This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Extract password hashing from security-core - with proper wording
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#39698
| License | MIT
| Doc PR | todo
This PR renames password "encoders" to password _hashers_ (naming widely used, see e.g. django or laravel).
This also takes the opportunity to extract the logic related to password hashing from security-core, moving it to a new password-hasher component.
Nowadays, many modern web apps and APIs don't deal with passwords at all, that's why splitting makes sense as a step towards making security-core not tied to the password concept.
For upgrading, applications will have to use `passwords_hashers` instead of `encoders` in their security configuration, and type-hint against `PasswordHasherInterface` (and related) instead of `PasswordEncoderInterface`.
The proposed API is not much different from the encoder one regarding behavior and signatures, and it is slightly more close to the PHP built-in password hashing API:
```php
namespace Symfony\Component\PasswordHasher;
interface PasswordHasherInterface
{
public function hash(string $plainPassword): string;
public function verify(string $hashedPassword, string $plainPassword): bool;
public function needsRehash(string $hashedPassword): bool;
}
```
Commits
-------
c5c981c559 [Security] Extract password hashing from security-core - using the right naming
* 5.2:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
* 4.4:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 4.4 branch.
Discussion
----------
[Finder] Use a lazyIterator to close files descriptors when no longer used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | fix#35508
| License | MIT
| Doc PR | -
The `RecursiveDirectoryIterator` class open the file on `__construct`.
Because we Inject an instance of `RecursiveDirectoryIterator` inside the \AppendIterator` class, php opens a lot of file even before iterating on it.
This PR adds a new `LazyIterator` class that instantiate the decorated class only when something starts iterating on it.
When the iteration is over, it unset the variable to close let the decorated class clean things (ie. close the files)
Commits
-------
7117e1a798 Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpFoundation] Fix consistency in sessions not found exceptions
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40112
| License | MIT
| Doc PR | -
Make `Request::getSession` thrown a `SessionNotFoundException` and make `SessionNotFoundException` extends `\BadMethodCallException` for backward compatibility and
Commits
-------
7fcb76d367 Fix consistency in sessions not found exceptions
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Filesystem] Remove dirs atomically if possible
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#27578
| License | MIT
| Doc PR | no need to
Commits
-------
17bccca9c6 [Filesystem] remove dirs atomically if possible
This PR was merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle][Messenger] Added RouterContextMiddleware
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
When handling a message in async, we, sometimes need the Router Context to generate absolute URL. ie:
- sending an email when the message contains only the template
- generating a PDF
People can use the configuration `router.default_uri` to workaround and fix the issue, but this does not work when the web application servers several domains.
This PR provide a new middleware that store the current router context in a stamp, and restore the context when processing the message.
Commits
-------
8fe8b96921 [Messenger] Added RouterContextMiddleware
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[RateLimiter] Fix sliding_window misbehaving with stale records
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Currently the SlidingWindow RateLimiter returns a negative value for getHitCount if the previous SlidingWindow was too long ago. This results in a really high value from `SlidingWindowLimiter::getAvailableTokens()` which is higher than the configured limit.
This limits the value of percentOfCurrentTimeframe in `SlidingWindow::getHitCount()` to 1 so it can't result in a negative hitcount.
The 2nd fix fixes the SlidingWindow instance (essentially) not storing hits if the previous instance is way in the past, as the next instance will still be "in the past". This causes RateLimit to behave as if it were disabled until it has caught up again, which could take a long time when it is configured with a small window size.
Commits
-------
57033164c6 [RateLimiter] Fix sliding_window misbehaving with stale records
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [Firebase] Add data field to options
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/40078
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The Firebase Notifier must comply to the specifications at https://firebase.google.com/docs/cloud-messaging/xmpp-server-ref.html#notification-payload-support .
The options are missing the `data` field which is a common field for all types of notifications: web, ios and android.
