* 3.0: (31 commits)
Drop hirak/prestissimo
[MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6
bumped Symfony version to 3.0.7
updated VERSION for 3.0.6
updated CHANGELOG for 3.0.6
bumped Symfony version to 2.8.7
updated VERSION for 2.8.6
updated CHANGELOG for 2.8.6
bumped Symfony version to 2.7.14
updated VERSION for 2.7.13
updated CHANGELOG for 2.7.13
bumped Symfony version to 2.3.42
[Debug] Fix fatal error handlers on PHP 7
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
fixed bad merge
Fixed issue with blank password with Ldap
limited the maximum length of a submitted username
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
...
Conflicts:
src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php
src/Symfony/Component/DependencyInjection/Tests/Compiler/AutowirePassTest.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.8:
Drop hirak/prestissimo
bumped Symfony version to 2.8.7
updated VERSION for 2.8.6
updated CHANGELOG for 2.8.6
bumped Symfony version to 2.7.14
updated VERSION for 2.7.13
updated CHANGELOG for 2.7.13
bumped Symfony version to 2.3.42
[Debug] Fix fatal error handlers on PHP 7
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.7.md
CHANGELOG-3.0.md
appveyor.yml
src/Symfony/Component/HttpKernel/Kernel.php
* 2.7:
Drop hirak/prestissimo
bumped Symfony version to 2.7.14
updated VERSION for 2.7.13
updated CHANGELOG for 2.7.13
bumped Symfony version to 2.3.42
[Debug] Fix fatal error handlers on PHP 7
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
Drop hirak/prestissimo
bumped Symfony version to 2.3.42
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
Conflicts:
appveyor.yml
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
Drop hirak/prestissimo
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
unstable (see #18743 on appveyor)
Commits
-------
8f136ab Drop hirak/prestissimo
This PR was merged into the 3.1-dev branch.
Discussion
----------
[DoctrineBridge] Fixed bc layer after #18069
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | BC break
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
8a6cf9d [DoctrineBridge] fixed bc layer from #18069
This PR was merged into the 3.0 branch.
Discussion
----------
[MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6
| Q | A
| ------------- | ---
| Branch? | 3.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Caused by #18705, it is impossible to install v3.0.6 of symfony/monolog-bridge
together with v3.0.6 of symfony/http-kernel.
The intention of #18705 "added a conflict between Monolog bridge 2.8 and
HTTP Kernel 3.0+" was to prevent installing symfony/monolog-bridge from the
3.0 series with http-kernel from the 2.8 series of symfony. While this now
works correctly in v2.8.6, it breaks installing symfony/monolog-bridge v3.0.6
with symfony/http-kernel v3.0.6.
This PR resolves this issue.
# How to reproduce
- Create a test directory and change into it - e.g. with `mkdir /tmp/reproduce-symfony-18745 && cd /tmp/reproduce-symfony-18745`
- Add the following composer.json to this test directory
```
{
"require": {
"symfony/monolog-bridge": "3.0.6",
"symfony/http-kernel": "3.0.6"
}
}
```
- Run `composer install` from the test directory
## Expected behavior
Composer installs symfony/monolog-bridge and symfony/http-kernel (together with their dependencies).
## Actual behavior
Composer fails with the following error messages:
```
#:/tmp/reproduce-symfony-18745$ composer install
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for symfony/monolog-bridge 3.0.6 -> satisfiable by symfony/monolog-bridge[v3.0.6].
- symfony/http-kernel v3.0.6 conflicts with symfony/monolog-bridge[v3.0.6].
- Installation request for symfony/http-kernel 3.0.6 -> satisfiable by symfony/http-kernel[v3.0.6].
```
Commits
-------
72c44c2 [MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6
Caused by #18705, it is impossible to install v3.0.6 of symfony/monolog-bridge
together with v3.0.6 of symfony/http-kernel.
The intention of #18705 "added a conflict between Monolog bridge 2.8 and
HTTP Kernel 3.0+" was to prevent installing symfony/monolog-bridge from the
3.0 series with http-kernel from the 2.8 series of symfony. While this now
works correctly in v2.8.6, it breaks installing symfony/monolog-bridge v3.0.6
with symfony/http-kernel v3.0.6.
This commit resolves this issue.
This PR was merged into the 2.8 branch.
Discussion
----------
Fixed issue with blank password with Ldap
| Q | A
| ------------- | ---
| Branch? | 1.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
c7d9c62 Fixed issue with blank password with Ldap
The bind operation of LDAP, as described in RFC 4513, provides a method
which allows for authentication of users. For the Simple Authentication
Method a user may use the anonymous authentication mechanism, the
unauthenticated authentication mechanism, or the name/password
authentication mechanism. The unauthenticated authentication mechanism
is used when a client who desires to establish an anonymous
authorization state passes a non-zero length distinguished name and a
zero length password. Most LDAP servers either can be configured to
allow this mechanism or allow it by default.
_Web-based applications which perform the simple bind operation with the
client's credentials are at risk when an anonymous authorization state is
established. This can occur when the web-based application passes a
distinguished name and a zero length password to the LDAP server._
Thus, misconfiguring a server with simple bind can trick Symfony into
thinking the username/password tuple as valid, potentially leading to
unauthorized access.
This PR was merged into the 2.3 branch.
Discussion
----------
limited the maximum length of a submitted username
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f8dc28a limited the maximum length of a submitted username
* 2.8:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
top-level anonymous services must be public
[DependencyInjection] Suggest ExpressionLanguage in composer.json
added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+
* 2.7:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
[DependencyInjection] Suggest ExpressionLanguage in composer.json
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] prevent calling get() for service_container service
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This change will simply fix the tests once #18728 gets merged. An alternative approach would be to compile the container so that the code would still work even for services that have been set directly using `set()`. However, compiling the container in a descriptor imo is an unexpected side effect which I tried to avoid here.
Commits
-------
2d46bd4 prevent calling get() for service_container service
This PR was merged into the 2.3 branch.
Discussion
----------
call get() after the container was compiled
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This will prevent future issues when calling `ContainerBuilder::get()` before compiling the container will be deprecated (see #18728).
Commits
-------
954126b call get() after the container was compiled
This PR was merged into the 2.7 branch.
Discussion
----------
[DependencyInjection] Suggest ExpressionLanguage in composer.json
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As the DependencyInjection component has lots of classes containing uses of the ExpressionLanguage component, I propose to add it to the composer.json suggests.
Commits
-------
d6c9073 [DependencyInjection] Suggest ExpressionLanguage in composer.json
This PR was squashed before being merged into the 2.3 branch (closes#18727).
Discussion
----------
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes, phpdoc one
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Updated phpdoc of AnonymousToken $user param from string to string|object since an object is allowed to in the parent AbstractToken: https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L91
Commits
-------
b1c60b4 [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param