This PR was merged into the 4.4 branch.
Discussion
----------
[DoctrineBridge] fix min version of http-kernel
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Required after #34257 and #34230
Commits
-------
69ba86ba66 [DoctrineBridge] fix min version of http-kernel
This PR was merged into the 4.4 branch.
Discussion
----------
[DoctrineBridge] Reopen DoctrineDataCollector to extensibility
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
DoctrineBundle is using it (0d20a98fb8/DataCollector/DoctrineDataCollector.php (L41)) and we don't want to prevent them from doing it.
Commits
-------
af021248bf [DoctrineBridge] Reopen DoctrineDataCollector to extensibility
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix after merge from 4.3
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
3c6dc96ab4 [HttpClient] fix after merge from 4.3
This PR was squashed before being merged into the 3.4 branch (closes#34135).
Discussion
----------
[Validator] Add the missing translations for the Hebrew ("he") locale and fix 2 typos
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#30166
| License | MIT
Ref #30166
Commits
-------
022cf67f19 [Validator] Add the missing translations for the Hebrew (\"he\") locale and fix 2 typos
* 4.3: (26 commits)
[Console] Fix#33915, Detect dimensions using mode CON if vt100 is supported
[HttpKernel][DataCollectorInterface] Ease compatibility
Add tests to ensure defaultLocale is properly passed to the URL generator
[DependencyInjection] Fix broken references in tests
[HttpClient] Retry safe requests when then fail before the body arrives
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
[Serializer] Fix property name usage for denormalization
Name test accordingly to the tested class
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
bumped Symfony version to 4.3.7
updated VERSION for 4.3.6
updated CHANGELOG for 4.3.6
bumped Symfony version to 3.4.34
updated VERSION for 3.4.33
update CONTRIBUTORS for 3.4.33
updated CHANGELOG for 3.4.33
[HttpClient] Fix perf issue when doing thousands of requests with curl
...
This PR was merged into the 4.3 branch.
Discussion
----------
[Console] Detect dimensions using mode CON if vt100 is supported
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33915
| License | MIT
This fixes color support detection for users of Win10 + git-bash. If vt100 support is detected, the terminal will not try to use `stty` to test for dimensions. Calling such command implicitly disables vt100 support on STDOUT.
Commits
-------
fdeceff85e [Console] Fix#33915, Detect dimensions using mode CON if vt100 is supported
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] Retry safe requests using HTTP/1.1 when HTTP/2 fails
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
cURL support of HTTP/2 is not as robust as HTTP/1.1. When doing >1k requests, the stream can break for buggy reasons. New versions of cURL are fixed already, but let's make our logic more resilient anyway, and switch to HTTP/1.1 when a *safe* request fails for send/recv reasons.
Commits
-------
9f7cd66004 [HttpClient] Retry safe requests when then fail before the body arrives
* 3.4:
[DependencyInjection] Fix broken references in tests
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
bumped Symfony version to 3.4.34
updated VERSION for 3.4.33
update CONTRIBUTORS for 3.4.33
updated CHANGELOG for 3.4.33
[Stopwatch] Fixed a bug in stopwatch event getStartTime
[Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods
Adding some validations tags on validators.et.xlf
add missing translation for 94 (it)
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Avoid using of kernel after shutdown in KernelTestCase
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #...
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
I had sadly something like this in my codebase:
```php
if (!static::$kernel) {
static::bootKernel();
}
```
As the $kernel is never set again to null a old $kernel was still there. I would not only set the $container also the $kernel variable to null. ~~As this could be a BC Break I'm targeting master~~.
Commits
-------
49b58ed45e Avoid using of kernel after shutdown
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] Also search for composer.phar in git root folder
| Q | A
| ------------- | ---
| Branch? | 4.4 for features
| Bug fix? | kindof
| New feature? | addition to existing feature
| Deprecations? | no
| Tickets | Related: https://github.com/symfony/symfony/issues/26637#issuecomment-390749681
| License | MIT
When you don't have a system `composer` installation, but a `composer.phar` in the project folder, you cannot use the `simple-phpunit` script from a subfolder of the project with e.g. `../vendor/bin/simple-phpunit`.
