* 4.4:
[Messenger] Perform no deep merging of bus middleware
[HttpFoundation] Added possibility to configure expiration time in redis session handler
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
Drop useless executable bit
[DoctrineBridge] Improve queries parameters display in Profiler
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
* 4.3:
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
This PR was squashed before being merged into the 4.4 branch (closes#34405).
Discussion
----------
[HttpFoundation] Added possibility to configure expiration time in redis session handler
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Add possibility to manually configure expiration time in redis session handler.
Commits
-------
4a9d947b1a [HttpFoundation] Added possibility to configure expiration time in redis session handler
* 4.4: (23 commits)
[HttpFoundation] fix docblock
[HttpKernel] Flatten "exception" controller argument if not typed
Fix MySQL column type definition.
Link the right file depending on the new version
[Cache] Redis Tag Aware warn on wrong eviction policy
[HttpClient] fix HttpClientDataCollector
[HttpKernel] collect bundle classes, not paths
[Config] fix id-generation for GlobResource
[HttpKernel] dont check cache freshness more than once per process
[Finder] Allow ssh2 stream wrapper for sftp
[FrameworkBundle] fix wiring of httplug client
add FrameworkBundle requirement
[SecurityBundle] add tests with empty authenticator
[Security] always check the token on non-lazy firewalls
[DI] Use reproducible entropy to generate env placeholders
[WebProfilerBundle] Require symfony/twig-bundle
[Mailer] Add UPGRADE entry about the null transport DSN
bumped Symfony version to 4.3.9
updated VERSION for 4.3.8
updated CHANGELOG for 4.3.8
...
* 4.3:
[HttpFoundation] fix docblock
Fix MySQL column type definition.
Link the right file depending on the new version
[Config] fix id-generation for GlobResource
[Finder] Allow ssh2 stream wrapper for sftp
[DI] Use reproducible entropy to generate env placeholders
[WebProfilerBundle] Require symfony/twig-bundle
bumped Symfony version to 4.3.9
updated VERSION for 4.3.8
updated CHANGELOG for 4.3.8
bumped Symfony version to 3.4.36
updated VERSION for 3.4.35
updated CHANGELOG for 3.4.35
* 4.4:
[Console] Constant STDOUT might be undefined.
Add missing conflict with symfony/serializer <4.4
Allow returning null from NormalizerInterface::normalize
bumped Symfony version to 4.4.0
updated VERSION for 4.4.0-BETA1
updated CHANGELOG for 4.4.0-BETA1
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
* 4.3:
[Console] Constant STDOUT might be undefined.
Allow returning null from NormalizerInterface::normalize
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
* 3.4:
[HttpFoundation] fix guessing mime-types of files with leading dash
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
* 4.4:
[Messenger] Fixed bad event dispatcher mocks.
[Workflow] Simplified EventDispatcherMock.
[Routing] revert the return type for UrlGeneratorInterface::generate to remove null
[HttpFoundation] Add a way to anonymize IPs
* 4.4: (39 commits)
[Console] Fix#33915, Detect dimensions using mode CON if vt100 is supported
[PhpUnitBridge] Also search for composer.phar in git root folder
[HttpKernel][DataCollectorInterface] Ease compatibility
Add tests to ensure defaultLocale is properly passed to the URL generator
[DependencyInjection] Fix broken references in tests
[VarDumper] display the method we're in when dumping stack traces
[HttpClient] Retry safe requests when then fail before the body arrives
[Console] Rename some methods related to redraw frequency
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
Fix CS
[Serializer] Fix property name usage for denormalization
Name test accordingly to the tested class
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
[Security] Fix SwitchUserToken wrongly deauthenticated
Supporting Bootstrap 4 custom switches
Add new Form WeekType
bumped Symfony version to 4.3.7
...
* 4.3: (26 commits)
[Console] Fix#33915, Detect dimensions using mode CON if vt100 is supported
[HttpKernel][DataCollectorInterface] Ease compatibility
Add tests to ensure defaultLocale is properly passed to the URL generator
[DependencyInjection] Fix broken references in tests
[HttpClient] Retry safe requests when then fail before the body arrives
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
[Serializer] Fix property name usage for denormalization
Name test accordingly to the tested class
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
bumped Symfony version to 4.3.7
updated VERSION for 4.3.6
updated CHANGELOG for 4.3.6
bumped Symfony version to 3.4.34
updated VERSION for 3.4.33
update CONTRIBUTORS for 3.4.33
updated CHANGELOG for 3.4.33
[HttpClient] Fix perf issue when doing thousands of requests with curl
...
