This PR was merged into the 4.4 branch.
Discussion
----------
Complete the Language for Hungarian and Norwegian
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38745 and fix#38754
| License | MIT
| Doc PR | -
Hi there, i have complete the translation for this 2 language. Mostly i translate that using google translate and some of the language i define by my self.
Commits
-------
9e4859c87b Complete the Language for Hungarian and Norwegian
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Added Thai missing translations
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38767
| License | MIT
| Doc PR | -
Added missing Thai translations based on 4.4 branch
CC. @Nyholm
Commits
-------
4f39516558 Added Thai missing translations
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Add missing translations for Tagalog (tl)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#38766 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
This PR adds missing form, security and validator translations for Tagalog.
I also skimmed over the existing translations and corrected spelling mistakes I could find.
Commits
-------
c4461b760a Add missing translations for Tagalog (tl)
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
Missing translations for Chinese (zh_TW) #38733
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38733
| License | MIT
Added missing translations for zh_TW in Form, Security, Validator.
Commits
-------
3e741fda0a Missing translations for Chinese (zh_TW) #38733
This PR was merged into the 5.x branch.
Discussion
----------
[Security] Move AbstractListener abstract methods to the new FirewallListenerInterface
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | -
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
We added a FirewallListenerInterface in 5.2, let's make it complete to allow for cleaner firewall listener implementations.
Commits
-------
5dd70bd62e [Security] Move AbstractListener abstract methods to the new FirewallListenerInterface
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Translation] added missing Albanian translations
[Translation] added missing Albanian translations for the following components:
1. [Forms]
2. [Security][Core]
3. [Validator]
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38722
| License | MIT
Commits
-------
bde427a303 [Translation] added missing Albanian translations
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
38737 add missing dutch translation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38737
| License | MIT
| Doc PR | No, not needed
Update dutch translation
Commits
-------
7cf4ca6f83 38737 add missing dutch translation
This PR was merged into the 3.4 branch.
Discussion
----------
Missing swedish translations for Form, Security and Validator components
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38765
| License | MIT
| Doc PR |
Added missing swedish translations for Form, Security and Validator components
Commits
-------
1044b1e852Fix#38765 Added missing swedish translations for Form, Security and Validator components
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
Added missing translations for Russian
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38759
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Hello!
I added missing translations for Russian.
Commits
-------
6a9e274a10 Added missing translations for Russian
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add missing Latvian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Part of #34710, #34749
| License | MIT
| Doc PR | N/A
Commits
-------
7f2b13bcb3 [Security] Add missing Latvian translations
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
Add missing vietnamese translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#38770 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Commits
-------
6289b271aa Add missing vietnamese translations
This PR was merged into the 3.4 branch.
Discussion
----------
Closes#38747: Add italian translations.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38747
| License | MIT
| Doc PR | N/A
Commits
-------
7d25a46b3bCloses#38747: Add italian translations.
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
Update Security Arabic Translations
| Q | A
| ------------- | ---
| Branch? | 5.x for features / 3.4, 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Related to https://github.com/symfony/symfony/issues/38723
Commits
-------
e6219e4796 Update Security Arabic Translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Synchronized translations with 5.x
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Part of #38710
| License | MIT
| Doc PR | N/A
Commits
-------
3d7863f5b5 [Security] Synchronized translations with 5.x.
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[RateLimiter] Moved classes implementing LimiterInterface to a new namespace
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no?
| Tickets |
| License | MIT
| Doc PR |
Before we release the RateLimit component.
I think it would be a good idea to put the 7 classes that belongs to a specific strategy in their own "Policy" namespace. It is very likely that it will be more strategies in the future and the `Symfony\Component\RateLimiter` namespace is crowed as it is.
I decided not to put the `CompoundLimiter` in this namespace as it is not a strategy.
Commits
-------
1e6cea56e4 [RateLimiter] Moved classes implementing LimiterInterface to a new namespace
* 5.1:
fix merge
fix merge
Remove branch-version (keep them for contracts only)
[HttpClient] relax auth bearer format requirements
[PHPUnitBridge] Silence errors from mkdir()
[DependencyInjection] Preload classes with union types correctly.
