This PR was submitted for the master branch but it was merged into the 3.4 branch instead.
Discussion
----------
Update security.he.xlf
Update Hebrew translation
Commits
-------
8d4c2f052d Update security.he.xlf
This PR was merged into the 5.1 branch.
Discussion
----------
Handle consecutive supports() calls in the RememberMeAuthenticator
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38206
| License | MIT
| Doc PR | -
If I read the issue correctly, the problem is not so much that `autoLogin()` is called in supports, but that it is called multiple times in the same request (in lazy firewalls). This is fixed by this issue.
@qurben or @fancyweb do you have an application with this error, and can you please test the patch in this PR? Please let me know if this actually fixed the issue. (if you can't, I'll create a small demo app to test this one)
Commits
-------
e0d1867b54 Handle consecutive supports() calls in the RememberMeAuthenticator
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Lock] Fix StoreFactory to accept same DSN syntax as AbstractAdapter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35350
| License | MIT
| Doc PR |
Updates `Symfony\Component\Lock\Store\StoreFactory` to accept same DSN syntax as `Symfony\Component\Cache\Adapter\AbstractAdapter` which is used to create Redis class instance.
Commits
-------
4ebbe3d86b [Lock] Fix StoreFactory to accept same DSN syntax as AbstractAdapter
This PR was merged into the 5.1 branch.
Discussion
----------
[5.1] Ignore more deprecations for Mockery mocks
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Continuation of https://github.com/symfony/symfony/pull/38377 on 5.1.
Commits
-------
58e6cb1ddc [5.1] Ignore more deprecations for Mockery mocks
This PR was merged into the 5.1 branch.
Discussion
----------
[PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
https://github.com/symfony/symfony/pull/38031 caused an unwanted regression: if the frame `class` matches `SymfonyTestsListenerFor` it used to always return, now it continues so the `originClass` and `originMethod` properties are set. Therefore, the deprecation is considered as coming from the test listener. It ends up in the "legacy" group and muted because the test listeners contains the word "Legacy" in their namespaces.
Example test:
```php
<?php
namespace App\Tests;
use PHPUnit\Framework\TestCase;
use Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher;
final class FooTest extends TestCase
{
public function test(): void
{
// ExtractingEventDispatcher is @internal
new class extends ExtractingEventDispatcher {};
$this->assertTrue(true);
}
}
```
On 4.4:
```
Other deprecation notices (1)
1x: The "Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher" class is considered internal. It may change without further notice. You should not use it from "Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher@anonymous".
```
On 5.1:
```
Legacy deprecation notices (1)
```
Commits
-------
1ba06a0f86 [PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
* 4.4:
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
* 3.4:
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] propagate validation groups to subforms
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38300
| License | MIT
| Doc PR |
Commits
-------
04f5698e29 propagate validation groups to subforms
e2c7c3373d [Form] [Validator] Add failing testcase to demonstrate group sequence issue
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] disallow FrameworkBundle 4.4+
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Since #34619 (merged in 4.4.1) the request stack can no longer be passed as an argument to the `HtmlErrorRenderer` constructor. However, FrameworkBundle 4.4 refuses to be used with WebProfilerBundle 3.4 since #34369 (merged in 4.4.0-RC1).
Commits
-------
ad45e9cfdd disallow FrameworkBundle 4.4+
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix unsetting context[ssl][peer_name]
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no (fixing a not released fix)
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/38375#issuecomment-702621658
| License | MIT
| Doc PR | -
/cc @bohanyang could you please confirm this fixes it?
Commits
-------
8eb8a7c400 [HttpClient] fix unsetting context[ssl][peer_name]
* 4.4:
[HttpClient] fix using proxies with NativeHttpClient
[4.4] Ignore more deprecations for Mockery mocks
[Routing] fix using !important and defaults/reqs in inline route definitions
[ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes
[HttpClient] Fix using https with proxies
[TwigBundle] Only remove kernel exception listener if twig is used
Adjust expired range check
Fix redis connection error message
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix using proxies with NativeHttpClient
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/38368#issuecomment-702272737, we cannot use local DNS resolution with HTTP proxies.
Commits
-------
28f301bf03 [HttpClient] fix using proxies with NativeHttpClient
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] fix using !important and defaults/reqs in inline route definitions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33224
| License | MIT
| Doc PR | -
Commits
-------
826db225b7 [Routing] fix using !important and defaults/reqs in inline route definitions
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpClient] Fix using https with proxies
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
| Doc PR | -
According to my test, when `request_fulluri` is set to true,
the host appears in the URL will be the Host header,
even if the Host header is set in the context http header.