This change also searches for the `composer.phar` in the current git root folder if it was not found at any other places to increase the likelihood of it being found.
Commits
-------
97fd204d16 [PhpUnitBridge] Also search for composer.phar in git root folder
This PR was merged into the 4.4 branch.
Discussion
----------
[VarDumper] display the method we're in when dumping stack traces
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR adds the line in blue:
Without it, we're missing some context as the method is from a trait. This allows knowing which class is actually importing and using the method.
Commits
-------
23600cc8e1 [VarDumper] display the method we're in when dumping stack traces
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorRenderer] Show generic message in non-debug mode
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I agree with @Tobion here https://github.com/symfony/symfony/pull/34158#issuecomment-548181099, so let's always show the detail message, but for 5xx errors we'll send a generic message instead.
/cc @dunglas wdyt?
Commits
-------
45f1a5ee06 Show generic message in non-debug mode
This PR was squashed before being merged into the 4.4 branch (closes#33732).
Discussion
----------
[Console] Rename some methods related to redraw frequency
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In #26339 we added `preventRedrawFasterThan()` and `forceRedrawSlowerThan()`. While merging the docs for them (https://github.com/symfony/symfony-docs/pull/12364) I thought that the method names are a bit hard to understand.
In this PR I propose a renaming for your consideration. Thanks!
In the following example, we want to update the progress bar every 100 iterations, but not faster than 100ms or slower than 200ms.
**Before**
```php
$progressBar = new ProgressBar($output, 50000);
$progressBar->start();
$progressBar->setRedrawFrequency(100);
$progressBar->preventRedrawFasterThan(0.1);
$progressBar->forceRedrawSlowerThan(0.2);
```
**After**
```php
$progressBar = new ProgressBar($output, 50000);
$progressBar->start();
$progressBar->setRedrawFrequency(100);
$progressBar->maxRefreshInterval(0.1);
$progressBar->minRefreshInterval(0.2);
```
Commits
-------
e6ee7b07f3 [Console] Rename some methods related to redraw frequency
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing][Config] Allow patterns of resources to be excluded from config loading
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #31516
| License | MIT
| Doc PR | not yet
The PR will fix the following RFC: #31516
Like resource loading for services, this PR offers a way to exclude patterns of resources like:
```yml
// config/routes/annotations.yaml
controllers:
resource: ../../src/Controller/*
type: annotation
exclude: '../src/Controller/{DebugEmailController}.php'
```
All the annotation routes inside `Controller/` will be loaded in this example except all the one present inside the `Controller/DebugEmailController.php`
Commits
-------
332ff8811c [Routing][Config] Allow patterns of resources to be excluded from config loading
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Add compiler pass and command to check that services wiring matches type declarations
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27744
| License | MIT
| Doc PR |
PR replacing https://github.com/symfony/symfony/pull/27825.
It adds a `lint:container` command asserting the type hints used in your code are correct.
Commits
-------
8230a1543e Make it really work on real apps
4b3e9d4c96 Fix comments, improve the feature
a6292b917b [DI] Add compiler pass to check arguments type hint
This PR was merged into the 4.3 branch.
Discussion
----------
[Messenger] fix retry of messages losing the routing key and properties
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#32994 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR |
Messages sent for retry in rabbitmq lost the routing key and properties like the priority. Now we read those original properties and sent the retry message with the same properties (unless those properties have already been set manually before).
Commits
-------
75c674debc [Messenger] fix retry of messages losing the routing key and properties
This PR was merged into the 3.4 branch.
