We've just fixed a security problem for both symfony 1.0 and 1.1. The issue is described in ticket 1617 (http://trac.symfony-project.com/ticket/1617).
An attacker could bypass the validation process and get unsecure data through your actions. Your applications are only vulnerable is you use the :action placeholder in your routing rules. This is the case if you rely on the default symfony routing rule (/:module/:action/*). If you use symfony 1.1, your applications are only vulnerable if you use the 1.0 compat layer. Everybody is encouraged to upgrade as soon as possible. For 1.0 : You can apply the patch directly from here http://trac.symfony-project.com/changeset/8922 or upgrade to 1.0.16 either by using the PEAR package (pear upgrade symfony/symfony-1.0.16) or by using the Debian package. For 1.1 : You can apply the patch available here : http://trac.symfony-project.com/changeset/8925. The patch will be part of the next 1.1 release candidate. Fabien -- Fabien Potencier Sensio CEO - symfony lead developer sensiolabs.com | symfony-project.com | aide-de-camp.org Tél: +33 1 40 99 80 80 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
