This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34774
| License | MIT
| Doc PR | -
`%s` should be escaped, so it is dumped as `%%s` (it ends up being properly unescaped at load time, so the passed value to the service is the same).
Commits
-------
de03cee846 [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
* 4.3:
[DotEnv] Remove `usePutEnv` property default value
Set up typo fix
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] fix resolving bindings for named TypedReference
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 4.3.10
updated VERSION for 4.3.9
updated CHANGELOG for 4.3.9
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
Add test on ServerLogHandler
* 3.4:
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] resolve service locators in `debug:*` commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34470
| License | MIT
| Doc PR | -
Because of the way ServiceClosureArgument are dumped, we need to resolve locators after loading the xml dump of the container:
https://github.com/symfony/symfony/blob/3.4/src/Symfony/Component/DependencyInjection/Dumper/XmlDumper.php#L273
Commits
-------
820da66346 [FrameworkBundle] resolve service locators in `debug:*` commands
* 4.4:
Fixed translations file dumper behavior
When set, get secret from config variable
[FrameworkBundle] Set the parameter bag as resolved in ContainerLintCommand
[SecurityBundle] Fix switch_user provider configuration handling
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Use config variable in AnonymousFactory
| Q | A
| ------------- | ---
| Branch? | 4.4 and 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
It looks like the `AnonymousFactory` was copied incorrectly in https://github.com/symfony/symfony/pull/33503 as it uses the old `$firewall` variable available in `SecurityExtension.php`. Changing this to `$config` yields the desired results
Commits
-------
8d850d2da4 When set, get secret from config variable
* 5.0:
[DI] auto-register singly implemented interfaces by default
[DI] fix overriding existing services with aliases for singly-implemented interfaces
remove service when base class is missing
do not depend on the QueryBuilder from the ORM
[Security/Http] call auth listeners/guards eagerly when they "support" the request
[Messenger] add tests to FailedMessagesShowCommand
Fix the translation commands when a template contains a syntax error
[Security] Fix clearing remember-me cookie after deauthentication
[Validator] Update Slovenian translations
[HttpClient] remove conflict rule with HttpKernel that prevents using the component in Symfony 3.4
[Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
Fix compatibility with Monolog 2
fix dumping number-like string parameters
Fix CI
[Console] Fix autocomplete multibyte input support
[Config] don't break on virtual stack frames in ClassExistenceResource
more robust initialization from request
Changing the multipart form-data behavior to use the form name as an array, which makes it recognizable as an array by PHP on the $_POST globals once it is coming from the HttpClient component
* 4.4:
[DI] auto-register singly implemented interfaces by default
[DI] fix overriding existing services with aliases for singly-implemented interfaces
remove service when base class is missing
do not depend on the QueryBuilder from the ORM
[Security/Http] call auth listeners/guards eagerly when they "support" the request
[Messenger] add tests to FailedMessagesShowCommand
Fix the translation commands when a template contains a syntax error
[Security] Fix clearing remember-me cookie after deauthentication
[Validator] Update Slovenian translations
[HttpClient] remove conflict rule with HttpKernel that prevents using the component in Symfony 3.4
[Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
fix dumping number-like string parameters
Fix CI
[Console] Fix autocomplete multibyte input support
[Config] don't break on virtual stack frames in ClassExistenceResource
more robust initialization from request
Changing the multipart form-data behavior to use the form name as an array, which makes it recognizable as an array by PHP on the $_POST globals once it is coming from the HttpClient component
* 4.3:
[Messenger] add tests to FailedMessagesShowCommand
Fix the translation commands when a template contains a syntax error
[Security] Fix clearing remember-me cookie after deauthentication
[Validator] Update Slovenian translations
[Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
fix dumping number-like string parameters
Fix CI
[Console] Fix autocomplete multibyte input support
[Config] don't break on virtual stack frames in ClassExistenceResource
more robust initialization from request
This PR was merged into the 4.4 branch.
Discussion
----------
[TwigBundle] remove service when base class is missing
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
c3a658ac0f remove service when base class is missing
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Http] call auth listeners/guards eagerly when they "support" the request
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34614, Fix#34679
| License | MIT
| Doc PR | -
This fixes the form authenticator linked to #34614.