Discussion
----------
Adding some validations tags on validators.et.xlf
| Q | A
| ------------- | ---
| Branch? | 4.4 for features / 3.4 or 4.3 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/30160
| License | MIT
I saw an issue in the **Issues Page** and i want to help to improve the repository, even with a simple modification
Commits
-------
16bd71b5b1 Adding some validations tags on validators.et.xlf
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] add missing translation for 94 (it)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | not needed
Italian translation for validator is missing last item (id 94)
Commits
-------
1dc7ce1159 add missing translation for 94 (it)
This PR was merged into the 3.4 branch.
Discussion
----------
[Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34087
| License | MIT
| Doc PR | N/A
When running multiple periods in StopwatchEvent (start multiple times and not stop them all), the getDuration() method would return unexpected values.
This was because at every stop, the last entry in the `started` array was removed, while the `getDuration` method was still expecting all the started events to still be there.
Now, when calling `getDuration`, the duration of all the finished periods are added together with the unfinished counts.
Commits
-------
af00d8deab [Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods
This PR was squashed before being merged into the 4.3 branch (closes#34165).
Discussion
----------
[PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When an annotation is declared as `int[]|null`, it is handled like `(int|null)[]|null`. So array values are also nullable.
Now this behavior is fixed that `int[]|null` is either a collection of integers only or null.
How to reproduce:
```php
class Dummy
{
/** @var int[]|null */
public $nullableCollectionOfNonNullableElements;
}
/** @var Type[] $types */
$types = (new PhpDocExtractor())->getTypes(Dummy::class, 'nullableCollectionOfNonNullableElements');
$collectionType = $types[0];
assert($collectionType->isCollection() === true); // OK
assert($collectionType->isNullable() === true); // OK
assert($collectionType->getCollectionValueType()->getBuiltinType() === Type::BUILTIN_TYPE_INT); // OK
assert($collectionType->getCollectionValueType()->isNullable() === false); // FAILED
```
Commits
-------
5e394c40f0 [PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
This PR was merged into the 3.4 branch.
Discussion
----------
[Stopwatch] Fixed a bug in StopwatchEvent::getStartTime
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34088
| License | MIT
| Doc PR | N/A
When using a `StopwatchEvent` with an `$origin` that's smaller than the first start time, calling `getStartTime()` before ending the event will give `0` instead of the correct number.
The proposed fix in #34088 fixes this.
Commits
-------
b2b7eab949 [Stopwatch] Fixed a bug in stopwatch event getStartTime
* Added a hardcoded day 01 in order to output the proper month November
which is the correct EOL and EOM month.
* \DateTime::createFromFormat('mY') will output December for every month
where day 31 exists.
This PR was merged into the 4.4 branch.
Discussion
----------
Add new Form WeekType
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #32029
| License | MIT
| Doc PR | <!--symfony/symfony-docs#...--> coming soon
----
#### Update
After the first try, I've updated the field to have more options, and be more "straight".
The field acts like the `DateTimeType` or `TimeType`, various fields type (pure text, html5 type, select boxes), data validation, ....
For that I took the choice to update the `DateTimeToStringTransformer` and `DateTimeToArrayTransformer` to make them work with weeks format.
I was not sure if it was better to update them or create new ones, WDYT?
Before addind tests and docs, it would be nice to have your first thoughts/comments 😊
Do you need/want a small test repo?
Commits
-------
c4a2f026e0 Add new Form WeekType
This PR was merged into the 4.4 branch.
Discussion
----------
Form theme: support Bootstrap 4 custom switches
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12464
Hello,
At the moment, Symfony form theme supports [custom checkboxes](https://getbootstrap.com/docs/4.3/components/forms/#checkboxes) through an extra class in `label_attr`.
Bootstrap4 introduced also [custom switches](https://getbootstrap.com/docs/4.3/components/forms/#switches), which has exactly the same HTML markup, but use a different class. This PR slightly modify `bootstrap_4_layout` to handle it.
Some reasons why I think supporting those have its place in Symfony:
- those are getting common in UI right now, it is a common use case
- it is complementary to normal checkboxes, and works the same way: required attribute, validation error, and so on are supported immediately
- implementing it yourself in your form theme is actually tricky, because of the way checkbox are handled (ie., `form_label` called inside `form_widget` with a `{ widget: parent() }`). You have to overwrite the whole fragment, otherwise you get an infinite recursion.
