This PR was merged into the 4.3 branch.
Discussion
----------
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
sodium implementations are always faster, let's use them when possible. This also allows validating argon2 passwords when bcrypt is configured as the main one, making migrations possible.
Commits
-------
799a2eae2d [Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Allow to stick to a specific password hashing algorithm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33054
| License | MIT
| Doc PR | todo
Allows using `argon2i`, `argon2id` and `bcrypt`.
Commits
-------
6712d1e504 [Security] Allow to set a fixed algorithm
This PR was merged into the 5.0-dev branch.
Discussion
----------
Slack notifier actions
| Q | A
| ------------- | ---
| Branch? | 5.0 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | -
Slack messages can contain actions/buttons.
Commits
-------
b6e203dfe7 [Notifier] Add the possibility to add actions on Slack messages
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] add fast path when encoded password cannot match anything
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Only `MessageDigestPasswordEncoder` and `Pbkdf2PasswordEncoder` need this fast path: the sodium and the native encoders already implement it natively.
When a migrating encoder is used, a failed password validation fallbacks to all encoders. This makes the process slower than needed currently.
Commits
-------
c57f8f7f93 [Security/Core] add fast path when encoded password cannot match anything
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, env vars that override encrypted secrets must en up with `_SECRET`.
This PR removes this convention. It also enforces that only vars defined in the vault can be overriden locally. This means one cannot set a local-only secret.
Commits
-------
2ec9647e75 [FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fix redis test
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
3fdaf970c3 [Messenger] Fix redis test
This PR was merged into the 5.0-dev branch.
Discussion
----------
[Notifier] Set missing defaults
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a <!-- required for new features -->
When overriding the default Notification class, most of the time, we don't need to call the parent constructor. Having good defaults allows to skip it.
Commits
-------
8767ff8e7b [Notifier] Set missing defaults
This PR was merged into the 3.4 branch.
Discussion
----------
fix paths to detect code owners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I was wondering why sometimes I didn't receive any notifications for PRs where I thought a file for which I claimed code ownership was modified. Turns out according to https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax the `dir/*` pattern does not include nested directories.
Commits
-------
cb7523d595 fix paths to detect code owners
This PR was merged into the 3.4 branch.
Discussion
----------
[OptionsResolver] Fix an error message to be more accurate
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30432
| License | MIT
| Doc PR |
See #30432 for more details:
> **Symfony version(s) affected**: 3.4, maybe other versions too (not tested)
>
> **Description**
> Error message when allowedTypes is an array contains `[]` but should not:
> `The option "testme" with value array is expected to be of type "string[]", but one of the elements is of type "integer[]".`
> It should be:
> `The option "testme" with value array is expected to be of type "string[]", but one of the elements is of type "integer".`
>
> **How to reproduce**
>
> ```
> $resolver = (new OptionsResolver())
> ->setDefault('testme', [])
> ->setAllowedTypes('testme', ['string[]'])
> ->resolve(['testme' => ['test', 12]]);
> ```
In addition I changed an error message to be more
accurate if provided more than one incorrect value:
> [...] is expected to be of type "integer[][]", but is of type "integer|boolean|string".
Commits
-------
7fa2fc2#30432 fix an error message
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Make sure to collect child forms created on *_SET_DATA events
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#29291
| License | MIT
| Doc PR | -
See reproducer provided by @WubbleWobble https://github.com/WubbleWobble/symfony-issue-29291.
Commits
-------
50efc1a Make sure to collect child forms created on *_SET_DATA events
This PR was merged into the 4.3 branch.
Discussion
----------
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This method is internal and unused. It was removed by a2ae6bf745 but was added back mistakenly by 1baac5a74f.
Commits
-------
49acc16424 [Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] ignore the body of responses to HEAD requests
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34102
| License | MIT
| Doc PR | -
Commits
-------
0fc371e7df [HttpClient] ignore the body of responses to HEAD requests
This PR was squashed before being merged into the 3.4 branch (closes#34097).
Discussion
----------
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Drupal is testing on PHP7.4 and hitting a problem with the line `if ('[' === $subPath[0]) {` because `$subPath` is not a string. We're already doing string casting in the method so we could do it once and be done. Note this is not a problem on the master branch / SF5 because of primitive typehinting.
Without this fix on PHP7.4 you see errors like...
```
1) Symfony\Component\Validator\Tests\Util\PropertyPathTest::testAppend with data set #5 ('0', 1, '0.1', 'Numeric subpaths do not cause...rrors.')
Trying to access array offset on value of type int
```
Commits
-------
6244a1ec47 [Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] remove infinite (nullable) max retries
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#33284
| License | MIT
| Doc PR |
Infinite retries are useless and putting a high enough number is more self-explaining. Infinite retries could not be configured using the framework anyway, see issue.
Commits
-------
4a6ec8554e [Messenger] remove nullable max retries