New! Our new Issues homepage has the latest issue ticket changes. Follow the latest progress of eZ Publish!


@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/PlatformUIBundle Aug 3, 2018
2 commits to master
08/03/2018 12:24 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/phpunit Aug 3, 2018
2 commits to master
08/03/2018 12:24 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/MasevSettingsBundle Aug 3, 2018
2 commits to master
  • @masev 19dbe47
    Merge pull request #15 from Simontlz/master
  • @Simontlz c4eabdb
    Use new Twig_SimpleFunction class
08/03/2018 12:18 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezstudio Aug 3, 2018
2 commits to master
08/03/2018 12:11 pm   eZPublishLegacy @ GitHub   Mirror   Link  

News

Participate in the eZ Community Survey

Participate in the eZ Community Survey and by doing so, contribute to the eZ Community Strategy 2018-2020. The Survey will only take 5 minutes of your time. Your feedback is used to help us build a strong strategy for community activities, to further improve the ecosystem you are part of. Thank you!

Survey: https://goo.gl/forms/MdELdukAyFzGiz2I2

Symfony security advisories

Symfony has published two security advisories which also affects the version eZ Platform runs on. Keep that in mind, in case you spot (new) unexpected problems. Do report them on Slack or our Forum, or even better on jira.ez.no when you are able to pinpoint the problem to these patches.

Symfony security advisory details:

There is one known issue, see https://jira.ez.no/browse/EZP-29492. The Symfony update removes support for two old headers, if you depend on them you may have to change your code.

eZ Platform v2.2.2 released

Today, eZ has released eZ Platform v2.2.2. This release brings Symfony from 3.4.11 to 3.4.14. It also includes many improvements and bug fixes. Check the changelog on GitHub for the full details.

Meetup, London UK?

A few weeks ago a few community members suggested a local Meetup, location London UK.

As it is, André Rømcke will be speaking at Symfony Live UK on September 28. What about a Meetup on the 27th, with or without PHP London? Any ideas or feedback? People interested to join a Meetup? Leave a reply on our Forum.

Win a ticket to SymfonyLive Berlin

Do you want to be part of the most important Symfony event in the DACH region, one of the most important and popular PHP developer conferences in Germany and beyond.

eZ Systems is giving away a ticket for the SymfonyLive Conference Day Berlin on October 26, 2018. Complete the form, and with a little luck you get to travel to Berlin. Conditions for participation can be found here, the raffle giveaway runs until September 25, 2018. (Be aware that SymfonyLive Berlin is for a good part of it a German speaking event, some talks and workshop being in English others in German)

Become a certified Editor

The French office has organised a free training for Editors on October 18, 2018 in Paris. Do you use eZ Publish or eZ Platform in your daily life or plan to do it? So this day is for you.

Not only will you be able to discover the new features of the back office, increase the skills to facilitate your daily life, you will also meet our experts and share questions and knowledge with them. You will get a certificate proving your skills at the end of the day. Join us in a friendly setting, on the rooftops of Paris, in the 9th arrondissement of the capital. If you are interested, check out more information including a form to sign up.

In Other News:

Resources

Share your blog on ezplatform.com

We love content at eZ. If you want to share yours, for instance a technical write-up of how you realized a project on eZ Platform, we welcome you to share this with us. We can publish you blog on ezplatform.com and also mention it in the ‘Week in Review’. E-mail us with any content ideas you have.

New site by The Cocktail

The Cocktail has launched a new website based on eZ Platform Enterprise Edition. Have a look at https://www.bellota.com/ if you are curious.

This projects runs on eZ Platform Cloud technology, powered by platform.sh It provides the infrastructure and the tools to develop, test and run eZ Platform projects with speed and confidence.

Looking for a bundle compatible with eZ Platform? Check out: https://ezplatform.com/Bundles.

Social Media

Follow us on Twitter, Facebook, LinkedIn, Google+, or YouTube, and join our Community for any help with eZ Platform or community-related questions.

Find eZ at These Events

For more events, make sure to check out this list.

Each week we publish a roundup of highlights from the eZ ecosystem. If you have any news or events to share, please contact me.

(Lead image credit: Oriol Lladó, CC)

08/03/2018 12:06 pm   ez.no/About-eZ/Blog   Mirror   Link  

News

Participate in the eZ Community Survey

Participate in the eZ Community Survey and by doing so, contribute to the eZ Community Strategy 2018-2020. The Survey will only take 5 minutes of your time. Your feedback is used to help us build a strong strategy for community activities, to further improve the ecosystem you are part of. Thank you!