Since HttpClient has its own DNS cache, the host inside the URL is usually an IP address.
So this can break many things.
```
{
"args": {},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip",
"Host": "3.211.1.78",
"User-Agent": "Symfony HttpClient/Native",
"X-Amzn-Trace-Id": "Root=1-5f75a59e-62c8c81e4490e09c700d6180"
},
"origin": "xxx.xxx.xxx.xxx",
"url": "https://3.211.1.78/get"
}
* Hostname was NOT found in DNS cache
* Added httpbin.org:0:3.211.1.78 to DNS cache
* Establish HTTP proxy tunnel to tcp://10.22.22.21:7777
> GET https://3.211.1.78/get HTTP/1.1
Accept: */*
Accept-Encoding: gzip
Host: httpbin.org
User-Agent: Symfony HttpClient/Native
< HTTP/1.1 200 OK
< Date: Thu, 01 Oct 2020 09:47:10 GMT
< Content-Type: application/json
< Content-Length: 300
< Connection: close
< Server: gunicorn/19.9.0
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
<
```
I've also found this https://github.com/guzzle/guzzle/issues/791
We can also create an option to make it customizable.
Commits
-------
7e0cd4e621 [HttpClient] Fix using https with proxies
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[TwigBundle] Only remove kernel exception listener if twig is used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/contao/contao/issues/1527
| License | MIT
| Doc PR |
In a setup using the template engine but not twig as the template engine no exceptions are logged. This is caused by the twig-bundle which removes the `exception_listener` service. For my understanding this should only happen if twig is used as template engine. This PR fixes the logic that only for the case where twig is enabled as template engine the http kernel exception listener is removed. Otherwise the twig exception listener got removed now.
Disclaimer: I'm not too deep into the details, so maybe I oversee something why it's implemented the way it is.
Commits
-------
7c34f6e866 [TwigBundle] Only remove kernel exception listener if twig is used
This PR was merged into the 5.1 branch.
Discussion
----------
[DI] Fix changelog
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This one's confusing with L7, the actual deprecation.
Commits
-------
d784b50da3 [DI] Fix changelog
This PR was merged into the 3.4 branch.
Discussion
----------
[BrowserKit] Cookie expiration at current timestamp
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
In `Symfony\Component\BrowserKit\Cookie` a cookie is expired if the `expires` timestamp is in the past. I would like to change it to also be expired if the `expires` timestamp equals the current exact timestamp. This would still be in line with [RFC 6265](https://tools.ietf.org/html/rfc6265#section-4.1.2.1), as it states `The Expires attribute indicates the maximum lifetime of the cookie, represented as the date and time at which the cookie expires`.
Reason for this change: Cookies usually both have `expires` and `Max-Age` set, and Symfony sets `Max-Age` to zero if a cookie is expired (in `Symfony\Component\HttpFoundation\Cookie`). When converting cookies between string and object representations, `Max-Age` is the preferred source of truth for the expiration, but `Max-Age` set to zero is converted to an `expires` timestamp at this exact second, currently making the cookie not expired in `Symfony\Component\BrowserKit\Cookie`, even though it should be.
I noticed this discrepancy in my tests when checking if a cookie no longer existed after deleting it, yet it was still there, because `Cookie` thought it would only expire after the `expires` timestamp had passed. I am also thinking of raising an issue for `Symfony\Component\HttpFoundation\Cookie`, as importing and exporting an expired cookie (via strings) changes the `expired` value. I thought this change was a simpler one for now, and should have no negative/unexpected impact.
Commits
-------
9d187c0d1a Adjust expired range check
This PR was merged into the 5.1 branch.
Discussion
----------
Remove CHANGELOG files for 4.x
| Q | A
| ------------- | ---
| Branch? | 5.0 (maintenance only)
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
See #36436
Commits
-------
e0f90b4032 Remove CHANGELOG files for 4.x
Fabien Potencier
Ben Hakim
Wouter de Jong
Joni Halme
Laurent VOULLEMIER
Nicolas Grekas
Thomas Calvet
Christian Flothmann
Johan de Ruijter
Bohan Yang
David Molineus
Roland Franssen
Andreas