2/13 symfony 1.2.11, 1.3.2, 1.4.2 released

Blog | symfony 1.3.2 and 1.4.2 | symfony | Web PHP Framework
http://www.symfony-project.org/blog/2010/02/13/symfony-1-3-2-and-1-4-2

A cross-site scripting (XSS) vulnerability was discovered in the form framework's widget classes that render collections of radio buttons or checkboxes and their labels. This hole has been closed.

bugfixではなく、security fix。

Blog | symfony 1.2.11 - likely the last symfony 1.2 release | symfony | Web PHP Framework
http://www.symfony-project.org/blog/2010/02/13/symfony-1-2-11-likely-the-last-symfony-1-2-release
これもおなじく。