, which has been (at least, in the media) identified as a vulnerability in their Symfony installation? We're assuming that this was not a day-zero exploit, but rather something older or related to their specific configuration.
Anyway, there is a lot of speculation and conjecture on what exactly the issue was. I realize you guys may not know yourselves, but some official announcement from the Symfony team would be very welcome indeed.