Survey: https://goo.gl/forms/MdELdukAyFzGiz2I2

Symfony security advisories

Symfony has published two security advisories which also affects the version eZ Platform runs on. Keep that in mind, in case you spot (new) unexpected problems. Do report them on Slack or our Forum, or even better on jira.ez.no when you are able to pinpoint the problem to these patches.

Symfony security advisory details:

There is one known issue, see https://jira.ez.no/browse/EZP-29492. The Symfony update removes support for two old headers, if you depend on them you may have to change your code.

eZ Platform v2.2.2 released

Today, eZ has released eZ Platform v2.2.2. This release brings Symfony from 3.4.11 to 3.4.14. It also includes many improvements and bug fixes. Check the changelog on GitHub for the full details.

Meetup, London UK?

A few weeks ago a few community members suggested a local Meetup, location London UK.

As it is, André Rømcke will be speaking at Symfony Live UK on September 28. What about a Meetup on the 27th, with or without PHP London? Any ideas or feedback? People interested to join a Meetup? Leave a reply on our Forum.

Win a ticket to SymfonyLive Berlin

Do you want to be part of the most important Symfony event in the DACH region, one of the most important and popular PHP developer conferences in Germany and beyond.

eZ Systems is giving away a ticket for the SymfonyLive Conference Day Berlin on October 26, 2018. Complete the form, and with a little luck you get to travel to Berlin. Conditions for participation can be found here, the raffle giveaway runs until September 25, 2018. (Be aware that SymfonyLive Berlin is for a good part of it a German speaking event, some talks and workshop being in English others in German)

Become a certified Editor

The French office has organised a free training for Editors on October 18, 2018 in Paris. Do you use eZ Publish or eZ Platform in your daily life or plan to do it? So this day is for you.

Not only will you be able to discover the new features of the back office, increase the skills to facilitate your daily life, you will also meet our experts and share questions and knowledge with them. You will get a certificate proving your skills at the end of the day. Join us in a friendly setting, on the rooftops of Paris, in the 9th arrondissement of the capital. If you are interested, check out more information including a form to sign up.

In Other News:

Resources

Share your blog on ezplatform.com

We love content at eZ. If you want to share yours, for instance a technical write-up of how you realized a project on eZ Platform, we welcome you to share this with us. We can publish you blog on ezplatform.com and also mention it in the ‘Week in Review’. E-mail us with any content ideas you have.

New site by The Cocktail

The Cocktail has launched a new website based on eZ Platform Enterprise Edition. Have a look at https://www.bellota.com/ if you are curious.

This projects runs on eZ Platform Cloud technology, powered by platform.sh It provides the infrastructure and the tools to develop, test and run eZ Platform projects with speed and confidence.

Looking for a bundle compatible with eZ Platform? Check out: https://ezplatform.com/Bundles.

Social Media

Follow us on Twitter, Facebook, LinkedIn, Google+, or YouTube, and join our Community for any help with eZ Platform or community-related questions.

Find eZ at These Events

For more events, make sure to check out this list.

Each week we publish a roundup of highlights from the eZ ecosystem. If you have any news or events to share, please contact me.

(Lead image credit: Oriol Lladó, CC)

