October 13, 2013 Javier Eguiluz

This week, four Symfony2 security releases were published to address a potential DOS attack related to the security component. In addition, the first beta of Symfony 2.4.0 was released, containing more than 1,000 new commits and a lot of great new features, while maintaining backwards compatibility with Symfony 2.3.

Development mailing list

Symfony2 development highlights

2.0 changelog:

13d7d3a: [Security] limited the password length passed to encoders to 4096

2.2 changelog:

6659d7d: [Propel1 Bridge] fixed guessed OneToMany relations

64a0b40: [Process] fixed random failure on pipes tests

6f48f8e: [FrameworkBundle] assets:install command should mirror dotfiles such as .htaccess

af369ae: [Yaml] fixed the escaping of strings starting with a dash when dumping

2.3 changelog:

e01461d: [HttpKernel] fixed a test (compiler pass class name has been changed)

304c7b6: [HttpFoundation] removed unnecessary continue from Request

Master changelog:

d4bb5f4: [Security] split CsrfTokenGenerator into CsrfTokenManager and TokenGenerator

ea91533: [form] fixed missing use statement for exception UnexpectedTypeException

ecee5c2: [Debug] fixed ClassNotFoundFatalErrorHandler

They talked about us