Symfony 5.0.6 has just been released. Here is a list of the most important changes:

  • bug #36169 [HttpKernel] fix locking for PHP 7.4+ (@nicolas-grekas)
  • bug #36175 [Security/Http] Remember me: allow to set the samesite cookie flag (@dunglas)
  • bug #36173 [Http Foundation] Fix clear cookie samesite (@guillbdx)
  • bug #36176 [Security] Check if firewall is stateless before checking for session/previous session (@koenreiniers)
  • bug #36149 [Form] Support customized intl php.ini settings (@jorrit)
  • bug #36172 [Debug] fix for PHP 7.3.16+/7.4.4+ (@nicolas-grekas)
  • bug #36151 [Security] Fixed hardcoded value of SODIU _CRYPT _PWHAS _MEMLIMI _INTERACTIVE (@lyrixx)
  • bug #36141 Prevent warning in pro _open() (@BenMorel)
  • bug #36143 [FrameworkBundle] Fix Router Cache (@guillbdx)
  • bug #36103 [DI] fix preloading script generation (@nicolas-grekas)
  • bug #36118 [Security/Http] don't require the session to be started when tracking its id (@nicolas-grekas)
  • bug #36108 [DI] Fix CheckTypeDeclarationPass (@guillbdx)
  • bug #36121 [VarDumper] fix side-effect by not using m _rand() (@nicolas-grekas)
  • bug #36073 [PropertyAccess][DX] Improved errors when reading uninitialized properties (@HeahDude)
  • bug #36063 [FrameworkBundle] start session on flashbag injection (@William Arslett)
  • bug #36031 [Console] Fallback to default answers when unable to read input (@ostrolucky)
  • bug #36083 [DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict) (@wouterj)
  • bug #36026 [Mime] Fix boundary header (@guillbdx)
  • bug #36020 [Form] ignore microseconds submitted by Edge (@xabbuh)
  • bug #36038 [HttpClient] disable debug log with curl 7.64.0 (@nicolas-grekas)
  • bug #36041 fix import from config file using type: glob (@Tobion)
  • bug #35987 [DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type (@fancyweb)
  • bug #35949 [DI] Fix container lint command when a synthetic service is used in an expression (@HypeMC)
  • bug #36023 [HttpClient] fix requests to hosts that id _t _ascii() cannot handle (@nicolas-grekas)
  • bug #35938 [Form] Handle false as empty value on expanded choices (@fancyweb)
  • bug #36030 [SecurityBundle] Minor fix in LDAP config tree builder (@HeahDude)
  • bug #36017 [HttpKernel] Fix support for single-colon syntax for controllers (@nicolas-grekas)
  • bug #35993 Remove int return type from FlattenException::getCode (@wucdbm)
  • bug #36004 [Yaml] fix dumping strings containing CRs (@xabbuh)
  • bug #35982 [DI] Fix XmlFileLoader bad error message (@przemyslaw-bogusz)
  • bug #35957 [DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait (@nicolas-grekas)
  • bug #35937 Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form" (@dmaicher)
  • bug #35928 [Routing] Prevent localized routes _locale default & requirement from being overridden (@fancyweb)
  • bug #35912 [FrameworkBundle] register only existing transport factories (@xabbuh)
  • bug #35899 [DomCrawler] prevent deprecation being triggered from assertion (@xabbuh)
  • bug #35910 [SecurityBundle] Minor fixes in configuration tree builder (@HeahDude)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use
SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases