* 3.4:
[MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
bumped Symfony version to 3.3.3
updated VERSION for 3.3.2
updated CHANGELOG for 3.3.2
[HttpKernel][Debug] Fix missing trace on deprecations collected during bootstrapping & silenced errors
[PropertyInfo] Made ReflectionExtractor's prefix lists instance variables
* 3.3:
[MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
bumped Symfony version to 3.3.3
updated VERSION for 3.3.2
updated CHANGELOG for 3.3.2
[HttpKernel][Debug] Fix missing trace on deprecations collected during bootstrapping & silenced errors
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyInfo] Made ReflectionExtractor's prefix lists instance variables
| Q | A
| ------------- | ---
| Branch? | `3.4`
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR makes `ReflectionExtractor`'s mutator/accessor prefixes instance variables in order to be able to override them to change its behavior.
Commits
-------
58e733b49e [PropertyInfo] Made ReflectionExtractor's prefix lists instance variables
This PR was merged into the 3.3 branch.
Discussion
----------
[MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
f1edfa7ec2 [MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] Show unique Inherited roles in profile panel
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
When more than one assigned role reaches the same inherited role then it's duplicated in the "Inherited roles" list.
The changes in the test case show the unexpected result before fix it:
```console
There was 1 failure:
1) Symfony\Bundle\SecurityBundle\Tests\DataCollector\SecurityDataCollectorTest::testCollectAuthenticationTokenAndRoles with data set #4 (array('ROLE_ADMIN', 'ROLE_OPERATOR'), array('ROLE_ADMIN', 'ROLE_OPERATOR'), array('ROLE_USER', 'ROLE_ALLOWED_TO_SWITCH'))
Failed asserting that Array &0 (
0 => 'ROLE_USER'
1 => 'ROLE_ALLOWED_TO_SWITCH'
2 => 'ROLE_USER'
) is identical to Array &0 (
0 => 'ROLE_USER'
1 => 'ROLE_ALLOWED_TO_SWITCH'
)
```
Commits
-------
7061bfbf3a show unique inherited roles
* 3.4:
[TwigBridge] Fix namespaced classes
bumped Symfony version to 3.3.2
updated VERSION for 3.3.1
updated CHANGELOG for 3.3.1
[DependencyInjection] Fix named args support in ChildDefinition
[Cache] Fallback to positional when keyed results are broken
[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
[Cache] MemcachedAdapter not working with TagAwareAdapter
Remove closure-proxy leftovers
fix used class name in deprecation message
[DependencyInjection] Use more clear message when unused environment variables detected
[Form][Profiler] Fixes form collector triggering deprecations
mitigate BC break with empty trusted_proxies
[Profiler] Never wrap in code excerpts
[Form][FrameworkBundle] Remove non-existing arg for data_collector.form
explain that a role can be an instance of Role
[Cache] fix Redis scheme detection
Implement ServiceSubscriberInterface in optional cache warmers
Deprecate passing a concrete service in optional cache warmers
mix attr options between type-guess options and user options
* 3.3:
[TwigBridge] Fix namespaced classes
bumped Symfony version to 3.3.2
updated VERSION for 3.3.1
updated CHANGELOG for 3.3.1
[DependencyInjection] Fix named args support in ChildDefinition
[Cache] Fallback to positional when keyed results are broken
[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
[Cache] MemcachedAdapter not working with TagAwareAdapter
Remove closure-proxy leftovers
[DependencyInjection] Use more clear message when unused environment variables detected
[Form][Profiler] Fixes form collector triggering deprecations
mitigate BC break with empty trusted_proxies
[Profiler] Never wrap in code excerpts
[Form][FrameworkBundle] Remove non-existing arg for data_collector.form
explain that a role can be an instance of Role
[Cache] fix Redis scheme detection
mix attr options between type-guess options and user options
* 3.2:
[TwigBridge] Fix namespaced classes
[Cache] MemcachedAdapter not working with TagAwareAdapter
[DependencyInjection] Use more clear message when unused environment variables detected
mix attr options between type-guess options and user options
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Basically reverts #22238 + cleanups some comments + adds missing syncing logic in setTrustedHeaderName.
The reason for this proposal is that the BC break can go un-noticed until prod, *even if you have proper CI*. That's because your CI may not replicate exactly what your prod have (ie a reverse proxy), so that maybe only prod has a trusted-proxies configuration. I realized this while thinking about #23049: it made this situation even more likely, by removing an opportunity for you to notice the break before prod.
The reasons for the BC break are still valid and all of this is security-related. But the core security issue is already fixed. The remaining issue still exists (an heisenbug related to some people having both Forwarded and X-Forwarded-* set for some reason), but deprecating might still be enough.
WDYT? (I'm sure everyone is going to be happy with the BC break reversal, but I'm asking for feedback from people who actually could take the time to *understand* and *balance* the rationales here, thanks :) )
Commits
-------
2132333059 [HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
This PR was merged into the 3.3 branch.
Discussion
----------
[Cache] Fallback to positional when keyed results are broken
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Works around https://github.com/krakjoe/apcu/issues/247 ~~and https://github.com/facebook/hhvm/issues/7867~~
Commits
-------
28aaa8eb05 [Cache] Fallback to positional when keyed results are broken
This PR was squashed before being merged into the 3.3 branch (closes#22981).
Discussion
----------
[DependencyInjection] Fix named args support in ChildDefinition
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Following @Tobion's review of #21383.
Commits
-------
1ab3e413d4 [DependencyInjection] Fix named args support in ChildDefinition