* 4.2:
[Console] Fix auto-complete for ChoiceQuestion (multi-select answers)
Translated form, security, validators resources into Belarusian (be)
[WebProfilerBundle] Don't filter submitted IP values
[Intl] Cleanup
bumped Symfony version to 4.2.9
updated VERSION for 4.2.8
updated CHANGELOG for 4.2.8
bumped Symfony version to 3.4.28
updated VERSION for 3.4.27
update CONTRIBUTORS for 3.4.27
updated CHANGELOG for 3.4.27
* 3.4:
[Console] Fix auto-complete for ChoiceQuestion (multi-select answers)
Translated form, security, validators resources into Belarusian (be)
[WebProfilerBundle] Don't filter submitted IP values
bumped Symfony version to 3.4.28
updated VERSION for 3.4.27
update CONTRIBUTORS for 3.4.27
updated CHANGELOG for 3.4.27
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Dispatch an event when "logout user on change" steps in
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #26902 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11450 <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
This adds a new event when the user has been changed and has been log out from the apps, it allow someone to register to this event and do something with either to token or the refreshedUser.
Commits
-------
40e42183b8 [Security] Dispatch an event when "logout user on change" steps in
* 4.2:
[TwigBridge] Require twig ^1.40|^2.9
[Serializer] Fix tests
Use the apply tag instead of the filter tag
Updated some translation files
[Translator] Preserve default domain when extracting strings from php files
* 3.4:
[TwigBridge] Require twig ^1.40|^2.9
[Serializer] Fix tests
Use the apply tag instead of the filter tag
Updated some translation files
[Translator] Preserve default domain when extracting strings from php files
* 4.2:
Fix url matcher edge cases with trailing slash
[Form] Fix author tag + exception messages
[TwigBridge] Fix deprecation on twig 2.9
Fix left-associative ternary deprecation warnings for PHP 7.4
[Validator] Fixed imprecise translations
[Validator] Add Dutch translations
[Security] Cleanup "Digest nonce has expired." translation
Intercept redirections only for HTML format
[PhpUnitBridge] fix reading phpunit.xml on bootstrap
resolve class name parameters
Fix name and phpdoc of ContainerBuilder::removeBindings
[Intl] Update the ICU data to 64.2
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a new `NativePasswordEncoder` that defaults to the best available hashing algo to `password_hash()`. Best is determined by "us" or "php", the goal being that this will change in the future as new algos are published.
This provides a native encoder that we should recommend using by default.
Commits
-------
28f7961c55 [Security] Add NativePasswordEncoder
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
* 3.4:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add a separator in the remember me cookie hash
Based on #89
Commits
-------
a29ce2817c [Security] Add a separator in the remember me cookie hash
* 4.2:
fixed bad merge
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
[Serializer] Add default object class resolver
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
[VarExporter] support PHP7.4 __serialize & __unserialize
Rework firewall access denied rule
MetadataAwareNameConverter: Do not assume that property names are strings
[VarExporter] fix exporting classes with private constructors
fixed CS
Fix missing $extraDirs when open_basedir returns
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Rework firewall's access denied rule
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~~#30099~~, #28229
| License | MIT
| Doc PR |
Follow tickets provided above to reproduce bugs. (there are also some project examples)
~~In addition, I'm looking for someone who knows an answer to [this](https://github.com/symfony/symfony/issues/30099#issuecomment-468693492) regarding rework in this PR.~~
Commits
-------
5790859275 Rework firewall access denied rule
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add Argon2idPasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #28093
| License | MIT
| Doc PR | TODO
Currently we have a `Argon2iPasswordEncoder` that may hash passwords using `argon2id` instead of `argon2i` (platform-dependent) which is not good.
This deprecates producing/validating `argon2id` hashed passwords using the `Argon2iPasswordEncoder`, and adds a `Argon2idPasswordEncoder` able to produce/validate `argon2id` hashed passwords only.
#EUFOSSA
Commits
-------
0c82173b24 [Security] Add Argon2idPasswordEncoder
* 4.2: (45 commits)
[Form] various minor fixes
Ensure the parent process is always killed
bugfix: the terminal state was wrong and not reseted
[Console] Fix inconsistent result for choice questions in non-interactive mode
Define null return type for Constraint::getDefaultOption()
[Routing] Fix: annotation loader ignores method's default values
[HttpKernel] Fix DebugHandlersListener constructor docblock
Skip Glob brace test when GLOB_BRACE is unavailable
bumped Symfony version to 4.2.6
updated VERSION for 4.2.5
updated CHANGELOG for 4.2.5
bumped Symfony version to 3.4.25
updated VERSION for 3.4.24
update CONTRIBUTORS for 3.4.24
updated CHANGELOG for 3.4.24
[EventDispatcher] cleanup
fix testIgnoredAttributesInContext
Re-generate icu 64.1 data
Improve PHPdoc / IDE autocomplete for config tree builder
[Bridge][Twig] DebugCommand - fix escaping and filter
...
Instead of deprecating the interface it is sufficient to deprecate its
getReachableRoles() method and add a new getReachableRoleNames() method
in Symfony 5.
* 4.2:
[Phpunit] fixed support for PHP 5.3
Response prepare method update
[Workflow] Added missing license header
Fix case when multiple loaders are providing paths for the same namespace
Check if Client exists when test.client does not exist, to provide clearer exception message
throw TypeErrors to prepare for type hints in 5.0
[Form] Preventing validation of children if parent with Valid constraint has no validation groups
[Form] Added ResetInterface to CachingFactoryDecorator
Remove deprecated usage
[Tests] fixed compatbility of assertEquals(): void
Fixed usage of TranslatorInterface in form extension (fixes#30591)
[Intl][4.2] Fix test
[Intl] Fix test
[Validator] Add the missing translations for the Arabic (ar) locale
[Intl] Add compile binary
Fix DebugCommand when chain loader is involved
[Form] Fixed some phpdocs
This PR was merged into the 4.3-dev branch.
Discussion
----------
[EventDispatcher] swap arguments of dispatch() to allow registering events by FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
PR green and ready. From UPGRADE files:
EventDispatcher
---------------
* The signature of the `EventDispatcherInterface::dispatch()` method should be updated to `dispatch($event, string $eventName = null)`, not doing so is deprecated
HttpKernel
----------
* Renamed `FilterControllerArgumentsEvent` to `ControllerArgumentsEvent`
* Renamed `FilterControllerEvent` to `ControllerEvent`
* Renamed `FilterResponseEvent` to `ResponseEvent`
* Renamed `GetResponseEvent` to `RequestEvent`
* Renamed `GetResponseForControllerResultEvent` to `ViewEvent`
* Renamed `GetResponseForExceptionEvent` to `ExceptionEvent`
* Renamed `PostResponseEvent` to `TerminateEvent`
Security
---------
* The `ListenerInterface` is deprecated, turn your listeners into callables instead.
* The `Firewall::handleRequest()` method is deprecated, use `Firewall::callListeners()` instead.
Commits
-------
75369dabb8 [EventDispatcher] swap arguments of dispatch() to allow registering events by FQCN
* 4.2:
Fix Cache error while using anonymous class
[Cache] fix LockRegistry
Update validators.cs.xlf
Make translations consistent with other translations.
Correct language code for ukrainian language in security translations.
Fix return type of Request::getRequestFormat
[Cache] Fix perf when using RedisCluster by reducing roundtrips to the servers