Finally, some screenshots and code examples.
Custom checkbox (as at the moment):
```php
->add('test', CheckboxType::class, [
'label_attr' => [
'class' => 'checkbox-custom',
],
])
```
Custom switch (proposed):
```php
->add('test', CheckboxType::class, [
'label_attr' => [
'class' => 'switch-custom',
],
])
```
Commits
-------
99f59e262f Supporting Bootstrap 4 custom switches
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Add ability to choose behavior of decorations on non existent decorated services
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #33522
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12442
# Handling decorations on non existent decorated services
Handle decorations on non existent decorated services by either throwing the service not found exception, silently ignoring services (decorator & decorated) all together or leave the decorated service to null (current behavior)
Something almost similar to how missing services as parameters are handles.
## Yaml configuration
```yaml
decorator:
decorates: decorated
decoration_on_invalid: ignore
```
Available values: `exception`, `ignore`, `null`. `exception` if nothing is specified.
## Xml configuration
```xml
<service id="decorator" decorates="decorated" decoration-on-invalid="ignore" />
```
Available values: `exception`, `ignore`, `null`. `exception` if nothing is specified.
## Behavior
- `exception`: Throws a `ServiceNotFoundException` telling that the decorator's dependency is missing
- `ignore`: Remove decorator definition. Decorator and decorated will not be available at all.
- `null`: Keep decorator but set decorated to null. Therefore, decorator `__construct` should be written with a nullable decorated dependency (`public function __contruct(?DecoratedInterface $decorated) {}`) and check should be done in other methods
Commits
-------
f167c77eaf Handle non existent decorated services
This PR was squashed before being merged into the 4.3 branch (closes#34035).
Discussion
----------
[Serializer] Fix property name usage for denormalization
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Using the `@SerializedName()` and passing it an existing property name affects the deserialization even if `@Groups()` are not supposed to be involved.
## How to reproduce
Given the following class
```php
class Foo
{
/**
* @Group("list")
*/
private $bar;
public function setBar($bar)
{
$this->bar = $bar;
}
public function getBar()
{
return $this->bar;
}
/**
* @Groups({"list:export"})
* @SerializedName("bar")
*/
public function getBarForExport()
{
return $this->bar.' Rocks';
}
}
```
This allow us to change the content of the property based on the normalization context.
```php
$obj = new Foo();
$obj->setBar('Api Platform');
$data = $normalizer->normalize($obj, null, ['groups' => ["list"]]);
// $data => ['bar' => 'Api Platform'] as expected
$data = $normalizer->normalize($obj, null, ['groups' => ["list:export"]]);
// $data => ['bar' => 'Api Platform Rocks'] as expected
$obj = $normalizer->denormalize(['bar' => 'Api Platform'], Foo::class, null, ['groups' => ['list']]);
// $obj->getBar() would return null instead of 'Api Platform' as expected.
```
Commits
-------
8ca4a3f345 [Serializer] Fix property name usage for denormalization
This PR was merged into the 4.4 branch.
Discussion
----------
Fix typo
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
327a13cac0 Fix typo
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] extract worker logic to listener and get rid of SendersLocatorInterface::getSenderByAlias
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#32077 and #31848
| License | MIT
| Doc PR |
as discussed with @weaverryan sending messages for retry and failure directly to transport instead of redispatching on the bus makes things much cleaner
Commits
-------
d7e0f98cd0 [Messenger] extract worker logic to listener and sent messages for retry and failure directly to transport instead of redispatching on the bus
This PR was squashed before being merged into the 4.4 branch (closes#34155).
