Symfony 3.3.0 curated new features

Symfony 3.4.0 is going to be released later today. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without changing anything in your code.

We've already blogged about some great new 3.4 features, but here is a curated list of the most relevant changes (we have 200+ new small and big features in this releases in total):

New Components

  • Lock (jderusse) (22597)


  • Add ResettableInterface to allow resetting any pool's local state (nicolas-grekas) (24226)
  • Use options from Memcached DSN (Bukashk0zzz) (23978)
  • Add (pdo|chain) cache (adapter|simple) prune method (robfrawley) (23603)
  • Add (filesystem|phpfiles) cache (adapter|simple) prune method and prune command (robfrawley) (23451)


  • Add ability to deprecate a node (sanpii) (24024)
  • Enable cannotBeEmpty along with requiresAtLeastOneElement (ro0NL) (20361)
  • extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse (Basster) (23485)


  • Expose dotenv in bin/console about (ro0NL) (24144)
  • Do not display short exception trace for common console exceptions (yceruto) (24131)
  • Display file and line on Exception (arno14) (21414)
  • Allow commands to provide a default name for compile time registration (chalasr, nicolas-grekas) (23887)
  • Made console command shortcuts case insensitive (thanosp) (23869)
  • Add a factory command loader for standalone application with lazy-loading needs (ogizanagi) (23510)
  • Add support for command lazy-loading (chalasr) (22734)


  • Enable Kernel to implement CompilerPassInterface (nicolas-grekas) (24257)
  • Add "PHP fluent format" for configuring the container (nicolas-grekas) (23834)
  • Allow processing env vars (nicolas-grekas) (23901)
  • Support local binding (GuilhemN) (22187)
  • Adding a new debug:autowiring command (weaverryan) (24583)
  • Make as many services private as possible (nicolas-grekas) (24104)
  • Turn services and aliases private by default, with BC layer (nicolas-grekas) (24238)
  • Handle container.autowiring.strict_mode to opt-out from legacy autowiring (nicolas-grekas) (24671)
  • Throw accurate failures when accessing removed services (nicolas-grekas) (24484)
  • Reference tagged services in config (ro0NL) (22200)
  • rename ResolveDefinitionTemplatesPass to ResolveChildDefinitionsPass (nicolas-grekas) (24122)
  • Add ContainerInterface::IGNORE_ON_UNINITIALIZED_REFERENCE (nicolas-grekas) (24033)
  • Improve psr4-based service discovery (alternative implementation) (kbond) (23991)
  • Case sensitive parameter names (ro0NL) (23874)
  • Allow get available services from service locator (Koc) (23915)
  • Allow dumping inline services in Yaml (nicolas-grekas) (23855)
  • Generate one file per service factory (nicolas-grekas) (23741)
  • Remove closure-proxy arguments (nicolas-grekas) (23022)
  • Deprecate XML services without ID (ro0NL) (22903)
  • Deprecate Container::initialized() for privates (ro0NL) (22803)
  • Deprecate autowiring service auto-registration (GuilhemN) (23712)
  • Adding Definition::addError() and a compiler pass to throw errors as exceptions (weaverryan) (24290)


  • Add a method to check if any results were found (duncan3dc) (23471)
  • Deprecate FilterIterator (ogizanagi) (22828)


  • Add debug:form command (yceruto) (23694)
  • Add tel and color types (apetitpa) (22679)
  • Add input + regions options to TimezoneType (ro0NL) (23648)
  • Prevent forms from extending itself as a parent (pierredup) (24387)
  • Display option definition from a given form type (yceruto, ogizanagi) (24208)
  • Hide label button when it's set to false (TeLiXj) (24148)
  • Allow pass filter callback to delete_empty option. (Koc) (20496)


  • Allow micro kernel to subscribe events easily (ogizanagi) (23812)
  • Commands as a service (ro0NL) (23624)
  • Remove dependency on Doctrine cache (fabpot) (23131)
  • drop hard dependency on the Stopwatch component (xabbuh) (23148)
  • Don't clear app pools on cache:clear (nicolas-grekas) (24383)
  • register class metadata factory alias (xabbuh) (24330)
  • disable unusable fragment renderers (xabbuh) (23272)
  • Allow .yaml file extension everywhere (ogizanagi) (23207)
  • KernelTestCase: deprecate not using KERNEL_CLASS (ogizanagi) (22675)


  • Make sessions secure and lazy (nicolas-grekas) (24523)
  • Deprecate compatibility with PHP <5.4 sessions (afurculita) (24239)
  • Find the original request protocol version (thewilkybarkid) (21469)
  • Adds support for the immutable directive in the cache-control header (twoleds) (22932)
  • deprecate MemcacheSessionHandler (Tobion) (24443)
  • Deprecate accepting legacy mongo extension (Tobion) (24438)


  • Deprecate bundle inheritance (fabpot) (24160)
  • Add a minimalist default PSR-3 logger (dunglas) (24300)
  • Add RebootableInterface (nicolas-grekas) (23792)
  • Handle new SHELL_VERBOSITY env var, also configures the default logger (nicolas-grekas) (24425)
  • Deprecate some compiler passes in favor of tagged iterator args (nicolas-grekas) (24362)
  • Add ability to configure catching exceptions for Client (kbond) (22890)
  • Add DI tag for resettable services (derrabus) (24155)
  • Deprecate EnvParametersResource (ro0NL) (24068)
  • Deprecated commands auto-registration (GuilhemN) (23805)


  • Add the possibility to define a prefix for all routes of a controller (fabpot) (24031)
  • Add support for "controller" keyword for configuring routes controllers (voronkovich) (23227)
  • Show welcome message if no routes are configured (yceruto) (24403)
  • Add PHP fluent DSL for configuring routes (nicolas-grekas) (24180)
  • Add matched and default parameters to redirect responses (artursvonda, Tobion) (23440)
  • Expose request in route conditions, if needed and possible (ro0NL) (22636)
  • Automatically enable the routing annotation loader (GuilhemN) (23044)


  • Argon2i Password Encoder (zanbaldwin) (21604)
  • Add impersonation support for stateless authentication (chalasr) (24260)
  • Look at headers for switch_user username (chalasr) (24388)
  • Deprecate auto picking the first provider (ogizanagi) (24378)
  • Adding a shortcuts for the main security functionality (weaverryan, javiereguiluz) (24337)
  • Deprecate ACL related code (chalasr) (24318)
  • Deprecate the HTTP digest auth (ogizanagi) (24335)
  • Passing the newly generated security token to the event during user switching (klandaika) (21951)
  • Deprecated not being logged out after user change (iltar) (23882)
  • Reset the authentication token between requests (derrabus) (24291)
  • make it possible to configure a custom access decision manager service (xabbuh) (19034)
  • Lazy load user providers (chalasr) (23295)
  • Add user impersonation info and exit action to the profiler (yceruto) (23026)
  • Give info about called security listeners in profiler (chalasr) (23105)
  • Lazy load security listeners (chalasr) (23114)


  • Add a DateInterval normalizer (Lctrs) (23747)
  • DateTimeNormalizer: allow to provide timezone (ogizanagi) (22444)
  • Add Support for object_to_populate in CustomNormalizer (chrisguitarguy) (21716)
  • throw more specific exceptions (xabbuh) (21239)
  • CsvEncoder handling variable structures and custom header order (Oliver Hoff) (24256)
  • AbstractObjectNormalizer: Allow to disable type enforcement (ogizanagi) (23404)


  • Create an TranslationReaderInterface and move TranslationLoader to TranslationComponent (Nyholm) (23667)
  • Create an interface for TranslationWriter (Nyholm) (23665)
  • Add default translations path option and convention (yceruto) (24860)
  • allow forms without translations and validator (xabbuh) (24303)
  • added support for adding custom message formatter (aitboudad) (18314)
  • Adding the ability do load <notes> in xliff2.0 (Nyholm) (23947)
  • Adding the ability do dump <notes> in xliff2.0 (Nyholm) (23890)


  • Bootstrap4 support for Twig form theme (hiddewie, javiereguiluz) (21751)
  • Added a RuntimeExtensionInterface to take advantage of autoconfigure (lyrixx) (23037)
  • Added option to disable usage of default themes when rendering a form (emodric) (22610)
  • Improve the overriding of bundle templates (yceruto) (24264)
  • register an identity translator as fallback (xabbuh) (24358)
  • Add default templates directory and option to configure it (yceruto) (24179)
  • Show Twig's loader paths on debug:twig command (yceruto) (24064)
  • deprecate TwigRenderer (Tobion) (23437)
  • Render file links for twig templates in web profiler (ro0NL) (24236)


  • add groups support to the Valid constraint (xabbuh) (21111)
  • Add a validator panel in profiler (ogizanagi) (22554)
  • Add unique entity violation cause (Ilya Vertakov) (23845)
  • Allow to use a property path to get value to compare in comparison constraints (ogizanagi) (22576)
  • Add min/max amount of pixels to Image constraint (akeeman) (23431)
  • Support for parsing PHP constants in yaml loader (mimol91) (23039)
  • Adds support to check specific DNS record type for URL (iisisrael) (23076)


  • Add period caster (maidmaid) (23668)
  • Add time zone caster (maidmaid) (23591)
  • Add interval caster (maidmaid) (23357)
  • Add date caster (maidmaid) (22431)
  • Added setMinDepth to VarCloner (james-johnston-thumbtack) (23515)
  • Add filter in VarDumperTestTrait (maidmaid) (22588)
  • Cycle prev/next searching in HTML dumps (ro0NL) (22917)


  • add guard is_valid() method support (alain-flaus, lyrixx) (23499)
  • be able to enable workflow support explicitly (xabbuh) (24093)
  • Add transition completed event (izzyp) (22587)
  • Adding workflow name to the announce event (Nyholm) (23593)


  • support parsing files (xabbuh) (24253)
  • include file and line no in deprecation message (xabbuh) (24357)
  • mark some classes as final (xabbuh) (24028)
  • deprecate the !str tag (xabbuh) (23288)
  • fix the displayed line number (fabpot, xabbuh) (23332)
  • Deprecate using the non-specific tag (GuilhemN) (22909)


  • Add current and fallback locales in WDT / Profiler (nemoneph) (23625)
  • deprecated profiler.matcher configuration (fabpot) (24158)
  • Deprecated the web_profiler.position option (javiereguiluz) (24080)


  • [OptionsResolver] Support array of types in allowed type (pierredup) (23112)
  • [DoctrineBridge] Deprecate dbal session handler (Tobion) (24389)
  • [DoctrineBridge] Add support for doctrin/dbal v2.6 types (jvasseur) (22689)
  • [DowCrawler] Default to UTF-8 when possible (nicolas-grekas) (24372)
  • [Asset] Provide default context (ro0NL) (21027)
  • [Filesystem] deprecate relative paths in makePathRelative() (xabbuh) (24202)
  • [MonologBridge] Add TokenProcessor (maidmaid) (21086)
  • [Stopwatch] Add support for microseconds in Stopwatch (javiereguiluz) (23223)
  • [Stopwatch] Add a reset method (jmgq) (23285)
  • [Debug] Deprecate support for stacked errors (mbabker) (22832)
  • [WebServer] Allow * to bind all interfaces (as INADDR_ANY) (jpauli, fabpot) (23320)
  • [BrowserKit] Emulate back/forward browser navigation (e-moe) (22341)
  • Added an alias for FlashBagInterface in config (tifabien) (24200)
  • added ability to handle parent classes for PropertyNormalizer (ivoba) (24321)
  • Deprecate ProcessBuilder (nicolas-grekas) (23111)

You can read more about this new version by reading the Living on the Edge articles on this blog. Also read the UPGRADE guide for Symfony 3.4.

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


What a release. A big thank you to all contributors.
Thank you to all contributors!!
"Symfony 3.3.0 has just been released. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without changing anything in your code."

Are you kidding me ?
[BC BREAK][HttpFoundation] Request::setTrustedProxies() takes a new required $trustedHeaderSet argument
@Sylvain Robez-Masson You're right - that's a rare time where we break BC - we do it for security reasons. In this case, you will see this error when you try to execute *any* page or run *any* command. So, we *do* need to sometimes break BC for security reasons. In this case, it's a good break because it can't be ignored :).

Here's some more info on fixing that break:

Big Thanks to all contributors.....
@Ryan Weaver not it's not a good one.
You should notify the developer (in dev bar ? or something else, i don't care) and let him do what he want.

And still respect semver.
composer update : application broken.
semver is here to NEVER have that.
@Sylvain Robez-Masson, just out of curiosity what precisely you'd have expected in that case? Perhaps rolling out Symfony 4.0 as a security release, or maybe postponing a security fix for about an year until 4.0's planned release?
IMO Both options sound a lot more unrealistic than a minor BC break in 3.3, especially if it is well documented. Of course that implies reading the change log prior upgrading. And I don't believe adding an argument to a function call (or removing two lines from configuration) is a big deal to anyone out there.
Easy : Optional argument $trustedHeaderSet and a new icon in dev bar to say "becafull you using trusted proxies without trusted header set
@Sylvain Robez-Masson you're blowing this somewhat out of proportion.
It's a security fix. You should always read the changelog before upgrading. It's well document.
BC promise document clearly states that security fixes are an exception. Also, OpenSource. If you don't like it - please contribute a better solution rather than blaming people providing you the tools to earn money.
Is there a way to use the new Dotenv component in Symfony 3.3? I see that standard edition is still using old paramters.yml file

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.