symfony 1.0.5 released (security fix)
![Avatar of Fabien Potencier](https://connect.symfony.com/api/images/4aed4f5d-e0cb-4320-902f-885fddaa7d15.png?format=28x28)
I've just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380.
PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
Here are all bugs fixed in this release:
- r4387: fixed input_date_range_tag - Illegal attributes in input tags (#1883)
- r4385: fixed issue relating to lock files (#1874)
- r4380: fixed vulnerability in phpmailer with sender (#1871)
- r4323: fixed DOMDocument E_STRICT warning and trans-unit max id in XLIFF support
- r4320: fixed sfToolkit::isUTF8() broken for strings larger than some number
- r4305: added i18n schema for MySQL and SQLite in API documentation
As for every 1.0.X release, after upgrading to 1.0.5, don't forget to clear the cache of your projects.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
-bash-3.1$ symfony propel-build-all
Fatal error: Unsupported operand types in /usr/share/pear/symfony/util/Spyc.class.php on line 667
Call Stack:
0.0007 40128 1. {main}() /usr/bin/symfony:0
0.0026 86816 2. include('/usr/share/pear/data/symfony/bin/symfony.php') /usr/bin/symfony:39
0.1036 1622008 3. pakeApp->run() /usr/share/pear/data/symfony/bin/symfony.php:171
0.1176 1710944 4. pakeTask->invoke() /usr/share/pear/symfony/vendor/pake/pakeApp.class.php:143
0.1193 1711296 5. pakeTask->execute() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:181
0.1194 1711296 6. call_user_func_array() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:218
0.1194 1711296 7. run_propel_build_all() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:0
0.1194 1711296 8. run_propel_build_model() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:159
0.1194 1711296 9. _propel_convert_yml_schema() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:172
0.4383 1928136 10. sfPropelDatabaseSchema->loadYAML() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:71
0.4392 1943328 11. sfYaml::load() /usr/share/pear/symfony/addon/propel/sfPropelDatabaseSchema.class.php:31
0.4461 2141880 12. Spyc->load() /usr/share/pear/symfony/util/sfYaml.class.php:59
0.4524 2147816 13. Spyc->_parseLine() /usr/share/pear/symfony/util/Spyc.class.php:256
0.4525 2147960 14. Spyc->_toType() /usr/share/pear/symfony/util/Spyc.class.php:591