* 4.3:
[Console] Constant STDOUT might be undefined.
Allow returning null from NormalizerInterface::normalize
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
* 3.4:
[HttpFoundation] fix guessing mime-types of files with leading dash
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] add DeflateMarshaller - remove phpredis compression
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
phpredis compression doesn't play well with lua scripting as used in #33939
Let's remove it and provide a `DeflateMarshaller` instead.
Ppl can use it via decoration:
```yaml
services:
Symfony\Component\Cache\Marshaller\DeflateMarshaller:
decorates: cache.default_marshaller
arguments: ['@Symfony\Component\Cache\Marshaller\DeflateMarshaller.inner']
```
It's not enabled by default because that might break pools that are shared between different apps.
/cc @andrerom FYI
Commits
-------
452c863639 [Cache] add DeflateMarshaller - remove phpredis compression
This PR was merged into the 4.4 branch.
Discussion
----------
[Lock][Cache] Allows URL DSN in PDO adapters
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
This PR duplicate a feature from PdoSessionHandler that convert URL DSN ( ie. mysql://localhost/test) into PDO DSN (ie. mysql:host=localhost;dbname=test)
that would ease configuration by using the same well-known variable
```
framework:
lock: '%env(DATABASE_URL)%'
```
note: I applied the same change on Cache component for consistency.
Commits
-------
474daf976e Allows URL DSN in Lock and Cache
* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
This PR was merged into the 4.4 branch.
Discussion
----------
Add .gitignore to .gitattributes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33946
| License | MIT
Commits
-------
246c5fdf43 Add .gitignore to .gitattributes
* 4.3:
fix PHP 5.6 compatibility
[Cache] fixed TagAwareAdapter returning invalid cache
Add plus character `+` to legal mime subtype
Make Symfony\Contracts\Service\Test\ServiceLocatorTest abstract
bug #33942 [DI] Add extra type check to php dumper
[Dotenv] search variable values in ENV first then env file
[PropertyInfo] Respect property name case when guessing from public method name
[VarDumper] fix resetting the "bold" state in CliDumper
Missing argument in method_exists
SCA: added missing break in a loop
* 3.4:
fix PHP 5.6 compatibility
[Cache] fixed TagAwareAdapter returning invalid cache
[PropertyInfo] Respect property name case when guessing from public method name
* 3.4:
Add plus character `+` to legal mime subtype
[Dotenv] search variable values in ENV first then env file
[VarDumper] fix resetting the "bold" state in CliDumper
SCA: added missing break in a loop
* 4.3:
[Cache] ignore unserialization failures in AbstractTagAwareAdapter::doDelete()
[HttpClient] send `Accept: */*` by default, fix removing it when needed
* 4.3:
[Cache] clean tags folder on invalidation
[Cache] remove implicit dependency on symfony/filesystem
Allow to set cookie_samesite to 'none'
[VarDumper] fix array key error for class SymfonyCaster
Adds missing translations for no nb
[HttpKernel] fix $dotenvVars in data collector
Add the missing translations for the Swedish ("sv") locale
bumped Symfony version to 4.3.6
updated VERSION for 4.3.5
updated CHANGELOG for 4.3.5
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
update CONTRIBUTORS for 3.4.32
updated CHANGELOG for 3.4.32
[Messenger] DoctrineTransport: ensure auto setup is only done once
[Form][DateTimeImmutableToDateTimeTransformer] Preserve microseconds and use \DateTime::createFromImmutable() when available
[Crawler] document $default as string|null
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Improve RedisTagAwareAdapter invalidation logic & requirements
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes, _and improvment_
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR |
Changes logic of invalidation in RedisTagAwareAdapter in order to:
- Delete the tag key on invalidation => _avoiding possible left behind empty tag keys that Redis is not allowed to evict, gradually consuming more and more memory_
Positive side effects of no longer using sPOP:
- Lowered requirements to Redis 2.8, and no specific version constraint for phpredis
- Lift limitation of 2 billion keys per tag _(Now only limited by Redis Set datatype: 4 billion)_
Commits
-------
3d38c58b42 [Cache] Improve RedisTagAwareAdapter invalidation logic & requirements
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 4.3:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
* 3.4:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
Added check for $params['redis_sentinel'] to line 274, as by converting the array of hosts to a single host configuration (as you might in a test environment), this causes the class to initialise incorrectly.
* 4.3:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[HttpClient] workaround bad Content-Length sent by old libcurl
[Cache] dont override native Memcached options
Fix CS
Fix exceptions (PDOException) error code type
Fix return type of Process::restart().
[Cache] fail gracefully when locking is not supported
[HttpClient] fix race condition when reading response with informational status
Names for buttons should start with lowercase
* 3.4:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[Cache] dont override native Memcached options
Fix return type of Process::restart().
* 4.3:
[Security/Http] fix typo in deprecation message
Various tweaks 3.4
Various tweaks 4.3
[PhpUnit] Fix usleep mock return value
[Lock] use Predis\ClientInterface instead of Predis\Client
Fix version typo in deprecation notice
Make legacy "wrong" RFC2047 encoding apply only to one header