* 3.0:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.8:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Move handling of conflicting origin IPs to catch block
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19217
| License | MIT
| Doc PR | -
Commits
-------
db84101 [HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
1f00b55 [HttpKernel] Move conflicting origin IPs handling to catch block
This PR was merged into the 2.7 branch.
Discussion
----------
[travis] Fix deps=low/high patching
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Deps=low/high are broken since we added depth=1 to the git checkout on travis...
This fixes the situation and ensures it won't happen again by adding a missing error check.
Commits
-------
5ec92e8 [travis] Fix deps=low/high patching
This PR was squashed before being merged into the 3.1 branch (closes#18934).
Discussion
----------
Fixed some issues of the AccessDecisionManager profiler
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19022https://github.com/symfony/symfony-standard/issues/968https://github.com/schmittjoh/JMSSecurityExtraBundle/issues/207
| License | MIT
| Doc PR | -
Commits
-------
082f1b5 Fixed some issues of the AccessDecisionManager profiler
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Inline ValidateRequestListener logic into HttpKernel
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18688#19216
| License | MIT
| Doc PR | -
I propose to inline the listener introduced in #18688 into HttpKernel.
Commits
-------
9d3ae85 [HttpKernel] Inline ValidateRequestListener logic into HttpKernel
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was merged into the 2.8 branch.
Discussion
----------
fixed test
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
bac531c fixed test
This PR was squashed before being merged into the 2.7 branch (closes#19173).
Discussion
----------
[Console] Decouple SymfonyStyle from TableCell
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Alternative approach, ie BC, for #19136 (i prefer that one though, as it also _fixes_ #19123 )
Commits
-------
51f59d6 [Console] Decouple SymfonyStyle from TableCell
* 3.0:
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
* 2.8:
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
This PR was merged into the 2.8 branch.
Discussion
----------
fixed form tests
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
d0130d9 fixed form tests
This PR was merged into the 2.7 branch.
Discussion
----------
removed dots at the end of @param and @return
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
For phpdocs, we only add dots for sentences like description, but not for @param and @return for instance. This PR fixes this issue.
This should probably be added to PHP-CS-Fixer as well (/cc @phansys @keradus).
Commits
-------
554303e removed dots at the end of @param and @return
This PR was merged into the 3.1 branch.
Discussion
----------
[Security] Allow LDAP loadUser override
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Back to 3.0, one could extend `Symfony\Component\Security\Core\User\LdapUserProvider` and override how User objects are created.
Among several improvements, #17560 changed `loadUser` signature but also visibility to `private` which disallow any overriding.
Even if the signature BC break is legitimate, we should still be able to override this method IMHO, which is not possible with a private visibility.
This PRs introduces a `protected` visibility to allow again overriding.
Commits
-------
ae99aa8 [Security] Allow LDAP loadUser override