Discussion
----------
Revert SyncTransport simplification and fix properly
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34115 (and also related to #34066)
| License | MIT
| Doc PR | Not needed
In #34069, I made `SyncTransport` simpler by removing that transport class and making the whole things a config trick. I felt GREAT about that solution... until i realized two big problems:
1) It kills using env vars for `sync://` because we read the config values at build time - #34115 - that could probably be fixed by adding a factory, but then there is also the next problem
2) If someone routed a message to `[async, sync]` (weird, but allowed), my #34069 config solution basically maps this internally to `[async]`, which actually causes the message to *not* be handled immediately. Basically, my solution only worked if you route a message ONLY to one sync transport, but fails if you route to multiple transports.
So... this fixes things in a less-cool, but sensible way:
A) The first commit reverts #34069 exactly
B) The second commit solves the issue that we need to know if a message is being handled in a "worker" context or not, so middleware can decide if they should reset things before/after handling things. Previously we were using `ReceivedStamp` to know this. But because `SyncTransport` also "receives" the message and adds this stamp, it's not enough. To fix this, I added a new `ConsumedByWorkerStamp` that clearly means: "This message is being handled by a worker" (and so, you might want to "reset" some things before/after handling).
Thanks!
Commits
-------
01a9fefe77 Adding ConsumedByWorkerStamp as way to mark a message in a "worker context"
38f19a960c Revert "[Messenger] Removing "sync" transport and replacing it with much nicer config trick"
This PR was merged into the 4.4 branch.
Discussion
----------
[VarDumper] Do not dump the EventDispatcher
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
31c402a003 [VarDumper] Do not dump the EventDispatcher
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] add DeflateMarshaller - remove phpredis compression
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
phpredis compression doesn't play well with lua scripting as used in #33939
Let's remove it and provide a `DeflateMarshaller` instead.
Ppl can use it via decoration:
```yaml
services:
Symfony\Component\Cache\Marshaller\DeflateMarshaller:
decorates: cache.default_marshaller
arguments: ['@Symfony\Component\Cache\Marshaller\DeflateMarshaller.inner']
```
It's not enabled by default because that might break pools that are shared between different apps.
/cc @andrerom FYI
Commits
-------
452c863639 [Cache] add DeflateMarshaller - remove phpredis compression
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix regexp for anonymous services with no class set
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Follows #33782
Commits
-------
a302d2050e [DI] fix regexp for anonymous services with no class set
This PR was merged into the 4.3 branch.
Discussion
----------
[4.3] Remove unused local variables
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Follow up of https://github.com/symfony/symfony/pull/34105 on 4.3.
Commits
-------
58161b8eec [4.3] Remove unused local variables
* 4.3:
[Config] Disable default alphabet sorting in glob function due of unstable sort
[HttpClient] always return the empty string when the response cannot have a body
[TwigBundle][exception] Added missing css variable to highlight line in trace
[Serializer] Improve messages for unexpected resources values
[SecurityBundle] correct types for default arguments for firewall configs
* 3.4:
[Config] Disable default alphabet sorting in glob function due of unstable sort
[Serializer] Improve messages for unexpected resources values
[SecurityBundle] correct types for default arguments for firewall configs
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Config] Disable default alphabet sorting in glob function due of unstable sort
…table sort
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#33990 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | no <!-- required for new features -->
`\Symfony\Component\Config\Resource\GlobResource::getIterator` loads files using `glob` not it the stable sorting, e.g several files: `doctrine.yml` and `doctrine_mongodb.yaml` in `config/packages` folder.
On requests these files come(randomly) in a different order, which leads to reinitialization of symfony kernel in `dev` environment. It's a little bit annoying and takes a lot of time in a common :(
<!--
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
3bed0247c0 [Config] Disable default alphabet sorting in glob function due of unstable sort
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] allow configuring the session handler with a DSN
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
```yaml
framework:
session:
handler_id: 'redis://localhost'
handler_id: '%env(REDIS_URL)%'
handler_id: '%env(DATABASE_URL)%'
handler_id: 'file://%kernel.project_dir%/var/sessions'
```
etc.
the database connection is not shared with the ORM (don't mess with transactions.)
redis/memcached connections are shared between cache and session.
