This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Don't require a user provider for the anonymous listener
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34504
| License | MIT
| Doc PR | -
Forgotten when adding the AnonymousFactory in #33503
Commits
-------
0950cfbc65 [SecurityBundle] Don't require a user provider for the anonymous listener
This PR was merged into the 4.4 branch.
Discussion
----------
Add missing defaultPriorityMethod field in TaggedIteratorArgument
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
#SymfonyHackday
Commits
-------
f5bd421597 Add missing defaultPriorityMethod field in TaggedIteratorArgument
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][ContainerLint] Keep "removing" compiler passes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34498
| License | MIT
| Doc PR | -
Removing "removing" compiler passes when debug is off (why only in this case btw?) means that the container is never cleaned (the important thing being the "remove unused definitions" pass), leaving it in a "dirty" state. What is the point of testing a container that is different than the one that will be used anyway? 🤔
Making this truely work btw means that 100% of Symfony's declared services must end up valid whether they are used or not and in all combinations possible. I guess that should be the goal but from what I could test in the last hour, that will be a lot of work. However, there are definitely some fixes to do in our services declarations that we can detect thanks to this "bug".
Commits
-------
59d677182e [FrameworkBundle][ContainerLint] Keep removing compiler passes
This PR was merged into the 4.4 branch.
Discussion
----------
[Dotenv] don't fail when referenced env var does not exist
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34537
| License | MIT
| Doc PR |
Commits
-------
8026609dc9 don't fail when referenced env var does not exist
This PR was squashed before being merged into the 4.3 branch (closes#34547).
Discussion
----------
[Messenger] Error when specified default bus is not among the configured
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This is a bug fix because the error occurs during the di compilation anyway.
Commits
-------
dd92d2bb10 [Messenger] Error when specified default bus is not among the configured
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] remove return type declaration from __sleep()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34478
| License | MIT
| Doc PR |
Commits
-------
bedad35e59 remove return type declaration from __sleep()
This PR was merged into the 3.4 branch.
Discussion
----------
Remove some unused methods parameters
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR removes some useless private method parameters.
Commits
-------
026730e913 Remove some unused methods parameters
This PR was squashed before being merged into the 3.4 branch (closes#34385).
Discussion
----------
Avoid empty "If-Modified-Since" header in validation request
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Just noticed that when a response has been cached that is `public` and has an `maxAge` but does _not_ provide `Last-Modified`, the validation subrequest will have an empty `If-Modified-Since` header value.
Commits
-------
960faef66f Avoid empty \"If-Modified-Since\" header in validation request
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] group constraints when calling the validator
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Follow up of https://github.com/symfony/symfony/pull/34081
Spotted during the workshop at SymfonyCon, while trying to fix deprecation notices on symfony-demo:
the Form component currently passes constraints one by one for validation, effectively preventing the validator from taking care of cross-constraints dependencies.
This PR fixes it.
This will prevent ppl from having to fix things like
> Using the "Symfony\Component\Validator\Constraints\Length" constraint with the "min" option without setting the "allowEmptyString" one is deprecated and defaults to true. In 5.0, it will become optional and default to false.
Commits
-------
d15f77f33e [Form] group constraints when calling the validator
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Fix best encoder not wired using migrate_from
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Thanks @wouterj for spotting it.
Commits
-------
4132a60392 [Security] Fix best encoder not wired using migrate_from
* 4.3:
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Perform no deep merging of bus middleware
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This change helps in case one needs to configure a bus differently for a custom environment while keeping existing handlers attached by name.
Commits
-------
c264583f28 [Messenger] Perform no deep merging of bus middleware
This PR was squashed before being merged into the 4.4 branch (closes#34405).
Discussion
----------
[HttpFoundation] Added possibility to configure expiration time in redis session handler
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Add possibility to manually configure expiration time in redis session handler.
Commits
-------
4a9d947b1a [HttpFoundation] Added possibility to configure expiration time in redis session handler
This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] catch exceptions when using PDO directly
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fixsymfony/symfony-docs#12632
| License | MIT
| Doc PR |
Commits
-------
5c1f5594f5 catch exceptions when using PDO directly
* 4.3:
[HttpFoundation] fix docblock
Fix MySQL column type definition.
Link the right file depending on the new version
[Config] fix id-generation for GlobResource
[Finder] Allow ssh2 stream wrapper for sftp
[DI] Use reproducible entropy to generate env placeholders
[WebProfilerBundle] Require symfony/twig-bundle
bumped Symfony version to 4.3.9
updated VERSION for 4.3.8
updated CHANGELOG for 4.3.8
bumped Symfony version to 3.4.36
updated VERSION for 3.4.35
updated CHANGELOG for 3.4.35
* 3.4:
Link the right file depending on the new version
[Finder] Allow ssh2 stream wrapper for sftp
[WebProfilerBundle] Require symfony/twig-bundle
bumped Symfony version to 3.4.36
updated VERSION for 3.4.35
updated CHANGELOG for 3.4.35
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Cache] Redis Tag Aware warn on wrong eviction policy
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| Deprecations? | no
| Tickets | n.a.
| License | MIT
| Doc PR | n.a.
