* 4.1:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[Security] LdapUserProvider uidKey could be null
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Fix a bug when having more than one named handler per message subscriber
Prevent toolbar links color override by css
add conflict for non-compatible TwigBridge version
* 4.0:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[Security] LdapUserProvider uidKey could be null
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Prevent toolbar links color override by css
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Security] Use AuthenticationTrustResolver in SimplePreAuthenticationListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes (minor)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Minor, but would be consistent with how `ContextListener` checks for anonymous tokens.
Commits
-------
27b89cb [Security] Use AuthenticationTrustResolver in SimplePreAuthenticationListener
* 4.1:
[minor] SCA
[Serializer] Minor tweaks for a67b650f12
allow_extra_attributes does not throw an exception as documented
[Cache] fix visibility of RedisTrait::init()
[Serializer] Updates DocBlock to a mixed param type
* 4.0:
[minor] SCA
[Serializer] Minor tweaks for a67b650f12
allow_extra_attributes does not throw an exception as documented
[Cache] fix visibility of RedisTrait::init()
[Serializer] Updates DocBlock to a mixed param type
This PR was merged into the 4.2-dev branch.
Discussion
----------
[DX] Log potential redirect loops caused by forced HTTPS
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27603
| License | MIT
| Doc PR | n/a
If the developer forgets/fails to set "trusted_proxies" properly, forcing the
https channel can cause infinite redirect loops. This change will hopefully
help them identify the problem faster.
See https://github.com/symfony/symfony/issues/27603
Commits
-------
53048cec6d Log potential redirect loops caused by forced HTTPS
If the developer forgets/fails to set "trusted_proxies" properly, forcing the
https channel can cause infinite redirect loops. This change will hopefully
help them identify the problem faster.
See https://github.com/symfony/symfony/issues/27603
* 4.1:
remove HHVM code
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
[FrameworkBundle] give access to non-shared services when using test.service_container
Fix bad method call with guard authentication + session migration
Avoid calling eval when there is no script embedded in the toolbar
* 3.4:
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
Fix bad method call with guard authentication + session migration
* 4.1:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[HttpKernel] Log/Collect exceptions at prio 0
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
[Routing] fix matching host patterns, utf8 prefixes and non-capturing groups
* 4.0:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 3.4:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
This PR was squashed before being merged into the 2.8 branch (closes#27452).
Discussion
----------
Avoid migration on stateless firewalls
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Related to #27395
| License | MIT
| Doc PR | symfony/symfony-docs#9860
This is a proof-of-concept. Once we agree / are happy, I need to add this to all of the other authentication mechanisms that recently got the session migration code & add tests.
Basically, this avoids migrating the session if the firewall is stateless. There were 2 options to do this:
A) Make the `SessionAuthenticationStrategy` aware of all stateless firewalls. **This is the current approach**
or
B) Make each individual authentication listener aware whether or not *its* firewall is stateless.
Commits
-------
cca73bb564 Avoid migration on stateless firewalls
* 4.1:
[Cache][Security] Use Throwable where possible
revert #27545
Update Finder.php
[FrameworkBundle] remove dead code in CachePoolClearerPass
Fix security-core cross-dependencies, fixes#27507
Pass previous exception to FatalErrorException
* 4.0:
[Cache][Security] Use Throwable where possible
revert #27545
Update Finder.php
[FrameworkBundle] remove dead code in CachePoolClearerPass
Fix security-core cross-dependencies, fixes#27507
Pass previous exception to FatalErrorException
* 4.1:
[FrameworkBundle] Fix test-container on kernel reboot, revert to returning the real container from Client::getContainer()
Remove mentions of "beta" in composer.json files
[DI] Ignore missing tree root nodes on validate
[WebProfilerBundle] fixed getSession when no session has been set deprecation warnings
bug #27299 [Cache] memcache connect should not add duplicate entries on sequential calls
[Router] regression when matching a route
[FrameworkBundle][SecurityBundle] Remove no-longer necessary Bundle::registerCommands override
[Routing] Don't reorder past variable-length placeholders
[DebugBundle] DebugBundle::registerCommands should be noop
[BrowserKit] Fix a BC break in Client affecting Panthère
[DX] Improve exception message when AbstractController::getParameter fails
simple-phpunit: remove outdated appveryor workaround
* 4.1: (22 commits)
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
[Messenger] Fix suggested enqueue adapter package
bumped Symfony version to 4.1.1
updated VERSION for 4.1.0
updated CHANGELOG for 4.1.0
Insert correct parameter_bag service in AbstractController
Revert "feature #26702 Mark ExceptionInterfaces throwable (ostrolucky)"
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
update UPGRADE-4.1 for feature #26332 Form field help option
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
bumped Symfony version to 4.1.0
updated VERSION for 4.1.0-BETA3
updated CHANGELOG for 4.1.0-BETA3
...
* 4.0:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 3.4:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 2.8:
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
This PR was squashed before being merged into the 4.2-dev branch (closes#26981).
Discussion
----------
No more support for custom anon/remember tokens based on FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26940
| License | MIT
| Doc PR | ~
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.
Commits
-------
860d4549c2 No more support for custom anon/remember tokens based on FQCN
* 4.1: (26 commits)
Revert "bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)"
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[FrameworkBundle] Fix using test.service_container when Client is rebooted
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
Tweak Argon2 test config
[HttpFoundation] Fix cookie test with xdebug
[FrameworkBundle] cleanup generated test container
[Serializer] Check the value of enable_max_depth if defined
...