Symfony 3.3.0 has just been released. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without changing anything in your code.
We've already blogged about some great new 3.3 features, but here is a curated list of the most relevant changes (we have 200+ new small and big features in this releases in total):
New Components
- Link (dunglas) (22273)
- Dotenv (fabpot) (21234)
- WebServerBundle (fabpot) (21039)
- deprecated the ClassLoader component (nicolas-grekas) (21353)
HttpFoundation
- Request::setTrustedProxies() takes a new required $trustedHeaderSet argument (nicolas-grekas) (22238)
- added Request::HEADER_X_FORWARDED_AWS_ELB constant (nicolas-grekas) (22904)
- compute cookie max-age attribute (ro0NL) (20644)
DependencyInjection
- implemented PSR-11 (greg0ire) (21265)
- introduced autoconfigure: automatic _instanceof configuration (weaverryan) (22234)
- added support for named arguments (dunglas, nicolas-grekas) (21383)
- added support for anonymous services in YAML (GuilhemN) (21970)
- always autowire "by id" instead of using reflection against all existing services (nicolas-grekas) (22295)
- added "by-id" autowiring: a side-effect free variant of it based on the class<>id convention (nicolas-grekas) (22060)
- added debug:container --types (classes/interfaces) (22624) (weaverryan)
- added private aliases in debug:container (chalasr) (22385)
- added a --show-arguments flag to the debug:container command (Cydonia7) (20861)
- added missing "exclude" functionality from PSR4 loader (weaverryan) (22680)
- added ServiceLocatorTagPass::register() to share service locators (nicolas-grekas) (22175)
- added and wired ServiceSubscriberInterface - aka explicit service locators (nicolas-grekas) (21708)
- deprecated Container::isFrozen and introduce isCompiled (ro0NL) (19673)
- introduced "container.service_locator" tag (nicolas-grekas) (22024)
- allowed extensions to create ServiceLocator as services (nicolas-grekas) (21770)
- replaced wildcard-based methods autowiring by @required annotation (nicolas-grekas) (21763)
- deprecated underscore-services in YamlFileLoader (nicolas-grekas) (21484)
- added prototype services for PSR4-based discovery and registration (nicolas-grekas) (21289)
- generalized constructor autowiring to partial method calls (nicolas-grekas) (21404)
- deprecated case insentivity of service identifiers (nicolas-grekas) (21223)
- added "inherit-tags" with configurable defaults + same for "public", "tags" & "autowire" (nicolas-grekas, ogizanagi) (21071)
- deprecated dumping an uncompiled container (ro0NL) (20634)
WebProfiler
- added cache data collector and profiler page (Nyholm) (21065)
- persist app bootstrapping logs for logger data-collector (ScullWM, nicolas-grekas) (21502)
- improved AJAX toolbar panel (ro0NL) (21007)
- made the IP address in the profiler header clickable (jameshalsall) (19815)
- improved cookie traffic (ro0NL) (20567)
- updated the "Symfony Config" panel in the profiler (javiereguiluz) (20722)
Debug
- made the simple exception pages match the new style (javiereguiluz) (22838)
- trigger deprecation on @final annotation in DebugClassLoader - prepare making some classes final (GuilhemN) (20493)
- support @final on methods (GuilhemN) (21465)
Workflow
- added a workflow_marked_places Twig function (lyrixx) (22180)
- added a new workflow_has_place Twig function (Padam87, lyrixx) (21253)
- added an entered event (Padam87) (20787)
- introduced the concept of SupportStrategyInterface (andesk, lyrixx) (21334)
- added a way to enable the AuditTrail Logger (lyrixx) (21933)
- deprecated the default type of a workflow (lyrixx) (22416)
- added fluent interface to the DefinitionBuilder (lyrixx) (21950)
- added the workflow name to all events dispatched (lyrixx) (21925)
- moved ValidateWorkflowsPass to the Workflow component (chalasr) (22313)
YAML
- report deprecations when linting YAML files (xabbuh) (22274)
- added tags support (GuilhemN) (21194)
- deprecated "? " starting unquoted strings (xabbuh) (22059)
- deprecated implicit string casting of mapping keys (xabbuh) (21774)
- parse omitted inlined mapping values as null (xabbuh) (21118)