[Serializer] fix decoding float XML attributes starting with 0
add missing dutch translations
[TwigBridge] Remove "transchoice" from the code base
Support PHPUnit 8 and PHPUnit 9 in constraint compatibility trait
Add expectDeprecation, expectNotice, expectWarning, and expectError to TestCase polyfill
[String] fix before/after[Last]() returning the empty string instead of the original one on non-match
Add missing exporter function for PHPUnit 7
[Validator] Add missing romanian translations
[String] fix slicing in UnicodeString
[Cache] Use correct expiry in ChainAdapter
do not translate null placeholders or titles
* 4.4:
fix merge
Remove branch-version (keep them for contracts only)
[HttpClient] relax auth bearer format requirements
[PHPUnitBridge] Silence errors from mkdir()
[DependencyInjection] Preload classes with union types correctly.
[Serializer] fix decoding float XML attributes starting with 0
add missing dutch translations
Support PHPUnit 8 and PHPUnit 9 in constraint compatibility trait
Add expectDeprecation, expectNotice, expectWarning, and expectError to TestCase polyfill
Add missing exporter function for PHPUnit 7
[Validator] Add missing romanian translations
[Cache] Use correct expiry in ChainAdapter
do not translate null placeholders or titles
* 3.4:
Remove branch-version (keep them for contracts only)
[Serializer] fix decoding float XML attributes starting with 0
add missing dutch translations
[Validator] Add missing romanian translations
do not translate null placeholders or titles
This PR was squashed before being merged into the 5.x branch.
Discussion
----------
[Validator] Upgraded constraints to enable named arguments and attributes
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #38096
| License | MIT
| Doc PR | TODO with symfony/symfony-docs#14305
This PR enables all remaining atomic (!= composite) constraints to be used as attributes.
The only exception is `UniqueEntity` from Doctrine bridge because we don't have a Doctrine ORM release yet that supports PHP 8. So I could migrate that one as well, but I cannot really test it.
Commits
-------
fb99eb2052 [Validator] Upgraded constraints to enable named arguments and attributes
Returning DateTime objects seems like a common use-case to automatically expire
all login links when one is used or to only allow the login link to be used
once.
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Security] Magic login link authentication
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | none
| License | MIT
| Doc PR | TODO
Hi!
This adds a Slack-style "magic link" login authenticator to the new login system: (A) enter your email into a form, (B) receive an email with a link in it (C) click that link and you are authenticated!
For most users, implementing this would require:
A) Create a [controller](https://github.com/weaverryan/symfony-magic-login-link-example/blob/master/src/Controller/MagicLinkLoginController.php) with the "enter your email" form and a route for the "check" functionality (similar to `form_login`)
B) Activate in `security.yaml`:
```yml
security:
enable_authenticator_manager: true
# ...
firewalls:
# ...
main:
# ...
login_link:
check_route: 'magic_link_verify'
# this is an important and powerful option
# An array of properties on your User that are used to sign the link.
# If any of these change, all existing links will become invalid
# tl;dr If you want the modification of ANY field to invalidate ALL existing magic links immediately,
# then you can add it to this list. You could even add a "lastLoginLinkSentAt" to invalid
# all existing login links when a new one is sent.
signature_properties: [id, password, email]
# optional - by default, links can be reused but have a 10 minute lifetime
#max_uses: 3
#used_link_cache: cache.app
```
Done! This will generate a URL that looks something like this:
> https://127.0.0.1:9033/login/verify?user=weaverryan@gmail.com&expires=1601342578&hash=YzE1ZDJlYjM3YTMyMjgwZDdkYzg2ZjFlMjZhN2E5ZWRmMzk3NjAxNjRjYThiMjMzNmIxYzAzYzQ4NmQ2Zjk4NA%3D%3D
We would implement a Maker command this config + login/controller. The implementation is done via a "signed URL" and an optional cache pool to "expire" links. The hash of the signed URL can contain any user fields you want, which give you a powerful mechanism to invalidate magic tokens on user data changes. See `signature_properties` above.
