This week, Symfony 4.4.37, 5.3.14, 5.4.3 and 6.0.3 maintenance versions were released. In addition, a potential security vulnerability related to CSRF tokens in forms was found and fixed in security releases for all maintained versions.
Symfony development highlights
This week, 45 pull requests were merged (37 in code and 8 in docs) and 44 issues were closed (35 in code and 9 in docs). Excluding merges, 36 authors made 1,509 additions and 272 deletions. See details for code and docs.
- 859d4a1: [Process] avoid calling fclose on an already closed resource
- 8ba3fa7: [Yaml] make the parser stateless
- 747e298: [Console] fix PHP 8.1 deprecation in ChoiceQuestion
- fa6a03a: [Form] UrlType should not add protocol to emails
- eda8537: [Console] fix restoring stty mode on CTRL+C
- 26c2a85: [Notifier] use the UTF-8 encoding in smsapi-notifier
- 4565edb: [Notifier] fix encoding of messages with FreeMobileTransport
- 1199672: [Serializer] fix AbstractObjectNormalizer not considering pseudo type false
- 5044a0a: [Validator] fix Choice constraint with associative choices array
- dcfb493: [FrameworkBundle] enable CSRF in FORM by default
- 9738b1d: [RateLimiter] resolve crash on near-round timestamps
- 5044a0a: [Validator] fix Choice constraint with associative choices array
- 5cad3b6: [DoctrineBridge] fix automapping
- 34a0893: [Yaml] improve the deprecation warnings for octal numbers to suggest migrating
- 79d1101: [Finder] fix finding VCS re-included files in excluded directory
- 9b7aac3: [Dotenv] fix bootEnv() override with .env.local.php when the env key already exists
- 5bb11d5: [Runtime] fix --env and --no-debug with dotenv_overload
- 111459e: [FrameworkBundle] fix missing arguments when a serialization default context is bound
- 48bd710: [FrameworkBundle] allow PHP configuration in config/packages by default
- b342c1b: [Serializer] set context annotation as not final
Newest issues and pull requests
- Route different HTTP verbs to different methods, with the same route name, with annotations
- Support option placeholder for all relevant form field types like TextType
- Serializer: Currently it is not possible for custom formats to map basic non string attributes
- Uuid::isValid() and Uuid() constraint does not accept other format of uuid than rfc4122
Symfony CLI
Symfony CLI is a must-have tool when developing Symfony applications on your local machine. It includes the Symfony Local Server, the best way to run local Symfony applications. This week Symfony CLI released its new 5.2.2 version with the following changes:
- Fix logging
- Bump deps to fix FORCED_PHP_VERSION support
- Add some more logging to help debugging issues
SymfonyCasts Updates
SymfonyCasts is the official way to learn Symfony. Select a track for a guided path through 100+ video tutorial courses about Symfony, PHP and JavaScript.
These were some of the most relevant SymfonyCasts updates of the week:
- (Video) EasyAdmin! For an Awesomely Powerful Admin Area, Chapter 1: Installing EasyAdmin
- (Video) EasyAdmin! For an Awesomely Powerful Admin Area, Chapter 2: Admin Dashboard
- (Video) EasyAdmin! For an Awesomely Powerful Admin Area, Chapter 3: Hello CRUD Controller
They talked about us
- Designing a Symfony Validator - the TDD way
- Emoji flag in the Symfony CountryType
- Voila! Symfony and PHP 8.1
- Symfony Station Communiqué - 28 January 2022
- Introducing Light Kernel for Symfony Console Apps
- Use Symfony Components to Build WordPress Plugin Maker for CLI - Part 1
Call to Action
- Follow Symfony on Twitter and retweet this article.
- Subscribe to the Symfony blog RSS and never miss a Symfony story again.