From 15835bc7dfb3bcad3deb9d11f66ba8eff942e3d8 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:12:10 +0200 Subject: [PATCH 01/11] updated CHANGELOG for 2.8.44 --- CHANGELOG-2.8.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG-2.8.md b/CHANGELOG-2.8.md index 4db4bfd7cb..4760af369f 100644 --- a/CHANGELOG-2.8.md +++ b/CHANGELOG-2.8.md @@ -7,6 +7,14 @@ in 2.8 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.8.0...v2.8.1 +* 2.8.44 (2018-08-01) + + * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas) + * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas) + * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul) + * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL) + * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor) + * 2.8.43 (2018-07-23) * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto) From 282e062226e26ffc43fda998ad55935b49710c39 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:12:26 +0200 Subject: [PATCH 02/11] update CONTRIBUTORS for 2.8.44 --- CONTRIBUTORS.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index b6eef0b631..bf391b7ee7 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -32,10 +32,10 @@ Symfony is the result of the work of many people who made the code better - Lukas Kahwe Smith (lsmith) - Martin Hasoň (hason) - Jeremy Mikola (jmikola) + - Samuel ROZE (sroze) - Jean-François Simon (jfsimon) - Benjamin Eberlei (beberlei) - Igor Wiedler (igorw) - - Samuel ROZE (sroze) - Jules Pietri (heah) - Eriksen Costa (eriksencosta) - Guilhem Niot (energetick) @@ -67,8 +67,8 @@ Symfony is the result of the work of many people who made the code better - Bilal Amarni (bamarni) - Jérémy DERUSSÉ (jderusse) - Florin Patan (florinpatan) - - Mathieu Piot (mpiot) - Gábor Egyed (1ed) + - Mathieu Piot (mpiot) - Michel Weimerskirch (mweimerskirch) - Titouan Galopin (tgalopin) - Andrej Hudec (pulzarraider) @@ -101,9 +101,9 @@ Symfony is the result of the work of many people who made the code better - Paráda József (paradajozsef) - Arnaud Le Blanc (arnaud-lb) - Maxime STEINHAUSSER + - Grégoire Paris (greg0ire) - Michal Piotrowski (eventhorizon) - Tim Nagel (merk) - - Grégoire Paris (greg0ire) - Brice BERNARD (brikou) - Valentin Udaltsov (vudaltsov) - gadelat (gadelat) @@ -159,6 +159,7 @@ Symfony is the result of the work of many people who made the code better - Vyacheslav Pavlov - Richard van Laak (rvanlaak) - Richard Shank (iampersistent) + - Jannik Zschiesche (apfelbox) - Thomas Rabaix (rande) - Rouven Weßling (realityking) - Clemens Tolboom @@ -170,7 +171,6 @@ Symfony is the result of the work of many people who made the code better - Amal Raghav (kertz) - Jonathan Ingram (jonathaningram) - Artur Kotyrba - - Jannik Zschiesche (apfelbox) - GDIBass - jeremyFreeAgent (Jérémy Romey) (jeremyfreeagent) - James Halsall (jaitsu) @@ -284,6 +284,7 @@ Symfony is the result of the work of many people who made the code better - Andreas Schempp (aschempp) - jdhoek - Pavel Batanov (scaytrase) + - Massimiliano Arione (garak) - Bob den Otter (bopp) - Nikita Konstantinov - Wodor Wodorski @@ -332,7 +333,6 @@ Symfony is the result of the work of many people who made the code better - Adrian Rudnik (kreischweide) - Francesc Rosàs (frosas) - Romain Pierre (romain-pierre) - - Massimiliano Arione (garak) - Julien Galenski (ruian) - Bongiraud Dominique - janschoenherr @@ -407,6 +407,7 @@ Symfony is the result of the work of many people who made the code better - Karoly Negyesi (chx) - Ivan Kurnosov - Xavier HAUSHERR + - David Prévot - Albert Jessurum (ajessu) - Laszlo Korte - Miha Vrhovnik @@ -438,6 +439,7 @@ Symfony is the result of the work of many people who made the code better - Mihai Stancu - Olivier Dolbeau (odolbeau) - Jan Rosier (rosier) + - Alessandro Lai (jean85) - Arturs Vonda - Josip Kruslin - Asmir Mustafic (goetas) @@ -565,7 +567,6 @@ Symfony is the result of the work of many people who made the code better - Disquedur - Michiel Boeckaert (milio) - Geoffrey Tran (geoff) - - David Prévot - Jan Behrens - Mantas Var (mvar) - Sebastian Krebs @@ -584,7 +585,6 @@ Symfony is the result of the work of many people who made