Since laziness is here to provide compatibility with HTTP caching, it should be disabled when the request cannot be cached.
Tests don't pass yet, but I'm on the path to something here.
The PR now introduces a new `AbstractListener` that splits the handling logic in two:
- `supports(Request): ?bool` is always called eagerly and tells whether the listener matches the request for an earger call or a lazy call
- `authenticate(RequestEvent)` does the rest of the job when `supports()` allows so - lazily or not depending on the return value of `supports()`.
Of course, this remains compatible with non-lazy logics, see `AbstractListener::__invoke()`.
Commits
-------
b20ebe6b90 [Security/Http] call auth listeners/guards eagerly when they "support" the request
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Mailer] Allow to configure or disable the message bus to use
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | #34633 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | todo
A new `mailer.message_bus` option allowing to choose the message bus to use instead of using the default one.
Also allows to set it to `false` so no message bus is used and the transport will be called directly.
Commits
-------
42fd0cf985 [Mailer] Allow to configure or disable the message bus to use
* 5.0: (30 commits)
bug #34554 [HttpClient] Fix early cleanup of pushed HTTP/2 responses (lyrixx)
Fix tests
[Console] Fix commands description with numeric namespaces
[HttpFoundation] Fixed typo
[DI] Skip unknown method calls for factories in check types pass
[EventDispatcher] Better error reporting when arguments to dispatch() are swapped
[errorHandler] Remove old references from the old debug component
improve upgrade instructions for twig.exception_controller configuration
[HttpFoundation] Update CHANGELOG for PdoSessionHandler BC BREAK in 4.4
[Serializer] CsvEncoder::NO_HEADERS_KEY ignored when used in constructor
[Form] Keep preferred_choices order for choice groups
[Debug] work around failing chdir() on Darwin
[PhpUnitBridge] Read configuration CLI directive
[DI] Missing test on YamlFileLoader
Revert "minor #34608 [Process] add tests for php executable finder if file does not exist (ahmedash95)"
Simpler example for Apache basic auth workaround
[Console] Fix trying to access array offset on value of type int
[Config] Remove extra sprintf arg
[HttpKernel] fix typo
[HttpKernel] Support typehint to deprecated FlattenException in controller
...
* 4.4: (28 commits)
bug #34554 [HttpClient] Fix early cleanup of pushed HTTP/2 responses (lyrixx)
Fix tests
[Console] Fix commands description with numeric namespaces
[HttpFoundation] Fixed typo
[DI] Skip unknown method calls for factories in check types pass
[EventDispatcher] Better error reporting when arguments to dispatch() are swapped
improve upgrade instructions for twig.exception_controller configuration
[HttpFoundation] Update CHANGELOG for PdoSessionHandler BC BREAK in 4.4
[Serializer] CsvEncoder::NO_HEADERS_KEY ignored when used in constructor
[Form] Keep preferred_choices order for choice groups
[Debug] work around failing chdir() on Darwin
[PhpUnitBridge] Read configuration CLI directive
[DI] Missing test on YamlFileLoader
Revert "minor #34608 [Process] add tests for php executable finder if file does not exist (ahmedash95)"
Simpler example for Apache basic auth workaround
[Console] Fix trying to access array offset on value of type int
[Config] Remove extra sprintf arg
[HttpKernel] fix typo
[HttpKernel] Support typehint to deprecated FlattenException in controller
Add preview mode support for Html and Serializer error renderers
...
* 4.3:
Fix tests
[Console] Fix commands description with numeric namespaces
[HttpFoundation] Fixed typo
[EventDispatcher] Better error reporting when arguments to dispatch() are swapped
[Serializer] CsvEncoder::NO_HEADERS_KEY ignored when used in constructor
[Form] Keep preferred_choices order for choice groups
[Debug] work around failing chdir() on Darwin
[PhpUnitBridge] Read configuration CLI directive
[DI] Missing test on YamlFileLoader
Revert "minor #34608 [Process] add tests for php executable finder if file does not exist (ahmedash95)"
Simpler example for Apache basic auth workaround
[Console] Fix trying to access array offset on value of type int
[Config] Remove extra sprintf arg
[VarDumper] notice on potential undefined index
[HttpClient] turn exception into log when the request has no content-type
[Process] add tests for php executable finder if file does not exist
[Cache] Make sure we get the correct number of values from redis::mget()
[TwigBridge] Add row_attr to all form themes
[Serializer] Fix MetadataAwareNameConverter usage with string group
This PR was merged into the 4.3 branch.
