March 1, 2018 Fabien Potencier

Symfony 4.0.5 has just been released. Here is a list of the most important changes:

bug #26327 [Form][WCAG] Errors sign for people that do not see colors (@Nyholm)

bug #26326 [Form][WCAG] Added role="presentation" on tables & removed bootstrap4 table (@Nyholm)

bug #26325 [Form][WCAG] Add hidden labels on date and time fields (@Nyholm)

bug #26338 [Debug] Keep previous errors of Error instances (@Philipp91)

bug #26328 [Form][WCAG] Fixed HTML errors (@Nyholm)

bug #26290 [FrameworkBundle] [Console][DX] add a warning when command is not found (@Simperfit)

bug #26318 [Routing] Fix GC control of PHP-DSL (@nicolas-grekas)

bug #26312 [Routing] Don't throw 405 when scheme requirement doesn't match (@nicolas-grekas)

bug #26275 Set controller without invoke method from invokable class (@Tobion)

bug #26298 Fix ArrayInput::toString() for InputArgument::IS_ARRAY args (@maximium)

bug #26177 Update excluded_ajax_paths for sf4 (@jenaye)

bug #26289 [Security] Add missing use of Role (@tony-tran)

bug #26286 [Security] Add missing use for RoleInterface (@tony-tran)

bug #26265 [PropertyInfo] throw exception if docblock factory does not exist (@xabbuh)

bug #26247 [Translation] Process multiple segments within a single unit. (@timewasted)

bug #26254 fix custom radios/inputs for checkbox/radio type (@mssimi)

bug #26234 [FrameworkBundle] Add missing XML config for circular_reference_handler (@dunglas)

bug #26236 [PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties (@dunglas)

bug #26227 Add support for URL-like DSNs for the PdoSessionHandler (@stof)

bug #25557 [WebProfilerBundle] add a way to limit ajax request (@Simperfit)

bug #26088 [FrameworkBundle] Fix using annotation_reader in compiler pass to inject configured cache provider (@Laizerox)

bug #26157 [HttpKernel] Send new session cookie from AbstractTestSessionListener after session invalidation (@rpkamp)

bug #26230 [WebProfilerBundle] Fix anchor CSS (@ro0NL)

bug #26228 [HttpFoundation] Fix missing "throw" in JsonResponse (@nicolas-grekas)

bug #26211 [Console] Suppress warning from sapi_windows_vt100_support (@adawolfa)

bug #26176 Retro-fit proxy code to make it deterministic for older proxy manager implementations (@lstrojny)

bug #25787 Yaml parser regression with comments and non-strings (@alexpott)

bug #26156 Fixes #26136: Avoid emitting warning in hasParameterOption() (@greg-1-anderson)

bug #26183 [DI] Add null check for removeChild (@changmin.keum)

bug #26167 [TwigBridge] Apply some changes to support Bootstrap4-stable (@mpiot, @Nyholm)

bug #26173 [Security] fix accessing request values (@xabbuh)

bug #26089 [PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener (@lyrixx)

bug #26170 [PHPUnit bridge] Avoid running the remove command without any packages (@stof)

bug #26159 created validator.tl.xlf for Form/Translations (@ergiegonzaga)

bug #26100 [Routing] Throw 405 instead of 404 when redirect is not possible (@nicolas-grekas)

bug #26119 [TwigBundle][WebProfilerBundle] Fix JS collision (@ro0NL)

bug #26040 [Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder (@nicolas-grekas)

bug #26067 [YAML] Issue #26065: leading spaces in YAML multi-line string literals (@tamc)

bug #26012 Exit as late as possible (@greg0ire)

bug #26082 [Cache][WebProfiler] fix collecting cache stats with sub-requests + allow clearing calls (@dmaicher)

bug #26024 [PhpBridge] add PHPUnit 7 support to SymfonyTestsListener (@shieldo)

bug #26020 [Lock] Log already-locked errors as "notice" instead of "warning" (@Simperfit)

bug #26043 [Serialized] add context to serialize and deserialize (@andrey1s)

bug #26127 Deterministic time in cache items for reproducible builds (@lstrojny)

bug #26128 Make kernel build time optionally deterministic (@lstrojny)

bug #26117 isCsrfTokenValid() replace string by ?string (@GaylordP)

bug #26112 Env var maps to undefined constant. (@dsmink)

bug #26111 [Security] fix merge of 2.7 into 2.8 + add test case (@dmaicher)

bug #25893 [Console] Fix hasParameterOption / getParameterOption when used with multiple flags (@greg-1-anderson)

bug #25756 [TwigBundle] Register TwigBridge extensions first (@fancyweb)

bug #26051 [WebProfilerBundle] Fix sub request link (@ro0NL)

bug #25947 PhpDocExtractor::getTypes() throws fatal error when type omitted (@Jared Farrish)

bug #25940 [Form] keep the context when validating forms (@xabbuh)

bug #26057 [SecurityBundle] use libsodium to run Argon2i related tests (@xabbuh)

bug #25373 Use the PCRE_DOLLAR_ENDONLY modifier in route regexes (@mpdude)

bug #24435 [Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2 (@Nyholm)

bug #25762 [DependencyInjection] always call the parent class' constructor (@xabbuh)

bug #25976 [Config] Handle Service/EventSubscriberInterface in ReflectionClassResource (@nicolas-grekas)

bug #25989 [DI][Routing] Fix tracking of globbed resources (@nicolas-grekas, @sroze)

bug #26009 [SecurityBundle] Allow remember-me factory creation when multiple user providers are configured. (@iisisrael)

bug #26010 [CssSelector] For AND operator, the left operand should have parentheses, not only right operand (@Arnaud CHASSEUX)

bug #26000 Fixed issue #25985 (@KevinFrantz)

bug #25996 Don't show wanna-be-private services as public in debug:container (@chalasr)

bug #25914 [HttpKernel] collect extension information as late as possible (@xabbuh)

bug #25981 [DI] Fix tracking of source class changes for lazy-proxies (@nicolas-grekas)

bug #25971 [Debug] Fix bad registration of exception handler, leading to mem leak (@nicolas-grekas)

bug #25962 [Routing] Fix trailing slash redirection for non-safe verbs (@nicolas-grekas)

bug #25948 [Form] Fixed empty data on expanded ChoiceType and FileType (@HeahDude)

bug #25978 Deterministic proxy names (@lstrojny)

bug #25972 support sapi_windows_vt100_support for php 7.2+ (@jhdxr)

bug #25744 [TwigBridge] Allow label translation to be safe (@MatTheCat)

bug #25932 Don't stop PSR-4 service discovery if a parent class is missing (@derrabus)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.