This PR was squashed before being merged into the 5.1 branch.
Discussion
----------
[SecurityBundle] Fix the session listener registration under the new authentication manager
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37119
| License | MIT
| Doc PR | N/A
Fixes the logic that adds session listeners for firewalls to properly add them only for statefull firewalls. Adds tests to confirm that it is only added to statefull ones. Also remove unused abstract field on session listener
Commits
-------
936ae9df75 [SecurityBundle] Fix the session listener registration under the new authentication manager
This PR was merged into the 5.1 branch.
Discussion
----------
[PropertyAccess] Fix getter call order BC
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #37052
| License | MIT
| Doc PR | -
Property Accessor breaks BC due to a change in the order of calling the getters, see #37052
Commits
-------
8cf80688c7 [PropertyAccess] Fix getter call order BC
This PR was merged into the 5.1 branch.
Discussion
----------
[Messenger/DoctrineBridge] set column length for mysql 5.6 compatibility
MySQL 5.6 does not support more than 191 characters when an index is used and when using utf8mb4 as charset.
As a workaround, I define the length of the queue_name field.
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37116
| License | MIT
Commits
-------
d12190687b set column length for mysql 5.6 compatibility
This PR was merged into the 5.1 branch.
Discussion
----------
[Messenger/AmazonSqsBridge] Fixed left-over debug statement
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? |
| Deprecations? | no
| Tickets | Related to #37038
| License | MIT
| Doc PR |
I noticed whats properly a left-over debugging statement that blocks the code from further execution. /cc @jderusse can you check this (thanks).
Commits
-------
8b827e46f6 Fixed left-over debug statement
* 5.0:
[Mime] Remove unused var
[HttpClient] fix monitoring timeouts when other streams are active
[PhpUnitBridge] fix syntax on PHP 5.3
[PhpUnitBridge] Fix undefined index when output of "composer show" cannot be parsed
properly cascade validation to child forms
[PhpUnitBridge] fix undefined var on version 3.4
Move ajax clear event listener initialization on loadToolbar
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
take into account the context when preserving empty array objects
[VarExporter] tfix: s/markAsSkipped/markTestSkipped/
bumped Symfony version to 5.0.10
updated VERSION for 5.0.9
updated CHANGELOG for 5.0.9
bumped Symfony version to 4.4.10
updated VERSION for 4.4.9
updated CHANGELOG for 4.4.9
bumped Symfony version to 3.4.42
updated VERSION for 3.4.41
update CONTRIBUTORS for 3.4.41
updated CHANGELOG for 3.4.41
* 4.4:
[Mime] Remove unused var
[HttpClient] fix monitoring timeouts when other streams are active
[PhpUnitBridge] fix syntax on PHP 5.3
[PhpUnitBridge] Fix undefined index when output of "composer show" cannot be parsed
properly cascade validation to child forms
[PhpUnitBridge] fix undefined var on version 3.4
Move ajax clear event listener initialization on loadToolbar
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
take into account the context when preserving empty array objects
[VarExporter] tfix: s/markAsSkipped/markTestSkipped/
bumped Symfony version to 4.4.10
updated VERSION for 4.4.9
updated CHANGELOG for 4.4.9
bumped Symfony version to 3.4.42
updated VERSION for 3.4.41
update CONTRIBUTORS for 3.4.41
updated CHANGELOG for 3.4.41
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix monitoring timeouts when other streams are active
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d2a53f0bda [HttpClient] fix monitoring timeouts when other streams are active
* 3.4:
[PhpUnitBridge] fix syntax on PHP 5.3
[PhpUnitBridge] Fix undefined index when output of "composer show" cannot be parsed
properly cascade validation to child forms
[PhpUnitBridge] fix undefined var on version 3.4
bumped Symfony version to 3.4.42
updated VERSION for 3.4.41
update CONTRIBUTORS for 3.4.41
updated CHANGELOG for 3.4.41
MySQL 5.6 does not support more than 191 characters when an index is used and when using utf8mb4 as charset.
As a workaround, I define the length of the queue_name field.
