* 5.1:
fix merge
Require PHPUnit 9.3 on PHP 8
[Cache] fix catching auth errors
Fix CS
[FrameworkBundle] set default session.handler alias if handler_id is not provided
Fix CS
Readability update
Removed @internal from Composite
Fix checks for phpunit releases on Composer 2 (resolves#37601)
[Messenger] fix ignore account & endpoint options amazon sqs connection
[Serializer] Support multiple levels of discriminator mapping
Use hexadecimal numerals instead of hexadecimals in strings to represent error codes.
[SCA] Minor fixes on tests
[WebProfilerBundle] modified url generation to use absolute urls
[Mailer] Fix reply-to functionality in the SendgridApiTransport
[Mime] Fix compat with HTTP requests
ticket_36879 - Fix mandrill raw http request setting from email/name
* 5.0:
fix merge
Require PHPUnit 9.3 on PHP 8
[Cache] fix catching auth errors
Fix CS
[FrameworkBundle] set default session.handler alias if handler_id is not provided
Fix CS
Readability update
Fix checks for phpunit releases on Composer 2 (resolves#37601)
[Serializer] Support multiple levels of discriminator mapping
Use hexadecimal numerals instead of hexadecimals in strings to represent error codes.
[SCA] Minor fixes on tests
[WebProfilerBundle] modified url generation to use absolute urls
[Mailer] Fix reply-to functionality in the SendgridApiTransport
[Mime] Fix compat with HTTP requests
ticket_36879 - Fix mandrill raw http request setting from email/name
* 4.4:
fix merge
Require PHPUnit 9.3 on PHP 8
[Cache] fix catching auth errors
Fix CS
[FrameworkBundle] set default session.handler alias if handler_id is not provided
Fix CS
Readability update
Fix checks for phpunit releases on Composer 2 (resolves#37601)
[Serializer] Support multiple levels of discriminator mapping
Use hexadecimal numerals instead of hexadecimals in strings to represent error codes.
[SCA] Minor fixes on tests
[WebProfilerBundle] modified url generation to use absolute urls
[Mailer] Fix reply-to functionality in the SendgridApiTransport
[Mime] Fix compat with HTTP requests
ticket_36879 - Fix mandrill raw http request setting from email/name
* 3.4:
[Cache] fix catching auth errors
Fix CS
[FrameworkBundle] set default session.handler alias if handler_id is not provided
Fix CS
Readability update
Fix checks for phpunit releases on Composer 2 (resolves#37601)
[SCA] Minor fixes on tests
This PR was merged into the 5.2-dev branch.
Discussion
----------
[TwigBundle] Deprecate the public "twig" service to private
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
I think the `twig` service don't need to be public anymore - we never need to access it directly in Symfony's code.
Commits
-------
f64cbada89 [TwigBundle] Deprecate the public "twig" service to private
* 5.1:
[HttpClient] Support for cURL handler objects.
[HttpClient] unset activity list when creating CurlResponse
Fixed typo in test name
[DI] Fix call to sprintf in ServicesConfigurator::stack()
add .body wrapper element
[HttpFondation] Change file extension of "audio/mpeg" from "mpga" to "mp3"
[VarDumper] Support for cURL handler objects.
Check whether path is file in DataPart::fromPath()
[DI][FrameworkBundle] Remove whitelist occurrences
Avoid accessibility errors on debug toolbar
Resolve event bubbling logic in a compiler pass
update cookie test
* This removes duplicate event dispatching logic on event bubbling, which
probably improves performance.
* It allows to still specify listener priorities while listening on a
bubbled-up event (instead of a fix moment where the event bubbling occurs)
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Let security factories add firewall listeners
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | n/a
Hello there, I'm the author of `scheb/two-factor-bundle`, which extends Symfony's security layer with two-factor authentication. I've been closely following the recent changes by @wouterj to rework the security layer with "authenticators" (great work!). While I managed to make my bundle work with authenticators, I see some limitations in the security layer that I'd like to address to make such extensions easier to implement.
With the new authenticator-based security system, it is no longer possible to add a authentication listener to the firewall. The only way to do it is a dirty compiler pass, which extends the argument on the `security.firewall.map.context.[firewallName]` service (like I do in: ed2ce9804b/src/bundle/DependencyInjection/Compiler/AccessListenerCompilerPass.php). This is quite ugly and hacky, so I believe there should be an easier and clean way to add firewall-level listeners. This PR adds an interface, which may be implemented by security factories and lets them add additional listeners to the firewall.
Why would you want to do that? There are certain use-cases that require extra logic to handle a request within the firewall. For example in my bundle, I need to handle the intermediate state between login and the completion of two-factor authentication. So ideally, I'm able to execute some code from the firewall right before `Symfony\Component\Security\Http\Firewall\AccessListener`. In the old security system, I could handle this in my authentication listener, which I had to implement anyways. With the new authenticator-based system this option is gone. In the ideal world, I could add a firewall listener and tell it to execute between `LogoutListener` and `AccessListener`.
