A week of symfony #595 (21-27 May 2018)

This week Symfony released 2.7.48, 2.8.41, 3.3.17, 3.4.11 and 4.0.11 versions to address several security vulnerabilities. Meanwhile Symfony 4.1.0 beta3 was published in preparation for next week's final release. Lastly, it was announced that the SymfonyLive USA 2018 conference will take place in San Francisco on October 11th and 12th.

Symfony development highlights

2.7 changelog:

• 47e7268: [HttpFoundation] break infinite loop in PdoSessionHandler when MySQL is in loose mode
• fa5bf4b: [Security] added session strategy to ALL listeners to avoid any possible fixation
• 319e1bd: [Security] clear CSRF tokens when the user is logged out
• b20e835: [SecurityBundle] fail if security.http_utils cannot be configured
• ab32125: [HttpFoundation] fixed a performance issue during MimeTypeGuesser initialization

3.4 changelog:

• fad1e1f: [Security] added session authentication strategy to Guard to avoid session fixation
• 194caff: [Security] migrated session for UsernamePasswordJsonAuthenticationListener
• 46c2d4b: [DependencyInjection] fixed bad exception on uninitialized references to non-shared services
• e2ba3af: [HttpFoundation] fixed cookie test with xdebug
• 4279f53: [DependencyInjection] never inline lazy services
• cb106fa: [Serializer] check the value of enable_max_depth if defined
• 79bd461: [HttpKernel] reset kernel start time on reboot

4.1 changelog:

• 70c70e2: [PhpUnit Bridge] supress deprecation notices thrown when getting private services from container in tests
• 7fb7cf2: [Serializer] fixed and improved constraintViolationListNormalizer's RFC7807 compliance
• 2fd30a6: [FrameworkBundle] fixed test.service_container usage when Client is rebooted
• 7d23ac5: [HttpKernel] fixed deprecation in AbstractTestSessionListener
• 9e6fbe8: [Routing] account for greediness when merging route patterns

Master changelog:

• ec6d46c: [Security] added "is_granted()" to security expressions and deprecate "has_role()"
• bd6769e: [Cache] added TaggableCacheInterface to simplify cache usage
• f827fec: [DependencyInjection] allowed binding by type+name
• eceabee: [DependencyInjection] allowed to select specific key from an array resolved env var
• d314735: [Security] FirewallMap/FirewallContext deprecations
• f557f94: [Security] no more support for custom anon/remember tokens based on FQCN

Newest issues and pull requests

• [RFC] envProcessor to decrypt secrets for simple applications
• [RFC] Better user impersonation implementation
• [Form] Extend ChoiceType children options
• [Lock] Support for MongoDB Store
• [DI] Improve container logs when service inlined/removed

They talked about us

• Enable highend SPAs using REST-APIs with Symfony 4
• How to make proper form validation with Symfony
• Symfony templating with Twig
• PHP Web Development Podcast - Ep #3 Why Symfony
• Monitorización continua de la seguridad de tus aplicaciones PHP
• Nuevo en Symfony 4.1: ignorar los logs de ciertos códigos HTTP
• Nuevo en Symfony 4.1: mejoras relacionadas con Ajax
• Se publican las actualizaciones Symfony de seguridad 2.7.48, 2.8.41, 3.3.17, 3.4.11 y 4.0.11
• Novinky v Symfony 4.1 - Routovanie