Releases: nepada/security-annotations
Releases · nepada/security-annotations
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.3.0
- Explicitly restrict maximum supported PHP version in composer.json
- Drop PHP 7.4 support
- Deprecate usage of Doctrine annotations, use native PHP attributes instead
- Change
Role
attribute constructor signature to variadic parameter, passing multiple rows as single array argument is deprecated
4.2.0
4.1.0
- PHP 8.0 compatiblity.
- PHP attributes support:
- Security metadata can be now specified via standard PHP attribute syntax (supported on PHP >= 8.0).
- PHP attributes are preferred over legacy PHP DocBlock annotations. Next major version will support PHP attributes only.
- Bundled annotations are now explicitly limited to class and method usage.
- Bundled annotations now define getters for all properties, direct access to public properties is considered deprecated and will be removed in next major version.
- New configuration option
enableDoctrineAnnotations
(true
by default). Set it tofalse
to disable legacy PHP DocBlock annotations support and test the application with PHP attributes only.
4.0.0
Backward incompatible changes
- Annotation parsing rewritten from obsolete
nette/reflection
todoctrine/annotations
. This changes how the security annotations are written, as well as how validators receive the parsed data. - Public API changes of
AccessValidator
: parsed annotation data are received as object, added method that specifies the supported annotation name. - Removed interface and trait name prefixes:
IAccessValidator
->AccessValidator
,TSecuredComponents
->SecuredComponents
,TSecurityAnnotations
->SecurityAnnotations
. RequirementsChecker
must be explicitly injected into presenters and components.- Removed
SameSiteValidator
- signals are protected by default in Nette 3. - Removed the possibility to dynamically configure validators used by
RequirementsChecker
. - Dropped support for custom exception messages in default validators.