a1812
Repos
22
Followers
2
Following
2
symfony/symfony

The Symfony PHP framework

PHP
28144
8788
a1812/symfony-docs

The Symfony documentation

HTML
0
0

Events

started
joelgrus/data-science-from-scratch
Created at 1 week ago
push
a1812/symfony
a1812 push a1812/symfony

[HttpKernel] Remove private headers before storing responses with HttpCache

[DependencyInjection] Don't autoconfigure tag when it's already set with attributes

Update CHANGELOG for 4.4.48

Update CONTRIBUTORS for 4.4.48

Update VERSION for 4.4.48

Merge pull request #48028 from fabpot/release-4.4.48

released v4.4.48

Bump Symfony version to 4.4.49

Run tests with UTC to avoid daylight saving time messing with assertions

[WebProfilerBundle] Remove redundant code from logger template

[HttpFoundation] Check IPv6 is valid before comparing it

bug #48050 [HttpFoundation] Check IPv6 is valid before comparing it (PhilETaylor)

This PR was submitted for the 5.4 branch but it was merged into the 4.4 branch instead.

Discussion

[HttpFoundation] Check IPv6 is valid before comparing it

| Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #48049 | License | MIT

Ensure that the checkIp6 only validates IPv6 addresses and ipv6 subnets.

PR Assumes that IPv6 and ipv6 subnets can never have a period in them (which as far as I know, is correct).

Commits

2b7ff1112a [HttpFoundation] Check IPv6 is valid before comparing it

bug #48027 [DependencyInjection] Don't autoconfigure tag when it's already set with attributes (nicolas-grekas)

This PR was merged into the 5.4 branch.

Discussion

[DependencyInjection] Don't autoconfigure tag when it's already set with attributes

| Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #48019 | License | MIT | Doc PR | -

Commits

f27ed9b9bd [DependencyInjection] Don't autoconfigure tag when it's already set with attributes

minor #48042 Run tests with UTC to avoid daylight saving time messing with assertions (MatTheCat)

This PR was merged into the 4.4 branch.

Discussion

Run tests with UTC to avoid daylight saving time messing with assertions

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A

Pipelines are failing today (like https://github.com/symfony/symfony/actions/runs/3350921526/jobs/5552038137#step:7:710) because it’s the eve of setting clocks back by one hour in the Europe/Paris timezone, so one day from now is 25 instead of 24 hours.

This PR just changes the timezone to UTC where there is no daylight saving time.

Commits

f56107c7d2 Run tests with UTC to avoid daylight saving time messing with assertions

Use 6.3 for new features

minor #48063 Use 6.3 for new features (fabpot)

This PR was merged into the 4.4 branch.

Discussion

Use 6.3 for new features

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | n/a | License | MIT | Doc PR | n/a

Commits

4d5996d170 Use 6.3 for new features

Update actions in the CI to move away from the deprecated runtime

minor #48081 Update actions in the CI to move away from the deprecated runtime (stof)

This PR was merged into the 4.4 branch.

Discussion

Update actions in the CI to move away from the deprecated runtime

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | n/a | License | MIT | Doc PR | n/a

For official actions, the usage of the new node-16 runner was released as a major version of the actions (because it breaks compatibility with older versions of GitHub Enterprise Server). This updates our workflows to use that new version.

Commits

5cff81d0be Update actions in the CI to move away from the deprecated runtime

Update the CI setup to use the new output file

Fix the notification email theme for asynchronously dispatched emails

When the \Symfony\Component\Mailer\Messenger\SendEmailMessage is dispatched asynchronously, the email message is serialised and unserialised. The theme that was set on the NotificationEmail was not included in the serialisation, causing the value to return back to the default after deserialisation.

Fix search scope when performing fallback mapping driver detection

Created at 1 month ago
push
a1812/symfony
a1812 push a1812/symfony

[HttpKernel] Remove private headers before storing responses with HttpCache

Run tests with UTC to avoid daylight saving time messing with assertions

[HttpFoundation] Check IPv6 is valid before comparing it

bug #48050 [HttpFoundation] Check IPv6 is valid before comparing it (PhilETaylor)

This PR was submitted for the 5.4 branch but it was merged into the 4.4 branch instead.

Discussion

[HttpFoundation] Check IPv6 is valid before comparing it

| Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #48049 | License | MIT

Ensure that the checkIp6 only validates IPv6 addresses and ipv6 subnets.

