Symfony 2.3.29 has just been released. Here is a list of the most important changes:
- security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)
- bug #14715 [Form] Check instance of FormBuilderInterface instead of FormBuilder (dosten)
- bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts (MacDada)
- bug #14635 [HttpKernel] Handle an array vary header in the http cache store (jakzal)
- bug #14513 [console][formater] allow format toString object. (aitboudad)
- bug #14335 [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo (danez)
- bug #14593 [Security][Firewall] Avoid redirection to XHR URIs (asiragusa)
- bug #14618 [DomCrawler] Throw an exception if a form field path is incomplete (jakzal)
- bug #14698 Fix HTML escaping of to-source links (nicolas-grekas)
- bug #14690 [HttpFoundation] IpUtils::checkIp4() should allow `/0` networks (zerkms)
- bug #14262 [TwigBundle] Refresh twig paths when resources change. (aitboudad)
- bug #13633 [ServerBag] Handled bearer authorization header in
REDIRECT_form (Lance0312) - bug #13637 [CSS] WebProfiler break words (nicovak)
- bug #14633 [EventDispatcher] make listeners removable from an executed listener (xabbuh)
Want to check the integrity of this new version? Read my blog post about signing releases .
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
Published in
#Releases
If you are experciencing bad performance since this version, you should know that this commit :
bug #14262 [TwigBundle] Refresh twig paths when resources change. (aitboudad)
is known to be problematic, and is discuessed on github (for example here : https://github.com/symfony/symfony/pull/14778)
Same observation as Jérémy