* 4.4:
[HttpFoundation][FrameworkBundle] allow configuring the session handler with a DSN
[Validator] Add AutoMapping constraint to enable or disable auto-validation
[DI] Fix "!tagged" related upgrade/changelog notes
* 4.4:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
[FrameworkBundle] make SodiumVault report bad decryption key accurately
cs fix
[Security] Allow to set a fixed algorithm
[Security/Core] make encodedLength computation more generic
[Security/Core] add fast path when encoded password cannot match anything
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
* 4.4:
[Debug] remove return types that break FC badly
[Mailer][MailchimpBridge] Don't send address names if empty string
[ExpressionLanguage][Lexer] Exponential format for number
[Mailer] Fix SES Message Id retrieval
Add .gitignore to .gitattributes
This PR was merged into the 4.4 branch.
Discussion
----------
Add .gitignore to .gitattributes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33946
| License | MIT
Commits
-------
246c5fdf43 Add .gitignore to .gitattributes
* 4.3:
fix PHP 5.6 compatibility
[Cache] fixed TagAwareAdapter returning invalid cache
Add plus character `+` to legal mime subtype
Make Symfony\Contracts\Service\Test\ServiceLocatorTest abstract
bug #33942 [DI] Add extra type check to php dumper
[Dotenv] search variable values in ENV first then env file
[PropertyInfo] Respect property name case when guessing from public method name
[VarDumper] fix resetting the "bold" state in CliDumper
Missing argument in method_exists
SCA: added missing break in a loop
* 3.4:
Add plus character `+` to legal mime subtype
[Dotenv] search variable values in ENV first then env file
[VarDumper] fix resetting the "bold" state in CliDumper
SCA: added missing break in a loop
* 4.4: (27 commits)
[Validator] add notice in UPGRADE file for new Range constraint option
[CssSelector] Support *:only-of-type pseudo class selector
[Intl] Update the ICU data to 65.1 (4.4 branch)
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist error_renderer.renderer tag in UnusedTagsPass
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
Update CHANGELOG.md
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[EventDispatcher] A compiler pass for aliased userland events.
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
[Form] Added CountryType option for using alpha3 country codes
Fixed invalid changelog 4.0.0 for VarDumper
[Workflow] Fixed BC break on WorkflowInterface
Fix wrong expression language value
...
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 3.4:
[Intl] Update the ICU data to 65.1
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 4.4:
sync phpunit script with master
[HttpFoundation] allow additinal characters in not raw cookies
[Console] Deprecate abbreviating hidden command names using Application->find()
Do not include hidden commands in suggested alternatives
[Messenger] Improve error message when routing to an invalid transport (closes#31613)
[DependencyInjection] Fix wrong exception when service is synthetic
[Security] add "anonymous: lazy" mode to firewalls
* 4.4:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Intl] Excludes locale from language codes (split localized language names)
[FrameworkBundle] WebTestCase KernelBrowser::getContainer null return type
[Intl] Fix compile type errors
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Add types to constructors and private/final/internal methods (Batch I)
[HttpFoundation] optimize normalization of headers
Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
[ErrorHandler] Forward \Throwable
Fix toolbar load when GET params are present in "_wdt" route
This PR was merged into the 4.4 branch.
Discussion
----------
[Http][DI] Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Currently handling trusted ips when deploying behind some CDNs/Load balancers such as ELB is difficult because they dont have a constant IP address, its possible to overcome this as is suggested by the docs - https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly - by settings trusted proxies to `$request->server->get('REMOTE_ADDR')` - but this has to be done in code, and so becomes dangerous if you code is deployed in different environments.
This change would allow the developer to stick to providing the envvar `TRUSTED_PROXIES`, and in the environment behind a ELB set the value to the literal string `REMOTE_ADDR`, and have it replaced at run time. This way in environments that are not using ELB his app is kept safe.
I think doing this replacement in `Request:: setTrustedProxies` is the best place because it means this feature isn't exposed to other parts of the code that might call `Request::getTrustedProxies`.