Adds validation to make sure Redis has been setup with the supported eviction policy to avoid surprises when cache suddenly is inconsistent.
This PR replaces #34178, and instead of checking in constructor and throwing it only checks on save, warns about this and refuses to save cache as suggested on the other PR.
TODO:
- [x] ~Adapt test setups for this to set correct eviction policy~ _It already uses default noeviction_
Commits
-------
e77f6de1e8 [Cache] Redis Tag Aware warn on wrong eviction policy
This PR was merged into the 4.3 branch.
Discussion
----------
[Config] fix id-generation for GlobResource
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I never encountered any issues related to this but still, it's a fix.
Commits
-------
6adbfa2ae7 [Config] fix id-generation for GlobResource
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] dont check cache freshness more than once per process
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
While running some functional tests in a loop, I noticed that half the time is spent computing cache freshness. This makes no sense - this mechanism is supposed to run once per process.
Here is the Blackfire comparison:
https://blackfire.io/profiles/compare/a4f2eb44-ae85-440b-ae87-edf43c2b2ef7/graph
Commits
-------
7f9556ce19 [HttpKernel] dont check cache freshness more than once per process
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] Allow symfony/service-contracts v2
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
In Symfony 4.4 applications, the Form component currently prevents the installation of `symfony/service-contracts` 2.0.0. That should not be the case.
Commits
-------
4755e160be [Form] Allow symfony/service-contracts v2.
* 4.3:
[Console] Constant STDOUT might be undefined.
Allow returning null from NormalizerInterface::normalize
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
This PR was merged into the 3.4 branch.
Discussion
----------
Allow returning null from NormalizerInterface::normalize
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes?
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Looking at the code, it seems that a normalizer might be called with a `null` value for `$data`, and thus it's only sensible that it be allowed to return `null` too:
7064ff35f2/src/Symfony/Component/Serializer/Serializer.php (L141-L148)
Updating the phpdoc to match.
Commits
-------
1c8edc55ad Allow returning null from NormalizerInterface::normalize
* 3.4:
[HttpFoundation] fix guessing mime-types of files with leading dash
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] merge and remove the ErrorRenderer component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR supersedes #34288.
Here is what it does:
- Merge the `ErrorRenderer` component into `ErrorHandler`
- Add `ErrorRendererInterface::render(\Throwable $e): FlattenException` and refactor error renderers around it.
- Add `FlattenException::setAsString()` to make the previous possible.
- Add `CliErrorRenderer` to render error on the CLI too. This means `VarDumper` is now a required dependency of `ErrorHandler`. This paves the way to use it also for rendering HTML - the logic there is much more advanced than what `HtmlErrorRenderer` provides and ever should provide.
- Make `BufferingLogger` map its collected logs to `error_log()` if they are not emptied before.
- Remove some classes that are not needed anymore (`ErrorRenderer`, `ErrorRendererPass`, `HtmlErrorRendererInterface`)
- Simplified the logic in `Debug::enable()` - nobody uses its arguments
- Fix a few issues found meanwhile.
With these changes, the component can be used standalone. One is now able to require only it, register it either with either `ErrorHandler::register()` or `Debug::enable()` and profit.
Commits
-------
d1bf1cada4 [ErrorHandler] help finish the PR
6c9157bbc2 [ErrorHandler] merge and remove the ErrorRenderer component
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] make ExceptionEvent able to propagate any throwable
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
An alternative to #34306.
As a reminder, the goal of this series of PRs is to remove the `FatalThrowableError` wrapper that we introduced to seamlessly handle throwables when they were introduced in PHP 7.
From the changelog of `HttpKernel`:
* Deprecated methods `ExceptionEvent::get/setException()`, use `get/setThrowable()` instead
* Deprecated class `ExceptionListener`, use `ErrorListener` instead
And the final target: removed `Symfony\Component\ErrorHandler\Exception\ErrorException` (`FatalThrowableError` is already deprecated.)
Commits
-------
6f67f0e0c0 [HttpKernel] make ExceptionEvent able to propagate any throwable
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Fix defining multiple roles per access_control rule
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12371 needs to be reverted
#33584 deprecated passing multiple attributes to `AccessDecisionManager::decide()`, but this change must not impact `access_control` as you cannot define multiple rules with the same criteria for request matching (the first match wins).
Commits
-------
338b3dfd9f [Security] Fix defining multiple roles per access_control rule
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fixed bad event dispatcher mocks
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
`EventDispatcherInterface::dispatch()` must return the passed event object. This PR fixes two mocks that violated this contract.
