This PR was merged into the 2.8 branch.
Discussion
----------
[Security][Guard] GuardAuthenticationProvider::authenticate cannot return null
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26942
| License | MIT
Authenticate method in GuardAuthenticationProvider returned null when the token does not originate from any of the guard authenticators. This check was not done in the supports method. According to the interface authenticate cannot return null. This patch copies theguard authenticator checks to the supports method.
Commits
-------
9dff22c [Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
This PR was squashed before being merged into the 2.8 branch (closes#27003).
Discussion
----------
[PropertyInfo] Minor cleanup and perf improvement
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
4a8306e [PropertyInfo] Minor cleanup and perf improvement
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] Fixed being logged out on failed attempt in guard
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25992
| License | MIT
| Doc PR | ~
This fixes the issue described in the ticket. After this fix, guard will no longer "forget" your authentication when your next attempt fails.
Commits
-------
4fc0ecbf90 Fixed being logged out on failed attempt in guard
This PR was submitted for the 3.4 branch but it was merged into the 2.8 branch instead (closes#25841).
Discussion
----------
[DoctrineBridge] Fix bug when indexBy is meta key in PropertyInfo\DoctrineExtractor
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #25834 <!-- #-prefixed issue number(s), if any -->
| License | MIT
@dunglas could you check it?
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
583759f PropertyInfo\DoctrineExtractor - There is bug when indexBy is meta key
This PR was squashed before being merged into the 2.7 branch (closes#26938).
Discussion
----------
[minor] SCA
| Q | A
| ------------- | ---
| Branch? | 2.7
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
- Control flow tweaks
Commits
-------
877e678 [minor] SCA
* 2.7:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
This PR was merged into the 2.7 branch.
Discussion
----------
Don't assume that file binary exists on *nix OS
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Certain lightweight distributions such as Alpine Linux (popular for smaller Docker images) do not include it by default.
Commits
-------
e2c1f24fbd Don't assume that file binary exists on *nix OS
This PR was squashed before being merged into the 2.7 branch (closes#26643).
Discussion
----------
Fix that ESI/SSI processing can turn a "private" response "public"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Under the condition that
* we are merging in at least one *embedded* response,
* all *embedded* responses are `public`,
* the *main* response is `private` and
* all responses use expiration-based caching (note: no `s-maxage` on the *main* response)
... the resulting response will turn to `Cache-Control: public`.
The real issue is that when all responses use expiration-based caching, a combined max age is computed. This is set on the *main* response using `Response::setSharedMaxAge()`, which implicitly sets `Cache-Control: public`.
The fix provided in this PR solves the problem by applying the same logic to the *main* response that is applied for *embedded* responses, namely that responses with `!Response::isCacheable()` will make the resulting response have `Cache-Control: private, no-cache, must-revalidate` and have `(s)max-age` removed.
This makes the change easy to understand, but makes responses uncacheable too often. This is because the `Response::isCacheable()` method was written to determine whether it is safe for a shared cache to keep the response, which is not the case as soon as a `private` response is involved. This might be improved upon in another PR.
Commits
-------
3d27b5946d Fix that ESI/SSI processing can turn a \"private\" response \"public\"
* 2.7:
[Console] Don't go past exact matches when autocompleting
Disable autoloader call on interface_exists check
[Validator] Fix LazyLoadingMetadataFactory with PSR6Cache for non classname if tested values isn't an existing class
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Don't go past exact matches when autocompleting
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21789
| License | MIT
| Doc PR | -
Commits
-------
adba79a [Console] Don't go past exact matches when autocompleting
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Fix LazyLoadingMetadataFactory with PSR6Cache for non classname if tested values isn't existing class
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26313
| License | MIT
If @Assert\Valid is applied to a string value, the value is searched in metadata cache and some characters aren't allowed in this cache. This create an unexpected exception.
Class existence is now tested before cache read.
Commits
-------
5198f43 Disable autoloader call on interface_exists check
cd91420 [Validator] Fix LazyLoadingMetadataFactory with PSR6Cache for non classname if tested values isn't an existing class
* 2.7:
bumped Symfony version to 2.7.46
updated VERSION for 2.7.45
update CONTRIBUTORS for 2.7.45
updated CHANGELOG for 2.7.45
[Yaml] Throw parse error on unfinished inline map
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#26814).
Discussion
----------
[EventDispatcher] Fix wrong listener in stopEventPropagation test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26810
| License | MIT
| Doc PR |
Commits
-------
24c460afa6 [EventDispatcher] Dispatcher in stopEventPropagation test now registers correct listener
This PR was merged into the 2.7 branch.
Discussion
----------
Update da translations
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The Danish translations have several serious errors. This PR adjusts to official Danish orthography, and updates some texts for internal consistency and to better reflect the original English text.
Commits
-------
d0ea26bd15 Update da translations
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] Load the user before pre/post auth checks when needed
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | n/a
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26775
| License | MIT
| Doc PR | n/a
Commits
-------
c318306 [Security] Load the user before pre/post auth checks when needed
This PR was merged into the 2.8 branch.
Discussion
----------
[SecurityBundle] Add missing argument to security.authentication.provider.simple
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26753
| License | MIT
| Doc PR | -
Created PR in relation to a conversation in [PR](https://github.com/symfony/symfony/pull/26762) #26762
Commits
-------
c82c2f1 [SecurityBundle] Add test for simple authentication config
1b26aac [SecurityBundle] Add missing argument to security.authentication.provider.simple