Commits
-------
643c9ff257 Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
* 4.4:
[Security/Http] fix typo in deprecation message
[Security] Deprecate isGranted()/decide() on more than one attribute
Fixed a minor typo in the UPGRADE to 5.0 guide
Various tweaks 3.4
Various tweaks 4.3
[Security] Make stateful firewalls turn responses private only when needed
[PhpUnit] Fix usleep mock return value
Revert \"feature #33507 [WebProfiler] Deprecated intercept_redirects in 4.4 (dorumd)\"
[TwigBundle] typo
[TwigBundle] fix test case
[Lock] use Predis\ClientInterface instead of Predis\Client
Allow Twig 3
Minor tweaks
Fix version typo in deprecation notice
[Form][SubmitType] Add "validate" option
hint to the --parse-tags when parsing tags fails
Make legacy "wrong" RFC2047 encoding apply only to one header
* 4.3:
[Security/Http] fix typo in deprecation message
Various tweaks 3.4
Various tweaks 4.3
[PhpUnit] Fix usleep mock return value
[Lock] use Predis\ClientInterface instead of Predis\Client
Fix version typo in deprecation notice
Make legacy "wrong" RFC2047 encoding apply only to one header
* 4.4:
Re-enable previously failing PHP 7.4 test cases
[PhpUnitBridge] fix uninitialized variable
[ErrorRenderer] fix Cannot use object of type ErrorException as array exception #33631
[Twig] Add missing check
Revert "bug #33618 fix tests depending on other components' tests (xabbuh)"
install from source to include components tests
Fix undefined constant and other minor issues
[Twig] Add NotificationEmail
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[DependencyInjection] Allow binding iterable and tagged services
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
Fix lint commands frozen on empty stdin
* 4.3:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
* 3.4:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
Since `$response->getContent()` returns string and our first parameter is already string as well, in some cases (with different precisions) it may "compare strings" as "strings" and this is not what the test wants.
By changing the first parameter to actual number we force `AssertEquals` to compare them numerically rather than literally by string content.
* 4.4: (21 commits)
[appveyor] exclude tty group
[HttpFoundation] Add types to private/final/internal methods and constructors.
Add types to private/final/internal methods and constructors.
SCA: minor code tweaks
Tweak output
[FrameworkBundle] Added --sort option for TranslationUpdateCommand
[HttpClient] fallbackto CURLMOPT_MAXCONNECTS when CURLMOPT_MAX_HOST_CONNECTIONS is not available
[DI] generate preload.php file for PHP 7.4 in cache folder
Allow version 2 of the contracts package.
[Serializer] Allow multi-dimenstion object array in AbstractObjectNormalizer
fixed typo
[HttpKernel] Fix Apache mod_expires Session Cache-Control issue
deprecated not passing dash symbol (-) to STDIN commands
[VarDumper] display ellipsed FQCN for nested classes
[VarDumper] Display fully qualified title
[Mailer] Change the syntax for DSNs using failover or roundrobin
Removed workaround introduced in 4.3
[Console] Added support for definition list
[OptionsResolver] Display full nested options hierarchy in exceptions
New welcome page
...
* 4.4:
[Routing] fix static route reordering when a previous dynamic route conflicts
conflict with HttpKernel 5
Return null as Expire header if it was set to null
bug #33370 Fix import statement typo in NullCache (adrienbrault)
[ProxyManager] remove ProxiedMethodReturnExpression polyfill
fix dumping not inlined scalar tag values
Fix import statement typo in NullCache
[DoctrineBridge] Allow configuring class names through methods instead of class parameters
* 4.3:
[Routing] fix static route reordering when a previous dynamic route conflicts
Return null as Expire header if it was set to null
bug #33370 Fix import statement typo in NullCache (adrienbrault)
[ProxyManager] remove ProxiedMethodReturnExpression polyfill
fix dumping not inlined scalar tag values
* 3.4:
Return null as Expire header if it was set to null
[ProxyManager] remove ProxiedMethodReturnExpression polyfill
fix dumping not inlined scalar tag values
* 4.4:
Add return-types with help from DebugClassLoader in the CI
do not mock removed getPublicDir() method
[Bridge/Doctrine] fix review
[ErrorHandler] make DebugClassLoader able to add return type declarations