This PR was submitted for the 5.3 branch but it was merged into the 4.4 branch instead.
Discussion
----------
[SecurityBundle] [5.3] Closing tag typo
| Q | A
| ------------- | ---
| Branch? | 5.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Quick fix, On code review the closing tag doesnt match the opening tag
```xml
<sec:config> ... </config>
```
Commits
-------
b91d488ce6 Closing tag typo
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Added missing translations for Armenian (hy)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41029
| License | MIT
Add missing Armenian translations to Security component.
Commits
-------
9f6a9bbda2 [Security]Added missing translations for Armenian (hy)
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] (#41826) missing translations for portuguese
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41826
| License | MIT
Commits
-------
0c97c8ac84 (#41826) missing translations for portuguese
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Add missing translation for Polish
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#41825 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | N/A
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
Commits
-------
b244cc994e Add missing translation for Polish
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Keep max lifetime also when part of the responses don't set it
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
https://datatracker.ietf.org/doc/html/rfc7234#section-4.2.2 allows caches to assign a "heuristic expiration time" for responses that have no explicit expiration time set, but are explicitly marked as being cacheable by `public`. We can say that such responses are "more liberal" in what is allowed than a response with an explicit `max-age` or `s-maxage` header.
When merging responses in `ResponseCacheStrategy`, such `public` responses without explicit expiration time should not cause the `max-age` or `s-maxage` values being dropped on the final response. The most restrictive settings from all responses involved should be used, and any given expiration time is more strict than not setting one when being `public`.
Commits
-------
ad1f057ce2 Public responses without lifetime should not remove lifetime for the resulting response
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix Psr18Client when allow_url_fopen=0
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41798
| License | MIT
| Doc PR | -
I didn't really know what `STREAM_IS_URL` was for, now I do :)
Commits
-------
974516133a [HttpClient] fix Psr18Client when allow_url_fopen=0
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Add support of PHP enumerations
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes (new PHP version compatibility)
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40233
| License | MIT
| Doc PR | _(see below)_
Added support of enums using `!php/const` tag, as they work the same way.
Commits
-------
88c69c0ec0 [DependencyInjection] Add support of PHP enumerations
This PR was merged into the 4.4 branch.
Discussion
----------
[Config] fix tracking default values that reference the parent class
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41133
| License | MIT
| Doc PR | -
Commits
-------
978747e6ea [Config] fix tracking default values that reference the parent class
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Fix binding "iterable $foo" when using the PHP-DSL
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41689
| License | MIT
| Doc PR | -
Commits
-------
8451a14cf6 [DependencyInjection] Fix binding "iterable $foo" when using the PHP-DSL
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] fix eventual consistency when using RedisTagAwareAdapter with a cluster
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, if the Symfony app stops in the middle of the invalidation logic, we lose the keys to invalidate.
This PR fixes the invalidation logic by making it eventually consistent, and also more scalable thanks to using `SSCAN` instead of `SMEMBERS` when iterating over the items to delete.
The eventual consistency happens when the same tag is invalidated again. We could improve this eg by garbage collecting also when saving and deleting an item but I'll let this as an exercise for a future contributor :)
/cc `@andrerom` in case you'd like to have a look.
Commits
-------
5f2d5e0437 [Cache] fix eventual consistency when using RedisTagAwareAdapter with a cluster
This PR was submitted for the 5.4 branch but it was merged into the 4.4 branch instead.
Discussion
----------
[Translation][Validator] Add ExpressionLanguageSyntax English and French
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Add ExpressionLanguageSyntax validator translation: english (reference file) and french.
Commits
-------
5f15f5d65d [Validator][Translation] Add ExpressionLanguageSyntax en and fr
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Disable locking on Windows by default
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40573
| License | MIT
| Doc PR | -
Commits
-------
dffde22329 [Cache] Disable locking on Windows by default
This PR was merged into the 4.4 branch.
Discussion
----------
[MonologBridge] Fix the server:log help --filter sample
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | N/A
Commits
-------
bc383215a3 [MonologBridge] Fix the server:log help --filter sample
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpKernel] [HttpCache] Keep s-maxage=0 from ESI sub-responses
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When the `ResponseCacheStrategy` is merging ESI surrogates and the master response, it treats `s-maxage=0` as if no `s-maxage` has been set.
