Releases: symfony/symfony
Releases · symfony/symfony
v6.4.0-RC2
Changelog (v6.4.0-RC1...v6.4.0-RC2)
- bug #52724 [Security] make secret required for DefaultLoginRateLimiter (@RobertMe)
- bug #52617 [AssetMapper] Fix resolving jsdeliver default + other exports from modules (@ogizanagi)
- feature #52712 [AssetMapper] Exclude dot files (@weaverryan)
- bug #52725 [AssetMapper] Fix: also download files referenced by url() in CSS (@weaverryan)
- bug #52702 [AssetMapper] Fix eager imports are not deduplicated (@smnandre)
- bug #52719 [Mime] Add
TemplatedEmail::$locale
to the serialized props (@mkrauser) - bug #52677 [Translation] [Lokalise] Fix language format on Lokalise Provider (@welcoMattic)
- bug #52715 [Cache] fix detecting the database server version (@xabbuh)
- bug #52688 [Cache] Add url decoding of password in
RedisTrait
DSN (@alexandre-daubois) - bug #52172 [Serializer] Fix denormalizing empty string into
object|null
parameter (@Jeroeny) - bug #52693 [Messenger] Fix message handlers with multiple
from_transports
(@valtzu) - bug #52684 [PropertyInfo] Fixed promoted property type detection for
PhpStanExtractor
(@LastDragon-ru) - bug #52681 [Serializer] Fix support for DiscriminatorMap in PropertyNormalizer (@mtarld)
- bug #52680 [Serializer] Fix access to private properties/getters when using the
@Ignore
annotation (@mtarld) - bug #52713 [Serializer] Fix deserialization_path missing using contructor (@mtarld)
- bug #52683 [Serializer] Fix constructor deserialization path (@mtarld)
- bug #52707 [HttpKernel] Fix logging deprecations to the "php" channel when channel "deprecation" is not defined (@nicolas-grekas)
- bug #52589 [Serializer] Fix XML attributes not added on empty node (@mtarld)
- bug #52686 [Cache] fix detecting the server version with Doctrine DBAL 4 (@xabbuh)
- bug #52629 [Messenger] Fix support for Redis Sentinel using php-redis 6.0.0 (@pepeh)
- bug #52656 [FrameworkBundle] Add TemplateController to the list of allowed controllers for fragments (@nicolas-grekas)
- bug #52459 [Cache][HttpFoundation][Lock] Fix PDO store not creating table + add tests (@HypeMC)
- bug #52626 [Serializer] Fix denormalizing date intervals having both weeks and days (@oneNevan)
- bug #52578 [Serializer] Fix denormalize constructor arguments (@mtarld)
- bug #52526 Add some more non-countable English nouns (@paullallier)
- bug #52604 [FrameworkBundle] register the virtual request stack together with common profiling services (@xabbuh)
- bug #52039 [Scheduler] Continue with stored
Checkpoint::$time
on lock (@Jeroeny) - bug #52631 [DomCrawler] Revert "bug #52579 UriResolver support path with colons" (@lyrixx)
- bug #52618 [VarExporter] Fix handling mangled property names returned by __sleep() (@nicolas-grekas)
[PR] #52742
v7.0.0-RC1
Changelog (v7.0.0-BETA3...v7.0.0-RC1)
- bug #52597 [DependencyInjection] Fix dumping containers with null-referenced services (@nicolas-grekas)
- bug #52588 [Messenger] Use extension_loaded call to check if pcntl extension is loaded, as SIGTERM might be set be swoole (Sergii Dolgushev)
- feature #52569 [VarExporter] Drop support for partially initialized lazy object (@nicolas-grekas)
- bug #52567 [AssetMapper] Fixing js sourceMappingURL extraction when sourceMappingURL used in code (@weaverryan)
- bug #52579 [DomCrawler] UriResolver support path with colons (@vdauchy)
- bug #52581 [Messenger] attach all required parameters to query (@xabbuh)
- feature #52568 [VarExporter] Deprecate per-property lazy-initializers (@nicolas-grekas)
- feature #52560 [Mailer] Update default Mailjet port (@Katario)
[PR] #52600
v6.4.0-RC1
Changelog (v6.4.0-BETA3...v6.4.0-RC1)
- bug #52588 [Messenger] Use extension_loaded call to check if pcntl extension is loaded, as SIGTERM might be set be swoole (Sergii Dolgushev)
- bug #52567 [AssetMapper] Fixing js sourceMappingURL extraction when sourceMappingURL used in code (@weaverryan)
- bug #52579 [DomCrawler] UriResolver support path with colons (@vdauchy)
- bug #52581 [Messenger] attach all required parameters to query (@xabbuh)
- feature #52568 [VarExporter] Deprecate per-property lazy-initializers (@nicolas-grekas)
- feature #52560 [Mailer] Update default Mailjet port (@Katario)
[PR] #52599
v7.0.0-BETA3
Changelog (v7.0.0-BETA2...v7.0.0-BETA3)
- bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)
- bug #52524 [AssetMapper] Only download a CSS file if it is explicitly advertised (@weaverryan)
- bug #52523 [AssetMapper] avoid caching MappedAsset inside JavaScript Import (@weaverryan)
- bug #52519 [AssetMapper] If assets are served from a subdirectory or CDN, also adjust importmap keys (@weaverryan)
- bug #52508 [AssetMapper] Fix jsdelivr import parsing with no imported value (@weaverryan)
- security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
- security #cve-2023-46735 [Webhook] Remove user-submitted type from HTTP response (@nicolas-grekas)
- security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
- bug #52514 [FrameworkBundle] Don't reference SYMFONY_IDE env var in non-debug mode (@nicolas-grekas)
- bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
- bug #52496 [VarDumper] Accept mixed key on
DsPairStub
(@marc-mabe) - bug #52502 [Config] Prefixing
FileExistenceResource::__toString()
to avoid conflict withFileResource
(@weaverryan) - bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
- bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
- bug #52469 Check whether secrets are empty and mark them all as sensitive (@nicolas-grekas)
- feature #52471 [HttpKernel] Add
ControllerResolver::allowControllers()
to define which callables are legit controllers when the_check_controller_is_allowed
request attribute is set (@nicolas-grekas) - bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
- bug #52434 [Console][FrameworkBundle] Fix missing
profile
option for console commands (@keulinho) - bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
- bug #52472 [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded (@MatTheCat)
- bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
- bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
- feature #52449 [TwigBridge] Mark CodeExtension as
@internal
(@fabpot) - bug #52429 [HttpClient] Replace
escapeshellarg
to prevent overpassingARG_MAX
(@alexandre-daubois) - bug #52442 Disable the "Copy as cURL" button when the debug info are disabled (@stof)
- bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
- bug #52438 [HttpKernel] Fix uninitialized property in Bundle class (@javiereguiluz)
- feature #52336 [HttpFoundation][Lock] Makes MongoDB adapters usable with
ext-mongodb
only (@GromNaN) - bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
- bug #52427 [Console][Process] do not let context classes extend the message classes (@xabbuh)
- bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
- bug #52132 [Console] Fix horizontal table top border is incorrectly rendered (@OskarStark)
- bug #52368 [AssetMapper] Fixing bug where JSCompiler used non-absolute importmap entry path (@weaverryan)
- bug #52367 [Uid] Fix UuidV7 collisions within the same ms (@nicolas-grekas)
- bug #52287 [FrameworkBundle] Fix deprecation layer for "enable_annotations" in validation and serializer configuration (@lyrixx)
- bug #52222 [MonologBridge] Fix support for monolog 3.0 (@louismariegaborit)
[PR] #52541
[SECURITY] Security release
v6.4.0-BETA3
Changelog (v6.4.0-BETA2...v6.4.0-BETA3)
- bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)
- bug #52524 [AssetMapper] Only download a CSS file if it is explicitly advertised (@weaverryan)
- bug #52523 [AssetMapper] avoid caching MappedAsset inside JavaScript Import (@weaverryan)
- bug #52519 [AssetMapper] If assets are served from a subdirectory or CDN, also adjust importmap keys (@weaverryan)
- bug #52508 [AssetMapper] Fix jsdelivr import parsing with no imported value (@weaverryan)
- security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
- security #cve-2023-46735 [Webhook] Remove user-submitted type from HTTP response (@nicolas-grekas)
- security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
- bug #52514 [FrameworkBundle] Don't reference SYMFONY_IDE env var in non-debug mode (@nicolas-grekas)
- bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
- bug #52496 [VarDumper] Accept mixed key on
DsPairStub
(@marc-mabe) - bug #52502 [Config] Prefixing
FileExistenceResource::__toString()
to avoid conflict withFileResource
(@weaverryan) - bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
- bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
- bug #52469 Check whether secrets are empty and mark them all as sensitive (@nicolas-grekas)
- feature #52471 [HttpKernel] Add
ControllerResolver::allowControllers()
to define which callables are legit controllers when the_check_controller_is_allowed
request attribute is set (@nicolas-grekas) - bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
- bug #52434 [Console][FrameworkBundle] Fix missing
profile
option for console commands (@keulinho) - bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
