The bugfix release is three weeks overdue, here is it now:

• ORM 2.1.3 with 24 bugfixes and 1 security fix
• DBAL 2.1.5 with 6 bugfixes
• Common 2.1.3 with 1 bugfix

The security fix concerns usage of the ASC/DESC orientation parameters in $repository->findBy($criteria, $orderBy), which is subject to SQL injection when user-input is allowed into this method.

You can grab the downloads from the project page , via PEAR or Git

Please update your installations.