• Fabien Potencier
• about 1 year ago
• Releases
• 4

I've just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380.

PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/

Here are all bugs fixed in this release:

• r4387: fixed input_date_range_tag - Illegal attributes in input tags (#1883)
• r4385: fixed issue relating to lock files (#1874)
• r4380: fixed vulnerability in phpmailer with sender (#1871)
• r4323: fixed DOMDocument E_STRICT warning and trans-unit max id in XLIFF support
• r4320: fixed sfToolkit::isUTF8() broken for strings larger than some number
• r4305: added i18n schema for MySQL and SQLite in API documentation

As for every 1.0.X release, after upgrading to 1.0.5, don't forget to clear the cache of your projects.

#1 E.T.Cook said about 4 hours later

I just upgraded, and when I do a symfony -V, the version went down from 1.0.4 to 1.0.3 ironically...and i should be 1.0.5! Is it just semantic?

#2 rihad said 1 day later

I have a suggestion: make 1.0.x 0.9.x or some such, and release 1.0 as soon as Symfony has validation at the model, not controller, level (design issue).

#3 Adriaan said 13 days later

Nice update... Only trouble...

-bash-3.1$ symfony propel-build-all

Fatal error: Unsupported operand types in /usr/share/pear/symfony/util/Spyc.class.php on line 667

Call Stack:
0.0007 40128 1. {main}() /usr/bin/symfony:0
0.0026 86816 2. include('/usr/share/pear/data/symfony/bin/symfony.php') /usr/bin/symfony:39
0.1036 1622008 3. pakeApp->run() /usr/share/pear/data/symfony/bin/symfony.php:171
0.1176 1710944 4. pakeTask->invoke() /usr/share/pear/symfony/vendor/pake/pakeApp.class.php:143
0.1193 1711296 5. pakeTask->execute() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:181
0.1194 1711296 6. call_user_func_array() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:218
0.1194 1711296 7. run_propel_build_all() /usr/share/pear/symfony/vendor/pake/pakeTask.class.php:0
0.1194 1711296 8. run_propel_build_model() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:159
0.1194 1711296 9. _propel_convert_yml_schema() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:172
0.4383 1928136 10. sfPropelDatabaseSchema->loadYAML() /usr/share/pear/data/symfony/tasks/sfPakePropel.php:71
0.4392 1943328 11. sfYaml::load() /usr/share/pear/symfony/addon/propel/sfPropelDatabaseSchema.class.php:31
0.4461 2141880 12. Spyc->load() /usr/share/pear/symfony/util/sfYaml.class.php:59
0.4524 2147816 13. Spyc->_parseLine() /usr/share/pear/symfony/util/Spyc.class.php:256
0.4525 2147960 14. Spyc->_toType() /usr/share/pear/symfony/util/Spyc.class.php:591

#4 judas_iscariote said 16 days later

What about removing phpmailer completely and switch the symfony code to SwiftMailer. ?