- bug #52472 [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded (@MatTheCat)
- bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
- bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
- feature #52449 [TwigBridge] Mark CodeExtension as
@internal
(@fabpot) - bug #52429 [HttpClient] Replace
escapeshellarg
to prevent overpassingARG_MAX
(@alexandre-daubois) - bug #52442 Disable the "Copy as cURL" button when the debug info are disabled (@stof)
- bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
- feature #52336 [HttpFoundation][Lock] Makes MongoDB adapters usable with
ext-mongodb
only (@GromNaN) - bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
- bug #52427 [Console][Process] do not let context classes extend the message classes (@xabbuh)
- bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
- bug #52132 [Console] Fix horizontal table top border is incorrectly rendered (@OskarStark)
- bug #52368 [AssetMapper] Fixing bug where JSCompiler used non-absolute importmap entry path (@weaverryan)
- bug #52367 [Uid] Fix UuidV7 collisions within the same ms (@nicolas-grekas)
- bug #52287 [FrameworkBundle] Fix deprecation layer for "enable_annotations" in validation and serializer configuration (@lyrixx)
- bug #52222 [MonologBridge] Fix support for monolog 3.0 (@louismariegaborit)
[PR] #52538
[SECURITY] Security release
v6.3.8
Changelog (v6.3.7...v6.3.8)
- bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)
- security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
- security #cve-2023-46735 [Webhook] Remove user-submitted type from HTTP response (@nicolas-grekas)
- security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
- bug #52514 [FrameworkBundle] Don't reference SYMFONY_IDE env var in non-debug mode (@nicolas-grekas)
- bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
- bug #52496 [VarDumper] Accept mixed key on
DsPairStub
(@marc-mabe) - bug #52502 [Config] Prefixing
FileExistenceResource::__toString()
to avoid conflict withFileResource
(@weaverryan) - bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
- bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
- bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
- bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
- bug #52472 [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded (@MatTheCat)
- bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
- bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
- bug #52429 [HttpClient] Replace
escapeshellarg
to prevent overpassingARG_MAX
(@alexandre-daubois) - bug #52442 Disable the "Copy as cURL" button when the debug info are disabled (@stof)
- bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
- bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
- bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
- bug #52132 [Console] Fix horizontal table top border is incorrectly rendered (@OskarStark)
- bug #52367 [Uid] Fix UuidV7 collisions within the same ms (@nicolas-grekas)
- bug #52222 [MonologBridge] Fix support for monolog 3.0 (@louismariegaborit)
[PR] #52536
[SECURITY] Security release
v5.4.31
Changelog (v5.4.30...v5.4.31)
- security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
- security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
- bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
- bug #52502 [Config] Prefixing
FileExistenceResource::__toString()
to avoid conflict withFileResource
(@weaverryan) - bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
- bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
- bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
- bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
- bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
- bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
- bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
- bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
- bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
- bug #52329 [HttpClient] Psr18Client: parse HTTP Reason Phrase for Response (@Hanmac)
[PR] #52535
[SECURITY] Security release
v4.4.51
Changelog (v4.4.50...v4.4.51)
- security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
[PR] #52534
[SECURITY] Security release
v7.0.0-BETA2
Changelog (v7.0.0-BETA1...v7.0.0-BETA2)
- bug #52329 [HttpClient] Psr18Client: parse HTTP Reason Phrase for Response (@Hanmac)
- bug #52323 [AssetMapper] Allowing circular references in JavaScriptImportPathCompiler (@weaverryan)
- bug #52331 [AssetMapper] Fix file deleting errors & remove nullable MappedAsset on JS import (@weaverryan)
- bug #52332 [Yaml] Fix deprecated passing null to trim() (@javaDeveloperKid)
- bug #52349 [AssetMapper] Fix in-file imports to resolve via filesystem (@weaverryan)
- bug #52343 [Intl] Update the ICU data to 74.1 (@jderusse)
- bug #52347 [Form] Fix merging form data and files (ter) (Jan Pintr)
- bug #52330 [AssetMapper] Fixing memory bug where we stored way more file content than needed (@weaverryan)
- bug #52325 [AssetMapper] jsdelivr "no version" import syntax (@weaverryan)
- bug #52307 [Scheduler] Save checkpoint in a finally block (@FrancoisPog)
- feature #52193 [PhpUnitBridge] Allow setting the locale using SYMFONY_PHPUNIT_LOCALE env var (@VincentLanglet)
- bug #52290 [DebugBundle] ignore a not-existing virtual request stack (@xabbuh)
- bug #52308 [SecurityBundle] Fix missing login-link element in xsd schema (@fancyweb)
- bug #51331 [Messenger] add handler description as array key to
HandlerFailedException::getWrappedExceptions()
(@kbond) - bug #52298 [HttpKernel] Update AbstractBundle.php, use !isset($this->path) (@tacman)
- bug #51992 [Serializer] Fix using
DateIntervalNormalizer
with union types (@Jeroeny) - bug #52276 DB table locks on messenger_messages with many failures (@bn-jdcook)
- bug #52232 [Messenger] declare constructor argument as optional for backwards compatibility (@xabbuh)
- bug #52254 [AssetMapper] Adding import-parsing case where import contains a path (@weaverryan)
- bug #52283 [Serializer] Handle default context when denormalizing timestamps in DateTimeNormalizer (@mtarld)
- bug #52272 [VarDump] Fix order of dumped properties - parent goes first (@lyrixx)
- bug #52274 [FrameworkBundle] re-introduce conflict rule with WebProfilerBundle < 6.4 (@xabbuh)
- bug #52268 [Mailer][Notifier] Update Sendinblue / Brevo API host (@stephanie)
- bug #52255 [Form] Skip merging params & files if there are no files in the first place (@dmaicher, @priyadi)
- bug #52234 add return type hints to EntityFactory (@xabbuh)
- bug #52229 [FrameworkBundle] Fix CommandDataCollector is always registered (@smnandre)
- bug #52218 [FrameworkBundle] Add conflict with
WebProfilerBundle
< 6.4 (@HeahDude)
[PR] #52362
v6.4.0-BETA2
Changelog (v6.4.0-BETA1...v6.4.0-BETA2)
- bug #52329 [HttpClient] Psr18Client: parse HTTP Reason Phrase for Response (@Hanmac)
- bug #52323 [AssetMapper] Allowing circular references in JavaScriptImportPathCompiler (@weaverryan)
- bug #52331 [AssetMapper] Fix file deleting errors & remove nullable MappedAsset on JS import (@weaverryan)
- bug #52332 [Yaml] Fix deprecated passing null to trim() (@javaDeveloperKid)
- bug #52349 [AssetMapper] Fix in-file imports to resolve via filesystem (@weaverryan)
- bug #52343 [Intl] Update the ICU data to 74.1 (@jderusse)
- bug #52347 [Form] Fix merging form data and files (ter) (Jan Pintr)
- bug #52330 [AssetMapper] Fixing memory bug where we stored way more file content than needed (@weaverryan)
- bug #52325 [AssetMapper] jsdelivr "no version" import syntax (@weaverryan)
- bug #52307 [Scheduler] Save checkpoint in a finally block (@FrancoisPog)
- feature #52193 [PhpUnitBridge] Allow setting the locale using SYMFONY_PHPUNIT_LOCALE env var (@VincentLanglet)
- bug #52290 [DebugBundle] ignore a not-existing virtual request stack (@xabbuh)
- bug #52308 [SecurityBundle] Fix missing login-link element in xsd schema (@fancyweb)
- bug #51331 [Messenger] add handler description as array key to
HandlerFailedException::getWrappedExceptions()
(@kbond) - bug #51992 [Serializer] Fix using
DateIntervalNormalizer
with union types (@Jeroeny) - bug #52276 DB table locks on messenger_messages with many failures (@bn-jdcook)
- bug #52232 [Messenger] declare constructor argument as optional for backwards compatibility (@xabbuh)
- bug #52254 [AssetMapper] Adding import-parsing case where import contains a path (@weaverryan)
- bug #52283 [Serializer] Handle default context when denormalizing timestamps in DateTimeNormalizer (@mtarld)
- bug #52272 [VarDump] Fix order of dumped properties - parent goes first (@lyrixx)
- bug #52274 [FrameworkBundle] re-introduce conflict rule with WebProfilerBundle < 6.4 (@xabbuh)
- bug #52268 [Mailer][Notifier] Update Sendinblue / Brevo API host (@stephanie)
- bug #52255 [Form] Skip merging params & files if there are no files in the first place (@dmaicher, @priyadi)
- bug #52234 add return type hints to EntityFactory (@xabbuh)
- bug #52229 [FrameworkBundle] Fix CommandDataCollector is always registered (@smnandre)
- bug #52218 [FrameworkBundle] Add conflict with
WebProfilerBundle
< 6.4 (@HeahDude)
[PR] #52358