#### Security notes:
There is a LOT of variability about how secure these need to be:
* A) Many/most implementation only allow links to be used ONE time. That is *possible* with this implementation, but is not the *default*. You CAN add a `max_uses` config which stores the expired links in a cache so they cannot be re-used. However, to make this work, you need to do more work by adding some "page" between the link the users clicks and *actually* using the login link. Why? Because unless you do this, email clients may follow the link to "preview" it and will "consume" the link.
* B) Many implementations will invalidate all other login links for a user when a new one is created. We do *not* do that, but that IS possible (and we could even generate the code for it) by adding a `lastLoginLinkSentAt` field to `User` and including this in `signature_properties`.
* C) We *do* invalidate all links if the user's email address is changed (assuming the `email` is included in `signature_properties`, which it should be). You can also invalidate on password change or whatever you want.
* D) Some implementations add a "state" so that you can only use the link on the same device that created it. That is, in many cases, quite annoying. We do not currently support that, but we could in the future (and the user could add it themselves).
Thanks!
#### TODOS:
* [x] A) more tests: functional (?) traits
* [ ] B) documentation
* [ ] C) MakerBundle PR
* [ ] D) Make sure we have what we need to allow that "in between" page
* [ ] E) Create a new cache pool instead of relying on cache.app?
Commits
-------
a8afe109d8 [Security] Magic login link authentication
This allows limiting on different elements of a request. This is usefull to
e.g. prevent breadth-first attacks, by allowing to enforce a limit on both IP
and IP+username.
* 5.1: (25 commits)
stop using the deprecated at() PHPUnit matcher
fix lowest allowed version of the HTTP client contracts
fix lowest allowed version for the PHPUnit bridge
fix merge
fix merge
drop logger mock in favor of using the BufferingLogger
catch ValueError thrown on PHP 8
[Yaml Parser] Fix edge cases when parsing multiple documents
fix parsing comments not prefixed by a space
[Translator] Make sure a null locale is handled properly
deal with errors being thrown on PHP 8
loadRoutes shoud receive RoutingPhpFileLoader
[Cache] Allow cache tags to be objects implementing __toString()
[HttpKernel] Do not override max_redirects option in HttpClientKernel
Log notice when no entry point is configured
remove superfluous cast
[HttpClient] Support for CURLOPT_LOCALPORT.
Upgrade PHPUnit to 8.5 (php 7.2) and 9.3 (php >= 7.3).
Fixed exception message formatting
[FrameworkBundle] Fix error in xsd which prevent to register more than one metadata
...
* 5.1:
[Debug] fix test
consistently use same types for strict comparisons
[PhpUnitBridge] Skip internal classes in CoverageListenerTrait
[VarExporter] unserialize() might throw an Exception on php 8.
[SecurityHttp] Don't call createMock() with multiple interfaces.
[ErrorHandler] Parse "x not found" errors correctly on php 8.
Prevent parsing invalid octal digits as octal numbers
remove unnecessary check for existing request
[DI] fix ContainerBuilder on PHP8
[Console] Make sure $maxAttempts is an int or null.
[VarDumper] Fix caster for invalid SplFileInfo objects on php 8.
[Intl] Skip test cases that produce a TypeError on php 8.
[PhpUnitBridge] Adjust output parsing for PHPUnit 9.3.
[PhpUnitBridge] CoverageListenerTrait update for PHPUnit 8.5/9.x
add bosnian (bs) translation
[Debug] Parse "x not found" errors correctly on php 8.
