I've just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380.
PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ Here are all bugs fixed in this release: * r4387: fixed input_date_range_tag - Illegal attributes in input tags (#1883) * r4385: fixed issue relating to lock files (#1874) * r4380: fixed vulnerability in phpmailer with sender (#1871) * r4323: fixed DOMDocument E_STRICT warning and trans-unit max id in XLIFF support * r4320: fixed sfToolkit::isUTF8() broken for strings larger than some number * r4305: added i18n schema for MySQL and SQLite in API documentation As for every 1.0.X release, after upgrading to 1.0.5, don't forget to clear the cache of your projects. Fabien --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
