From abeaf789dc4976791e8bf1b5e8b03b073455dfbe Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:19:13 +0200 Subject: [PATCH 1/9] Mention BC breaks caused while fixing security issues --- UPGRADE-1.0.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/UPGRADE-1.0.md b/UPGRADE-1.0.md index 8f0b16ec14a..9ee0dfdade4 100644 --- a/UPGRADE-1.0.md +++ b/UPGRADE-1.0.md @@ -1,6 +1,11 @@ +# UPGRADE FROM `v1.0.17` TO `v1.0.18` + +* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being + `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons. + # UPGRADE FROM `v1.0.16` TO `v1.0.17` -* `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due +* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due to security reasons. If you used it for REST API, these checks can be disabled by adding `csrf_protection: false` to your routing configuration. From e0cd3337c634f6520a5848dab9ee4b3e30dc9b24 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:19:38 +0200 Subject: [PATCH 2/9] Change application's version to v1.0.18 --- src/Sylius/Bundle/CoreBundle/Application/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Sylius/Bundle/CoreBundle/Application/Kernel.php b/src/Sylius/Bundle/CoreBundle/Application/Kernel.php index b5516130514..5be29403ba5 100644 --- a/src/Sylius/Bundle/CoreBundle/Application/Kernel.php +++ b/src/Sylius/Bundle/CoreBundle/Application/Kernel.php @@ -31,12 +31,12 @@ class Kernel extends HttpKernel { - public const VERSION = '1.0.18-DEV'; + public const VERSION = '1.0.18'; public const VERSION_ID = '10018'; public const MAJOR_VERSION = '1'; public const MINOR_VERSION = '0'; public const RELEASE_VERSION = '18'; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; /** * {@inheritdoc} From 628dff3202029bf95c0c2cb3113ca499732d02d4 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:22:15 +0200 Subject: [PATCH 3/9] Generate changelog for v1.0.18 --- CHANGELOG-1.0.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG-1.0.md b/CHANGELOG-1.0.md index 3068bbefed6..3d0fa276463 100644 --- a/CHANGELOG-1.0.md +++ b/CHANGELOG-1.0.md @@ -1,5 +1,15 @@ # CHANGELOG FOR `1.0.X` +## v1.0.18 (2018-07-10) + +#### TL;DR + +- Fixing the application after not-so-perfect security issue fix in the last release + +#### Details + +- [See the diff since the last patch release](https://github.com/Sylius/Sylius/compare/v1.0.17...v1.0.18) + ## v1.0.17 (2018-07-08) #### TL;DR From 7829c2702f2399bffc534a5c14e38567be224582 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:26:02 +0200 Subject: [PATCH 4/9] Change application's version to v1.1.10 --- src/Sylius/Bundle/CoreBundle/Application/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Sylius/Bundle/CoreBundle/Application/Kernel.php b/src/Sylius/Bundle/CoreBundle/Application/Kernel.php index 2169be545ef..696f620d60d 100644 --- a/src/Sylius/Bundle/CoreBundle/Application/Kernel.php +++ b/src/Sylius/Bundle/CoreBundle/Application/Kernel.php @@ -31,12 +31,12 @@ class Kernel extends HttpKernel { - public const VERSION = '1.1.1-DEV'; + public const VERSION = '1.1.10'; public const VERSION_ID = '10110'; public const MAJOR_VERSION = '1'; public const MINOR_VERSION = '1'; public const RELEASE_VERSION = '10'; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; /** * {@inheritdoc} From 85b30af5f243aee25ab8867f8affcaf5d92c62f1 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:26:42 +0200 Subject: [PATCH 5/9] Generate changelog for v1.1.10 --- CHANGELOG-1.1.