* 5.1:
Enable "native_constant_invocation" CS rule
Make AbstractPhpFileCacheWarmer public
Fix CS
Add a warning comment on ldap empty password
Bump Symfony version to 4.4.14
Update VERSION for 4.4.13
Update CHANGELOG for 4.4.13
[PhpunitBridge] Fix deprecation type detection
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Configurable execution order for firewall listeners
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | n/a
Hello there, I'm the author of `scheb/two-factor-bundle`, which extends Symfony's security layer with two-factor authentication. I've been closely following the recent changes by @wouterj to rework the security layer with "authenticators" (great work!). While I managed to make my bundle work with authenticators, I see some limitations in the security layer that I'd like to address to make such extensions easier to implement.
In #37336 I've submitted a draft to let security factories add their own authentication listeners to the firewall. This PR is intended to address the issue of execution order. If you look at the `Firewall` class
f64f59a9c0/src/Symfony/Component/Security/Http/Firewall.php (L62-L82)
authentication listeners are executed in the order of their creation. Additionally, there's hardcoded logic to execute `Symfony\Component\Security\Http\Firewall\AccessListener` always last and the logout listener second to last. I'd like to have a more flexible approach, to remove the hardcoded order and give authentication listeners the ability to determine their execution order.
I've added an optional interface to provide a priority to sort all registered authenitication listeners. Sorting is done in a compiler pass, so no time is wasted at runtime.
This is a draft, so I'd like to hear your opinion on this :)
Commits
-------
91388e871b Add ability to prioritize firewall listeners
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Renamed provider key to firewall name
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | Fix#15207
| License | MIT
| Doc PR | tbd
This fixes the `$providerKey` argument names on the classes that will remain in use, even when the new Security system will take over. @fabpot do you think these changes are worth it?
Officially, all token classes are not marked as `@final`. Do I need to take into account when someone is overriding the `getProviderKey()` method? Also, I couldn't find a way to trigger a deprecation notice for deprecated properties, is this a problem?
Commits
-------
91b276326d Renamed $providerKey to $firewallName
* 5.1:
Backport: Improve link script with rollback when using symlink
fix more numeric cases changing in PHP 8
Fixed autoLogin() returning null
[Notifier] add doc for free mobile dsn
* 5.1:
fix: clarify parameter name to comply with deprecations from #34074
[Sendgrid-Mailer] Fixed envelope recipients on sendgridApiTransport
mark the AssertingContextualValidator class as internal
Fix the parameter names in the SecurityFactoryInterface::create() method
[Serializer][ClassDiscriminatorMapping] Fix getMappedObjectType() when a discriminator child extends another one
make return type correct
* 5.1:
Postpone BC layer removal to 6.0.
add validator translation 99 for Italian language
stop using the deprecated at() PHPUnit matcher
Fix typehint phpdoc
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Security] Add event to inspect authenticated token before it becomes effective
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | n/a
Hello there, I'm the author of `scheb/two-factor-bundle`, which extends Symfony's security layer with two-factor authentication. I've been closely following the recent changes by @wouterj to rework the security layer with "authenticators" (great work!). While I managed to make my bundle work with authenticators, I see some limitations in the security layer that I'd like to address to make such extensions easier to implement.
This PR adds a new event, which is disapatched right after the authenticated token has been created by the authenticator, to "announce" it to the application *before* it becomes effective to the security system. The event works similar to `ResponseEvent`, but for security token. It allows listeners to inspect the new token before it becomes effective and - most importantly - apply modifications to it. So components other than the authenticator will be able to influence how the security token looks like, that will be set to the security layer on successful authentication.
Why would you want to do this? Of course I'm looking at this from the 2fa perspective. To make 2fa work, it's necessary to prevent a newly created authenticated token from becoming visible to the security system and therefore exposing its privileges/roles. This is done by replacing the authenticated token with a temporary "TwoFactorToken". Currently I'm doing this through dependency injection, getting all the registered authenticators and decorating them with my own token-exchange logic. This is not very clean and overly complicated, but it works. Adding this event as a hook-in point would allow for a much cleaner integration for any component that wants to have a saying in how the security token should look like.