* 3.4:
[DependencyInjection] Fix broken references in tests
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
bumped Symfony version to 3.4.34
updated VERSION for 3.4.33
update CONTRIBUTORS for 3.4.33
updated CHANGELOG for 3.4.33
[Stopwatch] Fixed a bug in stopwatch event getStartTime
[Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods
Adding some validations tags on validators.et.xlf
add missing translation for 94 (it)
* 4.4:
[HttpFoundation][FrameworkBundle] allow configuring the session handler with a DSN
[Validator] Add AutoMapping constraint to enable or disable auto-validation
[DI] Fix "!tagged" related upgrade/changelog notes
* 4.4:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
[FrameworkBundle] make SodiumVault report bad decryption key accurately
cs fix
[Security] Allow to set a fixed algorithm
[Security/Core] make encodedLength computation more generic
[Security/Core] add fast path when encoded password cannot match anything
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
* 4.4:
[Debug] remove return types that break FC badly
[Mailer][MailchimpBridge] Don't send address names if empty string
[ExpressionLanguage][Lexer] Exponential format for number
[Mailer] Fix SES Message Id retrieval
Add .gitignore to .gitattributes
This PR was merged into the 4.4 branch.
Discussion
----------
Add .gitignore to .gitattributes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33946
| License | MIT
Commits
-------
246c5fdf43 Add .gitignore to .gitattributes
* 4.3:
fix PHP 5.6 compatibility
[Cache] fixed TagAwareAdapter returning invalid cache
Add plus character `+` to legal mime subtype
Make Symfony\Contracts\Service\Test\ServiceLocatorTest abstract
bug #33942 [DI] Add extra type check to php dumper
[Dotenv] search variable values in ENV first then env file
[PropertyInfo] Respect property name case when guessing from public method name
[VarDumper] fix resetting the "bold" state in CliDumper
Missing argument in method_exists
SCA: added missing break in a loop
* 3.4:
Add plus character `+` to legal mime subtype
[Dotenv] search variable values in ENV first then env file
[VarDumper] fix resetting the "bold" state in CliDumper
SCA: added missing break in a loop
* 4.4: (27 commits)
[Validator] add notice in UPGRADE file for new Range constraint option
[CssSelector] Support *:only-of-type pseudo class selector
[Intl] Update the ICU data to 65.1 (4.4 branch)
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist error_renderer.renderer tag in UnusedTagsPass
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
Update CHANGELOG.md
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[EventDispatcher] A compiler pass for aliased userland events.
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
[Form] Added CountryType option for using alpha3 country codes
Fixed invalid changelog 4.0.0 for VarDumper
[Workflow] Fixed BC break on WorkflowInterface
Fix wrong expression language value
...
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 3.4:
[Intl] Update the ICU data to 65.1
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 4.4:
sync phpunit script with master
[HttpFoundation] allow additinal characters in not raw cookies
[Console] Deprecate abbreviating hidden command names using Application->find()
Do not include hidden commands in suggested alternatives
[Messenger] Improve error message when routing to an invalid transport (closes#31613)
[DependencyInjection] Fix wrong exception when service is synthetic
[Security] add "anonymous: lazy" mode to firewalls
* 4.4:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Intl] Excludes locale from language codes (split localized language names)
[FrameworkBundle] WebTestCase KernelBrowser::getContainer null return type
[Intl] Fix compile type errors
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Add types to constructors and private/final/internal methods (Batch I)
[HttpFoundation] optimize normalization of headers
Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
[ErrorHandler] Forward \Throwable
Fix toolbar load when GET params are present in "_wdt" route
This PR was merged into the 4.4 branch.
Discussion
----------
[Http][DI] Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Currently handling trusted ips when deploying behind some CDNs/Load balancers such as ELB is difficult because they dont have a constant IP address, its possible to overcome this as is suggested by the docs - https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly - by settings trusted proxies to `$request->server->get('REMOTE_ADDR')` - but this has to be done in code, and so becomes dangerous if you code is deployed in different environments.
This change would allow the developer to stick to providing the envvar `TRUSTED_PROXIES`, and in the environment behind a ELB set the value to the literal string `REMOTE_ADDR`, and have it replaced at run time. This way in environments that are not using ELB his app is kept safe.
I think doing this replacement in `Request:: setTrustedProxies` is the best place because it means this feature isn't exposed to other parts of the code that might call `Request::getTrustedProxies`.
