* 2.7:
Drop hirak/prestissimo
bumped Symfony version to 2.7.14
updated VERSION for 2.7.13
updated CHANGELOG for 2.7.13
bumped Symfony version to 2.3.42
[Debug] Fix fatal error handlers on PHP 7
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
Drop hirak/prestissimo
bumped Symfony version to 2.3.42
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
Conflicts:
appveyor.yml
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
Drop hirak/prestissimo
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
unstable (see #18743 on appveyor)
Commits
-------
8f136ab Drop hirak/prestissimo
This PR was merged into the 3.0 branch.
Discussion
----------
[MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6
| Q | A
| ------------- | ---
| Branch? | 3.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Caused by #18705, it is impossible to install v3.0.6 of symfony/monolog-bridge
together with v3.0.6 of symfony/http-kernel.
The intention of #18705 "added a conflict between Monolog bridge 2.8 and
HTTP Kernel 3.0+" was to prevent installing symfony/monolog-bridge from the
3.0 series with http-kernel from the 2.8 series of symfony. While this now
works correctly in v2.8.6, it breaks installing symfony/monolog-bridge v3.0.6
with symfony/http-kernel v3.0.6.
This PR resolves this issue.
# How to reproduce
- Create a test directory and change into it - e.g. with `mkdir /tmp/reproduce-symfony-18745 && cd /tmp/reproduce-symfony-18745`
- Add the following composer.json to this test directory
```
{
"require": {
"symfony/monolog-bridge": "3.0.6",
"symfony/http-kernel": "3.0.6"
}
}
```
- Run `composer install` from the test directory
## Expected behavior
Composer installs symfony/monolog-bridge and symfony/http-kernel (together with their dependencies).
## Actual behavior
Composer fails with the following error messages:
```
#:/tmp/reproduce-symfony-18745$ composer install
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for symfony/monolog-bridge 3.0.6 -> satisfiable by symfony/monolog-bridge[v3.0.6].
- symfony/http-kernel v3.0.6 conflicts with symfony/monolog-bridge[v3.0.6].
- Installation request for symfony/http-kernel 3.0.6 -> satisfiable by symfony/http-kernel[v3.0.6].
```
Commits
-------
72c44c2 [MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6
Caused by #18705, it is impossible to install v3.0.6 of symfony/monolog-bridge
together with v3.0.6 of symfony/http-kernel.
The intention of #18705 "added a conflict between Monolog bridge 2.8 and
HTTP Kernel 3.0+" was to prevent installing symfony/monolog-bridge from the
3.0 series with http-kernel from the 2.8 series of symfony. While this now
works correctly in v2.8.6, it breaks installing symfony/monolog-bridge v3.0.6
with symfony/http-kernel v3.0.6.
This commit resolves this issue.
This PR was merged into the 2.8 branch.
Discussion
----------
Fixed issue with blank password with Ldap
| Q | A
| ------------- | ---
| Branch? | 1.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
c7d9c62 Fixed issue with blank password with Ldap
The bind operation of LDAP, as described in RFC 4513, provides a method
which allows for authentication of users. For the Simple Authentication
Method a user may use the anonymous authentication mechanism, the
unauthenticated authentication mechanism, or the name/password
authentication mechanism. The unauthenticated authentication mechanism
is used when a client who desires to establish an anonymous
authorization state passes a non-zero length distinguished name and a
zero length password. Most LDAP servers either can be configured to
allow this mechanism or allow it by default.
_Web-based applications which perform the simple bind operation with the
client's credentials are at risk when an anonymous authorization state is
established. This can occur when the web-based application passes a
distinguished name and a zero length password to the LDAP server._
Thus, misconfiguring a server with simple bind can trick Symfony into
thinking the username/password tuple as valid, potentially leading to
unauthorized access.
This PR was merged into the 2.3 branch.
Discussion
----------
limited the maximum length of a submitted username
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f8dc28a limited the maximum length of a submitted username
* 2.8:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
top-level anonymous services must be public
[DependencyInjection] Suggest ExpressionLanguage in composer.json
added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+
* 2.7:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
[DependencyInjection] Suggest ExpressionLanguage in composer.json
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] prevent calling get() for service_container service
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This change will simply fix the tests once #18728 gets merged. An alternative approach would be to compile the container so that the code would still work even for services that have been set directly using `set()`. However, compiling the container in a descriptor imo is an unexpected side effect which I tried to avoid here.
Commits
-------
2d46bd4 prevent calling get() for service_container service
This PR was merged into the 2.3 branch.
Discussion
----------
call get() after the container was compiled
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This will prevent future issues when calling `ContainerBuilder::get()` before compiling the container will be deprecated (see #18728).
Commits
-------
954126b call get() after the container was compiled
This PR was merged into the 2.7 branch.
Discussion
----------
[DependencyInjection] Suggest ExpressionLanguage in composer.json
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As the DependencyInjection component has lots of classes containing uses of the ExpressionLanguage component, I propose to add it to the composer.json suggests.
Commits
-------
d6c9073 [DependencyInjection] Suggest ExpressionLanguage in composer.json
This PR was squashed before being merged into the 2.3 branch (closes#18727).
Discussion
----------
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes, phpdoc one
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Updated phpdoc of AnonymousToken $user param from string to string|object since an object is allowed to in the parent AbstractToken: https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L91
Commits
-------
b1c60b4 [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
This PR was merged into the 2.3 branch.
Discussion
----------
[OptionsResolver] Fixed readme
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR fix bad markdown syntax in readme file of OptionsResolver component.
Commits
-------
beecc6c Fixed readme of OptionsResolver