Commits
-------
fa8064bbd3 [Notifier] [Firebase] Add data field to options
* 5.2:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
forward the label_html option to expanded choice fields
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
* 4.4:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
* 5.2:
merge translation parameters with value configured for parent form
scan directories for translations sequentially
Fix kafka tests
Fix "provide" declarations
Provide implemented packages of replaced dependencies
Always autoload string functions on symfony/symfony
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] [Kernel] Silence failed deprecations logs writes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
When `->buildContainer()` throws because the cache directory cannot be created, we still try to write the deprecations logs inside the cache directory. In this case, the final exception is `Warning: file_put_contents(/app/var/cache/dev/App_KernelDevDebugContainerDeprecations.log): failed to open stream: No such file or directory` instead of `Unable to create the "cache" directory (/app/var/cache/dev).`.
Alternative:
```php
try {
// ...
} catch (\RuntimeException $e)
} finally {
if (isset($e)) {
throw $e;
}
// ...
}
```
Commits
-------
b7100b6909 [HttpKernel] [Kernel] Silence deprecations logs writes
This PR was merged into the 4.4 branch.
Discussion
----------
Allow psr/cache v3 but on symfony/cache
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Consumers of PSR-6 are compatible with v1|2|3.
Implementations aren't until they add explicit return types, which is not possible without a BC break.
Commits
-------
bf23c44a07 Allow psr/cache v3 but on symfony/cache
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpKernel] Show full URI when route not found
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? |no
| New feature? | yes
| Deprecations? | no
| License | MIT
When accessing a route that does not exist, Symfony throws a `NotFoundHttpException` that says `No route found for "POST /path"`.
On some projects this might be good enough to find the root cause, but on projects that have lots of routes on different hosts, it becomes hard to understand how the request was initiated. Was it done over HTTP or HTTPS? What was the hostname? Did the user specify a port?
To make this easier, we now show the full URI of the path, like this: `No route found for "POST https://www.symfony.com/path"`.
Commits
-------
6f5c9ab80b Show full URI when route not found
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] Setting `REQUEST_TIME_FLOAT` when constructing a Request object
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38019
| License | MIT
| Doc PR | -
When creating a new Request object `REQUEST_TIME_FLOAT` was not set by default.
Replaces broken 39952 PR :(
Commits
-------
c52c1e0b9b [HttpFoundation] Setting `REQUEST_TIME_FLOAT` when constructing a Request object
This PR was merged into the 5.3-dev branch.
Discussion
----------
Updated README.md
fixed typo in url
| Q | A
| ------------- | ---
| Branch? | 5.x for features / 4.4, 5.1 or 5.2 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Commits
-------
309d2ac5f5 Update README.md
* 5.2:
[SecurityBundle] role_names variable instead of roles
[PhpUnitBridge] fix reporting deprecations when they come from DebugClassLoader
Fix Request with DNS issue not retried
Bump Symfony version to 5.2.4
Update VERSION for 5.2.3
Update CHANGELOG for 5.2.3
[ErrorHandler] fix parsing return types in DebugClassLoader
[ErrorHandler] fix handling messages with null bytes from anonymous classes
Restore priority for eventSubscribers
This PR was merged into the 5.2 branch.
Discussion
----------
Fix Request with DNS issue not retried
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | fix #
| License | MIT
| Doc PR | -
When the client failed to resolve the DNS, the RetryableHttpClient should retry the request. But because `$chunk->isLast()` is used later, the original exception is thrown.
/cc @nikophil
Commits
-------
216abd0307 Fix Request with DNS issue not retried
* 4.4:
[SecurityBundle] role_names variable instead of roles
[PhpUnitBridge] fix reporting deprecations when they come from DebugClassLoader
[ErrorHandler] fix parsing return types in DebugClassLoader
[ErrorHandler] fix handling messages with null bytes from anonymous classes
Restore priority for eventSubscribers
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] fix parsing return types in DebugClassLoader
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In 5.3, we might want to make `SYMFONY_PATCH_TYPE_DECLARATIONS=deprecations=1` the default, so that ppl know when they're missing some return types when they inherit some classes from vendors. This would fix https://github.com/orgs/symfony/projects/1#card-30856423
On 4.4, we have to disable this mode of reporting until these PRs are merged:
- https://github.com/twigphp/Twig/pull/3481
- https://github.com/doctrine/collections/pull/269
- https://github.com/predis/predis/pull/678
Commits
-------
58e32b3c2a [ErrorHandler] fix parsing return types in DebugClassLoader
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] fix handling messages with null bytes from anonymous classes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
PHP truncates error messages at null bytes before calling userland error handlers (known behavior in PHP, marked as "won't fix".)
