symfony 1.0.5 released (security fix)

I've just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch:

PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here:

Here are all bugs fixed in this release:

  • r4387: fixed input_date_range_tag - Illegal attributes in input tags (#1883)
  • r4385: fixed issue relating to lock files (#1874)
  • r4380: fixed vulnerability in phpmailer with sender (#1871)
  • r4323: fixed DOMDocument E_STRICT warning and trans-unit max id in XLIFF support
  • r4320: fixed sfToolkit::isUTF8() broken for strings larger than some number
  • r4305: added i18n schema for MySQL and SQLite in API documentation

As for every 1.0.X release, after upgrading to 1.0.5, don't forget to clear the cache of your projects.

Manage your notification preferences to receive an email as soon as a Symfony security release is published.
If you have found a security issue in Symfony, please send the details to security [at] and don't disclose it publicly until we can provide a fix for it.


I just upgraded, and when I do a symfony -V, the version went down from 1.0.4 to 1.0.3 ironically...and i should be 1.0.5! Is it just semantic?
I have a suggestion: make 1.0.x 0.9.x or some such, and release 1.0 as soon as Symfony has validation at the model, not controller, level (design issue).
Nice update... Only trouble...

-bash-3.1$ symfony propel-build-all

Fatal error: Unsupported operand types in /usr/share/pear/symfony/util/Spyc.class.php on line 667

Call Stack:
0.0007 40128 1. {main}() /usr/bin/symfony:0
0.0026 86816 2. include('/usr/share/pear/data/symfony/bin/symfony.php') /usr/bin/symfony:39
0.1036 1622008 3. pakeApp->run() /usr/share/pear/data/symfony/bin/symfony.php:171
0.1176 1710944 4. pakeTask->invoke() /usr/share/pear/symfony/vendor/pake/pakeApp.class.php:143
0.1193 1711296 5. pakeTask->execute() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:181
0.1194 1711296 6. call_user_func_array() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:218
0.1194 1711296 7. run_propel_build_all() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:0
0.1194 1711296 8. run_propel_build_model() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:159
0.1194 1711296 9. _propel_convert_yml_schema() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:172
0.4383 1928136 10. sfPropelDatabaseSchema->loadYAML() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:71
0.4392 1943328 11. sfYaml::load() /usr/share/pear/symfony/addon/propel/sfPropelDatabaseSchema.class.php:31
0.4461 2141880 12. Spyc->load() /usr/share/pear/symfony/util/sfYaml.class.php:59
0.4524 2147816 13. Spyc->_parseLine() /usr/share/pear/symfony/util/Spyc.class.php:256
0.4525 2147960 14. Spyc->_toType() /usr/share/pear/symfony/util/Spyc.class.php:591
What about removing phpmailer completely and switch the symfony code to SwiftMailer. ?
Hi! nice site !
<a href="">swiss rolex watch</a>
<a href="">best prices on rolex watches</a>
<a href="'s-replica-watch.php">1930's replica watch</a>
<a href="">replica watch japanese movement</a>
<a href="">watch replica lange soehne</a>
<a href="">instructions for rolex daytona watch</a>
<a href="">how a rolex watch works</a>
You have a nice site ;)
<a href="">replica classics watches</a>
<a href="">rolex watches wholesale</a>,-rose-gold,-watches.php
<a href="">replica rolex daytona</a>
<a href="">rolex watches antique</a>
<a href="">replica swiss watch</a>
You have a nice site ;)
<a href="">viagra discount online</a>
<a href="">online prescription viagra phentermine meridia adipex</a>
<a href="">medicine online viagra</a>
<a href="">generic viagra online order</a>
<a href="">buy get online prescription viagra</a>
<a href="">viagra buying online</a>
<a href="">00000e04.htm event member online viagra</a>
<a href=",-cialis,-viagra-online-sales.php">levitra, cialis, viagra online sales</a>
<a href="">viagra sales online</a>
You have a nice site ;)
<a href="">viagra discount online</a>
<a href="">buying viagra online in britain</a>
<a href="">pfizer viagra online</a>
<a href="">buy discount viagra online</a>
<a href="">is it legal to order viagra online</a>
<a href="">viagra online discount</a>
<a href="">get viagra online</a>
<a href="">online sale viagra</a>
<a href="">discount viagra online</a>
<a href="">generic brand of viagra online</a>
Hi! nice site !
<a href="">free cialis softtabs online</a>
<a href="">cialis online rezeptfrei</a>
!!! If you don't want to receive this spam just email me at with url of your site and I'll take you off the list.

<a href="">buy dream online pharmaceutical tramadol</a>
<a href="">tramadol overnight fedex</a>
<a href="">creditbuy tramadol</a>
<a href="">tramadol overseas cheap</a>
<a href="">depression tramadol</a>
<a href="">effects of tramadol</a>
<a href="">tramadol withdrawal</a>
<a href="">how do i order tramadol legally online help</a>
<a href="">side effects tramadol hcl</a>

End ^) See you
Hi! nice site !
<a href="">replica watches uk</a>
<a href="">cheap fake rolex</a>
<a href="">versace replica watches</a>
<a href="">swiss watch replica rolex</a>
You have a nice site ;)
<a href="">who makes chanel handbags</a>
<a href="">chanel handbags</a>
<a href="">replica kate spade handbags</a>
<a href="">cheap prada purse inexpensive fake replica knockoff</a>
<a href="">chanel cambon handbag</a>
<a href="">designer handbags replica tiffany jewlery</a>
<a href="">beijo replica handbags wholesale</a>
<a href="">authentic chanel handbag shoes</a>
d1hfxct27nb 3fk5sge1ep8y3q
pe32mbnq8nsn yio2sppv09ncvsrws
203r126t36kfkggc dwuvv4c6n9bfp1
d1hfxct27nb lgc9358qg 3fk5sge1ep8y3q
ihegogk67 0d6h8e2fggwll
dgmz9jpzi bh7f9rxufjz5bw4g

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.