Symfony 4.3.9 has just been released. Here is a list of the most important changes:

  • bug #34649 more robust initialization from request (@dbu)
  • bug #34671 [Security] Fix clearing remember-me cookie after deauthentication (@chalasr)
  • bug #34711 Fix the translation commands when a template contains a syntax error (@fabpot)
  • bug #34560 [Config][ReflectionClassResource] Handle parameters with undefined constant as their default values (@fancyweb)
  • bug #34695 [Config] don't break on virtual stack frames in ClassExistenceResource (@nicolas-grekas)
  • bug #34716 [DependencyInjection] fix dumping number-like string parameters (@xabbuh)
  • bug #34558 [Console] Fix autocomplete multibyte input support (@fancyweb)
  • bug #34130 [Console] Fix commands description with numeric namespaces (@fancyweb)
  • bug #34677 [EventDispatcher] Better error reporting when arguments to dispatch() are swapped (@rimas-kudelis)
  • bug #33573 [TwigBridge] Add ro _attr to all form themes (@fancyweb)
  • bug #34019 [Serializer] CsvEncoder::N _HEADER _KEY ignored when used in constructor (@Dario Savella)
  • bug #34083 [Form] Keep preferre _choices order for choice groups (@vilius-g)
  • bug #34091 [Debug] work around failing chdir() on Darwin (@mary2501)
  • bug #34305 [PhpUnitBridge] Read configuration CLI directive (@ro0NL)
  • bug #34490 [Serializer] Fix MetadataAwareNameConverter usage with string group (@antograssiot)
  • bug #34632 [Console] Fix trying to access array offset on value of type int (@Tavafi)
  • bug #34669 [HttpClient] turn exception into log when the request has no content-type (@nicolas-grekas)
  • bug #34636 [VarDumper] notice on potential undefined index (@sylvainmetayer)
  • bug #34668 [Cache] Make sure we get the correct number of values from redis::mget() (@thePanz)
  • bug #34569 [Workflow] Apply the same logic of precedence between the apply() and the buildTransitionBlockerList() method (@lyrixx)
  • bug #34533 [Monolog Bridge] Fixed accessing static property as non static. (@Sander-Toonen)
  • bug #34546 [Serializer] Add DateTimeZoneNormalizer into Dependency Injection (@jewome62)
  • bug #34547 [Messenger] Error when specified default bus is not among the configured (@vudaltsov)
  • bug #34551 [Security] SwitchUser is broken when the User Provider always returns a valid user (@tucksaun)
  • bug #34385 Avoid empty "If-Modified-Since" header in validation request (@mpdude)
  • bug #34458 [Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls (@ogizanagi)
  • bug #34451 [DependencyInjection] Fix dumping multiple deprecated aliases (@shyim)
  • bug #34448 [Form] allow button names to start with uppercase letter (@xabbuh)
  • bug #34419 [Cache] Disable igbinary on PHP >= 7.4 (@nicolas-grekas)
  • bug #34366 [HttpFoundation] Allow redirecting to URLs that contain a semicolon (@JayBizzle)
  • bug #34397 [FrameworkBundle] Remove project dir from Translator cache vary scanned directories (@fancyweb)
  • bug #34408 [Cache] catch exceptions when using PDO directly (@xabbuh)
  • bug #34410 [HttpFoundation] Fix MySQL column type definition. (@jbroutier)
  • bug #34398 [Config] fix id-generation for GlobResource (@nicolas-grekas)
  • bug #34396 [Finder] Allow ssh2 stream wrapper for sftp (@damienalexandre)
  • bug #34383 [DI] Use reproducible entropy to generate env placeholders (@nicolas-grekas)
  • bug #34381 [WebProfilerBundle] Require symfony/twig-bundle (@fancyweb)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases