Symfony 5.3.3 has just been released. Here is a list of the most important changes:

  • bug #41910 [Security] Handle concurency in Csrf DoctrineTokenProvider (@jderusse)
  • bug #41881 Fix SessionTokenStorage reuse with Request (@jderusse)
  • bug #41893 [Filesystem] Workaround cannot dumpFile into "protected" folders on Windows (@arnegroskurth)
  • bug #41896 [Messenger] fix FlattenExceptionNormalizer (@nicolas-grekas)
  • bug #41242 [SecurityBundle] Change information label from red to yellow (@94noni)
  • bug #41665 [HttpKernel] Keep max lifetime also when part of the responses don't set it (@mpdude)
  • bug #41760 [ErrorHandler] fix handling buffered SilencedErrorContext (@nicolas-grekas)
  • bug #41807 [HttpClient] fix Psr18Client when allo _ur _fopen=0 (@nicolas-grekas)
  • bug #41735 [Runtime] Fix project dir variable when vendor not in project root (@Ash014)
  • bug #40857 [DependencyInjection] Add support of PHP enumerations (@alexandre-daubois)
  • bug #41767 [Config] fix tracking default values that reference the parent class (@nicolas-grekas)
  • bug #41768 [DependencyInjection] Fix binding "iterable $foo" when using the PHP-DSL (@nicolas-grekas)
  • bug #41777 [DependencyInjection] accept service locator definitions with no class (@nicolas-grekas)
  • bug #41801 [Uid] Fix fromString() with low base58 values (@fancyweb)
  • bug #41793 [Cache] handle prefixed redis connections when clearing pools (@nicolas-grekas)
  • bug #41804 [Cache] fix eventual consistency when using RedisTagAwareAdapter with a cluster (@nicolas-grekas)
  • bug #41773 [Cache] Disable locking on Windows by default (@nicolas-grekas)
  • bug #41655 [Mailer] fix encoding of addresses using SmtpTransport (@dmaicher)
  • bug #41663 [HttpKernel] [HttpCache] Keep s-maxage=0 from ESI sub-responses (@mpdude)
  • bug #41739 Avoid broken action URL in text notification mail (@mbrodala)
  • bug #41737 [Security] Fix special char used to create cache key (@jderusse)
  • bug #41701 [VarDumper] Fix tests for PHP 8.1 (@alexandre-daubois)
  • bug #41795 [FrameworkBundle] Replace va _export with VarExporter to use array short syntax in secrets list files (@alexandre-daubois)
  • bug #41779 [DependencyInjection] throw proper exception when decorating a synthetic service (@nicolas-grekas)
  • bug #41787 [Security] Implement fluent interface on RememberMeBadge::disable() (@derrabus)
  • bug #41776 [ErrorHandler] [DebugClassLoader] Do not check Phake mocks classes (@adoy)
  • bug #41780 [PhpUnitBridge] fix handling the COMPOSE _BINARY env var when using simple-phpunit (@Taluu)
  • bug #41755 [PasswordHasher] UserPasswordHasher only calls getSalt when method exists (@dbrumann)
  • bug #41670 [HttpFoundation] allow savePath of NativeFileSessionHandler to be null (@simon.chrzanowski)
  • bug #41751 [Messenger] prevent reflection usages when classes do not exist (@xabbuh)
  • bug #41747 [Security] Fixed 'security.command.debu _firewall' not found (@Nyholm)
  • bug #41741 [Security] Fix invalid RememberMe value after update (@jderusse)
  • bug #41744 [Security] Fix invalid cookie when migrating to new Security (@jderusse)
  • bug #41740 [Security] make the getter usable if no user identifier is set (@xabbuh)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases