Ryan Weaver, Symfony core team member and SymfonyCasts founder, needs our help

Symfony 3.0.6 released

May 9, 2016 · Published by Avatar of Fabien Potencier Fabien Potencier

Warning: Symfony 3.0 is no longer supported. Consider upgrading your applications to the most recent Symfony version.

Symfony 3.0.6 has just been released. Here is a list of the most important changes:

  • security #18736 Fixed issue with blank password with Ldap (csarrazi) - CVE-2016-2403
  • security #18733 limited the maximum length of a submitted username (fabpot) - CVE-2016-4423
  • bug #18730 [FrameworkBundle] prevent calling get() for service_container service (xabbuh)
  • bug #18705 added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+ (fabpot)
  • bug #18709 [DependencyInjection] top-level anonymous services must be public (xabbuh)
  • bug #18388 [EventDispatcher] check for method to exist (xabbuh)
  • bug #18699 [DependencyInjection] Use the priority of service decoration on service with parent (hason)
  • bug #18692 add @Event annotation for KernelEvents (Haehnchen)
  • bug #18246 [DependencyInjection] fix ambiguous services schema (backbone87)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to check the integrity of this new version? Read my blog post about signing releases .

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Avatar of Thierry.
Thierry. said on May 10, 2016
In the list of changes (and in the one for the version 2.8.6 too) CVE numbers and descriptions are permuted : 2403 is the one for the empty password and 4423 for the large username.
Thank you to the team for the releases and for all your great job on the framework.
Avatar of Fabien Potencier
Fabien Potencier Certified said on May 10, 2016
Links fixed now, thanks.
Avatar of Sorin Popescu
Sorin Popescu said on May 13, 2016
Hi all
I have one question - I would like to learn Symfony, but when i get to download page I see version 3 (ending 2017) and version 2.8 (ending 2018) - which one should I start with for future development?
Thanks
Avatar of Javier Eguiluz
Javier Eguiluz Certified said on May 13, 2016
@Sorin you should use version 3. It's true that 3.0 will end soon, but then we'll release 3.1, 3.2, etc. Why does 2.8 exist then? Because very large companies/projects prioritize stability over new features. They don't care to use old versions (2.8) in exchange of having three years of support instead of having to upgrade every year or so.

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.