PR Assumes that IPv6 and ipv6 subnets can never have a period in them (which as far as I know, is correct).

Commits

2b7ff1112a [HttpFoundation] Check IPv6 is valid before comparing it

minor #48042 Run tests with UTC to avoid daylight saving time messing with assertions (MatTheCat)

This PR was merged into the 4.4 branch.

Discussion

Run tests with UTC to avoid daylight saving time messing with assertions

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A

Pipelines are failing today (like https://github.com/symfony/symfony/actions/runs/3350921526/jobs/5552038137#step:7:710) because it’s the eve of setting clocks back by one hour in the Europe/Paris timezone, so one day from now is 25 instead of 24 hours.

This PR just changes the timezone to UTC where there is no daylight saving time.

Commits

f56107c7d2 Run tests with UTC to avoid daylight saving time messing with assertions

Use 6.3 for new features

minor #48063 Use 6.3 for new features (fabpot)

This PR was merged into the 4.4 branch.

Discussion

Use 6.3 for new features

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | n/a | License | MIT | Doc PR | n/a

Commits

4d5996d170 Use 6.3 for new features

Update actions in the CI to move away from the deprecated runtime

minor #48081 Update actions in the CI to move away from the deprecated runtime (stof)

This PR was merged into the 4.4 branch.

Discussion

Update actions in the CI to move away from the deprecated runtime

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | n/a | License | MIT | Doc PR | n/a

For official actions, the usage of the new node-16 runner was released as a major version of the actions (because it breaks compatibility with older versions of GitHub Enterprise Server). This updates our workflows to use that new version.

Commits

5cff81d0be Update actions in the CI to move away from the deprecated runtime

Fix the notification email theme for asynchronously dispatched emails

When the \Symfony\Component\Mailer\Messenger\SendEmailMessage is dispatched asynchronously, the email message is serialised and unserialised. The theme that was set on the NotificationEmail was not included in the serialisation, causing the value to return back to the default after deserialisation.

[DependencyInjection] don't move locator tag for service subscriber

Decorators move tags applied to the decorated service to the decorating service. But this (sometimes) breaks when the decorated service is a service subscriber, which has the argument for the container explicitly set.

This mostly works because the locator for the service subscriber is applied twice. The RegisterServiceSubscriberPass which creates the locator also sets a binding on the service. The ResolveServiceSubscriberPass replaces the arguments referencing the ContainerInterface or ServiceProviderInterface for those services tagged with the container.service_subscriber.locator tag. So when the argument isn't provided in the service definition it will automatically be set using the binding. And in case the argument is set, it will be replaced by the Resolver pass based on the tag.

But this thus breaks in case a service explicitly sets the argument (which means the binding isn't applied) and the service being decorated (meaning the locator tag is "lost"). So add the locator tag to the list of tags to keep on the original service.

don not set http_version instead of setting it to null

bug #48103 [HttpClient] Do not set http_version instead of setting it to null (Tetragramat)

This PR was merged into the 4.4 branch.

Discussion

[HttpClient] Do not set http_version instead of setting it to null

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #48087 | License | MIT | Doc PR | -

Commits

5f7004db62 don not set http_version instead of setting it to null

bug #48092 Fix the notification email theme for asynchronously dispatched emails (krisbuist)

This PR was merged into the 4.4 branch.

Discussion

Fix the notification email theme for asynchronously dispatched emails

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | License | MIT

When the \Symfony\Component\Mailer\Messenger\SendEmailMessage is dispatched asynchronously, the email message is serialised and unserialised. The theme that was set on the NotificationEmail was not included in the serialisation, causing the value to return back to the default after deserialisation.

Commits

4b843d1eea Fix the notification email theme for asynchronously dispatched emails

[Mailer] Stream timeout not detected due to checking only string result of function fgets

bug #48075 [Mailer] Stream timeout not detected fgets returns false (Sezil)

This PR was submitted for the 5.4 branch but it was merged into the 4.4 branch instead.

Discussion

[Mailer] Stream timeout not detected fgets returns false

#48074 [Mailer] Stream timeout not detected due to checking only string result of function fgets

| Q | A | ------------- | --- | Branch? | 6.2 for features / 4.4, 5.4, 6.0 or 6.1 for bug fixes | Bug fix? | yes/no | New feature? | yes/no | Deprecations? | yes/no | Tickets | Fix #... | License | MIT | Doc PR | symfony/symfony-docs#...

