April 5, 2020 Javier Eguiluz

This week, Symfony published 4.4.7 and 5.0.7 versions to address some security vulnerabilities. Meanwhile, the upcoming Symfony 5.1 version added a feature to dump factory files as classes and improved class preloading. This will be one of the topics of the next SymfonyLive Online event on April 17, 2020.

Symfony development highlights

This week, 76 pull requests were merged (42 in code and 34 in docs) and 49 issues were closed (43 in code and 6 in docs). Excluding merges, 42 authors made 3,915 additions and 1,484 deletions. See details for code and docs.

3.4 changelog:

b9c2693: [Validator] fixed calling getters before resolving groups

0b27194: [HttpKernel] prevent keys collisions in the sanitized logs processing

6dbf9eb: [Serializer] fixed unitialized properties

6254cdb: [Validator] allow URL-encoded special characters in basic auth part of URLs

21a6ab0: [HttpFoundation] no need to reconnect the bags to the session after session_regenerate_id

004f1f3: [WebProfilerBundle] support for Content Security Policy style-src-elem and script-src-elem in WebProfiler

60a35f8: [Validator] updated Ukrainian and Russian translations

4.4 changelog:

ff2c362: [DomCrawler] fixed BC break in assertions breaking Panther

c266ab1: [FrameworkBundle] reverted to legacy wiring of the session when circular refs are detected

b1d21af: [Security] allow setting cookie security settings for delete_cookies

fe091d4: [DependencyInjection] fixed generating TypedReference from PriorityTaggedServiceTrait

c935e4a: [Security] fixed access_control behavior with unanimous decision strategy

dca3434: [HttpFoundation] do not set the default Content-Type based on the Accept header

6f25ce5: [Security] forward multiple attributes voting flag

a5af8f6: fixed the reporting of deprecations in twig:lint

b9c2693: [Validator] fixed calling getters before resolving groups

15edfd3: [Security] ignored all non existent username protection errors in SwitchUserListener

38cbcc6: [Security] track session usage whenever a new token is set

Master changelog:

bb9d522: [Uid] improve the code

0876480: [DependencyInjection] dump factory files as classes

0c74ff4: [FrameworkBundle] dump kernel extension configuration

2130465: [HttpFoundation] improve UnexpectedSessionUsageException backtrace

c8f4d16: [DependencyInjection] improve the deprecation features by handling package and version

9381dd6: [HttpKernel] deprecate single-colon notation for controllers

09dcbfc: [FrameworkBundle] deprecate flashbag and attributebag services

2fc5f13: [DependencyInjection] deprecate ContainerInterface aliases

0bec08f: [Config] improve the deprecation features by handling package and version

5aeecc2: [Form] action allows only strings

fdd8ac5: [Messenger] add a \Throwable argument in RetryStrategyInterface methods

1fc7b86: [Security] refactor logout listener to dispatch an event instead

6f57fcf: [Mime] strengthen is_resource() checks

8a2a69f: [HttpKernel] allow cache warmers to add to the list of preloaded classes and files

3b38f38: [DependencyInjection] add tags container.preload/.no_preload to declare extra classes to preload/services to not preload

Newest issues and pull requests

They talked about us

Call to Action