- allowed dumping empty array as YAML sequence (c960657) (21471)
- deprecated parsing mappings without keys (xabbuh) (21643)
- removed internal arguments from the api (GuilhemN) (21350)
- parse multi-line strings (xabbuh) (21114)
Console
- added console.ERROR event and deprecated console.EXCEPTION (wouterj) (18140)
- log console exceptions (jameshalsall, chalasr) (21003)
- allowed to catch CommandNotFoundException (chalasr) (22181)
- excluded empty namespaces in text descriptor (ro0NL) (19954)
- moved AddConsoleCommandPass from FrameworkBundle to Console. (bcremer) (19443)
- eased writing to stderr using SymfonyStyle (chalasr) (20586)
Serializer
- allowed to pass CSV encoder options in context (ogizanagi) (22537)
- added option to register a circular_reference_handler (lyrixx) (22011)
- moved SerializerPass to the Serializer (chalasr) (21293)
- gave access to the context to support* methods (dunglas) (19371)
- added the possibility to filter attributes (dunglas) (18834)
- allowed removing empty tags in generated XML (amoiraud) (20524)
- allowed to specify a single value in @Groups (dunglas) (20509)
Security
- deprecated the RoleInterface (xabbuh) (20801)
- added a JSON authentication listener (dunglas) (18952)
- don't normalize username of in-memory users (chalasr) (21718)
- UserPasswordEncoderCommand: ask user class choice question (ogizanagi) (20677)
- lazy load guard authenticators and authentication providers (chalasr) (21450)
- lazy load request matchers in FirewallMap (chalasr) (21451)
- made LdapBindAuthenticationProvider capable of searching for the DN (lsmith77, nietonfir) (21402)
HttpKernel
- added Kernel::getProjectDir() (fabpot) (22315)
- deprecated the special SYMFONY__ environment variables (javiereguiluz) (21889)
- allowed signing URIs with a custom query string parameter (thewilkybarkid) (21842)
- deprecated X-Status-Code for better alternative (jameshalsall) (19822)
- added the SessionValueResolver (iltar) (21164)
Twig
- redesigned the exception pages (javiereguiluz) (20951)
- added a simpler way to retrieve flash messages (javiereguiluz) (21819)
VarDumper
- added search keyboard shortcuts (ogizanagi) (21238)
- added a search feature to the HtmlDumper (ogizanagi) (21109)
Asset
- added a new version strategy that reads from a manifest JSON file (weaverryan) (22046)
- added support for preloading with links and HTTP/2 push (dunglas) (21478)
Cache
- implemented PSR-16 SimpleCache (nicolas-grekas) (20694)
- added TraceableAdapter (Nyholm) (21082)
- added Memcached adapter (robfrawley) (20858)
FrameworkBundle
- deprecated cache:clear with warmup (fabpot) (21038)
- introduced AbstractController, replacing ControllerTrait (nicolas-grekas) (22157)
- KernelTestCase: allow to provide the kernel class with a var (ogizanagi) (22668)
- added new "controller.service_arguments" tag to inject services into actions (nicolas-grekas) (21771)
- allowed to configure Serializer mapping paths (chalasr) (21924)
- added about command (ro0NL) (19278)
- add project directory default for installing assets (Noah Heck) (20642)
- added a new way to follow logs (lyrixx) (21080)
- Make use of stderr for non reliable output (chalasr, ogizanagi) (20632)
- Move FormPass to the Form component (chalasr) (21283)
- Add missing autowiring aliases for common interfaces (chalasr) (21517)
- Lazy load argument value resolvers (chalasr) (21516)
- add "mapping" configuration key at validation secti… (davewwww) (19086)
- added a way to register a guard expression in the configuration (lyrixx) (21935)
- allowed to reference files directly from kernel.root_dir (fabpot) (21231)
- allowed to dump extension config reference sub-path (ogizanagi) (20689)
- allowed symlinks when searching for translation, searialization and validation files (tifabien) (20547)
- don't load translator services if not required (xabbuh) (20928)
- allowed clearing private cache pools in cache:pool:clear (chalasr) (20810)
- moved Validator passes to the component (chalasr) (22081)
- moved ControllerArgumentValueResolverPass to the HttpKernel component (chalasr) (21815)
- moved PropertyInfoPass to the PropertyInfo component (chalasr) (21806)