This PR was merged into the 5.1 branch.
Discussion
----------
[DependencyInjection] Improve missing package/version deprecation
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
After updating to symfony 5.1 I've got some deprecations related to the missing package/version attributes/options for `deprecated` on services.
But currently it's not clear which bundle/part of the code is triggering the deprecations. The only way for me to track down where they were coming from was by setting a xdebug breakpoint in the `XmlFileLoader` and check the `$file` variable.
So it seemed like a good idea to include the file path in the deprecation message, that way it will be easier for users to know if their code or a bundle (and which) is triggering this deprecation.
Before:
<img width="871" alt="Screenshot 2020-05-31 at 13 51 03" src="https://user-images.githubusercontent.com/1374857/83351609-d0d65600-a345-11ea-9785-3237a3ec2360.png">
After:
<img width="907" alt="Screenshot 2020-05-31 at 13 50 10" src="https://user-images.githubusercontent.com/1374857/83351606-cfa52900-a345-11ea-9617-60d07e46234b.png">
Commits
-------
f603317363 [DependencyInjection] Improve missing package/version deprecation
This PR was merged into the 5.1 branch.
Discussion
----------
[SecurityBundle] Only register CSRF protection listener if CSRF is available
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets | Fix#37033
| License | MIT
| Doc PR | -
I know we're not allowed to add new deprecations in already released versions. However, I don't think anyone is using SecurityBundle's compiler passes except from Symfony itself - so I don't think anyone is affected by this deprecation. The alternatives would be:
* Add a new compiler pass in 5.1 that conditionally registers the CSRF listener
* Do this exact change in 5.2 and...
* accept a `null` argument in the listener for 5.1
* or add this to the `RegisterCsrfTokenClearingLogoutHandlerPass` class in 5.1
Commits
-------
2d738b30de Only register CSRF protection listener if CSRF is available
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37064
| License | MIT
Commits
-------
69547d9cfc [HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
This PR was merged into the 5.1 branch.
Discussion
----------
[FrameworkBundle] Extension Serializer issue
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | ???
| License | MIT
| Doc PR |
Hi,
When creating a new Symfony project and requiring `symfony/serializer` we have an issue with required service.
Here is a simple reproducer:
![image](https://user-images.githubusercontent.com/944409/83497176-6266d480-a4ba-11ea-98cb-7e354be0a273.png)
This bug was introduced by https://github.com/symfony/symfony/pull/31390
Commits
-------
ab5628f0f4 FrameworkBundle Serializer issue
This PR was merged into the 5.1 branch.
Discussion
----------
[ExpressionLanguage] reset the internal state when the parser is finished
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d58eb020d0 reset the internal state when the parser is finished
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] simplify the tests
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
cfc6fc8527 simplify the tests
This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Fixed PUBLIC_ACCESS in authenticated sessions
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Found while testing https://github.com/scheb/2fa/pull/8, sorry for not spotting it before the stable release 😞
Currently, authenticated users are denied access for pages that have `PUBLIC_ACCESS` set, as this attribute is only checked when no token was set. It should be checked for both cases.
Commits
-------
0ac530f460 Also check PUBLIC_ACCESS for authenticated tokens
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fixsymfony/symfony-docs#13669
| License | MIT
| Doc PR |
Commits
-------
4807dab305 [Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Fixed AbstractToken::hasUserChanged()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36989
| License | MIT
| Doc PR | -
This PR completely reverts #35944.
That PR tried to fix a BC break (ref #35941, #35509) introduced by #31177. However, this broke many authentications (ref #36989), as the User is serialized in the session (as hinted by @stof). Many applications don't include the `roles` property in the serialization (at least, the MakerBundle doesn't include it).
In 5.2, we should probably deprecate having different roles in token and user, which fixes the BC breaks all together.