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG-1.1.md b/CHANGELOG-1.1.md index bb91f3ed4f7..f946449e073 100644 --- a/CHANGELOG-1.1.md +++ b/CHANGELOG-1.1.md @@ -1,5 +1,15 @@ # CHANGELOG FOR `1.1.X` +## v1.1.10 (2018-07-10) + +#### TL;DR + +- Fixing the application after not-so-perfect security issue fix in the last release + +#### Details + +- [See the diff since the last patch release](https://github.com/Sylius/Sylius/compare/v1.1.9...v1.1.10) + ## v1.1.9 (2018-07-08) #### TL;DR From 1f5bf77714edeaa52c23be3b037aa0cdcdb38794 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:27:39 +0200 Subject: [PATCH 6/9] Mention BC breaks caused while fixing security issues --- UPGRADE-1.1.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UPGRADE-1.1.md b/UPGRADE-1.1.md index 731755dad92..f0cf123ed17 100644 --- a/UPGRADE-1.1.md +++ b/UPGRADE-1.1.md @@ -1,3 +1,14 @@ +# UPGRADE FROM `v1.1.9` TO `v1.1.10` + +* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being + `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons. + +# UPGRADE FROM `v1.1.0` TO `v1.1.9` + +* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due + to security reasons. If you used it for REST API, these checks can be disabled by adding + `csrf_protection: false` to your routing configuration. + # UPGRADE FROM `v1.0.X` TO `v1.1.0` * Scanning for `composer.json` file inside themes directories is recursive by default, which can result in slow performance From d76064cf6e74709bd1973e3911cb481d91329330 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:28:18 +0200 Subject: [PATCH 7/9] Change application's version to v1.2.3 --- src/Sylius/Bundle/CoreBundle/Application/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Sylius/Bundle/CoreBundle/Application/Kernel.php b/src/Sylius/Bundle/CoreBundle/Application/Kernel.php index 3dde3ace290..ad33b417da4 100644 --- a/src/Sylius/Bundle/CoreBundle/Application/Kernel.php +++ b/src/Sylius/Bundle/CoreBundle/Application/Kernel.php @@ -31,12 +31,12 @@ class Kernel extends HttpKernel { - public const VERSION = '1.2.3-DEV'; + public const VERSION = '1.2.3'; public const VERSION_ID = '10203'; public const MAJOR_VERSION = '1'; public const MINOR_VERSION = '2'; public const RELEASE_VERSION = '3'; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; /** * {@inheritdoc} From 2176014b24d39a13b1e24f61cd919d3eb22379b8 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:29:13 +0200 Subject: [PATCH 8/9] Generate changelog for v1.2.3 --- CHANGELOG-1.2.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG-1.2.md b/CHANGELOG-1.2.md index 5b0ad3537ae..7e060380f24 100644 --- a/CHANGELOG-1.2.md +++ b/CHANGELOG-1.2.md @@ -1,5 +1,15 @@ # CHANGELOG FOR `1.2.X` +## v1.2.3 (2018-07-10) + +#### TL;DR + +- Fixing the application after not-so-perfect security issue fix in the last release + +#### Details + +- [See the diff since the last patch release](https://github.com/Sylius/Sylius/compare/v1.2.2...v1.2.3) + ## v1.2.2 (2018-07-08) #### TL;DR From 40a1c7868979d52959fc824d675605b90ec0dbde Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Tue, 10 Jul 2018 13:29:42 +0200 Subject: [PATCH 9/9] Mention BC breaks caused while fixing security issues --- UPGRADE-1.2.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UPGRADE-1.2.md b/UPGRADE-1.2.md index 7ee764ab38e..98ed0085674 100644 --- a/UPGRADE-1.2.md +++ b/UPGRADE-1.2.md @@ -1,3 +1,14 @@ +# UPGRADE FROM `v1.2.2` TO `v1.2.3` + +* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being + `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons. + +# UPGRADE FROM `v1.2.0` TO `v1.2.2` + +* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due + to security reasons. If you used it for REST API, these checks can be disabled by adding + `csrf_protection: false` to your routing configuration. + # UPGRADE FROM `v1.1.X` TO `v1.2.0` ## Codebase