Symfony 5.0.8 has just been released. Here is a list of the most important changes:

  • bug #36536 [Cache] Allow invalidateTags calls to be traced by data collector (@l-vo)
  • bug #36566 [PhpUnitBridge] Use COMPOSE _BINARY env var if available (@fancyweb)
  • bug #36560 [YAML] escape DEL(x7f) (@sdkawata)
  • bug #36539 [PhpUnitBridge] fix compatibility with phpunit 9 (@garak)
  • bug #36555 [Cache] skip APCu in chains when the backend is disabled (@nicolas-grekas)
  • bug #36523 [Form] apply automatically step=1 for datetime-local input (@ottaviano)
  • bug #36519 [FrameworkBundle] debug:autowiring: Fix wrong display when using clas _alias (@weaverryan)
  • bug #36454 [DependencyInjection][ServiceSubscriber] Support late aliases (@fancyweb)
  • bug #36162 [Profiler] Fix profiler nullable string type (@mRoca)
  • bug #36498 [Security/Core] fix escape for username in LdapBindAuthenticationProvider.php (@stoccc)
  • bug #36506 [FrameworkBundle] Fix session.attribut _bag service definition (@fancyweb)
  • bug #36500 [Routing][PrefixTrait] Add the _locale requirement (@fancyweb)
  • bug #36457 [Cache] CacheItem with tag is never a hit after expired (@alexander-schranz, @nicolas-grekas)
  • bug #36490 [HttpFoundation] workaround PHP bug in the session module (@nicolas-grekas)
  • bug #36483 [SecurityBundle] fix accepting env vars in remember-me configurations (@zek)
  • bug #36343 [Form] Fixed handling groups sequence validation (@HeahDude)
  • bug #36463 [Mime] Ensure proper line-ending for SMIME (@sstok)
  • bug #36460 [Cache] Avoid memory leak in TraceableAdapter::reset() (@lyrixx)
  • bug #36467 Mailer from sender fixes (@fabpot)
  • bug #36408 [PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions (@soyuka)
  • bug #36447 Remove return type for Twig function workflo _metadata() (@gisostallenberg)
  • bug #36449 [Messenger] Make sure redis transports are initialized correctly (@Seldaek)
  • bug #36411 [Form] RepeatedType should always have inner types mapped (@biozshock)
  • bug #36441 [DI] fix loading defaults when using the PHP-DSL (@nicolas-grekas)
  • bug #36434 [HttpKernel] silence _NOTICE triggered since PHP 7.4 (@xabbuh)
  • bug #36365 [Validator] Fixed default group for nested composite constraints (@HeahDude)
  • bug #36422 [HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only (@nicolas-grekas)
  • bug #36417 Force ping after transport exception (@oesteve)
  • bug #35591 [Validator] do not merge constraints within interfaces (@greedyivan)
  • bug #36377 [HttpClient] Fix scoped client without query option configuration (@X-Coder264)
  • bug #36387 [DI] fix detecting short service syntax in yaml (@nicolas-grekas)
  • bug #36392 [DI] add missing property declarations in InlineServiceConfigurator (@nicolas-grekas)
  • bug #36400 Allowing empty secrets to be set (@weaverryan)
  • bug #36380 [Process] Fixed input/output error on PHP 7.4 (@mbardelmeijer)
  • bug #36376 [Workflow] Use a strict comparison when retrieving raw marking in MarkingStore (@lyrixx)
  • bug #36375 [Workflow] Use a strict comparison when retrieving raw marking in MarkingStore (@lyrixx)
  • bug #36305 [PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular (@fancyweb)
  • bug #35656 [HttpFoundation] Fixed session migration with custom cookie lifetime (@Guite)
  • bug #36342 [HttpKernel][FrameworkBundle] fix compat with Debug component (@nicolas-grekas)
  • bug #36315 [WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler (@ampaze)
  • bug #36286 [Validator] Allow URL-encoded special characters in basic auth part of URLs (@cweiske)
  • bug #36335 [Security] Track session usage whenever a new token is set (@wouterj)
  • bug #36332 [Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key (@alanpoulain)
  • bug #36338 [MonologBridge] Fix $level type (@fancyweb)
  • bug #36337 [MonologBridge] Fix $level type (@fancyweb)
  • bug #36223 [Security][Http][SwitchUserListener] Ignore all non existent username protection errors (@fancyweb)
  • bug #36239 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing (@fancyweb)
  • bug #36245 [Validator] Fixed calling getters before resolving groups (@HeahDude)
  • bug #36265 Fix the reporting of deprecations in twig:lint (@stof)
  • bug #36283 [Security] forward multiple attributes voting flag (@xabbuh)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use
SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases