symfony/CHANGELOG-2.1.md

CHANGELOG for 2.1.x

This changelog references the relevant changes (bug and security fixes) made in 2.1 minor versions.

To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.1.0...v2.1.1

2.1.0

AbstractDoctrineBundle

• This bundle has been removed and the relevant code has been moved to the Doctrine bridge

DoctrineBundle

• This bundle has been moved to the Doctrine organization
• added optional group_by property to EntityType that supports either a PropertyPath or a \Closure that is evaluated on the entity choices
• The em option for the UniqueEntity constraint is now optional (and should probably not be used anymore).

FrameworkBundle

• changed the default extension for XLIFF files from .xliff to .xlf
• moved Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher to Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher
• moved Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher to Symfony\Component\EventDispatcher\ContainerAwareTraceableEventDispatcher
• added a router:match command
• added a config:dump-reference command
• added a server:run command
• added kernel.event_subscriber tag
• added a way to create relative symlinks when running assets:install command (--relative option)
• added Controller::getUser()
• [BC BREAK] assets_base_urls and base_urls merging strategy has changed
• changed the default profiler storage to use the filesystem instead of SQLite
• added support for placeholders in route defaults and requirements (replaced by the value set in the service container)
• added Filesystem component as a dependency
• added support for hinclude (use standalone: 'js' in render tag)
• session options: lifetime, path, domain, secure, httponly were deprecated. Prefixed versions should now be used instead: cookie_lifetime, cookie_path, cookie_domain, cookie_secure, cookie_httponly
• [BC BREAK] following session options: 'lifetime', 'path', 'domain', 'secure', 'httponly' are now prefixed with cookie_ when dumped to the container
• Added handler_id configuration under session key to represent session.handler service, defaults to session.handler.native_file.
• Added gc_maxlifetime, gc_probability, and gc_divisor to session configuration. This means session garbage collection has a gc_probability/gc_divisor chance of being run. The gc_maxlifetime defines how long a session can idle for. It is different from cookie lifetime which declares how long a cookie can be stored on the remote client.

MonologBundle

• This bundle has been moved to its own repository (https://github.com/symfony/MonologBundle)

SecurityBundle

• [BC BREAK] The custom factories for the firewall configuration are now registered during the build method of bundles instead of being registered by the end-user (you need to remove the 'factories' keys in your security configuration).

• [BC BREAK] The Firewall listener is now registered after the Router one. This means that specific Firewall URLs (like /login_check and /logout must now have proper route defined in your routing configuration)

• [BC BREAK] refactored the user provider configuration. The configuration changed for the chain provider and the memory provider:

  Before:

  security:
      providers:
          my_chain_provider:
              providers: [my_memory_provider, my_doctrine_provider]
          my_memory_provider:
              users:
                  toto: { password: foobar, roles: [ROLE_USER] }
                  foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
  

  After:

  security:
      providers:
          my_chain_provider:
              chain:
                  providers: [my_memory_provider, my_doctrine_provider]
          my_memory_provider:
              memory:
                  users:
                      toto: { password: foobar, roles: [ROLE_USER] }
                      foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
  

• [BC BREAK] Method equals was removed from UserInterface to its own new EquatableInterface. The user class can now implement this interface to override the default implementation of users equality test.

• added a validator for the user password

• added 'erase_credentials' as a configuration key (true by default)

• added new events: security.authentication.success and security.authentication.failure fired on authentication success/failure, regardless of authentication method, events are defined in new event class: Symfony\Component\Security\Core\AuthenticationEvents.

• Added optional CSRF protection to LogoutListener:

  security:
      firewalls:
          default:
              logout:
                  path: /logout_path
                  target: /
                  csrf_parameter: _csrf_token        # Optional (defaults to "_csrf_token")
                  csrf_provider:  form.csrf_provider # Required to enable protection
                  intention:      logout             # Optional (defaults to "logout")
  

  If the LogoutListener has CSRF protection enabled but cannot validate a token, then a LogoutException will be thrown.

• Added logout_url templating helper and Twig extension, which may be used to generate logout URL's within templates. The security firewall's config key must be specified. If a firewall's logout listener has CSRF protection enabled, a token will be automatically added to the generated URL.

SwiftmailerBundle

• This bundle has been moved to its own repository (https://github.com/symfony/SwiftmailerBundle)
• moved the data collector to the bridge
• replaced MessageLogger class with the one from Swiftmailer 4.1.3

TwigBundle

• added the real template name when an error occurs in a Twig template
• added the twig:lint command that will validate a Twig template syntax.