the code better - Max Rath (drak3) - Stéphane Escandell (sescandell) - Konstantin S. M. Möllers (ksmmoellers) - - Alessandro Lai (jean85) - James Johnston - Sinan Eldem - Alexandre Dupuy (satchette) @@ -713,6 +713,7 @@ Symfony is the result of the work of many people who made the code better - Yuen-Chi Lian - Besnik Br - Jose Gonzalez + - Oleksii Zhurbytskyi - Dariusz Ruminski - Joshua Nye - Claudio Zizza @@ -882,6 +883,7 @@ Symfony is the result of the work of many people who made the code better - datibbaw - Erik Saunier (snickers) - Rootie + - Kyle - Raul Fraile (raulfraile) - sensio - Sebastien Morel (plopix) @@ -1382,6 +1384,7 @@ Symfony is the result of the work of many people who made the code better - Matt Wells - Nicolas Appriou - stloyd + - Andreas - Chris Tickner - Andrew Coulton - Jeremy Benoist @@ -1432,7 +1435,6 @@ Symfony is the result of the work of many people who made the code better - Nicolas Bastien (nicolas_bastien) - Denis (yethee) - Andrew Zhilin (zhil) - - Oleksii Zhurbytskyi - Andy Stanberry - Felix Marezki - Normunds @@ -1973,7 +1975,6 @@ Symfony is the result of the work of many people who made the code better - fh-github@fholzhauer.de - AbdElKader Bouadjadja - DSeemiller - - Kyle - Jan Emrich - Mark Topper - Xavier REN @@ -2001,3 +2002,4 @@ Symfony is the result of the work of many people who made the code better - Matej Žilák (teo_sk) - Vladislav Vlastovskiy (vlastv) - RENAUDIN Xavier (xorrox) + - Yannick Vanhaeren (yvh) From 4abd3a8eb02458f5f8ac474e9968af9ec7e7e461 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:12:31 +0200 Subject: [PATCH 03/11] updated VERSION for 2.8.44 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index e07787699b..f9b22f7700 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.44-DEV'; + const VERSION = '2.8.44'; const VERSION_ID = 20844; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; const RELEASE_VERSION = 44; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 3ff6e333dd004d3898e9cf832f01a8ac784331b5 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:46:30 +0200 Subject: [PATCH 04/11] bumped Symfony version to 2.8.45 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index f9b22f7700..32a9057834 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.44'; - const VERSION_ID = 20844; + const VERSION = '2.8.45-DEV'; + const VERSION_ID = 20845; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; - const RELEASE_VERSION = 44; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 45; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 22cb50a7ad3ce954411b03aaa6c7ce4e245d76e5 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:47:43 +0200 Subject: [PATCH 05/11] updated CHANGELOG for 3.4.14 --- CHANGELOG-3.4.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md index 94bbcf155c..f0cde9e267 100644 --- a/CHANGELOG-3.4.md +++ b/CHANGELOG-3.4.md @@ -7,6 +7,16 @@ in 3.4 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1 +* 3.4.14 (2018-08-01) + + * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas) + * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas) + * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul) + * bug #28007 [FrameworkBundle] fixed guard event names for transitions (destillat) + * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL) + * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor) + * bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (nicolas-grekas) + * 3.4.13 (2018-07-23) * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto) From 2aa9ef0b4867a30a81e11e9c719c9ece6e4a6d59 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:47:47 +0200 Subject: [PATCH 06/11] updated VERSION for 3.4.14 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 0093048618..0684f22a03 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.14-DEV'; + const VERSION = '3.4.14'; const VERSION_ID = 30414; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; const RELEASE_VERSION = 14; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 9d7d3e71243610e83d6e6ae0ea6ba1e1c94156e8 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 16:55:31 +0200 Subject: [PATCH 