This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Add `secrets:*` commands and `%env(secret:...)%` processor to deal with secrets seamlessly
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#27351
| License | MIT
| Doc PR | symfony/symfony-docs/pull/11396
This PR continues #31101, please see there for previous discussions. The attached patch has been fine-tuned on https://github.com/nicolas-grekas/symfony/pull/33 with @jderusse.
This PR is more opinionated and thus a lot simpler than #31101: only Sodium is supported to encrypt/decrypt (polyfill possible), and only local filesystem is available as a storage, with little to no extension point. That's on purpose: the goal here is to provide an experience, not software building blocks. In 5.1, this might be extended and might lead to a new component, but we'd first need reports from real-world needs. Having this straight-to-the-point in 4.4 will allow gathering these needs (if they exist) and will immediately provide a nice workflow for the need we do want to solve now: forwarding secrets from dev to prod using git in a secure way.
The workflow this will allow is the following:
- public/private key pairs are generated in the `config/secrets/%kernel.environment%/` folder using `bin/console secrets:generate-keys`
- for the prod env, the corresponding private key should be deployed to the server using whatever means the hosting provider allows - this key MUST NOT be committed
- the public key is used to encrypt secrets and thus *may* be committed in the git repository to allow anyone *that can commit* to add secrets - this is done using `bin/console secrets:set`
DI configuration can reference secrets using `%env(secret:...)%` in e.g `services.yaml`.
There is also `bin/console secrets:remove` and `bin/console debug:secrets` to complete the toolbox.
In terms of design, vs #31101, this groups the dual "encoder" + "storage" concepts in a single "vault" one. That's part of what makes this PR simpler.
That's all folks :)
Commits
-------
c4653e1f65 Restrict secrets management to sodium+filesystem
02b5d740e5 Add secrets management
8c8f62390a Proof of concept for encrypted secrets
* 4.3:
[HttpKernel] fix wrong removal of the just generated container dir
bug #34024 [Routing] fix route loading with wildcard, but dir or file is empty (gseidel)
[Routing] fix route loading with wildcard, but dir or file is empty
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] fix wrong removal of the just generated container dir
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The patch applies to 3.4 but the fix really affects to 4.4 with the introduction of the new `.preload.php` file.
/cc @fabpot since you encountered this error quite often recently during `composer up/req` :)
Commits
-------
4ad09ebafb [HttpKernel] fix wrong removal of the just generated container dir
This PR was merged into the 4.3 branch.
Discussion
----------
[Routing] fix route loading with wildcard, but dir or file is empty
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no ticket i see so far
| License | MIT
In my route config i have something like:
```yaml
empty_wildcard:
resource: ../controller/empty_wildcard/*
prefix: /empty_wildcard
```
But ``empty_wildcard`` is empty or has no route configured.
So i had this error:
``Call to a member function addPrefix() on null``
This PR take care if no route is configured, there will be no error.
Commits
-------
217058b475 [Routing] fix route loading with wildcard, but dir or file is empty
This PR was merged into the 4.3 branch.
Discussion
----------
[Routing] fix route loading with wildcard, but dir or file is empty
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no ticket i see so far
| License | MIT
In my route config i have something like:
```yaml
empty_wildcard:
resource: ../controller/empty_wildcard/*
prefix: /empty_wildcard
```
But ``empty_wildcard`` is empty or has no route configured.
So i had this error:
``Call to a member function addPrefix() on null``
This PR take care if no route is configured, there will be no error.
Commits
-------
217058b475 [Routing] fix route loading with wildcard, but dir or file is empty
* 4.3:
[Dotenv] allow LF in single-quoted strings
[Yaml] Throw exception for tagged invalid inline elements
[Mailer] Fix Mandrill Transport API payload with named addresses
This PR was merged into the 3.4 branch.
Discussion
----------
[Dotenv] allow LF in single-quoted strings
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
in a shell:
```sh
FOO='bar
baz'
```
is legal to set a value to (in PHP):
```php
"bar\nbaz"
```
Commits
-------
4d79116a0d [Dotenv] allow LF in single-quoted strings
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] Throw exception for tagged invalid inline elements
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
At the moment the result for `!foo 'don't do somthin' like that'` is a `TaggedValue` with value "don".
Commits
-------
bed479c561 [Yaml] Throw exception for tagged invalid inline elements
This PR was merged into the 4.4 branch.
Discussion
----------
Replace STDIN by php://stdin
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
`STDIN` is SAPI-dependent.
Commits
-------
365d02be77 Replace STDIN by php://stdin
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] add HttpClient::createForBaseUri()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I've seen ppl use `HttpClient::create()` with default `base_uri` & `auth_bearer`. That's a security risk as the bearer would be sent to any hosts that the client requests.
