January 29, 2018 Fabien Potencier

Symfony 4.0.4 has just been released. Here is a list of the most important changes:

bug #25922 [HttpFoundation] Use the correct syntax for session gc based on Pdo driver (@tanasecosminromeo)

bug #25933 Disable CSP header on exception pages only in debug (@ostrolucky)

bug #25926 [Form] Fixed Button::setParent() when already submitted (@HeahDude)

bug #25927 [Form] Fixed submitting disabled buttons (@HeahDude)

bug #25397 [Console] Provide a DX where an array could be passed (@Simperfit)

bug #25858 [DI] Fix initialization of legacy containers by delaying include_once (@nicolas-grekas)

bug #25891 [DependencyInjection] allow null values for root nodes in YAML configs (@xabbuh)

bug #24864 Have weak_vendors ignore deprecations from outside (@greg0ire)

bug #25873 [Console] Fix using finally where the catch can also fail (@nicolas-grekas)

bug #25848 [Validator] add missing parent isset and add test (@Simperfit)

bug #25869 [Process] Skip environment variables with false value in Process (@francoispluchino)

bug #25864 [Yaml] don't split lines on carriage returns when dumping (@xabbuh)

bug #25863 [Yaml] trim spaces from unquoted scalar values (@xabbuh)

bug #25861 do not conflict with egulias/email-validator 2.0+ (@xabbuh)

bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (@emodric)

bug #25837 [SecurityBundle] Don't register in memory users as services (@chalasr)

bug #25835 [HttpKernel] DebugHandlersListener should always replace the existing exception handler (@nicolas-grekas)

bug #25829 [Debug] Always decorate existing exception handlers to deal with fatal errors (@nicolas-grekas)

bug #25823 [Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is used (@giovannialbero1992)

bug #25824 Fixing a bug where the dump() function depended on bundle ordering (@weaverryan)

bug #25763 [OptionsResolver] Fix options resolver with array allowed types (@mcg-web)

bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (@kejwmen)

bug #25822 [Cache] Fix handling of apcu_fetch() edgy behavior (@nicolas-grekas)

bug #25816 Problem in phar see mergerequest #25579 (@betzholz)

bug #25781 [Form] Disallow transform dates beyond the year 9999 (@curry684)

bug #25287 [Serializer] DateTimeNormalizer handling of null and empty values (returning it instead of new object) (@Simperfit)

bug #25249 [Form] Avoid button label translation when it's set to false (@TeLiXj)

bug #25127 [TwigBridge] Pass the form-check-inline in parent (@Simperfit)

bug #25812 Copied NO language files to the new NB locale (@derrabus)

bug #25753 [Console] Fix restoring exception handler (@nicolas-grekas, @fancyweb)

bug #25801 [Router] Skip anonymous classes when loading annotated routes (@pierredup)

bug #25508 [FrameworkBundle] Auto-enable CSRF if the component + session are loaded (@nicolas-grekas)

bug #25657 [Security] Fix fatal error on non string username (@chalasr)

bug #25791 [Routing] Make sure we only build routes once (@sroze)

bug #25799 Fixed Request::toString ignoring cookies (@Toflar)

bug #25755 [Debug] prevent infinite loop with faulty exception handlers (@nicolas-grekas)

bug #25771 [Validator] 19 digits VISA card numbers are valid (@xabbuh)

bug #25751 [FrameworkBundle] Add the missing enabled session attribute (@sroze)

bug #25750 [HttpKernel] Turn bad hosts into 400 instead of 500 (@nicolas-grekas)

bug #25699 [HttpKernel] Fix session handling: decouple "save" from setting response "private" (@nicolas-grekas)

bug #25490 [Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR (@diversantvlz)

bug #25737 [TwigBridge] swap filter/function and package names (@xabbuh)

bug #25731 [HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler (@nicolas-grekas)

bug #25733 [HttpKernel] Fix compile error when a legacy container is fresh again (@nicolas-grekas)

bug #25709 Tweaked some styles in the profiler tables (@javiereguiluz)

bug #25719 [HttpKernel] Uses cookies to track the requests redirection (@sroze)

bug #25696 [FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes (@nicolas-grekas)

feature #25669 [Security] Fail gracefully if the security token cannot be unserialized from the session (@thewilkybarkid)

bug #25700 Run simple-phpunit with --no-suggest option (@ro0NL)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.