This PR was merged into the 3.3 branch.
Discussion
----------
[Serializer] Unset attributes when creating child context
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
In some cases, the `attributes` key isn't overrode when creating the context passed to nested normalizers.
It's definitely a bug, but an attacker cannot access to non public data (ignored attributes are checked before the `attributes` key). However some data that must be public may be missing as highlighted by the test.
I've introduced the initial bug here: https://github.com/symfony/symfony/pull/18834
Commits
-------
4ff9d99f23 [Serializer] Unset attributes when creating child context
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] do not evaluate PHP constant names
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25307
| License | MIT
| Doc PR |
PHP constant identifiers must be strings anyway. Thus, we only need to
parse quoted strings, but do not have to evaluate the data types.
Commits
-------
956287be72 do not evaluate PHP constant names
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] improved CsvEncoder::decode performance
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Improved CsvEncoder::decode performance by caching duplicate count calls.
Blackfire profiles before and after change tested on collection of 10000 elements:
[before] https://blackfire.io/profiles/9c08f789-cd29-4eae-92c8-046e3849a2b8/graph
[after] https://blackfire.io/profiles/a17bfb6b-ef82-41ee-9edd-9403f829d6ab/graph
Commits
-------
3b910a9fad [Serializer] improved CsvEncoder::decode performance by caching duplicate count calls
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Cache] register system cache clearer only if it's used
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25326
| License | MIT
| Doc PR |
Commits
-------
093eb3d40d register system cache clearer only if it's used
This PR was merged into the 2.7 branch.
Discussion
----------
[ExpressionLanguage] throw an SyntaxError instead of an undefined index notice
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #25214
| License | MIT
| Doc PR | none
I think this is a bug when the components throws a notice instead of an exception.
it's too early and too dark to see something outside so here is my couch :
![img_2915-2](https://user-images.githubusercontent.com/3451634/33592448-6b514050-d98b-11e7-8086-bc6e6b6e6e82.jpg)
Commits
-------
78abc89648 [ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] Prevent a loop in aliases within the `findDefinition` method
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25338
| License | MIT
| Doc PR | ø
This prevents an infinite loop going when aliases reference themselves. This is based on 3.3 as the "normalized ID" changed to allow non-lowercase names. Fixing this in 2.7 would mean a merge conflict that IMO is not worth it.
Commits
-------
22f35239a4 Prevent a loop in aliases within the `findDefinition` method
This PR was merged into the 3.4 branch.
Discussion
----------
[DX][HttpKernel] Throw a sensible exception when controller has been removed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25335
| License | MIT
| Doc PR | ø
Following on #25201, we need to throw the same kind of sensible exception when the controller service is not found.
Commits
-------
458d63fbb9 Throw a sensible exception when controller has been removed
This PR was merged into the 3.4 branch.
Discussion
----------
Remove Exclusive Lock That Breaks NFS Caching
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25336
| License | MIT
| Doc PR | n/a
#24960 introduced an issue with NFS mounts that do not support exclusive locks. This reverts that change.
FYI @kalessil
Commits
-------
a7ac100 Remove LOCK_EX That Breaks Cache Usage on NFS
This removes the exclusive lock that was introduced in #24960.
NFS File Systems do not support exclusive locking, and generates a lot
of errors every time you try to do anything with che cache.
This PR was submitted for the master branch but it was squashed and merged into the 3.3 branch instead (closes#25304).
Discussion
----------
[Bridge/PhpUnit] Prefer $_SERVER['argv'] over $argv
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This makes the script usable even if it is wrapped into another script, which is what some IDEs like PHPStorm do.
Commits
-------
1ff22e6acc [Bridge/PhpUnit] Prefer ['argv'] over
This PR was squashed before being merged into the 3.4 branch (closes#25272).
Discussion
----------
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25267
| License | MIT
| Doc PR | -
As pointed out in https://github.com/symfony/symfony/issues/25267 the `setLogoutOnUserChange` method calls were added to the parent definition `security.context_listener` instead of the concrete child definitions `security.context_listener.*`.
ping @iltar @chalasr
Commits
-------
4eff146 [SecurityBundle] fix setLogoutOnUserChange calls for context listeners