Commits
-------
103930039b [Messenger] Fixed bad event dispatcher mocks.
This PR was merged into the 3.4 branch.
Discussion
----------
[Routing] revert the return type for UrlGeneratorInterface::generate to remove null
…to remove null
| Q | A
| ------------- | ---
| Branch? | 3.4 (only)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Bit of a casualty of commit tennis this:
A change to add `null` here as an option for how `UrlGeneratorInterface::generate()` (rather than the concrete `UrlGenerator`) was merged in https://github.com/symfony/symfony/pull/28321, but then [reverted](90494c20cc) for the reason [that this could be seen as a BC break](https://github.com/symfony/symfony/pull/28321#issuecomment-418540080), as the `null` return had not previously been documented (and is still not as part of the interface method docs).
However, in a subsequent change (https://github.com/symfony/symfony/pull/33252) with a wider scope, this doc change was added _back_ in order to reflect the underlying implementation as a result of a PHPStorm plugin complaining. There's no indication though of what a `null` return here though would mean, and for the same reason as the first revert (that this should be seen as a BC break), I'd like to submit this to be reverted for the 3.4 branch. (In 4.4 the `null` has already been removed.)
Having the interface indicating that this method can return `null` necessitates introducing a lot of actually redundant null checks in code that is covered by static analysis tools such as PHPStan.
Commits
-------
9f853f324f [Routing] revert the return type for UrlGeneratorInterface::generate to remove null
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Simplified EventDispatcherMock
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This PR simplifies the Workflow component's mock implementation of the event dispatcher by implementing the much simpler contracts interface instead of the full-blown component interface.
Commits
-------
5aee181c83 [Workflow] Simplified EventDispatcherMock.
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] Add a way to anonymize IPs
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> TODO
This is helpful for GDPR compliance reasons, and it isn't much code saved but it's also good if you don't have to think about how to do it.
Commits
-------
9e62330bc4 [HttpFoundation] Add a way to anonymize IPs
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Remove LazyString from 4.4, before adding back to the String component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In #34190 I'm proposing to move LazyString to the Service contracts, but String might be a better fit actually. Let's remove the class from 4.4 where it's not really needed, and add it back on 5.0 in the String component.
Commits
-------
b1a3ee76ac [DI] Remove LazyString from 4.4, before adding back to the String component
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Fix error when we use ValueObject for the marking property
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28203#22031
| License | MIT
Fix Illegal offset type in `MethodMarkingStore` class when we use Value Object for
the marking property.
Now, we can avoid to use only a string an we can have a Subject class with a Value Object like this :
```php
final class State
{
public const DRAFT = 'draft';
public const REVIEWED = 'reviewed';
public const REJECTED = 'rejected';
public const PUBLISHED = 'published';
/** @var string */
private $state;
public function __construct(string $state)
{
// some validation
$this->state = $state;
}
public function __toString()
{
return $this->state;
}
public static function Draft()
{
return new self(self::DRAFT);
}
...
}
final class Subject
{
private $marking;
public function __construct(State $marking = null)
{
$this->marking = $marking;
}
public function getMarking()
{
return $this->marking;
}
public function setMarking($marking)
{
$this->marking = $marking instanceof State ? $marking : new State($marking);
}
```
Commits
-------
6570d5cbe2 Fix error when we use VO for the marking property
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Add support for NO_COLOR env var
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Adds support for https://no-color.org/ - ideally this would be considered a bugfix and added to older releases IMO, but submitting as new feature for now.
cc @johnstevenson
Commits
-------
c1b0a8e956 Add support for NO_COLOR env var
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Added option `ignore_errors: not_found` for imported config files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#11647
If someone want to add optional config file. The only available choice was to add `ignore_errors: true` option
e.g.
```
imports:
- { resource: parameters.yml, ignore_errors: true }
```
But this will hide all errors in imported file. We ran in many situations that broke our Symfony applications because we had a typo in this imported files.
This PR introduce new possible value `not_found` for `ignore_errors` option. It can be used for optional config files like the `ignore_errors: true`, but it will ignore only the file non-existence, not the possible syntax errors inside.
Usage:
```
imports:
- { resource: parameters.yml, ignore_errors: not_found}
```
Commits
-------
e0ee01c10d [DependencyInjection] Added option `ignore_errors: not_found` while importing config files
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] fix SodiumVault after stof review
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/34275#pullrequestreview-313355834
Commits
-------
a594599078 [FrameworkBundle] fix SodiumVault after stof review
* 4.3:
[DI] Dont cache classes with missing parents
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
[Validator] Add the missing translations for the Hebrew (\"he\") locale and fix 2 typos
[FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
Allow arbitrary values in the "json" request option. Previously values were
limitated to arrays and objects of type JsonSerializable. This doesn't account
for scalar values and classes with public properties (which don't need to
implement JsonSerializable), all of which are perfectly acceptable arguments to
json_encode.
