The "Symfony LTE Secure Edition" distribution


Welcome to the Symfony Secure LTE Edition - a fully-functional Symfony2 application that you can use as the skeleton for your new responsive applications.

It's a fork from Symfony Standard Edition.

We did some simple clean up, and add new function to help make a more secure and responsive application.

This document contains information on how to download, install, and start using Symfony. For a more detailed explanation, see the Installation chapter of the Symfony Documentation.

Latest Stable Version Total Downloads License

1) Installing the Secure LTE Edition

When it comes to installing the Symfony Secure LTE Edition, you have the following options.

Use Composer

As Symfony uses Composer to manage its dependencies, the recommended way to create a new project is to use it.

If you don't have Composer yet, download it following the instructions on or just run the following command:

curl -s | php

Then, use the create-project command to generate a new Symfony application:

php composer.phar create-project phil/symfony-secure-lte-edition path/to/install

Composer will install Symfony and all its dependencies under the path/to/install directory.

2) Checking your System Configuration

Before starting coding, make sure that your local system is properly configured for Symfony.

Execute the check.php script from the command line:

php app/check.php

The script returns a status code of 0 if all mandatory requirements are met, 1 otherwise.

Access the config.php script from a browser:


If you get any warnings or recommendations, fix them before moving on.

3) Getting started with Symfony

This distribution is meant to be the starting point for your Symfony applications, but isn't meant for you to learn and play with.

A great way to start learning Symfony is via the Quick Tour, which will take you through all the basic features of Symfony2.

Once you're feeling good, you can move onto reading the official Symfony2 book.

There's ain't any default

What's inside?

The Symfony Secure LTE Edition is configured with the following defaults:

  • Twig is the only configured template engine;

  • HTML 5 and CSS Reset;

  • Doctrine ORM/DBAL is configured;

  • Swiftmailer is configured;

  • Google analytics;

  • Security validation;

  • Content Security Policy to self;

  • Signed Cookies (all) and Encrypted Cookies (prod);

  • Clickjacking Protection;

  • External Redirects Detection;

  • Disable Content Type Sniffing;

  • Build.xml (for Phing) is configure to correct logs and cache rights;

  • Annotations for everything are enabled.

It comes pre-configured with the following bundles:

  • FrameworkBundle - The core Symfony framework bundle

  • SensioFrameworkExtraBundle - Adds several enhancements, including template and routing annotation capability

  • DoctrineBundle - Adds support for the Doctrine ORM

  • TwigBundle - Adds support for the Twig templating engine

  • SecurityBundle - Adds security by integrating Symfony's security component

  • SwiftmailerBundle - Adds support for Swiftmailer, a library for sending emails

  • MonologBundle - Adds support for Monolog, a logging library

  • AsseticBundle - Adds support for Assetic, an asset processing library

  • JMSDiExtraBundle - Allows to configure dependency injection using annotations

  • JMSSecurityExtraBundle - Enhances the Symfony2 Security Component by adding several new features.

  • NelmioCorsBundle - Adds Cross-Origin Resource Sharing (CORS) headers support

  • NelmioSecurityBundle - Provides additional security features for your Symfony2 application: Content Security Policy, Signed Cookies, Encrypted Cookies, Clickjacking Protection, External Redirects Detection, Forced HTTPS/SSL Handling, Flexible HTTPS/SSL Handling, Disable Content Type Sniffing

  • OryzoneBoilerplateBundle - Adds support for HTML5 ★ Boilerplate 4.* . Easily create heavily optimized HTML5 twig templates empowered with great features such as CSS resets, CDNed jQuery (with offline fallback), asynchronous google analytics script and so on.

  • PlaybloomGuzzleBundle - Adds support for Guzzle HTTP client library and framework for building RESTful web service clients

  • WebProfilerBundle (in dev/test env) - Adds profiling functionality and the web debug toolbar

  • SensioDistributionBundle (in dev/test env) - Adds functionality for configuring and working with Symfony distributions

  • SensioGeneratorBundle (in dev/test env) - Adds code generation capabilities

It come with vulnerabilities checkup:

  • composer-dependencies-security-checker (in composer) - A composer script that use Sensio Labs Security advisories checker API to check known vulnerabilities of your dependencies whenever you update and/or install them using composer.

  • Iniscan (in /bin) A scanner to evaluate php.ini security

  • Versionscan (in /bin) A tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues.

What's not inside?

The Symfony Secure LTE Edition remove the following bundles versus the Symfony Standard Edition

  • AcmeDemoBundle (in dev/test env) - A demo bundle with some example code

The libraries and bundles included in the Symfony Secure LTE Edition are released under the MIT or BSD or Apache2 license.