Symfony 2.5.4 released
September 3, 2014 • Published by Fabien Potencier
Warning: Symfony 2.5 is no longer supported. Consider upgrading your applications to the most recent Symfony version.
Symfony 2.5.4 has just been released. Here is a list of the most important changes:
- security #11832 `CVE-2014-6072 <http://symfony.com/blog/cve-2014-6072-csrf-vulnerability-in-the-web-profiler>`_ (fabpot)
- security #11831 `CVE-2014-5245 <http://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy>`_ (stof)
- security #11830 `CVE-2014-4931 <http://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released>`_ (aitboudad, Jérémy Derussé)
- security #11829 `CVE-2014-6061 <http://symfony.com/blog/cve-2014-6061-security-issue-when-parsing-the-authorization-header>`_ (damz, fabpot)
- security #11828 `CVE-2014-5244 <http://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header>`_ (nicolas-grekas, larowlan)
- bug #10197 [FrameworkBundle] PhpExtractor bugfix and improvements (mtibben)
- bug #11772 [Filesystem] Add FTP stream wrapper context option to enable overwrite (Damian Sromek)
- bug #11791 [Process] fix mustRun() in sigchild environments (xabbuh)
- bug #11788 [Yaml] fixed mapping keys containing a quoted # (hvt, fabpot)
- bug #11787 fixed DateComparator if file does not exist (avi123)
- bug #11160 [DoctrineBridge] Abstract Doctrine Subscribers with tags (merk)
- bug #11768 [ClassLoader] Add a __call() method to XcacheClassLoader (tstoeckler)
- bug #11739 [Validator] Pass strict argument into the strict email validator (brianfreytag)
- bug #11749 [TwigBundle] Remove hard dependency of RequestContext in AssetsExtension (pgodel)
- bug #11726 [Filesystem Component] mkdir race condition fix #11626 (kcassam)
- bug #11677 [YAML] resolve variables in inlined YAML (xabbuh)
- bug #11639 [DependencyInjection] Fixed factory service not within the ServiceReferenceGraph. (boekkooi)
- bug #11778 [Validator] Fixed wrong translations for Collection constraints (samicemalone)
- bug #11756 [DependencyInjection] fix @return anno created by PhpDumper (jakubkulhan)
- bug #11711 [DoctrineBridge] Fix empty parameter logging in the dbal logger (jakzal)
- bug #11692 [DomCrawler] check for the correct field type (xabbuh)
- bug #11672 [Routing] fix handling of nullable XML attributes (xabbuh)
- bug #11624 [DomCrawler] fix the axes handling in a bc way (xabbuh)
- bug #11676 [Form] Fixed #11675 ValueToDuplicatesTransformer accept "0" value (Nek-)
- bug #11695 [Validators] Fixed failing tests requiring ICU 52.1 which are skipped otherwise (webmozart)
- bug #11584 [FrameworkBundle] Fixed validator factory definition when the Validator API is "auto" for PHP < 5.3.9 (webmozart)
- bug #11645 [Form] Fixed ValidatorExtension to work with the 2.5 Validation API (webmozart)
- bug #11529 [WebProfilerBundle] Fixed double height of canvas (hason)
- bug #11666 [DIC] Fixed: anonymous services are always private (lyrixx)
- bug #11641 [WebProfilerBundle ] Fix toolbar vertical alignment (blaugueux)
- bug #11637 fix dependencies on HttpFoundation component (xabbuh)
- bug #11559 [Validator] Convert objects to string in comparison validators (webmozart)
- feature #11510 [HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field (catchamonkey)
- bug #11408 [HttpFoundation] Update QUERY_STRING when overrideGlobals (yguedidi)
- bug #11625 [FrameworkBundle] resolve parameters before the configs are processed in the config:debug command (xabbuh)
- bug #11633 [FrameworkBundle] add missing attribute to XSD (xabbuh)
- bug #11601 [Validator] Allow basic auth in url when using UrlValidator. (blaugueux)
- bug #11609 [Console] fixed style creation when providing an unknown tag option (fabpot)
- bug #10914 [HttpKernel] added an analyze of environment parameters for built-in server (mauchede)
- bug #11598 [Finder] Shell escape and windows support (Gordon Franke, gimler)
- bug #11582 [DoctrineBridge] Changed UniqueEntityValidator to use the 2.5 Validation API (webmozart)
Want to check the integrity of this new version? Read my blog post about signing releases .
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.