Commits
-------
643c9ff257 Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
* 4.4:
[Security/Http] fix typo in deprecation message
[Security] Deprecate isGranted()/decide() on more than one attribute
Fixed a minor typo in the UPGRADE to 5.0 guide
Various tweaks 3.4
Various tweaks 4.3
[Security] Make stateful firewalls turn responses private only when needed
[PhpUnit] Fix usleep mock return value
Revert \"feature #33507 [WebProfiler] Deprecated intercept_redirects in 4.4 (dorumd)\"
[TwigBundle] typo
[TwigBundle] fix test case
[Lock] use Predis\ClientInterface instead of Predis\Client
Allow Twig 3
Minor tweaks
Fix version typo in deprecation notice
[Form][SubmitType] Add "validate" option
hint to the --parse-tags when parsing tags fails
Make legacy "wrong" RFC2047 encoding apply only to one header
* 4.3:
[Security/Http] fix typo in deprecation message
Various tweaks 3.4
Various tweaks 4.3
[PhpUnit] Fix usleep mock return value
[Lock] use Predis\ClientInterface instead of Predis\Client
Fix version typo in deprecation notice
Make legacy "wrong" RFC2047 encoding apply only to one header
* 4.4:
Re-enable previously failing PHP 7.4 test cases
[PhpUnitBridge] fix uninitialized variable
[ErrorRenderer] fix Cannot use object of type ErrorException as array exception #33631
[Twig] Add missing check
Revert "bug #33618 fix tests depending on other components' tests (xabbuh)"
install from source to include components tests
Fix undefined constant and other minor issues
[Twig] Add NotificationEmail
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[DependencyInjection] Allow binding iterable and tagged services
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
Fix lint commands frozen on empty stdin
* 4.3:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
* 3.4:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
Since `$response->getContent()` returns string and our first parameter is already string as well, in some cases (with different precisions) it may "compare strings" as "strings" and this is not what the test wants.
By changing the first parameter to actual number we force `AssertEquals` to compare them numerically rather than literally by string content.
* 4.4: (21 commits)
[appveyor] exclude tty group
[HttpFoundation] Add types to private/final/internal methods and constructors.
Add types to private/final/internal methods and constructors.
SCA: minor code tweaks
Tweak output
[FrameworkBundle] Added --sort option for TranslationUpdateCommand
[HttpClient] fallbackto CURLMOPT_MAXCONNECTS when CURLMOPT_MAX_HOST_CONNECTIONS is not available
[DI] generate preload.php file for PHP 7.4 in cache folder
Allow version 2 of the contracts package.
[Serializer] Allow multi-dimenstion object array in AbstractObjectNormalizer
fixed typo
[HttpKernel] Fix Apache mod_expires Session Cache-Control issue
deprecated not passing dash symbol (-) to STDIN commands
[VarDumper] display ellipsed FQCN for nested classes
[VarDumper] Display fully qualified title
[Mailer] Change the syntax for DSNs using failover or roundrobin
Removed workaround introduced in 4.3
[Console] Added support for definition list
[OptionsResolver] Display full nested options hierarchy in exceptions
New welcome page
...
* 4.4:
[Routing] fix static route reordering when a previous dynamic route conflicts
conflict with HttpKernel 5
Return null as Expire header if it was set to null
bug #33370 Fix import statement typo in NullCache (adrienbrault)
[ProxyManager] remove ProxiedMethodReturnExpression polyfill
fix dumping not inlined scalar tag values
Fix import statement typo in NullCache
[DoctrineBridge] Allow configuring class names through methods instead of class parameters
* 4.3:
[Routing] fix static route reordering when a previous dynamic route conflicts
Return null as Expire header if it was set to null
bug #33370 Fix import statement typo in NullCache (adrienbrault)
[ProxyManager] remove ProxiedMethodReturnExpression polyfill
fix dumping not inlined scalar tag values
* 3.4:
Return null as Expire header if it was set to null
[ProxyManager] remove ProxiedMethodReturnExpression polyfill
fix dumping not inlined scalar tag values
* 4.4:
Add return-types with help from DebugClassLoader in the CI
do not mock removed getPublicDir() method
[Bridge/Doctrine] fix review
[ErrorHandler] make DebugClassLoader able to add return type declarations
This PR was merged into the 5.0-dev branch.
Discussion
----------
Parameter type leftovers
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32179
| License | MIT
| Doc PR | N/A
Commits
-------
34eda04866 Added more parameter type declarations.