This week, Symfony 2.0.22 and 2.1.7 security releases were published to address a potential vulnerability related to the YAML component. Meanwhile, the routing component renamed and deprecated several important options, as explained in the new Symfony 2.x to 3.0 upgrade guide.

Development mailing list

Symfony2 development highlights

2.0 branch:

  • ac756bf: [Yaml] added a way to enable/disable PHP support when parsing a YAML input via Yaml::parse() (as of Symfony 2.1, PHP support is disabled by default, and support will be removed in Symfony 2.3.)
  • ba6e315: [Bridge, Twig] added a way to enable/disable object support when parsing/dumping. By default, object support is disabled, and instead of throwing an exception when an object is handled, null is returned
  • 3c87e2e: [Yaml] added Yaml\Dumper::setIndentation() method to allow a custom indentation level of nested nodes
  • 972e1b7: [DependencyInjection] fixed a bug in the YAML dumper where references where not converted to the @ notation
  • fea20b7: [Yaml] fixed negative integers are parsed as floating point values
  • ab0385c: [Yaml] fixed nlocks with 'keep' chomping indicator are incorrectly parsed when at end-of-file
  • 53ccc2c: [Yaml] fixed ignored text when parsing an inlined mapping or sequence
  • ce38069: [FrameworkBundle] fixed Client::doRequest that must call its parent method

2.1 branch:

  • 11aaa2e: [ClassLoader] added an error message in the DebugClassLoader when using / instead of \

Master branch:

  • fb526a4: [FileProfilerStorage] optimized file reads
  • b357caf: [Routing] renamed hostname pattern to just hostname
  • 463b464: [Routing] renamed pattern to path
  • e84cad2: [Routing] added new schemes and methods options to the annotation loader
  • 9fc7def: added the UPGRADE file for Symfony 3.0
  • 293991d: [Translation] added some tests to QtFileLoader
  • 4b54156: [WebProfilerBundle] Web Development Toolbar cleanups
  • 37af92d: [DependencyInjection] tweaked the invalid alias exception
  • b6bdb45: [Serializer] extended all serializer interfaces (Serializer, Normalizer, Encoder) with an optional $context array (this is necessary to allow for more complex use-cases that require context information during the (de)normalization and en-/decoding steps)
  • 94cb13d: [FrameworkBundle] fixed circular reference for service templating
  • 3d762dd: [HttpKernel] fixed the Redis profiler storage return value

Repository summary: 6,083 watchers (#1 in PHP, #36 overall) and 1,974 forks (#1 in PHP, #13 overall).

They talked about us