This week, Symfony published 4.4.7 and 5.0.7 versions to address some security vulnerabilities. Meanwhile, the upcoming Symfony 5.1 version added a feature to dump factory files as classes and improved class preloading. This will be one of the topics of the next SymfonyLive Online event on April 17, 2020.
Symfony development highlights
This week, 76 pull requests were merged (42 in code and 34 in docs) and 49 issues were closed (43 in code and 6 in docs). Excluding merges, 42 authors made 3,915 additions and 1,484 deletions. See details for code and docs.
- b9c2693: [Validator] fixed calling getters before resolving groups
- 0b27194: [HttpKernel] prevent keys collisions in the sanitized logs processing
- 6dbf9eb: [Serializer] fixed unitialized properties
- 6254cdb: [Validator] allow URL-encoded special characters in basic auth part of URLs
- 21a6ab0: [HttpFoundation] no need to reconnect the bags to the session after session_regenerate_id
- 004f1f3: [WebProfilerBundle] support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
- 60a35f8: [Validator] updated Ukrainian and Russian translations
- ff2c362: [DomCrawler] fixed BC break in assertions breaking Panther
- c266ab1: [FrameworkBundle] reverted to legacy wiring of the session when circular refs are detected
- b1d21af: [Security] allow setting cookie security settings for delete_cookies
- fe091d4: [DependencyInjection] fixed generating TypedReference from PriorityTaggedServiceTrait
- c935e4a: [Security] fixed access_control behavior with unanimous decision strategy
- dca3434: [HttpFoundation] do not set the default Content-Type based on the Accept header
- 6f25ce5: [Security] forward multiple attributes voting flag
- a5af8f6: fixed the reporting of deprecations in twig:lint
- b9c2693: [Validator] fixed calling getters before resolving groups
- 15edfd3: [Security] ignored all non existent username protection errors in SwitchUserListener
- 38cbcc6: [Security] track session usage whenever a new token is set
- bb9d522: [Uid] improve the code
- 0876480: [DependencyInjection] dump factory files as classes
- 0c74ff4: [FrameworkBundle] dump kernel extension configuration
- 2130465: [HttpFoundation] improve UnexpectedSessionUsageException backtrace
- c8f4d16: [DependencyInjection] improve the deprecation features by handling package and version
- 9381dd6: [HttpKernel] deprecate single-colon notation for controllers
- 09dcbfc: [FrameworkBundle] deprecate flashbag and attributebag services
- 2fc5f13: [DependencyInjection] deprecate ContainerInterface aliases
- 0bec08f: [Config] improve the deprecation features by handling package and version
- 5aeecc2: [Form] action allows only strings
- fdd8ac5: [Messenger] add a \Throwable argument in RetryStrategyInterface methods
- 1fc7b86: [Security] refactor logout listener to dispatch an event instead
- 6f57fcf: [Mime] strengthen is_resource() checks
- 8a2a69f: [HttpKernel] allow cache warmers to add to the list of preloaded classes and files
- 3b38f38: [DependencyInjection] add tags container.preload/.no_preload to declare extra classes to preload/services to not preload
Newest issues and pull requests
- [RFC] Decouple ArgumentResolver from Request context
- [DX][WebProfiler] Use distinct color for deprecations
- [RFC] disable langs in Internationalized routing and redirecting
- [RFC] Prevent reverse proxy cache flooding
They talked about us
- Using MJML with Twig
- How to Manage ACLs in Symfony the Easy Peasy Way
- Released doctrine/migrations 3.0-alpha
- Symfony 5 Security
- Nuevas funcionalidades añadidas en Symfony Polyfill 1.15
- Se publican las actualizaciones de seguridad Symfony 4.4.7 y 5.0.7
- Nuevo en Symfony 5.1: Configuración de rutas más sencilla
- Nuevo en Symfony 5.1: Mejoras en el enrutamiento
- Nuevo en Symfony 5.1: Nuevos métodos para trabajar con cadenas de texto
- Временная локализация на Symfony 4 + Twig
Call to Action
- Follow Symfony on Twitter and retweet this article.
- Subscribe to the Symfony blog RSS and never miss a Symfony story again.
Published in
#A week of symfony