Discussion
----------
[TwigBridge] Add row_attr to all form themes
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33552
| License | MIT
| Doc PR | -
The rules I applied:
- Always done on the first HTML tag of the row.
- Current existing row attrs (`class` or `style`) are applied unless they are defined by the `row_attr` override. They can be removed if they are explicitly set to `false`.
Starting from:
```
<div class="form-group">
```
With `row_attr: {foo: "bar"}`:
```
<div foo="bar" class="form-group">
```
With `row_attr: {class: "ccc"}`:
```
<div class="ccc">
```
With `row_attr: {foo: "bar", class: false}`:
```
<div foo="bar">
```
Commits
-------
dfdcbb401e [TwigBridge] Add row_attr to all form themes
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[FWBundle] Remove error_renderer.serializer if the Serializer isn't available
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
(Should help for https://github.com/hautelook/AliceBundle/pull/485).
Commits
-------
0b4c21b3d2 [FWBundle] Remove error_renderer.serializer if the Serializer isn't available
* 5.0: (47 commits)
reset the kernel cache after each test
[HttpKernel] Ability to define multiple kernel.reset tags
[Routing] Continue supporting single colon in object route loaders
[FWBundle] Remove unused parameter
[Intl] [Workflow] fixes English grammar typos
[Filesystem] [Serializer] fixes English grammar typo
mailer: mailchimp bridge is throwing undefined index _id when setting message id in mandrill http transport
has_roles should be is_granted in security upgrade file
has_roles should be is_granted in upgrade files
[HttpClient] Fix early cleanup of pushed HTTP/2 responses
skip test on incompatible PHP versions
[HttpKernel] Don't cache "not-fresh" state
Drop WebServerBundle directory
[FrameworkBundle][Cache] Don't deep-merge cache pools configuration
[Messenger] Adding exception to amqp transport in case amqp ext is not installed
[SecurityBundle] Don't require a user provider for the anonymous listener
[DoctrineBridge] Fixed cs in DoctrineType
[Monolog Bridge] Fixed accessing static property as non static.
Improve Symfony description
[Mailer] Add UPGRADE entries about Envelope and MessageEvent
...
* 4.4: (38 commits)
reset the kernel cache after each test
[HttpKernel] Ability to define multiple kernel.reset tags
[Routing] Continue supporting single colon in object route loaders
[FWBundle] Remove unused parameter
[Intl] [Workflow] fixes English grammar typos
[Filesystem] [Serializer] fixes English grammar typo
mailer: mailchimp bridge is throwing undefined index _id when setting message id in mandrill http transport
has_roles should be is_granted in upgrade files
[HttpClient] Fix early cleanup of pushed HTTP/2 responses
skip test on incompatible PHP versions
[HttpKernel] Don't cache "not-fresh" state
[FrameworkBundle][Cache] Don't deep-merge cache pools configuration
[Messenger] Adding exception to amqp transport in case amqp ext is not installed
[SecurityBundle] Don't require a user provider for the anonymous listener
[Monolog Bridge] Fixed accessing static property as non static.
Improve Symfony description
[Mailer] Add UPGRADE entries about Envelope and MessageEvent
[FrameworkBundle] fix leftover mentioning "secret:" processor
Add DateTimeZoneNormalizer into Dependency Injection
[Messenger] Error when specified default bus is not among the configured
...
* 4.3:
[FWBundle] Remove unused parameter
[Intl] [Workflow] fixes English grammar typos
[Filesystem] [Serializer] fixes English grammar typo
[Messenger] Adding exception to amqp transport in case amqp ext is not installed
[Monolog Bridge] Fixed accessing static property as non static.
