This PR was squashed before being merged into the 2.7 branch (closes#23120).
Discussion
----------
Remove deprecated each function
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR |
Replace the `each()` function which is deprecated in PHP 7.2 (https://wiki.php.net/rfc/deprecations_php_7_2#each)
Commits
-------
232caad876 Remove deprecated each function
This PR was merged into the 3.3 branch.
Discussion
----------
[EventDispatcher] Remove dead code in WrappedListener
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The static `$cloner` property is unused since ab716c64de
Commits
-------
8b7de02413 [EventDispatcher] Remove dead code in WrappedListener
This PR was merged into the 3.3 branch.
Discussion
----------
[SecurityBundle] Fix non-dumped voters in profiler
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As a bugfix since it was just forgot.
__before__
__after__
Commits
-------
c1fa308c0a Fix non-dumped voters in security panel
This PR was merged into the 3.2 branch.
Discussion
----------
[Cache] ApcuAdapter::isSupported() should return true when apc.enable_cli=Off
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
By being sensitive to apc.enable_cli, CLI cache warmup is broken when the setting is set to off because a PhpFilesAdapter will be warmed up by the CLI, whereas the Web mode will look at the FilesystemAdapter pools, which will be empty.
Commits
-------
aadf263db4 [Cache] APCu isSupported() should return true when apc.enable_cli=Off
This PR was merged into the 2.8 branch.
Discussion
----------
#22839 - changed debug toolbar dump section to relative and use full window width
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22839
| License | MIT
My approach to fix#22839 - instead of adding min-width I have switched the section to fill the full available width:
Commits
-------
65297de3aa#22839 - changed debug toolbar dump section to relative and use full window width
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix perf issue in CacheClearCommand::warmup()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
On slow file systems (eg on Windows), I noticed that writing files without doing any changes just kills perf.
Limiting the depth also helps when the symfony/cache component is used (because it can store thousands of files in its cache pool directory structure, and iterating there is also a waste of *fs* time).
I choose the max depth by looking at where existing apps put their files and added one level more just in case.
Commits
-------
b58f060fda [FrameworkBundle] Fix perf issue in CacheClearCommand::warmup()
This PR was merged into the 3.3 branch.
Discussion
----------
[SecurityBundle] Made 2 service aliases private
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
We missed making them private :(
Is it too late to fix that?
Commits
-------
4442c636c8 [SecurityBundle] Made 2 service aliases private
This PR was merged into the 3.3 branch.
Discussion
----------
[Yaml] Remove line number in deprecation notices
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While moving an app to 3.3, I noticed that my deprecation log is full of deprecation notices that differ only by some line number, but don't tell which file is concerned.
This makes the line number useless, and just prevents aggregation.
Commits
-------
f82b6185a4 [Yaml] Remove line number in deprecation notices
* 2.7:
bumped Symfony version to 2.7.30
Cache ipCheck
updated VERSION for 2.7.29
update CONTRIBUTORS for 2.7.29
updated CHANGELOG for 2.7.29
show unique inherited roles
This PR was merged into the 2.7 branch.
Discussion
----------
Cache ipCheck (2.7)
In our app we use trusted proxies. Using Blackfire we found `IpUtils::checkIp` was being called 454 times taking 3.15ms.
Caching the result saves those 3ms.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
bcb80569cb Cache ipCheck
This PR was merged into the 3.3 branch.
Discussion
----------
[MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
f1edfa7ec2 [MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] Show unique Inherited roles in profile panel
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
When more than one assigned role reaches the same inherited role then it's duplicated in the "Inherited roles" list.
The changes in the test case show the unexpected result before fix it:
```console
There was 1 failure:
1) Symfony\Bundle\SecurityBundle\Tests\DataCollector\SecurityDataCollectorTest::testCollectAuthenticationTokenAndRoles with data set #4 (array('ROLE_ADMIN', 'ROLE_OPERATOR'), array('ROLE_ADMIN', 'ROLE_OPERATOR'), array('ROLE_USER', 'ROLE_ALLOWED_TO_SWITCH'))
Failed asserting that Array &0 (
0 => 'ROLE_USER'
1 => 'ROLE_ALLOWED_TO_SWITCH'
2 => 'ROLE_USER'
) is identical to Array &0 (
0 => 'ROLE_USER'
1 => 'ROLE_ALLOWED_TO_SWITCH'
)
```
Commits
-------
7061bfbf3a show unique inherited roles
* 3.2:
[TwigBridge] Fix namespaced classes
[Cache] MemcachedAdapter not working with TagAwareAdapter
[DependencyInjection] Use more clear message when unused environment variables detected
mix attr options between type-guess options and user options
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Basically reverts #22238 + cleanups some comments + adds missing syncing logic in setTrustedHeaderName.
The reason for this proposal is that the BC break can go un-noticed until prod, *even if you have proper CI*. That's because your CI may not replicate exactly what your prod have (ie a reverse proxy), so that maybe only prod has a trusted-proxies configuration. I realized this while thinking about #23049: it made this situation even more likely, by removing an opportunity for you to notice the break before prod.
The reasons for the BC break are still valid and all of this is security-related. But the core security issue is already fixed. The remaining issue still exists (an heisenbug related to some people having both Forwarded and X-Forwarded-* set for some reason), but deprecating might still be enough.
WDYT? (I'm sure everyone is going to be happy with the BC break reversal, but I'm asking for feedback from people who actually could take the time to *understand* and *balance* the rationales here, thanks :) )
Commits
-------
2132333059 [HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
