eZ Community » Blogs » Core Development team » Symfony security update

By

Symfony security update

Tuesday 09 September 2014 2:29:42 pm

  • Currently 5 out of 5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Symfony published maintenance releases (2.3.19, 2.4.9 and 2.5.4) last week containing 5 security fixes:

It appeared that eZ Publish had some issue with this update, but it has been fixed (courtesy of Carlos Revillo ;-)) and all affected versions have been patched.

Following versions have been tagged:

  • v5.3.2.1 (EE only)
  • v2014.07.1
  • v2014.05.1
  • v2014.03.3
  • v2014.01.4

All eZ Publish users are strongly advised to update!

How to update

Updating is a breeze with the help of Composer. However, please note that prior to v2014.07 you may have to edit your composer.json file in order to point to the right tag (e.g. "ezsystems/ezpublish-kernel": "2014.03.3").

cd /path/to/ezpublish
composer update ezsystems/ezpublish-kernel symfony/symfony 

v5.2 EE users

If you're using v5.2 EE, the patch for eZ Publish should have been sent to you via support. Apply it and only update symfony/symfony with Composer.

Proudly Developed with from