Symfony 5.2.2 has just been released. Here is a list of the most important changes:

  • bug #38900 [Serializer] Exclude non-initialized properties accessed with getters (@BoShurik)
  • bug #39982 [SecurityBundle] Fix referencing aliases from RegisterEntryPointsPass (@chalasr)
  • bug #39872 [Validator] propagate the object being validated to nested constraints (@xabbuh)
  • bug #39887 [Translator] fix handling plural for floating numbers (@kylekatarnls)
  • bug #39967 [Messenger] fix redis messenger options with dsn (@Kleinast)
  • bug #39970 [Messenger] Fix transporting non-UTF8 payloads by encoding them using base 64 (@nicolas-grekas)
  • bug #39956 [Uid] fix checking for valid UUIDs (@nicolas-grekas)
  • bug #39951 [Form] check parent types for labe _format and translatio _domain (@xabbuh)
  • bug #39911 [RateLimiter] Fix infinite values with NoLimiter (@YaFou)
  • bug #39936 [Validator] Fix DebugCommand (@loic425)
  • bug #39909 [PhpUnitBridge] Allow relative path to composer cache (@jderusse)
  • bug #39944 [HttpKernel] Configure the ErrorHandler even when it is overriden (@nicolas-grekas)
  • bug #39896 [PropertyInfo] Fix breaking change with has(arguments...) methods (@YaFou)
  • bug #39932 [Console] [Command] Fix Closure code binding when it is a static anonymous function (@fancyweb)
  • bug #39871 [Notifier] [OvhCloud] “Invalid signature” for message with slashes (@OneT0uch)
  • bug #39900 [Uid] Unable to extend Uuid/Ulid and use fromString() (@OskarStark)
  • bug #39880 [DoctrineBridge] Add username to UserNameNotFoundException (@qurben)
  • bug #39633 [HttpFoundation] Drop int return type from parseFilesize() (@LukeTowers)
  • bug #39889 [HttpClient] Add check for constant in Curl client (@pierredup)
  • bug #39886 [HttpFoundation] Revert #38614 and add assert to avoid regressions (@BafS)
  • bug #39873 [DependencyInjection] Fix container injection with TypedReference (@jderusse)
  • bug #39858 Fix problem when SYMFON _PHPUNI _VERSION is empty string value (@alexander-schranz)
  • bug #39861 [DependencyInjection] Skip deprecated definitions in CheckTypeDeclarationsPass (@chalasr)
  • bug #39862 [Security] Replace message data in JSON security error response (@wouterj)
  • bug #39859 [Security] Replace message data in JSON security error response (@wouterj)
  • bug #39839 [Messenger] [AmazonSqs] Fix auto-setup for fifo queue (@starred-gijs)
  • bug #39667 [DoctrineBridge] Take into account that indexBy="perso _id" could be a db column name, for a referenced entity (@victormacko)
  • bug #39799 [DoctrineBridge] Fix circular loop with EntityManager (@jderusse)
  • bug #39821 [DependencyInjection] Don't trigger notice for deprecated aliases pointing to deprecated definitions (@chalasr)
  • bug #39816 [HttpFoundation] use atomic writes in MockFileSessionStorage (@nicolas-grekas)
  • bug #39812 Make EmailMessage & SmsMessage transport nullable (@odolbeau)
  • bug #39735 [Serializer] Rename normalize param (@VincentLanglet)
  • bug #39797 Dont allow unserializing classes with a destructor (@jderusse)
  • bug #39743 [Mailer] Fix missing BCC recipients in SES bridge (@jderusse)
  • bug #39764 [Config] fix handling float-like key attribute values (@xabbuh)
  • bug #39787 [Yaml] a colon followed by spaces exclusively separates mapping keys and values (@xabbuh)
  • bug #39788 [Cache] fix possible collision when writing tmp file in filesystem adapter (@nicolas-grekas)
  • bug #39796 Dont allow unserializing classes with a destructor - 5.2 (@jderusse)
  • bug #39794 Dont allow unserializing classes with a destructor - 4.4 (@jderusse)
  • bug #39795 Dont allow unserializing classes with a destructor - 5.1 (@jderusse)
  • bug #39389 [Security] Move the handleAuthenticationSuccess logic outside try/catch block (@jderusse)
  • bug #39747 [DependencyInjection] Support PHP 8 builtin types in CheckTypeDeclarationsPass (@derrabus)
  • bug #39738 [VarDumper] fix mutating $GLOBALS while cloning it (@nicolas-grekas)
  • bug #39746 [DependencyInjection] Fix InvalidParameterTypeException for function parameters (@derrabus)
  • bug #39681 [HttpFoundation] parse cookie values containing the equal sign (@xabbuh)
  • bug #39716 [DependencyInjection] do not break when loading schemas from network paths on Windows (@xabbuh)
  • bug #39703 [Finder] apply the sort callback on the whole search result (@xabbuh)
  • bug #39717 [TwigBridge] Remove full head content in HTML to text converter (@pupaxxo)
  • bug #39672 [FrameworkBundle] Fix UidNormalizer priority (@fancyweb)
  • bug #39649 [Validator] propagate groups to nested constraints (@xabbuh)
  • bug #39708 [WebProfilerBundle] take query and request parameters into account when matching routes (@xabbuh)
  • bug #39692 [FrameworkBundle] Dump abstract arguments (@jderusse)
  • bug #39683 [Yaml] keep trailing newlines when dumping multi-line strings (@xabbuh)
  • bug #39670 [Form] disable error bubbling by default when inheri _data is configured (@xabbuh)
  • bug #39686 [Lock] Fix config merging in lock (@jderusse)
  • bug #39668 [Yaml] do not dump extra trailing newlines for multiline blocks (@xabbuh)
  • bug #39674 [Messenger] fix postgres transport when the retry table is the same (@lyrixx)
  • bug #39653 [Form] fix passing null $pattern to IntlDateFormatter (@nicolas-grekas)
  • bug #39637 [Security] Fix event propagation for AuthenticationTokenCreatedEvent when globally registered (@scheb)
  • bug #39647 [Validator] Update Isin message to match the translation files (@derrabus)
  • bug #39598 [Messenger] Fix stopwach usage if it has been reset (@lyrixx)
  • bug #39636 [Uid] Handle ValueErrors triggered by ext-uuid on PHP 8 (@derrabus)
  • bug #39631 [VarDumper] Fix display of nullable union return types (@derrabus)
  • bug #39629 [VarDumper] fixed displaying "mixed" as "?mixed" (@nicolas-grekas)
  • bug #39597 [Mailer] Handle failure when sending DATA (@jderusse)
  • bug #39621 [Security] Fix event propagation for globally registered security events (@scheb)
  • bug #39603 [TwigBridge] allow null values in form helpers (@xabbuh)
  • bug #39610 [ProxyManagerBridge] fix PHP notice, switch to "friendsofphp/proxy-manager-lts" (@nicolas-grekas)
  • bug #39584 [Security] Add RememberMe Badge to LoginLinkAuthenticator (@jderusse)
  • bug #39586 Supports empty path for slack DSN (@odolbeau)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use
SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases