This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Make stateful firewalls turn responses private only when needed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26769 *et al.*
| License | MIT
| Doc PR | -
Replaces #28089
By taking over session usage tracking and replacing it with token usage tracking, we can prevent responses that don't actually use the token from turning responses private without changing anything to the lifecycle of security listeners. This makes the behavior much more seamless, allowing to still log the user with the monolog processor, and display it in the profiler toolbar.
This works by using two separate token storage services:
- `security.token_storage` now tracks access to the token and increments the session usage tracker when needed. This is the service that is injected in userland.
- `security.untracked_token_storage` is a raw token storage that just stores the token and is disconnected from the session. This service is injected in places where reading the session doesn't impact the generated output in any way (as e.g. in Monolog processors, etc.)
Commits
-------
20df3a125c [Security] Make stateful firewalls turn responses private only when needed
This PR was merged into the 4.4 branch.
Discussion
----------
Fixed a minor typo in the UPGRADE to 5.0 guide
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I tried to fix this in the 4.3 branch too ... but the `UPGRADE-5.0.md` is quite different. Should these two files be exactly the same?
* https://github.com/symfony/symfony/blob/4.3/UPGRADE-5.0.md
* https://github.com/symfony/symfony/blob/4.4/UPGRADE-5.0.md
Commits
-------
8532d62 Fixed a minor typo in the UPGRADE to 5.0 guide
This PR was squashed before being merged into the 3.4 branch (closes#33677).
Discussion
----------
Various tweaks 3.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
47cb83a6ec Various tweaks 3.4
This PR was squashed before being merged into the 4.3 branch (closes#33678).
Discussion
----------
Various tweaks 4.3
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
7596f99a12 Various tweaks 4.3
This PR was merged into the 4.4 branch.
Discussion
----------
[Form][SubmitType] Add "validate" option
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/8763
| License | MIT
| Doc PR | TODO
The second part of the ticket requires more work but is kind of unrelated.
Commits
-------
a2bc06d811 [Form][SubmitType] Add "validate" option
This PR was merged into the 4.3 branch.
Discussion
----------
Make legacy "wrong" RFC2047 encoding apply only to one header
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
It says in a comment in the code that "We have to go against RFC 2183/2231 in some areas for interoperability". But I would like that to be the exception and not the rule. As the code was, all parameterized headers except from "Content-Disposition" was not encoded according to RFC 2231.
This change is to make it so that the exception (to not follow the RFC) is for the header "Content-Type" only, and all other parameterized headers will follow the rule of RFC 2231.
The code kind of worked before, because in emails we generally only have two parameterized headers; "Content-Disposition" and "Content-Type". But I think it is a good thing that if another parameterized header would happen to be added, by default it should follow the rule of the RFC and not by default be an exception.
Commits
-------
3817a8b036 Make legacy "wrong" RFC2047 encoding apply only to one header
This PR was merged into the 4.4 branch.
Discussion
----------
[Yaml] hint to the --parse-tags when parsing tags fails
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/28465#issuecomment-533182079
| License | MIT
| Doc PR |
Commits
-------
012111524b hint to the --parse-tags when parsing tags fails
This PR was squashed before being merged into the 3.4 branch (closes#33666).
Discussion
----------
[Lock] use Predis\ClientInterface instead of Predis\Client
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
`\Predis\ClientInterface` can be used instead of `\Predis\Client` for RedisStore.
Commits
-------
5c01f0a7e5 [Lock] use Predis\ClientInterface instead of Predis\Client
This PR was merged into the 4.3 branch.
Discussion
----------
Fix version typo in deprecation notice
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
https://github.com/symfony/symfony/pull/28865 was merged into 4.3
Commits
-------
bd13271016 Fix version typo in deprecation notice
This PR was merged into the 3.4 branch.
Discussion
----------
[travis] more CI fixes
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
27b1986cc2 [travis] more CI fixes
This PR was merged into the 3.4 branch.
Discussion
----------
[travis] fix CI
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a0961d3b99 [travis] fix CI
This PR was merged into the 4.4 branch.
Discussion
----------
[Twig] Remove deprecated tag usage
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
cd74cb32ef [Twig] Remove deprecated tag usage
This PR was merged into the 3.4 branch.
Discussion
----------
[travis] honor .gitattributes when building local packages
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d7fbb0a4a4 [travis] honor .gitattributes when building local packages