The result is that for a main and a surrogate response that both are `public, s-maxage=0`, the result will only be `public`, with no further expiration time.
https://datatracker.ietf.org/doc/html/rfc7234#section-4.2.2 allows caches to assign a _heuristic expiration time_ when no explicit expiration time has been given but the response has been marked as explicitly cacheable with `public`. Clearly, such a heuristic was _not_ intended or desired when `public, s-maxage=0` was given.
This PR ensures that `s-maxage=0` is passed along with the resulting response.
### Some notes on `s-maxage=0`
You might argue that `s-maxage=0` does not make sense on a response.
According to https://datatracker.ietf.org/doc/html/rfc7234#section-3.2, `s-maxage=0` is a valid setting to ensure that a cached response "cannot be used to satisfy a subsequent request without revalidating it on the origin server".
This setting can be used to keep responses in edge caches/CDNs, but to re-validate on every request. The bottom line result can still be faster (304 + response already at the edge vs. fetch response from origin).
To my understanding, the difference between `s-maxage=0` and `must-revalidate` is that a "disconnected" cache (one that cannot contact the origin server) _must not_ use a stale response when `must-revalidate` is used, but _is not prohibited_ from doing so for `s-maxage=0` (https://datatracker.ietf.org/doc/html/rfc7234#section-4.2.4). In other words, `must-revalidate` is not exactly the same as (or the "right" way instead of) `s-maxage=0`.
In the special case of ESI (composite) responses, revalidation is not possible (no `ETag`, no `Last-Modified`). But, as explained above, it is still important to pass on the explicit expiration time, instead of having no value for it.
Commits
-------
ee7bc0272e [HttpKernel] [HttpCache] Keep s-maxage=0 from ESI sub-responses
This PR was merged into the 4.4 branch.
Discussion
----------
[VarDumper] Fix tests for PHP 8.1
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Part of #41552 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | N/A
Commits
-------
f2b0822401 [VarDumper] Fix tests for PHP 8.1
This PR was merged into the 4.4 branch.
Discussion
----------
Pin masterminds/html5 to the master branch for PHP 8.1
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Our tests on PHP 8.1 require the changes I've made in Masterminds/html5-php#207. Unfortunately, Composer will not pick a version with those changes because of the reasons described in Masterminds/html5-php#209. This PR adds a small workaround to the PHP 8.1 job which I'll happily revert as soon as Masterminds/html5-php#209 is resolved.
Commits
-------
9c69e77805 Pin masterminds/html5 to the master branch for PHP 8.1
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Replace var_export with VarExporter to use array short syntax in secrets list files
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | _N/A_
| License | MIT
| Doc PR | _N/A_
I've been using secrets a lot lately. Unfortunately, command exports the `{env}.list.php` with the "old" array syntax using `array()`, and writing `null` in uppercase.
This results in tedious situations with PHP CS Fixer (for example) rewriting the whole file to restore the modern syntax, each time we add a secret.
The Sodium vault currently uses `var_export`. I suggest using Symfony VarExporter, which does the work just fine. It adds a dependency to the FrameworkBundle, but it is a cleaner way to do it rather than using [this type of hack](https://www.php.net/manual/fr/function.var-export.php#124194) IMO.
Commits
-------
7f1c76212f [FrameworkBundle] Replace var_export with VarExporter to use array short syntax
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] throw proper exception when decorating a synthetic service
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40784
| License | MIT
| Doc PR | -
Commits
-------
b763a29514 [DependencyInjection] throw proper exception when decorating a synthetic service
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] [DebugClassLoader] Do not check Phake mocks classes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | [Phake Issue #300](https://github.com/phake/phake/issues/300)
| License | MIT
| Doc PR | -
Similar issue as https://github.com/symfony/symfony/pull/38373 but with Phake mocking framework
Commits
-------
9ed93df77a [ErrorHandler][DebugClassLoader] Do not check Phake mocks classes
This PR was merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] fix handling the COMPOSER_BINARY env var when using simple-phpunit
| Q | A
| ------------- | ---
| Branch? | 4.4 and next
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41774
| License | MIT
Since the renaming of the simple phpunit file (from the shebang to the php file) in #31364, it looks like the change made from #36566 was lost as it seems to have been merged after.
So this PR is an attempt to "restore" that functionnality, as it was considered a bug fix on 3.4 at the time.
poke `@nicolas`-grekas
Commits
-------
9589b52a78 Reapply the change to allow to set the composer binary path