07/11] bumped Symfony version to 3.4.15 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 0684f22a03..0f4eeeb58a 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.14'; - const VERSION_ID = 30414; + const VERSION = '3.4.15-DEV'; + const VERSION_ID = 30415; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; - const RELEASE_VERSION = 14; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 15; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 83dcbe9096f9b7aebdda17de5ec17850c720c1b6 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Mon, 23 Jul 2018 19:52:59 +0200 Subject: [PATCH 08/11] [DoctrineBridge] allow dev versions of Doctrine again --- composer.json | 4 ++-- src/Symfony/Bridge/Doctrine/composer.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index e0a1c53c4f..6d5065d4d3 100644 --- a/composer.json +++ b/composer.json @@ -18,7 +18,7 @@ "require": { "php": "^5.5.9|>=7.0.8", "ext-xml": "*", - "doctrine/common": "~2.4@stable", + "doctrine/common": "~2.4", "fig/link-util": "^1.0", "twig/twig": "^1.35|^2.4.4", "psr/cache": "~1.0", @@ -92,7 +92,7 @@ "doctrine/cache": "~1.6", "doctrine/data-fixtures": "1.0.*", "doctrine/dbal": "~2.4", - "doctrine/orm": "~2.4,>=2.4.5,<=2.7.0", + "doctrine/orm": "~2.4,>=2.4.5", "doctrine/doctrine-bundle": "~1.4", "monolog/monolog": "~1.11", "ocramius/proxy-manager": "~0.4|~1.0|~2.0", diff --git a/src/Symfony/Bridge/Doctrine/composer.json b/src/Symfony/Bridge/Doctrine/composer.json index 1535f8f42b..420535b751 100644 --- a/src/Symfony/Bridge/Doctrine/composer.json +++ b/src/Symfony/Bridge/Doctrine/composer.json @@ -17,7 +17,7 @@ ], "require": { "php": "^5.5.9|>=7.0.8", - "doctrine/common": "~2.4@stable", + "doctrine/common": "~2.4", "symfony/polyfill-ctype": "~1.8", "symfony/polyfill-mbstring": "~1.0" }, From 4c5cb3fc62b72d48792bf820e47988a2cc6643b9 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 17:30:22 +0200 Subject: [PATCH 09/11] updated CHANGELOG for 4.1.3 --- CHANGELOG-4.1.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG-4.1.md b/CHANGELOG-4.1.md index e7126dcf6d..fbde322ed2 100644 --- a/CHANGELOG-4.1.md +++ b/CHANGELOG-4.1.md @@ -7,6 +7,18 @@ in 4.1 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.1.0...v4.1.1 +* 4.1.3 (2018-08-01) + + * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas) + * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas) + * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul) + * bug #28007 [FrameworkBundle] fixed guard event names for transitions (destillat) + * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL) + * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor) + * bug #28059 [Messenger] Fix error message on undefined message class for non-subscriber handler (chalasr) + * bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (nicolas-grekas) + * bug #28014 [Messenger] Fix chaining senders with their aliases (sroze) + * 4.1.2 (2018-07-23) * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto) From d8da36c6edc5a8afb33fb364836008aa74ea2948 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 17:30:34 +0200 Subject: [PATCH 10/11] updated VERSION for 4.1.3 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 06e633d6d8..21ea5b06b1 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.1.3-DEV'; + const VERSION = '4.1.3'; const VERSION_ID = 40103; const MAJOR_VERSION = 4; const MINOR_VERSION = 1; const RELEASE_VERSION = 3; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '01/2019'; const END_OF_LIFE = '07/2019'; From 75ece97d37118ba26e29cd8e889732b31001f077 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 1 Aug 2018 17:34:03 +0200 Subject: [PATCH 11/11] bumped Symfony version to 4.1.4 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 21ea5b06b1..00ac083e50 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.1.3'; - const VERSION_ID = 40103; + const VERSION = '4.1.4-DEV'; + const VERSION_ID = 40104; const MAJOR_VERSION = 4; const MINOR_VERSION = 1; - const RELEASE_VERSION = 3; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 4; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '01/2019'; const END_OF_LIFE = '07/2019';