Commits

486f2c5a2b [Mailer] Stream timeout not detected due to checking only string result of function fgets

bug #48093 [DependencyInjection] don't move locator tag for service subscriber (RobertMe)

This PR was merged into the 4.4 branch.

Discussion

[DependencyInjection] don't move locator tag for service subscriber

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | -

From the commit message: Decorators move tags applied to the decorated service to the decorating service. But this (sometimes) breaks when the decorated service is a service subscriber, which has the argument for the container explicitly set.

This mostly works because the locator for the service subscriber is applied twice. The RegisterServiceSubscriberPass which creates the locator also sets a binding on the service. The ResolveServiceSubscriberPass replaces the arguments referencing the ContainerInterface or ServiceProviderInterface for those services tagged with the container.service_subscriber.locator tag. So when the argument isn't provided in the service definition it will automatically be set using the binding. And in case the argument is set, it will be replaced by the Resolver pass based on the tag.

But this thus breaks in case a service explicitly sets the argument (which means the binding isn't applied) and the service being decorated (meaning the locator tag is "lost"). So add the locator tag to the list of tags to keep on the original service.

Explanation: I found this issue when decorating the Router. The Router (in FrameworkBundle) uses a service subscriber, but this lead to a deprecation message for autowiring Psr\...\ContainerInterface. Debugging also showed that the full container was injected, and not the extracted service locator (service locator service actually was logged as removed for being unused). After investigation the issue was found to be as described above. The router service is declared with an argument for the $container parameter of the constructor, i.e.:

<service id="router.default" class="Symfony\Bundle\FrameworkBundle\Routing\Router">
            <argument type="service" id="Psr\Container\ContainerInterface" />

Which leads to the binding, as declared in the RegisterServiceSubscribersPass pass not being applied. Later on the DecoratorServicePass pass moves the tags of the decorated service to the decorating service, where it only keeps the container.service_subscriber tag on the original service, and moves the container.service_subscriber.locator tag to the decorating service. When afterwards the ResolveServiceSubscribersPass pass is executed it will replace the arguments to the ContainerInterface with the created locator service (as defined in the RegisterServiceSubscribersPass). But this then fails because the container.service_subscriber.locator tag isn't applied anymore.

So when the router isn't decorated the ResolveServiceSubscribersPass pass is the one which makes the service subscriber work, replacing the original argument as defined in the service definition. But when it is decorated this breaks because the tag is missing. The unit tests didn't detect this because: 1. the container isn't injected (and thus not validated); 2. even with validation of the container it would work as the binding would be applied. This is why I also kept the original unit test (but expanding the test with validating the container), which would still pass (based on the binding), and adding the additional test which explicitly sets the $container argument, which would fail (for the binding not being applied, and the tag being missing because of the decorator).

Commits

3c7dbb4f13 [DependencyInjection] don't move locator tag for service subscriber

[HttpFoundation] Compare cookie with null value as empty string in ResponseCookieValueSame

Allow to disable lock without defining a resource

bug #48119 [FrameworkBundle][Lock] Allow to disable lock without defining a resource (MatTheCat)

This PR was merged into the 4.4 branch.

Discussion

[FrameworkBundle][Lock] Allow to disable lock without defining a resource

| Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A

While answering #48115 I noticed a resource is mandatory in lock’s configuration even if it’s disabled because of requiresAtLeastOneElement. I replaced it with a validation rule which takes enabled into account.

Commits

0aad8c8892 Allow to disable lock without defining a resource

Created at 1 month ago
push
a1812/symfony
a1812 push a1812/symfony

[Security][Guard] Prevent user enumeration via response content

security #cve-2021-21424 [Security][Guard] Prevent user enumeration (chalasr)

This PR was merged into the 3.4 branch.

Update CHANGELOG for 3.4.48

Update VERSION for 3.4.48

Merge pull request #41193 from fabpot/release-3.4.48

released v3.4.48

[Security\Core] Fix user enumeration via response body on invalid credentials

security #cve-2021-21424 [Security\Core] Fix user enumeration via response body on invalid credentials (chalasr)

This PR was merged into the 3.4 branch.

Update CHANGELOG for 3.4.49

Update VERSION for 3.4.49

Merge pull request #41276 from fabpot/release-3.4.49

released v3.4.49

[FrameworkBundle] Fix tests

[VarDumper] fix tests

[HttpFoundation] Fix ianaCodesReasonPhrasesProvider to consume a local file

Created at 1 month ago