(as a reminder, cache and ORM share the db connection: we're ok with trashing the cache on a rollback)
Lock-related changes are a follow up of #34043.
(fabbot failure is false positive)
Commits
-------
de9c61f423 [HttpFoundation][FrameworkBundle] allow configuring the session handler with a DSN
This PR was squashed before being merged into the 4.4 branch (closes#32107).
Discussion
----------
[Validator] Add AutoMapping constraint to enable or disable auto-validation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #32070, #32015 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | todo
As discussed in #32070 and #32015, it's sometimes mandatory to prevent some classes or properties to be auto mapped (auto-validated). This PR introduces a new constraint, `@AutoMapping` allowing to do exactly that. Examples:
Class:
```php
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as Assert;
/**
* @ORM\Entity
* @Assert\AutoMapping(false)
*/
class DoctrineLoaderNoAutoMappingEntity
{
/**
* @ORM\Id
* @ORM\Column
*/
public $id;
/**
* @ORM\Column(length=20, unique=true)
*/
public $maxLength;
}
```
Property:
```php
namespace Symfony\Bridge\Doctrine\Tests\Fixtures;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
use Symfony\Component\Validator\Constraints as Assert;
/**
* @ORM\Entity
*/
class DoctrineLoaderEntity extends DoctrineLoaderParentEntity
{
/**
* @ORM\Id
* @ORM\Column
*/
public $id;
/**
* @ORM\Column(length=10)
* @Assert\AutoMapping(false)
*/
public $noAutoMapping;
}
```
The rules are the following:
* If the constraint is present on a property, and set to true, auto-mapping is always on, regardless of the config, and of any class level annotation
* If the constraint is present on a property, and set to false, auto-mapping is always off, regardless of the config, and of any class level annotation
* If the constraint is present on a class, and set to true, auto-mapping is always on except if a the annotation has been added to a specific property, and regardless of the config
* If the constraint is present on a class, and set to false, auto-mapping is always off except if a the annotation has been added to a specific property, and regardless of the config
Commits
-------
f6519ce88b [Validator] Add AutoMapping constraint to enable or disable auto-validation
This PR was merged into the 4.3 branch.
Discussion
----------
[TwigBundle][exception] Added missing css variable to highlight line in trace
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
---
To get the yellow background
Commits
-------
5f19501 [TwigBundle][exception] Added missing css variable to highlight line in trace
This PR was merged into the 4.4 branch.
Discussion
----------
Re-allow to use "tagged" in service definitions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Re-allow to use `tagged` in 4.4 and 5.0. It makes it easier for bundles to support both Symfony 4.3- and Symfony 4.4+.
Needed to make API Platform compatible with Symfony 5 (api-platform/core#3009)
Commits
-------
7b7dc0df9a Re-allow to use "tagged" in service definitions
This PR was merged into the 4.4 branch.
Discussion
----------
[Lock][Cache] Allows URL DSN in PDO adapters
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
This PR duplicate a feature from PdoSessionHandler that convert URL DSN ( ie. mysql://localhost/test) into PDO DSN (ie. mysql:host=localhost;dbname=test)
that would ease configuration by using the same well-known variable
```
framework:
lock: '%env(DATABASE_URL)%'
```
note: I applied the same change on Cache component for consistency.
Commits
-------
474daf976e Allows URL DSN in Lock and Cache
This PR was squashed before being merged into the 4.3 branch (closes#33828).
Discussion
----------
[DoctrineBridge] Auto-validation must work if no regex are passed
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Backport of https://github.com/symfony/symfony/pull/32107/files#r295762928.
This behavior if faulty, if no regex are passed, autvalidation must be triggered, [as done in `PropertyInfoLoader`](https://github.com/symfony/symfony/blob/4.3/src/Symfony/Component/Validator/Mapping/Loader/PropertyInfoLoader.php#L50).
