This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Extract password hashing from security-core - with proper wording
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#39698
| License | MIT
| Doc PR | todo
This PR renames password "encoders" to password _hashers_ (naming widely used, see e.g. django or laravel).
This also takes the opportunity to extract the logic related to password hashing from security-core, moving it to a new password-hasher component.
Nowadays, many modern web apps and APIs don't deal with passwords at all, that's why splitting makes sense as a step towards making security-core not tied to the password concept.
For upgrading, applications will have to use `passwords_hashers` instead of `encoders` in their security configuration, and type-hint against `PasswordHasherInterface` (and related) instead of `PasswordEncoderInterface`.
The proposed API is not much different from the encoder one regarding behavior and signatures, and it is slightly more close to the PHP built-in password hashing API:
```php
namespace Symfony\Component\PasswordHasher;
interface PasswordHasherInterface
{
public function hash(string $plainPassword): string;
public function verify(string $hashedPassword, string $plainPassword): bool;
public function needsRehash(string $hashedPassword): bool;
}
```
Commits
-------
c5c981c559 [Security] Extract password hashing from security-core - using the right naming
* 5.2:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
* 4.4:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 4.4 branch.
Discussion
----------
[Finder] Use a lazyIterator to close files descriptors when no longer used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | fix#35508
| License | MIT
| Doc PR | -
The `RecursiveDirectoryIterator` class open the file on `__construct`.
Because we Inject an instance of `RecursiveDirectoryIterator` inside the \AppendIterator` class, php opens a lot of file even before iterating on it.
This PR adds a new `LazyIterator` class that instantiate the decorated class only when something starts iterating on it.
When the iteration is over, it unset the variable to close let the decorated class clean things (ie. close the files)
Commits
-------
7117e1a798 Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpFoundation] Fix consistency in sessions not found exceptions
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40112
| License | MIT
| Doc PR | -
Make `Request::getSession` thrown a `SessionNotFoundException` and make `SessionNotFoundException` extends `\BadMethodCallException` for backward compatibility and
Commits
-------
7fcb76d367 Fix consistency in sessions not found exceptions
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Filesystem] Remove dirs atomically if possible
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#27578
| License | MIT
| Doc PR | no need to
Commits
-------
17bccca9c6 [Filesystem] remove dirs atomically if possible
This PR was merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle][Messenger] Added RouterContextMiddleware
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
When handling a message in async, we, sometimes need the Router Context to generate absolute URL. ie:
- sending an email when the message contains only the template
- generating a PDF
People can use the configuration `router.default_uri` to workaround and fix the issue, but this does not work when the web application servers several domains.
This PR provide a new middleware that store the current router context in a stamp, and restore the context when processing the message.
Commits
-------
8fe8b96921 [Messenger] Added RouterContextMiddleware
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[RateLimiter] Fix sliding_window misbehaving with stale records
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Currently the SlidingWindow RateLimiter returns a negative value for getHitCount if the previous SlidingWindow was too long ago. This results in a really high value from `SlidingWindowLimiter::getAvailableTokens()` which is higher than the configured limit.
This limits the value of percentOfCurrentTimeframe in `SlidingWindow::getHitCount()` to 1 so it can't result in a negative hitcount.
The 2nd fix fixes the SlidingWindow instance (essentially) not storing hits if the previous instance is way in the past, as the next instance will still be "in the past". This causes RateLimit to behave as if it were disabled until it has caught up again, which could take a long time when it is configured with a small window size.
Commits
-------
57033164c6 [RateLimiter] Fix sliding_window misbehaving with stale records
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [Firebase] Add data field to options
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/40078
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The Firebase Notifier must comply to the specifications at https://firebase.google.com/docs/cloud-messaging/xmpp-server-ref.html#notification-payload-support .
The options are missing the `data` field which is a common field for all types of notifications: web, ios and android.
Commits
-------
fa8064bbd3 [Notifier] [Firebase] Add data field to options
* 5.2:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
forward the label_html option to expanded choice fields
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
* 4.4:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
* 5.2:
merge translation parameters with value configured for parent form
scan directories for translations sequentially
Fix kafka tests
Fix "provide" declarations
Provide implemented packages of replaced dependencies
Always autoload string functions on symfony/symfony
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] [Kernel] Silence failed deprecations logs writes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
When `->buildContainer()` throws because the cache directory cannot be created, we still try to write the deprecations logs inside the cache directory. In this case, the final exception is `Warning: file_put_contents(/app/var/cache/dev/App_KernelDevDebugContainerDeprecations.log): failed to open stream: No such file or directory` instead of `Unable to create the "cache" directory (/app/var/cache/dev).`.
Alternative:
```php
try {
// ...
} catch (\RuntimeException $e)
} finally {
if (isset($e)) {
throw $e;
}
// ...
}
```
Commits
-------
b7100b6909 [HttpKernel] [Kernel] Silence deprecations logs writes
This PR was merged into the 4.4 branch.
Discussion
----------
Allow psr/cache v3 but on symfony/cache
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Consumers of PSR-6 are compatible with v1|2|3.
Implementations aren't until they add explicit return types, which is not possible without a BC break.
Commits
-------
bf23c44a07 Allow psr/cache v3 but on symfony/cache
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpKernel] Show full URI when route not found
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? |no
| New feature? | yes
| Deprecations? | no
| License | MIT
When accessing a route that does not exist, Symfony throws a `NotFoundHttpException` that says `No route found for "POST /path"`.
On some projects this might be good enough to find the root cause, but on projects that have lots of routes on different hosts, it becomes hard to understand how the request was initiated. Was it done over HTTP or HTTPS? What was the hostname? Did the user specify a port?
To make this easier, we now show the full URI of the path, like this: `No route found for "POST https://www.symfony.com/path"`.
Commits
-------
6f5c9ab80b Show full URI when route not found
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] Setting `REQUEST_TIME_FLOAT` when constructing a Request object
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38019
| License | MIT
| Doc PR | -
When creating a new Request object `REQUEST_TIME_FLOAT` was not set by default.
Replaces broken 39952 PR :(
Commits
-------
c52c1e0b9b [HttpFoundation] Setting `REQUEST_TIME_FLOAT` when constructing a Request object
This PR was merged into the 5.3-dev branch.
Discussion
----------
Updated README.md
fixed typo in url
| Q | A
| ------------- | ---
| Branch? | 5.x for features / 4.4, 5.1 or 5.2 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Commits
-------
309d2ac5f5 Update README.md