Commits
-------
f297beb42c [Security] Fixed AbstractToken::hasUserChanged()
* 5.0:
Fix abstract method name in PHP doc block
Various cleanups
[HttpClient] fix issues in tests
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
[Validator] Use Mime component to determine mime type for file validator
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[TwigBridge] fix fallback html-to-txt body converter
[Security/Http] fix merge
[ErrorHandler] fix setting $trace to null in FatalError
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
* 4.4:
Fix abstract method name in PHP doc block
Various cleanups
[HttpClient] fix issues in tests
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
[Validator] Use Mime component to determine mime type for file validator
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[TwigBridge] fix fallback html-to-txt body converter
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
Fix abstract method name in PHP doc block
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d6966c3147 Fix abstract method name in PHP doc block
* 3.4:
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] never directly validate Existence (Required/Optional) constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36637#36723
| License | MIT
| Doc PR |
Using `Optional` or `Required` like "regular" constraints does not make any sense, but doing so didn't break before #36365. I suggest to ignore them for now and deprecate using them outside the `Collection` constraint in 5.2.
Commits
-------
d333aae187 never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix QuestionHelper::disableStty()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no>
| Tickets | -
| License | MIT
| Doc PR | -
We broke it when adding `Terminal::hasSttyAvailable()`.
Let's fix it on 3.4 and move it to terminal on master, as suggested in #36977
Commits
-------
5d93b61278 [Console] Fix QuestionHelper::disableStty()
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Fix TypeError parsing again
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Apparently, the format of `TypeError`s has changed again in php8. While investigating, I noticed our error message parsing is not handling anonymous classes well, so I've added some test cases for them.
I chose a fuzzier regular expression to parse the expected return type from the error message. Additionally, I'm checking the stack trace if the caught `TypeError` is really caused by the accessor call.
Commits
-------
03b4e98630 [PropertyAccess] Fix TypeError parsing again.
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] validate subforms in all validation groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36852
| License | MIT
| Doc PR |
Commits
-------
b819d94d14 validate subforms in all validation groups
This PR was merged into the 5.1 branch.
Discussion
----------
[Messenger] Change the default notify timeout value for PostgreSQL
| Q | A
| ------------- | ---
| Branch? | 5.1 <!-- see below -->
| Bug fix? | yes-ish
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
The default value of 0 means that notify is kind of disable and that incurs many SQL requests. 10 minutes is kind of arbitrary but seems to be a good balance between waiting for a message (blocking) and trying again later in case of an issue.
Commits
-------
d9decf9da2 [Messenger] Change the default notify timeout value for PostgreSQL
This PR was merged into the 4.4 branch.
Discussion
----------
[TwigBridge] fix fallback html-to-txt body converter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, the content of the `<head>` and `<style>` are dumped as text. This fixes it.
Of course, use `league/html-to-markdown` if you need a better parser.
Commits
-------
6f59d60508 [TwigBridge] fix fallback html-to-txt body converter
* 5.0:
Handle fetch mode deprecation of DBAL 2.11.
Fixed handling of CSRF logout error
[WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
[DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
* 4.4:
Handle fetch mode deprecation of DBAL 2.11.
Fixed handling of CSRF logout error
[WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
[DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing translations for cs locale (Czech)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Is it enough to submit this only against 3.4 to have it included also in 5.1 version?
Commits
-------
3d18c1c185 [Validator] add missing Czech translations
This PR was merged into the 5.1 branch.
Discussion
----------
Fix extra SQL support in Doctrine migrations
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
/cc @weaverryan
Commits
-------
1d1f3e1cd4 Fix extra SQL support in Doctrine migrations
* 5.0:
Allow email message to have "To", "Cc", or "Bcc" header to be valid
[FrameworkBundle] Removed detection of Serializer < 3.2
Update pull request template for 5.1.
[Security/Core] fix PHP8 deprecation
* 4.4:
Allow email message to have "To", "Cc", or "Bcc" header to be valid
[FrameworkBundle] Removed detection of Serializer < 3.2
Update pull request template for 5.1.
[Security/Core] fix PHP8 deprecation
This PR was merged into the 5.1 branch.
Discussion
----------
[HttpFoundation] Avoid TypeError when calling \SessionHandlerInterface::gc()
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
This should fix the remaining red php 8 test of the HttpFoundation suite.
