275 lines
13 KiB
Markdown
275 lines
13 KiB
Markdown
CHANGELOG for 2.1.x
|
|
===================
|
|
|
|
This changelog references the relevant changes (bug and security fixes) made
|
|
in 2.1 minor versions.
|
|
|
|
To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
|
|
To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.1.0...v2.1.1
|
|
|
|
2.1.0
|
|
-----
|
|
|
|
### DoctrineBridge
|
|
|
|
* added a default implementation of the ManagerRegistry
|
|
* added a session storage for Doctrine DBAL
|
|
* DoctrineOrmTypeGuesser now guesses "collection" for array Doctrine type
|
|
|
|
### TwigBridge
|
|
|
|
* added a csrf_token function
|
|
* added a way to specify a default domain for a Twig template (via the 'trans_default_domain' tag)
|
|
|
|
### AbstractDoctrineBundle
|
|
|
|
* This bundle has been removed and the relevant code has been moved to the Doctrine bridge
|
|
|
|
### DoctrineBundle
|
|
|
|
* This bundle has been moved to the Doctrine organization
|
|
* added optional `group_by` property to `EntityType` that supports either a
|
|
`PropertyPath` or a `\Closure` that is evaluated on the entity choices
|
|
* The `em` option for the `UniqueEntity` constraint is now optional (and should
|
|
probably not be used anymore).
|
|
|
|
### FrameworkBundle
|
|
|
|
* changed the default extension for XLIFF files from .xliff to .xlf
|
|
* moved Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher to Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher
|
|
* moved Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher to Symfony\Component\EventDispatcher\ContainerAwareTraceableEventDispatcher
|
|
* added a router:match command
|
|
* added a config:dump-reference command
|
|
* added a server:run command
|
|
* added kernel.event_subscriber tag
|
|
* added a way to create relative symlinks when running assets:install command (--relative option)
|
|
* added Controller::getUser()
|
|
* [BC BREAK] assets_base_urls and base_urls merging strategy has changed
|
|
* changed the default profiler storage to use the filesystem instead of SQLite
|
|
* added support for placeholders in route defaults and requirements (replaced
|
|
by the value set in the service container)
|
|
* added Filesystem component as a dependency
|
|
* added support for hinclude (use ``standalone: 'js'`` in render tag)
|
|
* session options: lifetime, path, domain, secure, httponly were deprecated.
|
|
Prefixed versions should now be used instead: cookie_lifetime, cookie_path,
|
|
cookie_domain, cookie_secure, cookie_httponly
|
|
* [BC BREAK] following session options: 'lifetime', 'path', 'domain', 'secure',
|
|
'httponly' are now prefixed with cookie_ when dumped to the container
|
|
* Added `handler_id` configuration under `session` key to represent `session.handler`
|
|
service, defaults to `session.handler.native_file`.
|
|
* Added `gc_maxlifetime`, `gc_probability`, and `gc_divisor` to session
|
|
configuration. This means session garbage collection has a
|
|
`gc_probability`/`gc_divisor` chance of being run. The `gc_maxlifetime` defines
|
|
how long a session can idle for. It is different from cookie lifetime which
|
|
declares how long a cookie can be stored on the remote client.
|
|
|
|
|
|
### MonologBundle
|
|
|
|
* This bundle has been moved to its own repository (https://github.com/symfony/MonologBundle)
|
|
|
|
### SecurityBundle
|
|
|
|
* [BC BREAK] The custom factories for the firewall configuration are now
|
|
registered during the build method of bundles instead of being registered
|
|
by the end-user (you need to remove the 'factories' keys in your security
|
|
configuration).
|
|
|
|
* [BC BREAK] The Firewall listener is now registered after the Router one. This
|
|
means that specific Firewall URLs (like /login_check and /logout must now
|
|
have proper route defined in your routing configuration)
|
|
|
|
* [BC BREAK] refactored the user provider configuration. The configuration
|
|
changed for the chain provider and the memory provider:
|
|
|
|
Before:
|
|
|
|
``` yaml
|
|
security:
|
|
providers:
|
|
my_chain_provider:
|
|
providers: [my_memory_provider, my_doctrine_provider]
|
|
my_memory_provider:
|
|
users:
|
|
toto: { password: foobar, roles: [ROLE_USER] }
|
|
foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
|
|
```
|
|
|
|
After:
|
|
|
|
``` yaml
|
|
security:
|
|
providers:
|
|
my_chain_provider:
|
|
chain:
|
|
providers: [my_memory_provider, my_doctrine_provider]
|
|
my_memory_provider:
|
|
memory:
|
|
users:
|
|
toto: { password: foobar, roles: [ROLE_USER] }
|
|
foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
|
|
```
|
|
|
|
* [BC BREAK] Method `equals` was removed from `UserInterface` to its own new
|
|
`EquatableInterface`. The user class can now implement this interface to override
|
|
the default implementation of users equality test.
|
|
|
|
* added a validator for the user password
|
|
* added 'erase_credentials' as a configuration key (true by default)
|
|
* added new events: `security.authentication.success` and `security.authentication.failure`
|
|
fired on authentication success/failure, regardless of authentication method,
|
|
events are defined in new event class: `Symfony\Component\Security\Core\AuthenticationEvents`.
|
|
|
|
* Added optional CSRF protection to LogoutListener:
|
|
|
|
``` yaml
|
|
security:
|
|
firewalls:
|
|
default:
|
|
logout:
|
|
path: /logout_path
|
|
target: /
|
|
csrf_parameter: _csrf_token # Optional (defaults to "_csrf_token")
|
|
csrf_provider: form.csrf_provider # Required to enable protection
|
|
intention: logout # Optional (defaults to "logout")
|
|
```
|
|
|
|
If the LogoutListener has CSRF protection enabled but cannot validate a token,
|
|
then a LogoutException will be thrown.
|
|
|
|
* Added `logout_url` templating helper and Twig extension, which may be used to
|
|
generate logout URL's within templates. The security firewall's config key
|
|
must be specified. If a firewall's logout listener has CSRF protection
|
|
enabled, a token will be automatically added to the generated URL.
|
|
|
|
### SwiftmailerBundle
|
|
|
|
* This bundle has been moved to its own repository (https://github.com/symfony/SwiftmailerBundle)
|
|
* moved the data collector to the bridge
|
|
* replaced MessageLogger class with the one from Swiftmailer 4.1.3
|
|
|
|
### TwigBundle
|
|
|
|
* added the real template name when an error occurs in a Twig template
|
|
* added the twig:lint command that will validate a Twig template syntax.
|
|
|
|
### WebProfilerBundle
|
|
|
|
* [BC BREAK] You must clear old profiles after upgrading to 2.1 (don't forget to
|
|
remove the table if you are using a DB)
|
|
* added support for the request method
|
|
* added a routing panel
|
|
* added a timeline panel
|
|
* The toolbar position can now be configured via the `position` option (can be `top` or `bottom`)
|
|
|
|
### Config
|
|
|
|
* added a way to add documentation on configuration
|
|
* implemented `Serializable` on resources
|
|
* LoaderResolverInterface is now used instead of LoaderResolver for type hinting
|
|
|
|
### Form
|
|
|
|
* [BC BREAK] ``read_only`` field attribute now renders as ``readonly="readonly"``, use ``disabled`` instead
|
|
* [BC BREAK] child forms now aren't validated anymore by default
|
|
* made validation of form children configurable (new option: cascade_validation)
|
|
* added support for validation groups as callbacks
|
|
* made the translation catalogue configurable via the "translation_domain" option
|
|
* added Form::getErrorsAsString() to help debugging forms
|
|
* allowed setting different options for RepeatedType fields (like the label)
|
|
* added support for empty form name at root level, this enables rendering forms
|
|
without form name prefix in field names
|
|
* [BC BREAK] form and field names must start with a letter, digit or underscore
|
|
and only contain letters, digits, underscores, hyphens and colons
|
|
* [BC BREAK] changed default name of the prototype in the "collection" type
|
|
from "$$name$$" to "\__name\__". No dollars are appended/prepended to custom
|
|
names anymore.
|
|
* [BC BREAK] improved ChoiceListInterface
|
|
* [BC BREAK] added SimpleChoiceList and LazyChoiceList as replacement of
|
|
ArrayChoiceList
|
|
* added ChoiceList and ObjectChoiceList to use objects as choices
|
|
* [BC BREAK] removed EntitiesToArrayTransformer and EntityToIdTransformer.
|
|
The former has been replaced by CollectionToArrayTransformer in combination
|
|
with EntityChoiceList, the latter is not required in the core anymore.
|
|
|
|
* [BC BREAK] renamed
|
|
|
|
* ArrayToBooleanChoicesTransformer to ChoicesToBooleanArrayTransformer
|
|
* ScalarToBooleanChoicesTransformer to ChoiceToBooleanArrayTransformer
|
|
* ArrayToChoicesTransformer to ChoicesToValuesTransformer
|
|
* ScalarToChoiceTransformer to ChoiceToValueTransformer
|
|
|
|
to be consistent with the naming in ChoiceListInterface.
|
|
|
|
* [BC BREAK] removed FormUtil::toArrayKey() and FormUtil::toArrayKeys().
|
|
They were merged into ChoiceList and have no public equivalent anymore.
|
|
* choice fields now throw a FormException if neither the "choices" nor the
|
|
"choice_list" option is set
|
|
* the radio type is now a child of the checkbox type
|
|
* the collection, choice (with multiple selection) and entity (with multiple
|
|
selection) types now make use of addXxx() and removeXxx() methods in your
|
|
model if you set "by_reference" to false. For a custom, non-recognized
|
|
singular form, set the "property_path" option like this: "plural|singular"
|
|
* forms now don't create an empty object anymore if they are completely
|
|
empty and not required. The empty value for such forms is null.
|
|
* added constant Guess::VERY_HIGH_CONFIDENCE
|
|
* [BC BREAK] FormType::getParent() does not see default options anymore
|
|
* [BC BREAK] The methods `add`, `remove`, `setParent`, `bind` and `setData`
|
|
in class Form now throw an exception if the form is already bound
|
|
* fields of constrained classes without a NotBlank or NotNull constraint are
|
|
set to not required now, as stated in the docs
|
|
* fixed TimeType and DateTimeType to not display seconds when "widget" is
|
|
"single_text" unless "with_seconds" is set to true
|
|
* checkboxes of in an expanded multiple-choice field don't include the choice
|
|
in their name anymore. Their names terminate with "[]" now.
|
|
* [BC BREAK] FormType::getDefaultOptions() and FormType::getAllowedOptionValues()
|
|
don't receive an options array anymore.
|
|
* deprecated FormValidatorInterface and substituted its implementations
|
|
by event subscribers
|
|
* simplified CSRF protection and removed the csrf type
|
|
* deprecated FieldType and merged it into FormType
|
|
* [BC BREAK] renamed "field_*" theme blocks to "form_*" and "field_widget" to
|
|
"input"
|
|
* ValidatorTypeGuesser now guesses "collection" for array type constraint
|
|
* added method `guessPattern` to FormTypeGuesserInterface to guess which pattern to use in the HTML5 attribute "pattern"
|
|
* deprecated method `guessMinLength` in favor of `guessPattern`
|
|
|
|
### Routing
|
|
|
|
* the UrlMatcher does not throw a \LogicException any more when the required scheme is not the current one
|
|
* added a TraceableUrlMatcher
|
|
* added the possibility to define options, default values and requirements for placeholders in prefix, including imported routes
|
|
* added RouterInterface::getRouteCollection
|
|
* [BC BREAK] the UrlMatcher urldecodes the route parameters only once, they were decoded twice before.
|
|
Note that the `urldecode()` calls have been changed for a single `rawurldecode()` in order to support `+` for input paths.
|
|
* added RouteCollection::getRoot method to retrieve the root of a RouteCollection tree
|
|
* [BC BREAK] made RouteCollection::setParent private which could not have been used anyway without creating inconsistencies
|
|
* [BC BREAK] RouteCollection::remove also removes a route from parent collections (not only from its children)
|
|
|
|
### Security
|
|
|
|
* after login, the user is now redirected to `default_target_path` if `use_referer` is true and the referrer is the `login_path`.
|
|
* added a way to remove a token from a session
|
|
* [BC BREAK] changed `MutableAclInterface::setParentAcl` to accept `null`, review your implementation to reflect this change.
|
|
* `ObjectIdentity::fromDomainObject`, `UserSecurityIdentity::fromAccount` and `UserSecurityIdentity::fromToken` now return
|
|
correct identities for proxies objects (e.g. Doctrine proxies)
|
|
|
|
### Validator
|
|
|
|
* added support for `ctype_*` assertions in `TypeValidator`
|
|
* added a Size validator
|
|
* added a SizeLength validator
|
|
* improved the ImageValidator with min width, max width, min height, and max height constraints
|
|
* added support for MIME with wildcard in FileValidator
|
|
* changed Collection validator to add "missing" and "extra" errors to
|
|
individual fields
|
|
* changed default value for `extraFieldsMessage` and `missingFieldsMessage`
|
|
in Collection constraint
|
|
* made ExecutionContext immutable
|
|
* deprecated Constraint methods `setMessage`, `getMessageTemplate` and
|
|
`getMessageParameters`
|
|
* added support for dynamic group sequences with the GroupSequenceProvider pattern
|
|
* [BC BREAK] ConstraintValidatorInterface method `isValid` has been renamed to
|
|
`validate`, its return value was dropped. ConstraintValidator still contains
|
|
`isValid` for BC
|