This PR was merged into the 5.1 branch.
Discussion
----------
[DependencyInjection] Improve missing package/version deprecation
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
After updating to symfony 5.1 I've got some deprecations related to the missing package/version attributes/options for `deprecated` on services.
But currently it's not clear which bundle/part of the code is triggering the deprecations. The only way for me to track down where they were coming from was by setting a xdebug breakpoint in the `XmlFileLoader` and check the `$file` variable.
So it seemed like a good idea to include the file path in the deprecation message, that way it will be easier for users to know if their code or a bundle (and which) is triggering this deprecation.
Before:
<img width="871" alt="Screenshot 2020-05-31 at 13 51 03" src="https://user-images.githubusercontent.com/1374857/83351609-d0d65600-a345-11ea-9785-3237a3ec2360.png">
After:
<img width="907" alt="Screenshot 2020-05-31 at 13 50 10" src="https://user-images.githubusercontent.com/1374857/83351606-cfa52900-a345-11ea-9617-60d07e46234b.png">
Commits
-------
f603317363 [DependencyInjection] Improve missing package/version deprecation
This PR was merged into the 5.1 branch.
Discussion
----------
[SecurityBundle] Only register CSRF protection listener if CSRF is available
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets | Fix#37033
| License | MIT
| Doc PR | -
I know we're not allowed to add new deprecations in already released versions. However, I don't think anyone is using SecurityBundle's compiler passes except from Symfony itself - so I don't think anyone is affected by this deprecation. The alternatives would be:
* Add a new compiler pass in 5.1 that conditionally registers the CSRF listener
* Do this exact change in 5.2 and...
* accept a `null` argument in the listener for 5.1
* or add this to the `RegisterCsrfTokenClearingLogoutHandlerPass` class in 5.1
Commits
-------
2d738b30de Only register CSRF protection listener if CSRF is available
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37064
| License | MIT
Commits
-------
69547d9cfc [HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
This PR was merged into the 5.1 branch.
Discussion
----------
[FrameworkBundle] Extension Serializer issue
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | ???
| License | MIT
| Doc PR |
Hi,
When creating a new Symfony project and requiring `symfony/serializer` we have an issue with required service.
Here is a simple reproducer:
This bug was introduced by https://github.com/symfony/symfony/pull/31390
Commits
-------
ab5628f0f4 FrameworkBundle Serializer issue
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfilerBundle] Move ajax clear event listener initialization on loadToolbar
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37073
| License | MIT
Fix ajax clear event listener stacking on each ajax request made.
Comment says if should be synced with `TwigBundle/Resources/views/base_js.html.twig`
If not applicable feel free to deny.
Commits
-------
cf4587b498 Move ajax clear event listener initialization on loadToolbar
This PR was merged into the 5.1 branch.
Discussion
----------
[ExpressionLanguage] reset the internal state when the parser is finished
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d58eb020d0 reset the internal state when the parser is finished
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] simplify the tests
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
cfc6fc8527 simplify the tests
This PR was merged into the 4.4 branch.
Discussion
----------
[Serializer] take into account the context when preserving empty array objects
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37041
| License | MIT
| Doc PR |
Commits
-------
98fff21140 take into account the context when preserving empty array objects
This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Fixed PUBLIC_ACCESS in authenticated sessions
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Found while testing https://github.com/scheb/2fa/pull/8, sorry for not spotting it before the stable release 😞
Currently, authenticated users are denied access for pages that have `PUBLIC_ACCESS` set, as this attribute is only checked when no token was set. It should be checked for both cases.
Commits
-------
0ac530f460 Also check PUBLIC_ACCESS for authenticated tokens
This PR was merged into the 5.1 branch.
Discussion
----------
[FrameworkBundle] Fix enabled_locales behavior
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I was experimenting with enabled_locales on my application and I noticed the cache didn't actually change. It seems the generated service definition was invalid: the file `var/cache/dev/ContainerFEQLy1x/App_KernelDevDebugContainer.php` defined `getTranslator_DefaultService` by calling `new Translator` with 7 arguments instead of 6.
It seems to be due to the fact that the DI extension does not replace the right argument. With the following fix applied the behavior works as expected.
However, reading the comment of Javier in https://github.com/symfony/symfony/pull/32433, it seems he tested it against Demo and it worked with the previous code. I'm not sure why, @javiereguiluz I'd be interested in knowing if I'm missing something here :) .
Commits
-------
e2ce7f5030 Fix enabled_locales behavior
This PR was merged into the 4.4 branch.
Discussion
----------
[VarExporter] tfix: s/markAsSkipped/markTestSkipped/
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Just fixes a typo causing the testsuite to fail at least on PHP 7.4.5
Commits
-------
393c9d920a [VarExporter] tfix: s/markAsSkipped/markTestSkipped/
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fixsymfony/symfony-docs#13669
| License | MIT
| Doc PR |
Commits
-------
4807dab305 [Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Fixed AbstractToken::hasUserChanged()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36989
| License | MIT
| Doc PR | -
This PR completely reverts #35944.
That PR tried to fix a BC break (ref #35941, #35509) introduced by #31177. However, this broke many authentications (ref #36989), as the User is serialized in the session (as hinted by @stof). Many applications don't include the `roles` property in the serialization (at least, the MakerBundle doesn't include it).
In 5.2, we should probably deprecate having different roles in token and user, which fixes the BC breaks all together.
Commits
-------
f297beb42c [Security] Fixed AbstractToken::hasUserChanged()
