May 30, 2015 Fabien Potencier

Symfony 2.7.0 has just been released. 2.7 is the new LTS version of Symfony.

Symfony 2.7.0 comes with more than 100 new features and enhancements.

Read the UPGRADE from 2.6 to 2.7 guide to learn more about new ways of doing things and deprecated features that will be removed in 3.0.

Yesterday, I told you that 2.7 comes with an unexpected surprise... Symfony has now early built-in support for PSR-7. And that works as of Symfony 2.3, without breaking backward compatibility. Hurray for everyone involved in this effort! As this is something important, Ryan wrote a dedicated blog post about it.

Now, for the boring stuff with the list of the most important changes since the last beta:

bug #14777 Avoid using the app global variable in the profiler templates (stof)

bug #14262 [REVERTED] [TwigBundle] Refresh twig paths when resources change. (aitboudad)

security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)

bug #14745 [Serializer] AbstractNormalizer::instantiateObject allow default values when not optional (boekkooi)

bug #14743 [DebugBundle] Fix config XSD (nicolas-grekas)

bug #14711 [Serializer] AbstractNormalizer instantiateObject avoid null rejection (boekkooi)

rejection (boekkooi) bug #14726 [Translation] fixed JSON loader on PHP 7 when file is empty (fabpot)

bug #14715 [Form] Check instance of FormBuilderInterface instead of FormBuilder (dosten)

bug #14654 [Console] SymfonyStyle : fix blocks failed when $messages is null (ogizanagi)

bug #14708 [TwigBridge] use proper class to fetch asset version strategy property (xabbuh)

bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts (MacDada)

bug #14635 [HttpKernel] Handle an array vary header in the http cache store (jakzal)

bug #14513 [console][formater] allow format toString object. (aitboudad)

bug #14335 [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo (danez)

bug #14593 [Security][Firewall] Avoid redirection to XHR URIs (asiragusa)

bug #14576 [DoctrineBridge][Form] Fix BC break in DoctrineType (malarzm)

bug #14551 [Form] Fixed ChoiceType with legacy ChoiceList (xelaris)

bug #14648 [Console] Fix first choice was invalid when using value (ogizanagi)

bug #14618 [DomCrawler] Throw an exception if a form field path is incomplete (jakzal)

bug #14699 Fix HTML escaping of to-source links (amenk, nicolas-grekas)

bug #14698 Fix HTML escaping of to-source links (nicolas-grekas)

bug #14690 [HttpFoundation] IpUtils::checkIp4() should allow /0 networks (zerkms)

networks (zerkms) bug #14696 Fix the rendering of deprecation log messages (stof)

bug #14683 Fixed the indentation in the compiled template for the DumpNode (stof)

bug #14262 [TwigBundle] Refresh twig paths when resources change. (aitboudad)

bug #13633 [ServerBag] Handled bearer authorization header in REDIRECT_ form (Lance0312)

form (Lance0312) bug #13637 [CSS] WebProfiler break words (nicovak)

bug #14217 [WebProfilerBundle] Fix regexp (romqin)

bug #14644 [BridgeTwig] Adding a space between the icon and the error message (zmikael, nicolas-grekas)

bug #14645 [WebProfilerBundle] Fix compatiblity with HttpKernel < 2.7 (GromNaN)

bug #14640 [DebugBundle] Allow alternative destination for dumps (nicolas-grekas)

bug #14600 [Console] SymfonyStyle: fix block rpadding when escaping '<' (ogizanagi)

bug #14633 [EventDispatcher] make listeners removable from an executed listener (xabbuh)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to check the integrity of this new version? Read my blog post about signing releases .

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.