* 2.8:
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27259
| License | MIT
| Doc PR | no
Hello!
There is fix for #27259 issue. It changes priority of `AddConsoleCommandPass` to `TYPE_BEFORE_REMOVING` as @chalasr advised. I'm not sure about side effects by that.
Commits
-------
e36099503f [FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
This PR was squashed before being merged into the 2.8 branch (closes#26973).
Discussion
----------
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | improvement
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
SubRequest used in `InlineFragmentRendered` explicitly sets `$server['REMOTE_ADDR']` to `127.0.0.1`. Therefore, it's required to configure `127.0.0.1` address in TRUSTED_PROXIES environment variable. Without that, `Request::isFromTrustedProxy()` will return false.
The current behavior might be a little bit problematic, for instance, in case where images are rendered through subrequests. These might end-up with an incorrect schema in URL (`http` instead of `https`).
Commits
-------
18f55feef8 [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
This PR was squashed before being merged into the 2.8 branch (closes#27303).
Discussion
----------
[Process] Consider "executable" suffixes first on Windows
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a
Executable finder should consider "executable" suffixes first on Windows because we basically ignore executability on Windows (on the lines below changed), which leads, for example, to finding usually-non-executable `phpunit` file first where both `phpunit` and `phpunit.bat` are present.
I may miss something here, so please tell me if this makes any sense.
Same change against master: #27301
Commits
-------
9372e7a813 [Process] Consider \"executable\" suffixes first on Windows
* 4.0:
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
[HttpFoundation] Fix cookie test with xdebug
[Serializer] Check the value of enable_max_depth if defined
[DI] remove dead code
[PhpUnitBridge] silence some stderr outputs
[Validator] Update sl translation
* 3.4:
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
[DI] never inline lazy services
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
[HttpFoundation] Fix cookie test with xdebug
[Serializer] Check the value of enable_max_depth if defined
[DI] remove dead code
[PhpUnitBridge] silence some stderr outputs
[Validator] Update sl translation
* 2.8:
Add code of Conduct links in our README
[DI] never inline lazy services
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
This PR was squashed before being merged into the 3.4 branch (closes#27344).
Discussion
----------
[HttpKernel] reset kernel start time on reboot
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27319
| License | MIT
| Doc PR | n/a
I created branch from 3.4, since the furthest thing I could find for the reboot feature was a4fc49294e and it originated during stabilization phase of 3.4.
ping @nicolas-grekas
Commits
-------
b7feef00ae [HttpKernel] reset kernel start time on reboot
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Update sl translation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This patch updates Slovenian sl_SI translation for the 3.4 branches and up to master.
Commits
-------
a7a1325eab [Validator] Update sl translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] Check the value of enable_max_depth if defined
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
Because it confuses some users that `['enable_max_depth' => false]` actually triggers the check.
Commits
-------
e88e0f30f1 [Serializer] Check the value of enable_max_depth if defined
This PR was merged into the 4.1 branch.
Discussion
----------
[Security] Fix missing use in UserInterface
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Fix missing `Role` use used in the `getRoles` return type.
Commits
-------
3e0a0f4cb5 Fix missing use in UserInterface
This PR was merged into the 4.1 branch.
Discussion
----------
[HttpKernel] fix deprecation in AbstractTestSessionListener
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
After #26564 functional tests began to emit a deprecation warning because of `getSession()` being called without verifying the existence of a session.
Commits
-------
0ecaefe179 [HttpKernel] fix deprecation in AbstractTestSessionListener
This PR was merged into the 4.1 branch.
Discussion
----------
Tweak Argon2 test config
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Memory cost 8 seems to be lowest value accepted on my machine
```
Testing Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest
E.... 5 / 5 (100%)
Time: 114 ms, Memory: 4.00MB
There was 1 error:
1) Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest::testValidationWithConfig
password_hash(): Memory cost is outside of allowed memory range
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:105
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:67
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php:34
```
Commits
-------
0e74f73af5 Tweak Argon2 test config
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix bad exception on uninitialized references to non-shared services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27360
| License | MIT
| Doc PR | -
This restriction is unneeded complexity that prevents legit use cases (see linked issue #27360).
Commits
-------
8bba68f811 [DI] Fix bad exception on uninitialized references to non-shared services
Memory cost 8 seems to be lowest value accepted on my machine
```
Testing Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest
E.... 5 / 5 (100%)
Time: 114 ms, Memory: 4.00MB
There was 1 error:
1) Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest::testValidationWithConfig
password_hash(): Memory cost is outside of allowed memory range
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:105
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:67
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php:34
```
* 3.4:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 2.8:
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 4.0:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
* 3.4:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
* 2.8:
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
* 4.0:
Fixed content trace CSS in profiler
[Form] fix tests on old phpunit versions
[FrameworkBundle] fix typo in CacheClearCommand
bumped Symfony version to 4.0.11
updated VERSION for 4.0.10
updated CHANGELOG for 4.0.10
bumped Symfony version to 3.4.11
updated VERSION for 3.4.10
updated CHANGELOG for 3.4.10
bumped Symfony version to 2.8.41
updated VERSION for 2.8.40
updated CHANGELOG for 2.8.40
bumped Symfony version to 2.7.48
updated VERSION for 2.7.47
update CONTRIBUTORS for 2.7.47
updated CHANGELOG for 2.7.47
fixed test
* 3.4:
[Form] fix tests on old phpunit versions
[FrameworkBundle] fix typo in CacheClearCommand
bumped Symfony version to 3.4.11
updated VERSION for 3.4.10
updated CHANGELOG for 3.4.10
fixed test