This doesn't play well with anonymous classes.
This PR works around the issue by getting the message from the stack trace.
Commits
-------
ac94746dc7 [ErrorHandler] fix handling messages with null bytes from anonymous classes
* 5.2:
Streamline dataproviders
fix validator when we have a false current element
[Mailer][Mime] Fix case-sensitive handling of header names
[Mime] Fix case-sensitive handling in Headers::isUniqueHeader()
[Messenger] Fix Doctrine setup when using a migration
[yaml] Delelte unused comparison operation
* 4.4:
Streamline dataproviders
fix validator when we have a false current element
[Mime] Fix case-sensitive handling in Headers::isUniqueHeader()
[yaml] Delelte unused comparison operation
This PR was merged into the 4.4 branch.
Discussion
----------
Streamline dataproviders
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ---
| License | MIT
| Doc PR | ---
No need to create extra PR's on other branches, no more occurrences 👍
Commits
-------
025079b051 Streamline dataproviders
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[Mailer][Mime] Fix case-sensitive handling of header names
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39953
| License | MIT
| Doc PR | -
Fixes case-sensitive handling of header names in "Mime" and "Mailer" component, more in the [ticket](https://github.com/symfony/symfony/issues/39953).
Commits
-------
d563c846f6 [Mailer][Mime] Fix case-sensitive handling of header names
When accessing a route that does not exist, Symfony throws a `NotFoundHttpException` that says `No route found for "POST /path"`.
On some projects this might be good enough to find the root cause, but on projects that have lots of routes on different hosts, it becomes hard to understand how the request was initiated. Was it done over HTTP or HTTPS? What was the hostname? Did the user specify a port?
To make this easier, we now show the full URI of the path, like this: `No route found for "POST https://www.symfony.com/path"`.
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Console] Add bright colors to console.
| Q | A
| ------------- | ---
| Branch? | 5.x <!-- see below -->
| Bug fix? |no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? |no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#39869 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#14884 <!-- required for new features -->
Add the "bright" ANSI colours to symfony/console. This adds ANSI escape codes 90-97 and 100-107.
<!--
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Commits
-------
dbb94524ba [Console] Add bright colors to console.
* 5.2:
Use createMock() instead of a getter
[ErrorHandler] Fix strpos error when trying to call a method without a name
use proper keys to not override appended files
take into account all label related options
Fix console logger according to PSR-3
* 4.4:
Use createMock() instead of a getter
[ErrorHandler] Fix strpos error when trying to call a method without a name
use proper keys to not override appended files
Fix console logger according to PSR-3
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Fix console logger according to PSR-3
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39050, #29138
| License | MIT
`Symfony\Component\HttpKernel\EventListener\ErrorListener` logs non-HTTP exceptions at `LogLevel::CRITICAL`.
`Symfony\Component\Messenger\Worker` logs unrecoverable exceptions at `LogLevel::CRITICAL`.
`Symfony\Component\Console\EventListener\ErrorListener` logs exceptions at `LogLevel::ERROR`.
As per PSR-3, unexpected and unrecoverable exceptions should be logged at `LogLevel::CRITICAL`.
Commits
-------
69fcd075eb Fix console logger according to PSR-3
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Use createMock() instead of a getter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ---
| License | MIT
| Doc PR | ---
Before I go on, are you interested in such change @nicolas-grekas ?
Commits
-------
9629dafa66 Use createMock() instead of a getter