Commits
-------
20309646b7 [Security] Add event to inspect authenticated token before it becomes effective
* 5.1:
Fix typo
Fix deprecated libxml_disable_entity_loader
Add Tagalog translations for validator messages 94, 95, 96 and 99
PHPUnit's assertContains() performs strict comparisons now.
[ClassLoader][Routing] Fix namespace parsing on php 8.
Fix deprecated libxml_disable_entity_loader
Made reference to PHPUnit\Util\XML::loadfile php5-compatible.
[Validator] Add missing translations for german and vietnamese
Modernized deprecated PHPUnit assertion calls
[Console] The message of "class not found" errors has changed in php 8.
The PHPUnit\Util\XML class has been removed in PHPUnit 9.3.
[Console] Make sure we pass a numeric array of arguments to call_user_func_array().
Remove outdated references from base_js.html.twig file
[String] We cannot have a "provides" function in test cases.
Typo: somes styles fixed
[Serializer] Fix that it will never reach DOMNode
[Validator] sync translations
[VarDumper] Improve previous fix on light array coloration
[Cache] Fix#37667
* 4.4:
Fix typo
Fix deprecated libxml_disable_entity_loader
Add Tagalog translations for validator messages 94, 95, 96 and 99
PHPUnit's assertContains() performs strict comparisons now.
[ClassLoader][Routing] Fix namespace parsing on php 8.
Fix deprecated libxml_disable_entity_loader
Made reference to PHPUnit\Util\XML::loadfile php5-compatible.
[Validator] Add missing translations for german and vietnamese
Modernized deprecated PHPUnit assertion calls
[Console] The message of "class not found" errors has changed in php 8.
The PHPUnit\Util\XML class has been removed in PHPUnit 9.3.
[Console] Make sure we pass a numeric array of arguments to call_user_func_array().
[Serializer] Fix that it will never reach DOMNode
[Validator] sync translations
[VarDumper] Improve previous fix on light array coloration
[Cache] Fix#37667
* 3.4:
Add Tagalog translations for validator messages 94, 95, 96 and 99
PHPUnit's assertContains() performs strict comparisons now.
[ClassLoader][Routing] Fix namespace parsing on php 8.
Fix deprecated libxml_disable_entity_loader
Made reference to PHPUnit\Util\XML::loadfile php5-compatible.
[Validator] Add missing translations for german and vietnamese
Modernized deprecated PHPUnit assertion calls
[Console] The message of "class not found" errors has changed in php 8.
The PHPUnit\Util\XML class has been removed in PHPUnit 9.3.
[Console] Make sure we pass a numeric array of arguments to call_user_func_array().
[Serializer] Fix that it will never reach DOMNode
[Validator] sync translations
[VarDumper] Improve previous fix on light array coloration
[Cache] Fix#37667
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
Modernized deprecated PHPUnit assertion calls
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Part of #37564
| License | MIT
| Doc PR | N/A
Some assertions have been renamed in PHPUnit 9. PhpUnitBridge should already have polyfills in place for those methods, so it should be save to use them.
Commits
-------
ab417f7040 Modernized deprecated PHPUnit assertion calls
* 5.1:
minor #37121 [Contracts] Add missing "extra.thanks" entries in composer.json (nicolas-grekas)
[Process] Fix Permission Denied error when writing sf_proc_00 lock files on Windows
fix handling null as empty data
[Security\Http] Skip remember-me logout on empty token
Missing return in loadValuesForChoices method
No need to create an issue when creating a PR
Use ">=" for the "php" requirement
[HttpClient] Fix promise behavior in HttplugClient
[Console] Fixes question input encoding on Windows
This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Added missing license headers
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
See 3be6ce121b
Seems like the fabbot reviews (and I) missed quite a lot of these in my big security PR.
