This week, Symfony celebrated SymfonyCon, its annual global conference, in Cluj (Romania) with great success. Meanwhile, several maintenance versions were published to address some security advisories. Lastly, the community gathered around the SymfonyCon Hack Day to help preparing for Symfony 4 bundle support.

Symfony development highlights

2.7 changelog:

  • 70dd46b: [HttpFoundation] fixed session-related BC break
  • 2c2253d: [Console] removed unused code
  • b4dbdd7: [Security] namespace generated CSRF tokens depending of the current scheme
  • 0a1ea85: [Form] ensure that submitted data are uploaded files
  • 097ce09: [Intl] prevent bundle readers from breaking out of paths
  • 4d28843: [Security] validate redirect targets using the session cookie domain

3.4 changelog:

  • 136e3b2: [FrameworkBundle] wire the translation.reader service instead of deprecated translation.loader in commands
  • 3398c4b: [FrameworkBundle] empty event dispatcher earlier in CacheClearCommand
  • a2f8c32: [HttpKernel] fixed service arg resolver for controllers as array callables
  • 4fadbcd: [HttpKernel] removed services resetter even when it's an alias
  • 5766e1d: [DependencyInjection] prevent service:method factory notation in PHP config
  • 2f19ddb: [Validator] enter the context in which to validate
  • 8d7f6ed: [DependencyInjection] single typed argument can be applied on multiple parameters

Master changelog:

  • b2719d3: [DomCrawler] type fix in Crawler::discoverNamespace()

Newest issues and pull requests

They talked about us

Published in #A week of symfony