A Week of Symfony #880 (6-12 November 2023)

This week, Symfony 6.4.0 beta 3 and Symfony 7.0.0 beta 3 were published because their final release is approaching fast and it will take place before the end of November 2023. Meanwhile, the maintenance versions 4.4.51, 5.4.31 and 6.3.8 were published to fix some potential security vulnerabilities.

Symfony development highlights

This week, 47 pull requests were merged (43 in code and 4 in docs) and 26 issues were closed (22 in code and 4 in docs). Excluding merges, 22 authors made 937 additions and 334 deletions. See details for code and docs.

5.4 changelog:

• de8c5fc: [Cache, HttpFoundation, Lock] fix empty username/password for PDO PostgreSQL
• 03ef859: [HttpFoundation] ensure string type with mbstring func overloading enabled
• a454d0c: [Messenger] fix compatibility with Doctrine DBAL 4
• 0ff9ed4: [String] method toByteString conversion using iconv is unreachable
• 9b2c2a4: [Config] prefix FileExistenceResource::__toString() to avoid conflict with FileResource
• 86c8f97: [SecurityBundle] wire the secret for Symfony 6.4 compatibility
• 7467bd7: [Security] fix possible session fixation when only the token changes
• 5d095d5: [TwigBridge] ensure CodeExtension's filters properly escape their input
• 5611ed4: [Validator] update Greek translation

6.3 changelog:

• b8bba36: [HttpClient, WebProfilerBundle] do not generate cURL command when files are uploaded
• 03ef859: [HttpFoundation] ensure string type with mbstring func overloading enabled
• 3922e80: [VarDumper] accept mixed key on DsPairStub
• d42b5c3: [FrameworkBundle] don't reference SYMFONY_IDE env var in non-debug mode
• 5d095d5: [TwigBridge] ensure CodeExtension's filters properly escape their input
• 82b811d: [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens
• c329f2d: [Webhook] remove user-submitted type from HTTP response

6.4 changelog:

• d308e2c: [Console, FrameworkBundle] fix missing profile option for console commands
• fbc44f2: [HttpKernel] the debug log processor must be a callable
• cf5510d: check whether secrets are empty and mark them all as sensitive
• f0fcc9f: [HttpKernel] add ControllerResolver::allowControllers() to define which callables are legit controllers when the _check_controller_is_allowed request attribute is set
• caf41fc: [Webhook] check that the secret passed to RequestParser is not empty
• 1984b96: [HttpKernel] check controllers are allowed when using the fallback surrogate strategy
• f04ea7c: [Ldap] set exception code to ldap error number
• 1ec29ce: [String] remove error handler not needed on PHP 8
• 3128c60: [AssetMapper] fix jsdelivr import parsing with no imported value
• fa4726f: [AssetMapper] if assets are served from a subdirectory or CDN, also adjust importmap keys
• a647f55: [AssetMapper] avoid caching MappedAsset inside JavaScript Import
• 18d866c: [AssetMapper] improving exception if a vendor asset's path is not mapped
• 541c80c: [AssetMapper] only download a CSS file if it is explicitly advertised

Newest issues and pull requests

• [Webhook] Multiple consumer for one parser
• Add missing console/tester assertion
• [RateLimiter] controller attribute

Symfony CLI

Symfony CLI is a must-have tool when developing Symfony applications on your local machine. It includes the Symfony Local Server, the best way to run local Symfony applications. This week Symfony CLI released its new 5.7.1 and 5.7.2 versions with the following changes:

• Use the original inotify repository (@fabpot)
• Make DOCKER_HOST configurable (@fabpot)
• Add support for PHP streaming support (@tucksaun)
• Use --wait instead of --detach for docker_composer worker (@tucksaun)

SymfonyCasts Updates

SymfonyCasts is the official way to learn Symfony. Select a track for a guided path through 100+ video tutorial courses about Symfony, PHP and JavaScript.

This week, SymfonyCasts announced a new course called 30 Days with LAST Stack. These were some of the most relevant SymfonyCasts updates of the week:

• (Video) PHPUnit: Integration Testing with Live Services, Chapter 01: Hello Integration Tests!
• (Video) PHPUnit: Integration Testing with Live Services, Chapter 02: KernelTestCase: Fetching Services
• (Video) PHPUnit: Integration Testing with Live Services, Chapter 03: Test Environment Database Setup
• (Video) PHPUnit: Integration Testing with Live Services, Chapter 04: Resetting the Database
• (Video) PHPUnit: Integration Testing with Live Services, Chapter 05: Factory Data Seeding
• (Video) PHPUnit: Integration Testing with Live Services, Chapter 06: Testing a Service

They talked about us

• Symfony Station Communiqué - 10 November 2023
• Making a Single-Page Application with HTMX and Symfony
• Common Security Pitfalls in Symfony and How to Avoid Them
• Symfony Event Dispatcher alias the pattern observer
• DatePoint: A new immutable date/time class for Symfony 6.4
• API Platform Con 2023 replay : stateOptions, materialized view PostgreSQL et subresources
• Utilisation de Stopwatch et WebProfiler dans Symfony
• Symfony Legacy: Delete After ACK
• Новое в Symfony 6.4: Больше тестируемых утверждений
• Новое в Symfony 6.4: Улучшения локали
• Новое в Symfony 6.4: Больше встроенных обработчиков сообщений
• Наводим порядок в наших миграциях

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.