Commits
-------
ea81b61e5f Added missing license headers
* 5.1:
Fix test that fails on old distros
Fix: compatibility with phpunit 9.3
[DoctrineBridge] work around Connection::ping() deprecation
[MimeType] Duplicated MimeType due to PHP Bug
[HttpClient] fix casting TraceableResponse to php streams
[DI] fix parsing of argument type=binary in xml
fix guessing form types for DateTime types
fix handling typed properties as constraint options
Fix the 'supports' method argument type of the security voter
Use the driverConnection executeUpdate method
* 5.0:
Fix test that fails on old distros
Fix: compatibility with phpunit 9.3
[DoctrineBridge] work around Connection::ping() deprecation
[MimeType] Duplicated MimeType due to PHP Bug
[DI] fix parsing of argument type=binary in xml
fix guessing form types for DateTime types
fix handling typed properties as constraint options
Fix the 'supports' method argument type of the security voter
Use the driverConnection executeUpdate method
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Add attributes on Passport
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | not yet
see https://github.com/symfonycorp/connect/pull/95
/cc @wouterj
Commits
-------
440ada3c5f [Security] Add attributes on Passport
* 5.1: (28 commits)
[DI] fix
Use "composer/package-versions-deprecated" when possible
Fix
Small update in our internal terminology
Fix support for PHP8 union types
[VarDumper] fix typo
[Lock][Messenger] Fix precedence of DSN options for 5.1
Fix support for PHP8 union types
[FrameworkBundle] preserve dots in query-string when redirecting
[3.4] Fix support for PHP8 union types
[PhpUnitBridge] Streamline ansi/no-ansi of composer according to phpunit --colors option
[3.4] Small update in our internal terminology
[Cache] fix compat with DBAL v3
Remove unnecessary null check
[HttpFoundation] Allow `null` in InputBag@set
[HttpClient] Convert CurlHttpClient::handlePush() to instance method
Fix package rename when releasing
bumped Symfony version to 5.1.3
updated VERSION for 5.1.2
updated CHANGELOG for 5.1.2
...
* 5.1:
[Security] Run functional tests also for the authenticator system
Fix register csrf protection listener
bumped Symfony version to 5.1.2
updated VERSION for 5.1.1
updated CHANGELOG for 5.1.1
* 5.1: (36 commits)
Fixed left-over debug statement
set column length for mysql 5.6 compatibility
[Mime] Remove unused var
[HttpClient] fix monitoring timeouts when other streams are active
[PhpUnitBridge] fix syntax on PHP 5.3
[PhpUnitBridge] Fix undefined index when output of "composer show" cannot be parsed
properly cascade validation to child forms
[PropertyAccess] Fix getter call order BC
[PhpUnitBridge] fix undefined var on version 3.4
Fix invalid char in SQS Headers
Move ajax clear event listener initialization on loadToolbar
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
Fix CS
FrameworkBundle Serializer issue
register event listeners depending on the installed packages
take into account the context when preserving empty array objects
Only register CSRF protection listener if CSRF is available
[VarExporter] tfix: s/markAsSkipped/markTestSkipped/
Also check PUBLIC_ACCESS for authenticated tokens
Fix enabled_locales behavior
...
* 5.1:
Fix abstract method name in PHP doc block
Various cleanups
[HttpClient] fix issues in tests
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
[Validator] Use Mime component to determine mime type for file validator
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[Messenger] Change the default notify timeout value for PostgreSQL
[PropertyAccess] Fix TypeError parsing again.
[TwigBridge] fix fallback html-to-txt body converter
[Security/Http] fix merge
[ErrorHandler] fix setting $trace to null in FatalError
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
* 5.0:
Fix abstract method name in PHP doc block
Various cleanups
[HttpClient] fix issues in tests
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
[Validator] Use Mime component to determine mime type for file validator
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[TwigBridge] fix fallback html-to-txt body converter
[Security/Http] fix merge
[ErrorHandler] fix setting $trace to null in FatalError
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
* 5.1:
Handle fetch mode deprecation of DBAL 2.11.
Fixed security-* package dependencies
Fixed handling of CSRF logout error
[WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
[DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
* 5.0:
Handle fetch mode deprecation of DBAL 2.11.
Fixed handling of CSRF logout error
[WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
[DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example