Instead, ppl should use `ScopingHttpClient`.
The new method should help to discover and use it.
Commits
-------
1aa9a118d6 [HttpClient] add HttpClient::createForBaseUri()
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Improve the sorting of tagged services
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/33716
| License | MIT
| Doc PR | -
Little DX improvement, to sort the tags inside each service tagged.
More details in linked issue.
Commits
-------
f892289351 [FrameworkBundle] Improve the sorting of tagged services
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] try using php-http/discovery when nyholm/psr7 is not installed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In case one has `php-http/discovery`, we can leverage it...
Commits
-------
6e0cb581a1 [HttpClient] try using php-http/discovery when nyholm/psr7 is not installed
* 4.3:
fix PHP 5.6 compatibility
[Cache] fixed TagAwareAdapter returning invalid cache
Add plus character `+` to legal mime subtype
Make Symfony\Contracts\Service\Test\ServiceLocatorTest abstract
bug #33942 [DI] Add extra type check to php dumper
[Dotenv] search variable values in ENV first then env file
[PropertyInfo] Respect property name case when guessing from public method name
[VarDumper] fix resetting the "bold" state in CliDumper
Missing argument in method_exists
SCA: added missing break in a loop
* 3.4:
fix PHP 5.6 compatibility
[Cache] fixed TagAwareAdapter returning invalid cache
[PropertyInfo] Respect property name case when guessing from public method name
This PR was squashed before being merged into the 4.4 branch (closes#33967).
Discussion
----------
[Mailer] Add Message-Id to SentMessage when sending an email
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes-ish
| New feature? | yes-ish as well
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | fixes#33681
| License | MIT
| Doc PR | -
This adds `SentMessage::getMessageId()` to retrieve the message id as generated internally OR by the provider sending the email.
Commits
-------
d97d1f9bb4 [Mailer] Fix Message ID for Postmark SMTP
b42c269760 Add Message-Id to SentMessage when sending an email
This PR was merged into the 4.4 branch.
Discussion
----------
[Serializer][CSV] Add context options to handle BOM
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33684
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12461
This allows BOM handling in en/decoded CSV files. To keep current behaviour intact both skipping BOM at the beginning of the CSV and outputting BOM are an opt-in feature.
Personally I'd propose to make `SKIP_INPUT_BOM` default to `false` in 5.0 so the BOM is transparent and people that for some reasons expect BOM characters to be present in the parsed text explicitly opt-out of trimming it.
Commits
-------
3eb36684d8 Add context options to handle BOM
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyInfo] Respect property name case when guessing from public method name
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#32656
| License | MIT
| Doc PR |
Using camelCase, with an attribute `$aFooBar`, naming the getter/setter `getAFooBar()`/`setAFooBar()`, returns the property name as AFooBar instead of aFooBar.
# Before
Property name `'AFooBar'`
# After
Property name `'aFooBar'` as expected
Commits
-------
843bb76f8a [PropertyInfo] Respect property name case when guessing from public method name
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] resolve promise chains on HttplugClient::wait()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#32142
| License | MIT
| Doc PR | -
Follow up of #33743
Right now, keeping a reference to promise objects returned by `HttplugClient::sendAsyncRequest()`, then calling their `wait()` method is the only way to actually resolve the promises. That's why when these promises are destructed, we cancel the corresponding HTTP request.
But thanks to the `HttplugClient::wait()` method, we have a hook to tick the event loop managed by the Symfony client.
I added a test case to run into this situation.
~It fails currently. I'd like asking @joelwurtz, @dbu and/or maybe @Nyholm if you could have a look and finish this PR? I'm not that familiar with promises and you might get faster and better to the goal. Anyone else is welcome also of course. Thank you for having a look :) PR welcome on my fork or as a separate one on this repos.~
Commits
-------
ea0be07a33 [HttpClient] resolve promise chains on HttplugClient::wait()
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] fix 2RTT + race condition in AbstractTagAwareAdapter::deleteItems()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A final improvement to `AbstractTagAwareAdapter::deleteItems()`: this PR makes `deleteItems()` operate in 1RTT instead of 2.
Commits
-------
0613c227ec [Cache] fix 2RTT + race condition in AbstractTagAwareAdapter::deleteItems()
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] fixed TagAwareAdapter returning invalid cache
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33953
| License | MIT
| Doc PR |
This PR fixes `TagAwareAdapter` returning `CacheItem` when item-tags pair is missing tag key in pool. Currently `TagAwareAdapter` returns `CacheItem` with empty tags and `isHit` set to `true`. With this PR it returns `CacheItem` with `isHit` set to `false` as we can't know if item is valid or invalid when it's missing tag entry so we treat it as cache miss.
