A Week of Symfony #932 (4-10 November 2024)
November 10, 2024 • Published by Javier Eguiluz
This week, Symfony 5.4.46, 6.4.14, and 7.1.7, maintenance versions were released. In addition, we released the second beta version of Symfony 7.2 ahead of its final release at the end of November 2024. Lastly, we published eight security advisories to fix some reported security issues in Symfony and Twig.
Symfony development highlights
This week, 63 pull requests were merged (54 in code and 9 in docs) and 31 issues were closed (29 in code and 2 in docs). Excluding merges, 27 authors made 110,464 additions and 83,806 deletions. See details for code and docs.
- 81bffdf: [Process] return built-in cmd.exe commands directly in ExecutableFinder
- f9c3a00: [Process] ignore case of built-in cmd.exe commands
- 3f16033: [Process] improve test cleanup by unlinking in a finally block
- de6090a, 69e69a1: [Process] fix the directory separator being used
- 5865f28: [Process] fix escaping /X arguments on Windows
- 25c9cbe: [WebProfilerBoundle] form data collector check passed and resolved options are defined
- e37bdf0: [Config] handle Phar absolute path in FileLocator
- 5ebc4c3: [Cache] fix clear() when using Predis
- c905bb4: [Security] store original token in token storage when implicitly exiting impersonation
- d2ba257: [RateLimiter] fix DateInterval normalization
- 5d5e728: [VarDumper] fix detecting anonymous exception classes on Windows and PHP 7
- 30810ed: [Runtime] security #cve-2024-50340: do not read from argv on non-CLI SAPIs
- ad0a241: [HttpFoundation] security #cve-2024-50345: reject URIs that contain invalid characters
- 3fc5471: [HttpClient] security #cve-2024-50342: filter private IPs before connecting when Host == IP
- eb79fc2: [Process] security #cve-2024-51736: use %PATH% before %CD% to load the shell on Windows
- e1da961: [DoctrineBridge] backport detection fix of Xml/Yaml driver in DoctrineExtension
- 7fc0b9e: [Process] normalize paths to avoid failures if a path is referenced by different names
- 67e9009: [Console] skip autocomplete test when stty is not available
- 05ab010: [PropertyInfo] fix support for phpstan/phpdoc-parser 2
- d51863d: update ICU data from 75.1 to 76.1
- d77f5d9: relax format assertions for fstat() results on Windows
- da4eb8b: [RateLimiter] handle error results of DateTime::modify()
- a7aa4b1: [WebProfilerBundle] re-add missing Profiler shortcuts on Profiler homepage
- 7e1af9f: [HttpFoundation] require Cache component versions compatible with Redis 6.1
- 91acfa8: [Messenger, RateLimiter] fix additional message handled when using a rate limiter
- 6fb5163: [Twitter, Notifier] fix post INIT upload
- d9cecb7: [AssetMapper] fix JavaScriptImportPathCompiler regex for non-latin characters
- c15a195: [RateLimiter] fix bucket size reduced when previously created with bigger size
- 8dabfd7: [Serializer] fixed object normalizer for a class with cancel method
- d846c6e: [Notifier] fix test with hard coded date in SmsboxTransportTest
- 4829c82: [HttpFoundation] fix support for \SplTempFileObject in BinaryFileResponse
- e713ac2: [Serializer] revert Default groups
- dd8c233: [Routing] rename annotations to attribute in AttributeClassLoader
- 3b5f623: [Mime] don't require passing the encoder name to TextPart
- 5557736: [TwigBridge] use reproducible variable names in the default domain node visitor
- 352786c: [DependencyInjection, HttpClient, Routing] reject URIs that contain invalid characters
- 19f89d6: [Validator] improve type for the mode property of the Bic constraint
- d8f8080: [Mailer] use microsecond precision SMTP logging
- 2f57eaf: [Runtime] negate register_argc_argv when On
- 861a84e: [Messenger] use official YAML media type
- 4e682e4: [Messenger] extend SQS visibility timeout for messages that are still being processed
Newest issues and pull requests
- [FrameworkBundle] Add the config() function
- [VarDumper] Add dq() function for SQL query debugging
- Add a command to dump static error pages
- [WebProfilerBundle] add debugbar on StreamedResponse
- [Mailer], add support for custom headers in Amazon ses+api
Symfony Jobs
These are some of the most recent Symfony job offers:
- Backend Symfony Developer at Ticketpark Ltd.
Full-time - €60,000 – €80,000 / year
Full remote
View details - Backend Symfony Developer at Cobbleweb
Full-time - €40,000 – €60,000 / year
Full remote
View details - Technical Expert for a Symfony project at SensioLabs
Full-time - €55,000 – €80,000 / year
Full remote
View details
You can publish a Symfony job offer for free on symfony.com.
SymfonyCasts Updates
SymfonyCasts is the official way to learn Symfony. Select a track for a guided path through 100+ video tutorial courses about Symfony, PHP and JavaScript.
This week, SymfonyCasts published the following updates:
- New course announced: Mailer and Webhook with Mailtrap
- (Video) Dependency Injection Attributes: Lazy Services
- (Video) Dependency Injection Attributes: More Laziness Attributes
They talked about us
Call to Action
- Follow Symfony on X, on Mastodon, on Bluesky and on Threads and share this article.
- Subscribe to the Symfony blog RSS and never miss a Symfony story again.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.