This is a draft, so I'd like to hear your opinion on this :)
There's another issue, regarding the order of execution, which I'm addressing with #37337.
Commits
-------
0a4fcea8db Add interface to let security factories add their own firewall listeners
This PR was merged into the 5.1 branch.
Discussion
----------
[SecurityBundle] Fix UserCheckerListener registration with custom user checker
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37365
| License | MIT
| Doc PR | -
The user checker listener was wrongly registered on the global event dispatcher, as it can be customized per firewall. This PR fixes that + correctly uses the configured user checker instead of always trying to use `UserCheckerInterface`.
Commits
-------
d63f59036c Fix UserCheckerListener registration with custom user checkers
* 5.1:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures
* 5.0:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures
* 4.4:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[SecurityBundle] Move configuration from XML to PHP
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | #37186 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR |- <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Move security configuration from XML to PHP for `collectors`, `console` and `guard`
Commits
-------
417636fb61 [Security] Move configuration of guard to PHP
79764a9e85 [Security] Move configuration of console to PHP
2176ed23b1 [Security] Move configuration of collectors to PHP
* 5.1:
[Console] Reset question validator attempts only for actual stdin (bis)
Fix CookieClearingLogoutListener DI configuration
[HttpFoundation] use InputBag for Request::$request only if data is coming from a form
Make PhpDocExtractor compatible with phpDocumentor v5
fixed prototype block prefixes hierarchy of the CollectionType
Reset question validator attempts only for actual stdin
fixed block prefixes hierarchy of the CollectionType
bumped Symfony version to 5.0.11
updated VERSION for 5.0.10
updated CHANGELOG for 5.0.10
bumped Symfony version to 4.4.11
updated VERSION for 4.4.10
updated CHANGELOG for 4.4.10
* 5.1:
[Security] Run functional tests also for the authenticator system
Fix register csrf protection listener
bumped Symfony version to 5.1.2
updated VERSION for 5.1.1
updated CHANGELOG for 5.1.1
This PR was merged into the 5.2-dev branch.
Discussion
----------
[SecurityBundle] convert templating configuration to PHP
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Ref #37186
| License | MIT
Commits
-------
0c36a4b8d9 [SecurityBundle] convert templating configuration to PHP
* 5.1:
fix forward compatibility with Doctrine DBAL 2.11+
[SecurityBundle] Fix the session listener registration under the new authentication manager
allow cursor to be used even when STDIN is not defined
* 5.1: (36 commits)
Fixed left-over debug statement
set column length for mysql 5.6 compatibility
[Mime] Remove unused var
[HttpClient] fix monitoring timeouts when other streams are active
[PhpUnitBridge] fix syntax on PHP 5.3
[PhpUnitBridge] Fix undefined index when output of "composer show" cannot be parsed
properly cascade validation to child forms
[PropertyAccess] Fix getter call order BC
[PhpUnitBridge] fix undefined var on version 3.4
Fix invalid char in SQS Headers
Move ajax clear event listener initialization on loadToolbar
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
Fix CS
FrameworkBundle Serializer issue
register event listeners depending on the installed packages
take into account the context when preserving empty array objects
Only register CSRF protection listener if CSRF is available
[VarExporter] tfix: s/markAsSkipped/markTestSkipped/
Also check PUBLIC_ACCESS for authenticated tokens
Fix enabled_locales behavior
...
* 5.1:
Handle fetch mode deprecation of DBAL 2.11.
Fixed security-* package dependencies
Fixed handling of CSRF logout error
[WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
[DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
* 5.1: (33 commits)
[Cache] $lifetime cannot be null
[Serializer] minor cleanup
fix merge
Run PHP 8 as 7.4.99
Remove calls to deprecated ReflectionParameter::getClass().
[VarDumper] fix PHP 8 support
Removed "services" prototype node from "custom_authenticator"
Add php 8 to travis.
[Cache] Accessing undefined constants raises an Error in php8
[Cache] allow DBAL v3
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
Made method signatures compatible with their corresponding traits.
[ErrorHandler] Apply php8 fixes from Debug component.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[BrowserKit] Raw body with custom Content-Type header
Revert https://github.com/symfony/symfony/pull/34986
Make ExpressionLanguageSyntax validator usable with annotation
...
* 5.1:
[PhpUnitBridge] fix leftover
[PhpUnitBridge] fix installing under PHP >= 8
Use ">=" for the "php" requirement
bump icu 67.1
[DI] Remove preload primitive types
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
[Validator] allow passing a validator to Validation::createCallable()