Commits
-------
12f734d8b3 [HttpFoundation] Avoid TypeError when calling \SessionHandlerInterface::gc().
This PR was merged into the 5.1 branch.
Discussion
----------
[FrameworkBundle] don't use abstract methods in MicroKernelTrait, their semantics changed in PHP 8
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In PHP 8, abstract methods on traits are now enforcing that their using classes match the signature.
But this is not the semantics we need in this trait: we want to allow ppl to use a different type of configurators, to provide extensibility of the DSL each provide.
This makes nightly job fail with fatal error currently.
There is no other options here.
/cc @nikic FYI
Commits
-------
4473f454ca [FrameworkBundle] don't use abstract methods in MicroKernelTrait, their semantics changed in PHP 8
* 5.0:
Parse and render anonymous classes correctly on php 8
Enable APCu for the php 8 build.
[Process] Fix failing test on php 8.
[HttpKernel] fix test
Make PHP 8 green on Travis
Revert "[Cache] allow DBAL v3"
[PropertyAccessor] Added missing property path on php 8.
Don't execute tests with DBAL 2.x on php 8.
* 4.4:
Parse and render anonymous classes correctly on php 8
Enable APCu for the php 8 build.
[Process] Fix failing test on php 8.
[HttpKernel] fix test
Make PHP 8 green on Travis
Revert "[Cache] allow DBAL v3"
[PropertyAccessor] Added missing property path on php 8.
Don't execute tests with DBAL 2.x on php 8.
This PR was merged into the 4.4 branch.
Discussion
----------
Parse and render anonymous classes correctly on php 8
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
The format of the value that `get_class()` returns for anonymous classes has changed in php 8. This PR attempts to detect both formats, with the help of the PHP80 polyfill where possible.
Commits
-------
9d702fd94b Parse and render anonymous classes correctly on php 8
This PR was merged into the 4.4 branch.
Discussion
----------
[PropertyAccessor] Added missing property path on php 8
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
This PR adds the property path to the exception message to fix failing tests on php 8.
Commits
-------
6a73bcdb8e [PropertyAccessor] Added missing property path on php 8.
* 5.0: (28 commits)
[Cache] $lifetime cannot be null
[Serializer] minor cleanup
fix merge
Run PHP 8 as 7.4.99
Remove calls to deprecated ReflectionParameter::getClass().
[VarDumper] fix PHP 8 support
Add php 8 to travis.
[Cache] Accessing undefined constants raises an Error in php8
[Cache] allow DBAL v3
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
Made method signatures compatible with their corresponding traits.
[ErrorHandler] Apply php8 fixes from Debug component.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[BrowserKit] Raw body with custom Content-Type header
[PropertyAccess] Parse php 8 TypeErrors correctly.
[Intl] Fix call to ReflectionProperty::getValue() for static properties.
[HttpKernel] Prevent calling method_exists() with non-string values.
...
* 4.4: (27 commits)
[Serializer] minor cleanup
fix merge
Run PHP 8 as 7.4.99
Remove calls to deprecated ReflectionParameter::getClass().
[VarDumper] fix PHP 8 support
Add php 8 to travis.
[Cache] Accessing undefined constants raises an Error in php8
[Cache] allow DBAL v3
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
Made method signatures compatible with their corresponding traits.
[ErrorHandler] Apply php8 fixes from Debug component.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[BrowserKit] Raw body with custom Content-Type header
[PropertyAccess] Parse php 8 TypeErrors correctly.
[Intl] Fix call to ReflectionProperty::getValue() for static properties.
[HttpKernel] Prevent calling method_exists() with non-string values.
Fix wrong roles comparison
...
This PR was merged into the 4.4 branch.
Discussion
----------
[OptionsResolver][Serializer] Remove calls to deprecated ReflectionParameter::getClass()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Following #36891, this PR removes the remaining calls to `ReflectionParameter::getClass()` from the 4.4 branch.
Commits
-------
1575d853f1 Remove calls to deprecated ReflectionParameter::getClass().