08/03/2018 12:06 pm   eZ Systems News   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezdemo Aug 3, 2018
2 commits to master
  • @andrerom 8ef953c
    Merge pull request #44 from natanael89/EZP-29144_website_toolbar_cach…
  • @natanael89 af45125
    Fix EZP-29144: Website Toolbar cache doesn't work properly when Owner…
08/03/2018 12:04 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/PlatformUIBundle Aug 3, 2018
2 commits to master
08/03/2018 12:04 pm   eZecosystem @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/MasevSettingsBundle Aug 3, 2018
2 commits to master
  • @masev 19dbe47
    Merge pull request #15 from Simontlz/master
  • @Simontlz c4eabdb
    Use new Twig_SimpleFunction class
08/03/2018 12:02 pm   eZecosystem @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezstudio Aug 3, 2018
2 commits to master
08/03/2018 12:00 pm   eZecosystem @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezplatform-site-api Aug 3, 2018
2 commits to master
08/03/2018 11:59 am   eZecosystem @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/phpunit Aug 3, 2018
2 commits to master
08/03/2018 12:22 am   eZPublishLegacy @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/launchpad Aug 3, 2018
2 commits to master
08/03/2018 12:01 am   eZecosystem @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/repository-forms Aug 2, 2018
2 commits to master
  • @ViniTou 237b431
    Merge branch '2.2' of github.com:ezsystems/repository-forms
  • @ViniTou 1602dc8
    EZP-29091: Publishing Content from the frontend results in error (#244)
  • 3 more commits »
08/02/2018 12:27 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezwt Aug 2, 2018
2 commits to master
  • @andrerom 085d403
    Merge pull request #17 from natanael89/EZP-29144_website_toolbar_cach…
  • @natanael89 9a2537d
    Fix EZP-29144: Website Toolbar cache doesn't work properly when Owner…
08/02/2018 12:15 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezpublish-legacy Aug 2, 2018
2 commits to master
  • @andrerom 49521c1
    Merge branch '2017.12'
  • @mateuszbieniek 0afc0ae
    EZP-29379: Fixed changing of section not committing to the solr index…
08/02/2018 12:10 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezpublish-kernel Aug 2, 2018
2 commits to master
  • @ViniTou afaada1
    Merge branch '7.2' of github.com:ezsystems/ezpublish-kernel
  • @ViniTou aa8af2f
    EZP-29083: Error after trying to delete role assignment (#2377)
  • 1 more commits »
08/02/2018 12:10 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezpublish-api Aug 2, 2018
2 commits to master
  • @ViniTou d320eeb
    Merge branch '7.2' of github.com:ezsystems/ezpublish-kernel
  • @ViniTou 351a782
    EZP-29083: Error after trying to delete role assignment (#2377)
08/02/2018 12:09 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/Sylius Aug 2, 2018
2 commits to master
08/02/2018 12:05 pm   eZecosystem @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/repository-forms Aug 2, 2018
2 commits to master
  • @ViniTou 237b431
    Merge branch '2.2' of github.com:ezsystems/repository-forms
  • @ViniTou 1602dc8
    EZP-29091: Publishing Content from the frontend results in error (#244)
  • 3 more commits »
08/02/2018 12:05 pm   eZecosystem @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezpublish-kernel Aug 2, 2018
2 commits to master
  • @ViniTou afaada1
    Merge branch '7.2' of github.com:ezsystems/ezpublish-kernel
  • @ViniTou aa8af2f
    EZP-29083: Error after trying to delete role assignment (#2377)
  • 1 more commits »
08/02/2018 11:59 am   eZecosystem @ GitHub   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezpublish-api Aug 2, 2018
2 commits to master
  • @ViniTou d320eeb
    Merge branch '7.2' of github.com:ezsystems/ezpublish-kernel
  • @ViniTou 351a782
    EZP-29083: Error after trying to delete role assignment (#2377)
08/02/2018 11:59 am   eZecosystem @ GitHub   Mirror   Link  
  • PHP: Never type hint on arrays (en) : array ne donne quasi aucune information et d'une manière générale (il y a toujours des exceptions…), un type hint sur un type précis spécifique au projet est mieux que l'utilisation des types primitifs du langage.
  • The First Thing That Ever Sold Online Was Pizza (en) : ahah :) et le plus génial, 24 ans plus tard, le formulaire marche probablement toujours (malheureusement le lien vers ce bout d'histoire d'Internet redirige sur le site de PizzaHut…)
  • Logging Activity With The Web Beacon API (en) : Une API web plutôt méconnue qui peut rendre service pour envoyer des messages de manière non urgente à un serveur.
  • Art of debugging with Chrome DevTool (en) : des astuces plutôt intéressantes et utiles, notamment le console.log en point d'arrêt conditionnel ou le console.log({ foo, bar }) au lieu de console.log(foo, bar) qui permet de logger à la fois la valeur et son nom. D'ailleurs, ces 2 là doivent fonctionner aussi dans Firefox.
  • How to Read an RFC (en) : quelques clarifications sur comment aborder les RFC, ces documents qui standardisent les protocoles sur Internet.
  • How to add product features without making it more complex (en) : une clé exposée dans cette article est de construire des interfaces ou des fonctionnalités utilisables par défaut.
  • The Cost Of JavaScript In 2018 (en) : Let’s design for a more resilient mobile web that doesn’t rely as heavily on large JavaScript payloads.

Et un peu hors-sujet :

(En plus du flux RSS global, les billets veille et uniquement ceux là sont listés dans le flux RSS veille)

08/02/2018 06:35 am   pwet.fr/blog   Mirror   Link  

If you deliver print content such as a magazine or newsletter to a subscribed user base, you should be targeting a digital solution.

