This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23487).
Discussion
----------
[Security] Fix wrong term in UserProviderInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The term "account" is the just remnant from the days of AccountInterface, isn't it?
Commits
-------
b5b8c15831 [Security] Fix wrong term in UserProviderInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23465#discussion_r126382240 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
~~First commit targets 3.3; see https://github.com/symfony/symfony/pull/23516.~~
I didn't re-used the `ConstraintViolationInterface` caster used in the form collector, as it's the purpose of the validator collector to show the constraints data.
Commits
-------
c725a700cf [Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Added setMinDepth to VarCloner
This new function allows VarCloner users to specify a minimum tree
depth that must be fully explored before we start limiting the number of
cloned items via the existing setMaxItems functionality.
It’s useful for dumping arguments from a backtrace to ensure some
minimum level of detail, while keeping a very low setMaxItems value to
ensure fast performance at the deeper levels.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#8155 <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d6534f5cfc [VarDumper] Added setMinDepth to VarCloner
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23526).
Discussion
----------
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23524
| License | MIT
Set meta refresh time to 0 in RedirectResponse content
Commits
-------
5508a00e74 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
This PR was squashed before being merged into the 3.3 branch (closes#23535).
Discussion
----------
Make server:* commands work out of the box with the public/ root dir
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The first commit removes code that is not needed as the WebserverConfig class already throws the exact same error and the display is exactly the same in that case.
The second commit adds support for `public/` along side `web/`.
Commits
-------
34c8566be1 [WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
bc6b57c208 [WebServerBundle] remove duplicate code
This PR was merged into the 2.8 branch.
Discussion
----------
Disable inlining deprecated services
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23536
| License | MIT
Deprecation errors are not triggered for inlined services.
Disabling inlining for those services will fix this issue.
Commits
-------
6ab8ca0d36 disable inlining deprecated services
This PR was merged into the 3.3 branch.
Discussion
----------
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
@ogizanagi in 4.0 it will simply extend `Command` right.. wdyt?
Also we dont deprecate `setContainer` is that intentional?
Commits
-------
7ea2d0437a [SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
* 3.3:
[Profiler] Fix data collector getCasters() call
remove symfony/process suggestion
[DI] Remove unused dynamic property
[Process] Fixed issue between process builder and exec
non-conflicting anonymous service ids across files
This new function allows VarCloner users to specify a minimum tree
depth that must be fully explored before we start limiting the number of
cloned items via the existing setMaxItems functionality.
It’s useful for dumping arguments from a backtrace to ensure some
minimum level of detail, while keeping a very low setMaxItems value to
ensure fast performance.
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] cleaner implementation of the TwigRenderer
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23432#discussion_r125880092
| License | MIT
| Doc PR |
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c7c5ba8 [TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 3.3 branch.
Discussion
----------
[Process] Fixed issue between process builder and exec
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/
| Fixed tickets | #23495
| License | MIT
| Doc PR | -
Commits
-------
8cd1a2d [Process] Fixed issue between process builder and exec
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Check privates before resolving alias in Container::initialized
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no, fixes an existing one
| Tests pass? | yes, we dont test this behavior :(
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Continuation of #22803, so it's consistent with logic in `has()` etc.
Commits
-------
c4b6066 [DI] Check privates before resolving alias in Container::initialized
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] non-conflicting anonymous service ids across files
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23483
| License | MIT
| Doc PR |
Commits
-------
8289ca6d1a non-conflicting anonymous service ids across files
This PR was merged into the 4.0-dev branch.
Discussion
----------
[DI] Remove remaining deprecated features
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
* removed autowiring services based on the types they implement
* removed the `DefinitionDecorator` class, replaced by `ChildDefinition`
* removed the `AutowireServiceResource` class and related `AutowirePass::createResourceForClass()` method
* removed `LoggingFormatter`, `Compiler::getLoggingFormatter()` and `addLogMessage()` class and methods, use the `ContainerBuilder::log()` method instead
* removed `FactoryReturnTypePass`
* removed `ContainerBuilder::addClassResource()`, use the `addObjectResource()` or the `getReflectionClass()` method instead.
* removed support for top-level anonymous services
* removed silent behavior for unused attributes and elements
* Removed the "framework.validation.cache" configuration option. Configure the "cache.validator" service under "framework.cache.pools" instead.
Commits
-------
4bd7b921f4 [DI] Remove remaining deprecated features
This PR was merged into the 3.2 branch.
Discussion
----------
[FrameworkBundle] Fix tests
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Related to the changes introduced in #23440.
Commits
-------
2e0c6bc [FrameworkBundle] Fix tests