Symfony 6.4.7 has just been released. Here is the list of the most important changes since 6.4.6:

  • bug #54699 [DoctrineBridge] Update AbstractSchemaListener to adjust more database params (@ywisax)
  • bug #54691 [Finder] Also consider .git inside the basedir of in() directory (@nickvergessen)
  • bug #54724 [AssetMapper] Check asset/vendor directory is writable (@smnandre)
  • bug #54750 [Validator] detect wrong usages of minMessage/maxMessage in options (@xabbuh)
  • bug #54751 [Validator] detect wrong e-mail validation modes (@xabbuh)
  • bug #54723 [Form] read form values using the chain data accessor (@xabbuh)
  • bug #54706 [Yaml] call substr() with integer offsets (@xabbuh)
  • bug #54675 [PropertyInfo] Fix PHPStan properties type in trait (@mtarld)
  • bug #54673 [Messenger] explicitly cast boolean SSL stream options (@xabbuh)
  • bug #54665 Add test for AccessTokenHeaderRegex and adjust regex (@Spomky)
  • bug #54635 [Serializer] Revert "Fix object normalizer when properties has the same name as their accessor" - it was a BC Break (@NeilPeyssard)
  • bug #54625 [Intl] Remove resources data from classmap generation (@shyim)
  • bug #54598 [TwigBridge] implement NodeVisitorInterface instead of extending AbstractNodeVisitor (@xabbuh)
  • bug #54072 [HttpKernel] Fix datacollector caster for reference object property (@ebuildy)
  • bug #54395 [Serializer] Fixing PHP warning in the ObjectNormalizer with MaxDepth enabled (@jaydiablo)
  • bug #54564 [Translation] Skip state=needs-translation entries only when source == target (@nicolas-grekas)
  • bug #54579 [Cache] Always select database for persistent redis connections (@uncaught)
  • bug #54059 [Security] Validate that CSRF token in form login is string similar to username/password (@glaubinix)
  • bug #54530 [Clock] initialize the current time with midnight before modifying the date (@xabbuh)
  • bug #54547 [HttpKernel] Force non lazy controller services (@smnandre)
  • bug #54517 [HttpClient] Let curl handle transfer encoding (@michaelhue)
  • bug #52917 [Serializer] Fix unexpected allowed attributes (@mtarld)
  • bug #54063 [FrameworkBundle] Fix registration of the bundle path to translation (@FlyingDR)
  • bug #54392 [Messenger] Make Doctrine connection ignore unrelated tables on setup (@MatTheCat)
  • bug #54513 [HtmlSanitizer] Ignore Processing Instructions (@smnandre)
  • bug #54506 [HttpFoundation] Set content-type header in RedirectResponse (@smnandre)
  • bug #52698 [Serializer] Fix XML scalar to object denormalization (@mtarld)
  • bug #54485 [Serializer] Ignore when using #[Ignore] on a non-accessor (@nicolas-grekas)
  • bug #54105 [Messenger] Improve deadlock handling on ack() and reject() (@jwage)
  • bug #54242 [HttpClient] [EventSourceHttpClient] Fix consuming SSEs with \r\n separator (@fancyweb)
  • bug #54487 [Validator] Accept Stringable in ExecutionContext::build/addViolation() (@alexandre-daubois)
  • bug #54456 [DomCrawler] Encode html entities only if nessecary (@ausi)
  • bug #54484 [Serializer] reset backed_enum priority, and re-prioritise translatable (@GwendolenLynch)
  • bug #54471 [Filesystem] Strengthen the check of file permissions in dumpFile (@alexandre-daubois)
  • bug #54403 [FrameworkBundle] [Command] Fix #54402: Suppress PHP warning when is_readable() tries to access dirs outside of open_basedir restrictions (Jeldrik Geraedts)
  • bug #54440 [Console] return null when message with name is not set (@xabbuh)
  • bug #54468 [Translation] Fix LocaleSwitcher throws when intl not loaded (@smnandre)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Published in #Releases