November 21, 2017 Fabien Potencier

Symfony 3.4.0-RC1 has just been released. Here is a list of the most important changes:

bug #25077 [Bridge/Twig] Let getFlashes starts the session (@MatTheCat)

bug #25082 [HttpKernel] Disable container inlining when legacy inlining has been used (@nicolas-grekas)

bug #25072 [Bridge/PhpUnit] Remove trailing "n" from ClockMock::microtime(false) (@joky)

bug #25069 [Debug] Fix undefined variable $lightTrace (@nicolas-grekas)

bug #25053 [Serializer] Fixing PropertyNormalizer supports parent properties (@Christopher Hertel)

bug #25055 [DI] Analyze setter-circular deps more precisely (@nicolas-grekas)

feature #25056 [Bridge/PhpUnit] Sync the bridge version installed in vendor/ and in phpunit clone (@nicolas-grekas)

bug #25045 [SecurityBundle] Don't trigger auto-picking notice if provider is set per listener (@chalasr)

bug #25033 [FrameworkBundle] Dont create empty bundles directory by default (@ro0NL)

bug #25037 [DI] Skip hot_path tag for deprecated services as their class might also be (@nicolas-grekas)

bug #25038 [Cache] Memcached options should ignore "lazy" (@nicolas-grekas)

bug #25014 Move deprecation under use statements (@greg0ire)

bug #25030 [Console] Fix ability to disable lazy commands (@chalasr)

bug #25032 [BridgePhpUnit] Disable broken auto-require mechanism of phpunit (@nicolas-grekas)

bug #25027 [FrameworkBundle] Hide server:log command based on deps (@sroze)

bug #24991 [DependencyInjection] Single typed argument can be applied on multiple parameters (@nicolas-grekas, @sroze)

bug #24983 [Validator] enter the context in which to validate (@xabbuh)

bug #24956 Fix ambiguous pattern (@weltling)

bug #24732 [DependencyInjection] Prevent service:method factory notation in PHP config (@vudaltsov)

bug #24979 [HttpKernel] remove services resetter even when it's an alias (@xabbuh)

bug #24972 [HttpKernel] Fix service arg resolver for controllers as array callables (@sroze, @nicolas-grekas)

bug #24971 [FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand (@nicolas-grekas)

security #24995 Validate redirect targets using the session cookie domain (@nicolas-grekas)

security #24994 Prevent bundle readers from breaking out of paths (@xabbuh)

security #24993 Ensure that submitted data are uploaded files (@xabbuh)

security #24992 Namespace generated CSRF tokens depending of the current scheme (@dunglas)

bug #24954 [DI] Fix dumping with custom base class (@nicolas-grekas)

bug #24952 [HttpFoundation] Fix session-related BC break (@nicolas-grekas, @sroze)

bug #24943 [FrameworkBundle] Wire the translation.reader service instead of deprecated translation.loader in commands (@ogizanagi)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.