Commits
-------
946f0a1e11 [Cache] fixed TagAwareAdapter returning invalid cache
This PR was merged into the 4.3 branch.
Discussion
----------
Make Symfony\Contracts\Service\Test\ServiceLocatorTest abstract
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33946
| License | MIT
Commits
-------
c2dd804a24 Make Symfony\Contracts\Service\Test\ServiceLocatorTest abstract
This PR was merged into the 4.3 branch.
Discussion
----------
[DI] Add extra type check to php dumper
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33942
| License | MIT
| Doc PR
This PR adds a missing type check in the PHP Dumper. The bug has been detected while working on the https://github.com/prooph/service-bus-symfony-bundle and I haven't been able to reproduce it within a minimalist testcase.
I would like to add a unit test to cover it once I have figured out the exact context in which the bug occurs.
Any help would be greatly appreciated to do so, especially from "senior" contributors of the DependencyInjection component, many thanks in advance!
You will find more information about this bug in the linked ticket above.
Commits
-------
b17ebdf081 bug #33942 [DI] Add extra type check to php dumper
* 3.4:
Add plus character `+` to legal mime subtype
[Dotenv] search variable values in ENV first then env file
[VarDumper] fix resetting the "bold" state in CliDumper
SCA: added missing break in a loop
This PR was merged into the 4.4 branch.
Discussion
----------
[Mailer] added ReplyTo option for PostmarkApiTransport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Supports "ReplyTo" option with Postmark transport
Commits
-------
d49a7387de [Mailer] added ReplyTo option for PostmarkApiTransport
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Rework fatal errors
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32605
| License | MIT
| Doc PR | -
Built on top of https://github.com/symfony/symfony/pull/33038 so review only the second commit : d5c3f7ed48
The goals of this PR is to replace current "fatal error handlers" with "error enhancers" since all our current fatal error handlers works on \Error since PHP7.
That means we won't use the FatalErrorException anymore, so we will be able to remove it (once we don't need it in the rest of the codebase).
The final goal btw is to handle \Throwable everywhere in the code so we can remove FatalThrowableError & FatalErrorException classes.
Commits
-------
aaa0cdf523 [ErrorHandler] Rework fatal error handlers
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] add TagAwareMarshaller to optimize data storage when using AbstractTagAwareAdapter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #33924
| License | MIT
| Doc PR | -
This is the final touch in my series of PR that fixes the linked issue.
Remarkably, the solutions I implemented for this issue are completely different than the one I described there. Fortunately, the issues themselves were correctly identified.
Plannification of implementation is gambling :)
/cc @andrerom
Commits
-------
5a4a30c6ef [Cache] add TagAwareMarshaller to optimize data storage when using AbstractTagAwareAdapter
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] fix resetting the "bold" state in CliDumper
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
21645a5b96 [VarDumper] fix resetting the "bold" state in CliDumper
This PR was merged into the 4.4 branch.
Discussion
----------
[Mime] added image/svg MIME support
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33909
| License | MIT
| Doc PR |
Added `image/svg` MIME type to `svg` extension.
More @#33909.
Commits
-------
015eb6625c added image/svg MIME support
* 4.3:
[Cache] ignore unserialization failures in AbstractTagAwareAdapter::doDelete()
[HttpClient] send `Accept: */*` by default, fix removing it when needed
This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] ignore unserialization failures in AbstractTagAwareAdapter::doDelete()
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Making things more robust, part of #33924
Commits
-------
a1f334c1b7 [Cache] ignore unserialization failures in AbstractTagAwareAdapter::doDelete()
* 4.3:
[Cache] clean tags folder on invalidation
[Cache] remove implicit dependency on symfony/filesystem
Allow to set cookie_samesite to 'none'
[VarDumper] fix array key error for class SymfonyCaster
Adds missing translations for no nb
[HttpKernel] fix $dotenvVars in data collector
Add the missing translations for the Swedish ("sv") locale
bumped Symfony version to 4.3.6
updated VERSION for 4.3.5
updated CHANGELOG for 4.3.5
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
update CONTRIBUTORS for 3.4.32
updated CHANGELOG for 3.4.32
[Messenger] DoctrineTransport: ensure auto setup is only done once
[Form][DateTimeImmutableToDateTimeTransformer] Preserve microseconds and use \DateTime::createFromImmutable() when available
[Crawler] document $default as string|null
* 3.4:
Adds missing translations for no nb
Add the missing translations for the Swedish ("sv") locale
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
update CONTRIBUTORS for 3.4.32
updated CHANGELOG for 3.4.32
