Follow-up to #2454393: Upgrade to Symfony 2.6.5 & #2414235: Upgrade to Symfony 2.6.4 & #2377281: Upgrade to Symfony 2.6 stable.

Symfony 2.6.6 was released on 1st of April 2015.

Have a skim of the issue summary on #2454393: Upgrade to Symfony 2.6.5 for a better overview of why upgrading point releases is a good idea :).

This fixes:
security #14167 CVE-2015-2308 (nicolas-grekas)
security #14166 CVE-2015-2309 (neclimdul)

Changelog changelog.

Beta phase evaluation

Reference: https://www.drupal.org/core/beta-changes
Issue category Task because it is an external library upgrade.
Issue priority Major because this is a minor external library upgrade.
Disruption Not disruptive.

Comments

joshtaylor’s picture

StatusFileSize
new156.1 KB

Attached is the patch, marking needs review for testbot.

joshtaylor’s picture

Status: Active » Needs review
dawehner’s picture

Status: Needs review » Reviewed & tested by the community

Great, no problem!

dawehner’s picture

I'm glad that we don't use HTTPCache

wim leers’s picture

neclimdul’s picture

Priority: Minor » Critical
Issue tags: +beta blocker, +Security

We do use request and its reverse proxy detection though.

alexpott’s picture

Status: Reviewed & tested by the community » Fixed

Committed eb4e371 and pushed to 8.0.x. Thanks!

  • alexpott committed eb4e371 on 8.0.x
    Issue #2464369 by neclimdul, joshtaylor: Upgrade to Symfony 2.6.6
    

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.