Doctrine Common 2.1.3, DBAL 2.1.5 and ORM 2.1.3 Releases
The bugfix release is three weeks overdue, here is it now:
The security fix concerns usage of the ASC/DESC orientation parameters
$repository->findBy($criteria, $orderBy), which is subject to SQL
injection when user-input is allowed into this method.
You can grab the downloads from the project page , via PEAR or Git
Please update your installations.