This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Passwords are not encoded when algorithm set to "true"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34725
| License | MIT
| Doc PR | -
If the algorithm is set to `true`, password will be encode as plain password.
```
security:
encoders:
App\User\User:
algorithm: true
```
The reason for this is the not strict comparison of php switches.
```
switch ($config['algorithm']) {
case 'plaintext':
}
```
`true == 'plaintext'` is `true`, so the first case is hit. My first solution was to cast the algorithm to a string, to prevent this. After some feedback I have catch this problem earlier and does not allow true as valid value to the algorithm option.
Ps. This is my first PR for Symfony, any feedback is welcome :-)!
Commits
-------
83a5517c01 [SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] do not validate passwords when the hash is null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34775
| License | MIT
| Doc PR |
Commits
-------
5699cb22bb do not validate passwords when the hash is null
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Use config variable in AnonymousFactory
| Q | A
| ------------- | ---
| Branch? | 4.4 and 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
It looks like the `AnonymousFactory` was copied incorrectly in https://github.com/symfony/symfony/pull/33503 as it uses the old `$firewall` variable available in `SecurityExtension.php`. Changing this to `$config` yields the desired results
Commits
-------
8d850d2da4 When set, get secret from config variable
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Set the parameter bag as resolved in ContainerLintCommand
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/34526, Closes#34767
| License | MIT
| Doc PR | -
Alternative to https://github.com/symfony/symfony/pull/34767, idea by @nicolas-grekas.
Commits
-------
e8d3c2b969 [FrameworkBundle] Set the parameter bag as resolved in ContainerLintCommand
* 4.4:
[Security/Core] Fix checking for SHA256/SHA512 passwords
[Cache][Lock] fix tests
bumped Symfony version to 4.4.2
updated VERSION for 4.4.1
updated CHANGELOG for 4.4.1
This PR was merged into the 4.3 branch.
Discussion
----------
[MonologBridge] Add test on ServerLogHandler
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | /
After writing https://github.com/symfony/symfony/pull/34697#issuecomment-559840469 I realized that ServerLogHandler wasn't tested.
Tell me if it's a BugFix and should be rebased on 4.3
Commits
-------
8c7947f827 Add test on ServerLogHandler
This PR was merged into the 3.4 branch.
Discussion
----------
Allow copy instead of symlink for ./link script
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
Not the most efficient way to work, but sometimes it helps to test a bug fix/feature within an existing project for which symlinks can't be resolved due to the dev environment (e.g: a Vagrant where only the current project directory is mounted).
Commits
-------
b28fe66363 Allow copy instead of symlink for ./link script
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] Fix checking for SHA256/SHA512 passwords
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
The code to validate bcrypt passwords (#31763) needs to include SHA256 and SHA512-hashed passwords. These are used on RedHat (and derived) systems.
Since SHA256/512 don't appear to have a limit of 72 characters, I simply created a new if() block.
-->
Commits
-------
799c85b67c [Security/Core] Fix checking for SHA256/SHA512 passwords
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix making the container path-independent when the app is in /app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34750, Fix#34611
| License | MIT
| Doc PR | -
Right now, we mandate the app to be nested in a directory of level 2 minimum. This means apps cannot be made path-independent if they are built in e.g. `/app`.
Commits
-------
b33b9a6ad9 [DI] Fix making the container path-independent when the app is in /app