This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Allow to stick to a specific password hashing algorithm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33054
| License | MIT
| Doc PR | todo
Allows using `argon2i`, `argon2id` and `bcrypt`.
Commits
-------
6712d1e504 [Security] Allow to set a fixed algorithm
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] add fast path when encoded password cannot match anything
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Only `MessageDigestPasswordEncoder` and `Pbkdf2PasswordEncoder` need this fast path: the sodium and the native encoders already implement it natively.
When a migrating encoder is used, a failed password validation fallbacks to all encoders. This makes the process slower than needed currently.
Commits
-------
c57f8f7f93 [Security/Core] add fast path when encoded password cannot match anything
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, env vars that override encrypted secrets must en up with `_SECRET`.
This PR removes this convention. It also enforces that only vars defined in the vault can be overriden locally. This means one cannot set a local-only secret.
Commits
-------
2ec9647e75 [FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fix redis test
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
3fdaf970c3 [Messenger] Fix redis test
This PR was merged into the 3.4 branch.
Discussion
----------
fix paths to detect code owners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I was wondering why sometimes I didn't receive any notifications for PRs where I thought a file for which I claimed code ownership was modified. Turns out according to https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax the `dir/*` pattern does not include nested directories.
Commits
-------
cb7523d595 fix paths to detect code owners
This PR was merged into the 3.4 branch.
Discussion
----------
[OptionsResolver] Fix an error message to be more accurate
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30432
| License | MIT
| Doc PR |
See #30432 for more details:
> **Symfony version(s) affected**: 3.4, maybe other versions too (not tested)
>
> **Description**
> Error message when allowedTypes is an array contains `[]` but should not:
> `The option "testme" with value array is expected to be of type "string[]", but one of the elements is of type "integer[]".`
> It should be:
> `The option "testme" with value array is expected to be of type "string[]", but one of the elements is of type "integer".`
>
> **How to reproduce**
>
> ```
> $resolver = (new OptionsResolver())
> ->setDefault('testme', [])
> ->setAllowedTypes('testme', ['string[]'])
> ->resolve(['testme' => ['test', 12]]);
> ```
In addition I changed an error message to be more
accurate if provided more than one incorrect value:
> [...] is expected to be of type "integer[][]", but is of type "integer|boolean|string".
Commits
-------
7fa2fc2#30432 fix an error message
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Make sure to collect child forms created on *_SET_DATA events
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#29291
| License | MIT
| Doc PR | -
See reproducer provided by @WubbleWobble https://github.com/WubbleWobble/symfony-issue-29291.
Commits
-------
50efc1a Make sure to collect child forms created on *_SET_DATA events
This PR was merged into the 4.3 branch.
Discussion
----------
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This method is internal and unused. It was removed by a2ae6bf745 but was added back mistakenly by 1baac5a74f.
Commits
-------
49acc16424 [Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] ignore the body of responses to HEAD requests
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34102
| License | MIT
| Doc PR | -
Commits
-------
0fc371e7df [HttpClient] ignore the body of responses to HEAD requests
This PR was squashed before being merged into the 3.4 branch (closes#34097).
Discussion
----------
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Drupal is testing on PHP7.4 and hitting a problem with the line `if ('[' === $subPath[0]) {` because `$subPath` is not a string. We're already doing string casting in the method so we could do it once and be done. Note this is not a problem on the master branch / SF5 because of primitive typehinting.
Without this fix on PHP7.4 you see errors like...
```
1) Symfony\Component\Validator\Tests\Util\PropertyPathTest::testAppend with data set #5 ('0', 1, '0.1', 'Numeric subpaths do not cause...rrors.')
Trying to access array offset on value of type int
```
Commits
-------
6244a1ec47 [Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] remove infinite (nullable) max retries
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#33284
| License | MIT
| Doc PR |
Infinite retries are useless and putting a high enough number is more self-explaining. Infinite retries could not be configured using the framework anyway, see issue.
Commits
-------
4a6ec8554e [Messenger] remove nullable max retries
This PR was merged into the 4.3 branch.
Discussion
----------
[Messenger] use database platform to convert correctly the DateTime
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32427
| License | MIT
In Doctrine Messenger the method `\Symfony\Component\Messenger\Transport\Doctrine\Connection::formatDateTime()` is used to format dateTime into this: `Y-m-d\TH:i:s`.
But this is not supported in all databases platform.
Here we use the database platform to convert correctly the dateTime.
Commits
-------
cfa11561d1 Format DateTime depending on database platform
This PR was merged into the 4.3 branch.
Discussion
----------
[Messenger] prevent infinite redelivery loops and blocked queues
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#32055
| License | MIT
| Doc PR |
This PR solves a very common fitfall of amqp redeliveries. It's for example explained in https://blog.forma-pro.com/rabbitmq-redelivery-pitfalls-440e0347f4e0
Newer RabbitMQ versions provide a solution for this by itself but only for quorum queues and not the classic ones, see https://github.com/rabbitmq/rabbitmq-server/pull/1889
This PR adds a middleware that throws a RejectRedeliveredMessageException when a message is detected that has been redelivered by AMQP.
The middleware runs before the HandleMessageMiddleware and prevents redelivered messages from being handled directly. The thrown exception is caught by the worker and will trigger the retry logic according to the retry strategy.
AMQP redelivers messages when they do not get acknowledged or rejected. This can happen when the connection times out or an exception is thrown before acknowledging or rejecting. When such errors happen again while handling the redelivered message, the message would get redelivered again and again. The purpose of this middleware is to prevent infinite redelivery loops and to unblock the queue by republishing the redelivered messages as retries with a retry limit and potential delay.
Commits
-------
d211904c8e [Messenger] prevent infinite redelivery loops and blocked queues
This PR was merged into the 3.4 branch.
Discussion
----------
Remove unused local variables
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR removes useless assignations. There are also somes fixes in tests.
Commits
-------
c07cee8f61 Remove unused local variables in tests
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] allow option "buffer" to be a stream resource
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e87301603e [HttpClient] allow option "buffer" to be a stream resource
This PR was merged into the 4.3 branch.
Discussion
----------
[Messenger] Show exceptions after multiple retries
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32311
| License | MIT
| Doc PR | n/a
After retrying a failed message, the `RedeliveryStamp` looses it's exception information. This PR will remedy that.
Commits
-------
598bd92313 [Messenger] Show exceptions on after empty fails
This PR was merged into the 4.3 branch.
Discussion
----------
Revert "[Messenger] Fix exception message of failed message is dropped
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
This reverts #33600 because it makes the message grow for each retry until AMQP cannot handle it anymore. On each retry, the full exception trace is added to the message. So in our case on the 5th retry, the message is too big for the AMQP library to encode it. AMQP extension then throws the exception
> Library error: table too large for buffer
(ref. https://github.com/alanxz/rabbitmq-c/issues/224 and https://github.com/pdezwart/php-amqp/issues/131) when trying to publish the message.
To solve this, I suggest to revert #33600 (this PR) and merge #32341 instead which does not re-add the exception on each failure.
Btw, the above problem causes other problematic side-effects of Symfony messenger. As the new retry message fails to be published with an exception, the old (currently processed message) also does not get removed (acknowledged) from the delay queue. So rabbitmq redelivers the message and the same thing happens forever. This can block the consumers and have a huge toll on your service. That's just another case for https://github.com/symfony/symfony/issues/32055#issuecomment-529630654. I'll try to fix this in another PR.
Commits
-------
3dbe924f47 Revert "[Messenger] Fix exception message of failed message is dropped on retry"