Improve Symfony description
Add DateTimeZoneNormalizer into Dependency Injection
[Messenger] Error when specified default bus is not among the configured
[Validator] Add Japanese translation
[Workflow] Apply the same logic of precedence between the apply() and the buildTransitionBlockerList() method
Remove some unused methods parameters
Avoid empty \"If-Modified-Since\" header in validation request
[Security] Fix SwitchUser is broken when the User Provider always returns a valid user
Fix error message according to the new regex
compatibility with DoctrineBundle 2
[Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls
This PR was squashed before being merged into the 5.1-dev branch (closes#32937).
Discussion
----------
[Routing] Deprecate RouteCollectionBuilder
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #32240
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12688
| Recipe PR | https://github.com/symfony/recipes/pull/690
A lot to be done here after the implementation is accepted:
- [x] finish deprecations in the MicroKernelTrait
- [x] deprecate the class
- [x] mention in the CHANGELOG file
- [x] mention in the UPGRADE file
- [x] mark tests as legacy
- [x] add a doc PR
- [x] update the recipe
Ping @Tobion , @nicolas-grekas .
Commits
-------
e641cbdd46 [Routing] Deprecate RouteCollectionBuilder
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Don't require a user provider for the anonymous listener
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34504
| License | MIT
| Doc PR | -
Forgotten when adding the AnonymousFactory in #33503
Commits
-------
0950cfbc65 [SecurityBundle] Don't require a user provider for the anonymous listener
* 5.0:
[Routing] fix tests
[DI] minor cleanup
[Form] group constraints when calling the validator
Remove wrong @group legacy annotations
[DependencyInjection] Fix dumping multiple deprecated aliases
allow button names to start with uppercase letter
Allow PHP ^7.2.5
States that the HttpClient provides a Http Async implementation
[Routing] Fix ContainerLoader and ObjectLoaderTest
[HttpKernel] Make ErrorListener::onKernelException()'s dispatcher argument explicit
[HttpKernel] Drop deprecated ExceptionListener
Removed extra whitespace
[Security] Fix best encoder not wired using migrate_from
* 4.4:
[Routing] fix tests
[Form] group constraints when calling the validator
Remove wrong @group legacy annotations
[DependencyInjection] Fix dumping multiple deprecated aliases
allow button names to start with uppercase letter
States that the HttpClient provides a Http Async implementation
* 4.4:
[Messenger] Perform no deep merging of bus middleware
[HttpFoundation] Added possibility to configure expiration time in redis session handler
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
Drop useless executable bit
[DoctrineBridge] Improve queries parameters display in Profiler
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
* 4.3:
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Perform no deep merging of bus middleware
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This change helps in case one needs to configure a bus differently for a custom environment while keeping existing handlers attached by name.
Commits
-------
c264583f28 [Messenger] Perform no deep merging of bus middleware
* 4.4: (23 commits)
[HttpFoundation] fix docblock
[HttpKernel] Flatten "exception" controller argument if not typed
Fix MySQL column type definition.
Link the right file depending on the new version
[Cache] Redis Tag Aware warn on wrong eviction policy
[HttpClient] fix HttpClientDataCollector
[HttpKernel] collect bundle classes, not paths
[Config] fix id-generation for GlobResource
[HttpKernel] dont check cache freshness more than once per process
[Finder] Allow ssh2 stream wrapper for sftp
[FrameworkBundle] fix wiring of httplug client
add FrameworkBundle requirement
[SecurityBundle] add tests with empty authenticator
[Security] always check the token on non-lazy firewalls
[DI] Use reproducible entropy to generate env placeholders
[WebProfilerBundle] Require symfony/twig-bundle
[Mailer] Add UPGRADE entry about the null transport DSN
bumped Symfony version to 4.3.9
updated VERSION for 4.3.8
updated CHANGELOG for 4.3.8
...
* 4.4:
[Console] Constant STDOUT might be undefined.
Add missing conflict with symfony/serializer <4.4
Allow returning null from NormalizerInterface::normalize
bumped Symfony version to 4.4.0
updated VERSION for 4.4.0-BETA1
updated CHANGELOG for 4.4.0-BETA1
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
* 4.3:
[Console] Constant STDOUT might be undefined.
Allow returning null from NormalizerInterface::normalize
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
This PR was merged into the 5.0-dev branch.
Discussion
----------
more strict requirements of experimental components
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
23bc40b764 more strict requirements of experimental components
