Symfony 3.4.40 released

Symfony 3.4.40 has just been released. Here is a list of the most important changes:

• bug #36566 [PhpUnitBridge] Use COMPOSE _BINARY env var if available (@fancyweb)
• bug #36560 [YAML] escape DEL(x7f) (@sdkawata)
• bug #36539 [PhpUnitBridge] fix compatibility with phpunit 9 (@garak)
• bug #36555 [Cache] skip APCu in chains when the backend is disabled (@nicolas-grekas)
• bug #36523 [Form] apply automatically step=1 for datetime-local input (@ottaviano)
• bug #36498 [Security/Core] fix escape for username in LdapBindAuthenticationProvider.php (@stoccc)
• bug #36506 [FrameworkBundle] Fix session.attribut _bag service definition (@fancyweb)
• bug #36490 [HttpFoundation] workaround PHP bug in the session module (@nicolas-grekas)
• bug #36483 [SecurityBundle] fix accepting env vars in remember-me configurations (@zek)
• bug #36343 [Form] Fixed handling groups sequence validation (@HeahDude)
• bug #36460 [Cache] Avoid memory leak in TraceableAdapter::reset() (@lyrixx)
• bug #36411 [Form] RepeatedType should always have inner types mapped (@biozshock)
• bug #36441 [DI] fix loading defaults when using the PHP-DSL (@nicolas-grekas)
• bug #36434 [HttpKernel] silence _NOTICE triggered since PHP 7.4 (@xabbuh)
• bug #36365 [Validator] Fixed default group for nested composite constraints (@HeahDude)
• bug #35591 [Validator] do not merge constraints within interfaces (@greedyivan)
• bug #36375 [Workflow] Use a strict comparison when retrieving raw marking in MarkingStore (@lyrixx)
• bug #36305 [PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular (@fancyweb)
• bug #35656 [HttpFoundation] Fixed session migration with custom cookie lifetime (@Guite)
• bug #36315 [WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler (@ampaze)
• bug #36286 [Validator] Allow URL-encoded special characters in basic auth part of URLs (@cweiske)
• bug #36332 [Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key (@alanpoulain)
• bug #36239 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing (@fancyweb)
• bug #36245 [Validator] Fixed calling getters before resolving groups (@HeahDude)
• bug #36252 [Security/Http] Allow setting cookie security settings for delet _cookies (@wouterj)
• bug #36261 [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected (@nicolas-grekas)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use
SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.