08/01/2018 03:18 pm   Mugo Web Blog   Mirror   Link  
@ezecosystem
ezecosystem pushed to master in ezecosystem/Sylius Aug 1, 2018
2 commits to master
  • @pamil 4428b33
    Merge pull request #9437 from JakobTolkemit/payment_authorized_state_…
  • @pamil 9467893
    Remove "payment" suffix from states and transitions
  • 5 more commits »
08/01/2018 12:05 pm   eZecosystem @ GitHub   Mirror   Link  

Affected versions

Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13, and 4.1.0 to 4.1.2 versions of the Symfony HttpKernel component are affected by this security issue.

The issue has been fixed in Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and 4.1.3.

Note that no fixes are provided for Symfony 3.0, 3.1, and 3.2 as they are not maintained anymore.

Description

When using HttpCache, the values of the X-Forwarded-Host headers are implicitly and wrongly set as trusted, leading to potential host header injection.

Resolution

The trusted headers are removed when doing internal sub-requests and the remote client is not trusted.

The patch for this issue is available here for branch 2.8.

Credits

I would like to thank @chaosversum for reporting the issue and Nicolas Grekas for fixing it.


Be trained by Symfony experts - 2018-08-6 Paris - 2018-08-6 Paris - 2018-08-8 Paris
08/01/2018 10:35 am   Symfony Blog   Mirror   Link  

Affected versions

Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 versions of the Symfony HttpFoundation component are affected by this security issue.

The issue has been fixed in Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and 4.1.3.

Note that no fixes are provided for Symfony 3.0, 3.1, and 3.2 as they are not maintained anymore.

Description

Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a user to access one URL but have Symfony return a different one which can bypass restrictions on higher level caches and web servers.

The fix drops support for these two obsolete IIS headers: X-Original-URL and X_REWRITE_URL.

Resolution

Support for the offending headers has been removed.

The patch for this issue is available here for branch 2.8.

Credits

I would like to thank Michael Cullum for reporting the issue and Nicolas Grekas for fixing it.


Be trained by Symfony experts - 2018-08-6 Paris - 2018-08-6 Paris - 2018-08-8 Paris
08/01/2018 10:35 am   Symfony Blog   Mirror   Link  

Symfony 4.1.3 has just been released. Here is a list of the most important changes:

  • security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (@nicolas-grekas)
  • security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (@nicolas-grekas)
  • bug #28003 [HttpKernel] Fixes invalid REMOT _ADDR in inline subrequest when configuring trusted proxy with subnet (@netiul)
  • bug #28007 [FrameworkBundle] fixed guard event names for transitions (@destillat)
  • bug #28045 [HttpFoundation] Fix Cookie::isCleared (@ro0NL)
  • bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (@Phobetor)
  • bug #28059 [Messenger] Fix error message on undefined message class for non-subscriber handler (@chalasr)
  • bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (@nicolas-grekas)
  • bug #28014 [Messenger] Fix chaining senders with their aliases (@sroze)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-08-6 Paris - 2018-08-6 Paris - 2018-08-8 Paris
08/01/2018 10:34 am   Symfony Blog   Mirror   Link  

Symfony 4.0.14 has just been released. Here is a list of the most important changes:

  • security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (@nicolas-grekas)
  • security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (@nicolas-grekas)
  • bug #28003 [HttpKernel] Fixes invalid REMOT _ADDR in inline subrequest when configuring trusted proxy with subnet (@netiul)
  • bug #28007 [FrameworkBundle] fixed guard event names for transitions (@destillat)
  • bug #28045 [HttpFoundation] Fix Cookie::isCleared (@ro0NL)
  • bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (@Phobetor)
  • bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (@nicolas-grekas)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-08-6 Paris - 2018-08-6 Paris - 2018-08-8 Paris
08/01/2018 10:29 am   Symfony Blog   Mirror   Link  

Symfony 3.4.14 has just been released. Here is a list of the most important changes:

  • security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (@nicolas-grekas)
  • security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (@nicolas-grekas)
  • bug #28003 [HttpKernel] Fixes invalid REMOT _ADDR in inline subrequest when configuring trusted proxy with subnet (@netiul)
  • bug #28007 [FrameworkBundle] fixed guard event names for transitions (@destillat)
  • bug #28045 [HttpFoundation] Fix Cookie::isCleared (@ro0NL)
  • bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (@Phobetor)
  • bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (@nicolas-grekas)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-08-6 Paris - 2018-08-6 Paris - 2018-08-8 Paris
08/01/2018 09:55 am   Symfony Blog   Mirror   Link