Commits
-------
5ed7d6c759 [DoctrineBridge] Auto-validation must work if no regex are passed
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorRenderer] Security fix: hide sensitive error messages
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This PR fixes a security issue. Exception messages must not be displayed except when debugging, because they can contain sensitive data including credentials.
For instance, PDO and Doctrine throw exception with message such as `The details are: SQLSTATE[HY000] [1045] Access denied for user 'root'@'db.example.com' (using password: NO)` revealing internal details about the infrastructure usful for an attacker.
Also, I still think that ErrorRenderer should be removed in favor of using the Serializer directly (see https://github.com/symfony/symfony/pull/33650#issuecomment-534441889). I'll try to open some PRs to do that in tomorrow.
Commits
-------
d7d7f22 [ErrorRenderer] Security fix: hide sensitive error messages
This PR was merged into the 4.3 branch.
Discussion
----------
[OptionsResolver] Fix an error message to be more accurate
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30432
| License | MIT
| Doc PR | -
Follow-up https://github.com/symfony/symfony/pull/30442 for 4.3
Commits
-------
1be68a752a Fix an error message to be more accurate
* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] correct types for default arguments for firewall configs
| Q | A
| ------------- | ---
| Branch? | 3.4 (and forward)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Up until now, the default template arguments in the `security.firewall.config` abstract service definition have been each defined (aside from the argument for `$listeners` which is given a `collection` type) in the XML as
```xml
<argument />
```
which resolves to an empty string, despite that some of the arguments are typed to being either `bool` or `array|null` on the `Symfony\Bundle\SecurityBundle\Security\FirewallConfig` class itself.
This wouldn't be so much of a problem if the child definitions that use this as a template overrode all the arguments every time, but in the case of firewall configs that mark security as _not_ being enabled, [only the first few arguments are overwritten](https://github.com/symfony/symfony/blob/3.4/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php#L349-L352), so firewall config objects that do not have security enabled are instantiated by the DI container with parameters with some of the wrong types.
In general this wouldn't be an issue, as firewalls with security not enabled would not usually be consumed in a context where further security-related config were needed, but there is a case in `Symfony\Bundle\SecurityBundle\DataCollector\SecurityDataCollector` where the method `getSwitchUser()` on the firewall config object [can be called](https://github.com/symfony/symfony/blob/3.4/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php#L181) without checking first whether the firewall has security enabled, which leads to an exception being thrown:
```
Symfony\Component\Debug\Exception\ContextErrorException
Warning: Illegal string offset 'parameter'
in vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php (line 184)
```
which is down to the firewall config being set with an empty string rather than `null` (in which case the logic here would function as expected).
It seemed most appropriate as a fix (especially given possible introduction of scalar type hints in the future) to apply types to the default arguments so that it was no longer possible to instantiate a firewall config object with parameters of unexpected types.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
6b7044fc01 [SecurityBundle] correct types for default arguments for firewall configs
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Made the configuration more robust for the 'property' key
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34092
| License | MIT
| Doc PR |
Commits
-------
0c31ff007e [Workflow] Made the configuration more robust for the 'property' key
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A `304` is the final response code.
This PR implements the same logic as curl.
Commits
-------
50a88c59f6 [HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Allow to stick to a specific password hashing algorithm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33054
| License | MIT
| Doc PR | todo
Allows using `argon2i`, `argon2id` and `bcrypt`.
Commits
-------
6712d1e504 [Security] Allow to set a fixed algorithm
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] add fast path when encoded password cannot match anything
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Only `MessageDigestPasswordEncoder` and `Pbkdf2PasswordEncoder` need this fast path: the sodium and the native encoders already implement it natively.
When a migrating encoder is used, a failed password validation fallbacks to all encoders. This makes the process slower than needed currently.
Commits
-------
c57f8f7f93 [Security/Core] add fast path when encoded password cannot match anything
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, env vars that override encrypted secrets must en up with `_SECRET`.
This PR removes this convention. It also enforces that only vars defined in the vault can be overriden locally. This means one cannot set a local-only secret.
Commits
-------
2ec9647e75 [FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
