A week of symfony #465 (23-29 November 2015)

This week Symfony published the 2.3.35, 2.6.12 and 2.7.7 security releases. Meanwhile, the development activity focused on 2.8 and 3.0 versions, which will be published at the beginning of the next week. Finally, the Symfony Business and Community Awards were announced and they'll be awarded during the SymfonyCon Paris 2015 conference at the end of the next week.

Symfony2 development highlights

2.3 changelog:

  • f1fd768: [Security] fixed potential timing attack issue
  • 557ea17: [Form] mitigated CSRF timing attack vulnerability
  • 819aa54: [Form] prevented timing attacks in digest auth listener
  • f88e600: [Security] migrated session after remember me authentication
  • 0113ac3: [Router] fixed an issue in applications that defined several thousands of routes
  • 4a17c9e: [ClassLoader] fixed parsing namespace when token_get_all() is missing
  • 55f84a3: [SecurityBundle] disabled the init:acl command if ACL is not used

2.7 changelog:

  • 01c08fc: [Debug] ensured class declarations are loaded only once
  • f495410: [Form] disabled view data validation if "data_class" is set to null
  • 3ab8189, 1179f07: [Form] deprecated setting "choices_as_values" to "false"
  • a35d3d4: [Form] added missing tests for Bootstrap horizontal for theme

2.8 changelog:

  • 8feb9ef: [Routing] changed RouteCollectionBuilder::import() behavior to add to the builder
  • 922b946: [HttpKernel] don't reset on shutdown but in FrameworkBundle/Test/KernelTestCase
  • fd8b87c: [Security] deprecated AbstractVoter in favor of Voter
  • 0e0b904: [Translation, Form] do not translate form labels and placeholders when 'translation_domain' is false
  • 41df3fc: [Form] deprecated TimezoneType::getTimezones()
  • 5386752: [Form] deprecated ArrayKeyChoiceList
  • f4f082e: [HttpFoundation] deprecated $deep parameter on ParameterBag
  • 5a88fb6: [Bridge\PhpUnit] display the stack trace of a deprecation on-demand
  • 683f0f7: [Serializer] improved ObjectNormalizer performance
  • 0450865: [Security] use csrf_token_id instead of deprecated intention
  • 96afff6, b272ab5: [SecurityBundle] fixed disabling of RoleHierarchyVoter when passing empty hierarchy

Master changelog:

  • 1ab7316: [DependencyInjection] used try-finally for container
  • 5bc34d2: [Form] droped remaing CsrfProviderAdapter/Interface mentions
  • 812396d: [Security] removed deprecated HTTP digest auth key
  • d834cd3: [Form] added getBlockPrefix to FormTypeInterface
  • d641fc5: [Form] removed deprecated CSRF options

Newest issues and pull requests

They talked about us

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.


Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.