- moved RoutingResolverPass to the Routing component (chalasr) (21835)
- moved ConfigCachePass from FrameworkBundle to Config (Deamon) (21375)
Form
- deprecated usage of "choices" option in sub types (HeahDude) (21919)
- added helper method to register form extensions during unit testing (pierredup) (21780)
- allowed form types + form type extensions + form type guessers to be private services (hhamon) (21690)
- DateIntervalType: Allow to configure labels & enhance form theme (ogizanagi) (20887)
Miscellaneous
- [Finder] added glob wildcard while using double-star without ending slash (sroze) (22239)
- [Finder] added double-star matching to Glob::toRegex() (nicolas-grekas) (21572)
- [Routing] followed symlinks and skip dots in the annotation directory loader (jakzal) (21854)
- [Routing] added full route definition for invokable controller/class (yceruto) (21723)
- [Process] accept command line arrays and per-run env vars, fixing signaling and escaping (nicolas-grekas) (21474)
- [Process] deprecated not inheriting env vars + compat related settings (nicolas-grekas) (21470)
- [Ldap] added Ldap entry rename for ExtLdap adapter (fruitwasp) (20390)
- [Ldap] allowed search scoping (xunto) (20310)
- [DomCrawler] added support for formaction and formmethod attributes (stof) (20467)
- [ExpressionLanguage] create an ExpressionFunction from a PHP function name (maidmaid) (21122)
- [Translation] Added a lint:xliff command for XLIFF files (javiereguiluz) (21578)
- added support for glob loaders in Config (fabpot) (21635)
- [Validator] support DateTimeInterface instances for times (xabbuh) (21106)
You can read more about this new version by reading the Living on the Edge articles on this blog. Also read the UPGRADE guide for Symfony 3.3.
Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.
Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.
What a release. A big thank you to all contributors.
Thank you to all contributors!!
"Symfony 3.3.0 has just been released. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without changing anything in your code."
Are you kidding me ? [BC BREAK][HttpFoundation] Request::setTrustedProxies() takes a new required $trustedHeaderSet argument https://github.com/symfony/symfony/pull/22238
@Sylvain Robez-Masson You're right - that's a rare time where we break BC - we do it for security reasons. In this case, you will see this error when you try to execute any page or run any command. So, we do need to sometimes break BC for security reasons. In this case, it's a good break because it can't be ignored :).
Here's some more info on fixing that break: http://symfony.com/blog/fixing-the-trusted-proxies-configuration-for-symfony-3-3
Cheers!
Big Thanks to all contributors.....
@Ryan Weaver not it's not a good one. You should notify the developer (in dev bar ? or something else, i don't care) and let him do what he want.
And still respect semver.
composer update : application broken. semver is here to NEVER have that.
@Sylvain Robez-Masson, just out of curiosity what precisely you'd have expected in that case? Perhaps rolling out Symfony 4.0 as a security release, or maybe postponing a security fix for about an year until 4.0's planned release? IMO Both options sound a lot more unrealistic than a minor BC break in 3.3, especially if it is well documented. Of course that implies reading the change log prior upgrading. And I don't believe adding an argument to a function call (or removing two lines from configuration) is a big deal to anyone out there.
Easy : Optional argument $trustedHeaderSet and a new icon in dev bar to say "becafull you using trusted proxies without trusted header set
@Sylvain Robez-Masson you're blowing this somewhat out of proportion. It's a security fix. You should always read the changelog before upgrading. It's well document. BC promise document clearly states that security fixes are an exception. Also, OpenSource. If you don't like it - please contribute a better solution rather than blaming people providing you the tools to earn money.
Is there a way to use the new Dotenv component in Symfony 3.3? I see that standard edition is still using old paramters.yml file