You may be wondering why it has been taking us such a long time to react. Here's the main reason: we had not a very strong security alert reporting and qualifying process. This has been fixed recently. So as of now, if you find a security bug in symfony, please send an email to security at symfony-project.com, with as much details as you can and ideally a patch if you can provide one.

The wiki has a whole section on how to report security issues to get them to the right place.

Zend Technologies, Inc., the PHP Company, today announced the availability of version 1.5 of Zend Framework, the popular open source PHP framework [...] Additional features in Zend Framework 1.5 include support for several new services and enhancements to already popular features that make building modern web sites easier and faster than ever.

Updates include changes to Zend_Form, Zend_Layout, the LDAP authentication component, an update to the Lucene support, more Ajax functionality and much more. There's also a new service Zend has launched to provide more "official support" for developers/companies using the framework. You can find out more information about the service here.