[pull] master from Sylius:master

CHANGELOG-1.3.md

@@ -1,5 +1,22 @@
 # CHANGELOG FOR `1.3.X`
 
+## v1.3.14 (2019-12-03)
+
+#### CVE-2019-16768: Internal exception message exposure in login action.
+
+**Details:**
+
+Exception messages from internal exceptions (like database exception) are wrapped by 
+`\Symfony\Component\Security\Core\Exception\AuthenticationServiceException` and propagated through the system to UI. 
+Therefore, some internal system information may leak and be visible to the customer.
+
+A validation message with the exception details will be presented to the user when one will try to log into the shop.
+
+**Solution:**
+
+This release patches the reported vulnerability. The `src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig` 
+file from Sylius should be overridden and `{{ messages.error(last_error.message) }}` changed to `{{ messages.error(last_error.messageKey) }}`.
+
 ## v1.3.13 (2019-05-29)
 
 #### Details

CHANGELOG-1.4.md

@@ -1,5 +1,22 @@
 # CHANGELOG FOR `1.4.X`
 
+## v1.4.10 (2019-12-03)
+
+#### CVE-2019-16768: Internal exception message exposure in login action.
+
+**Details:**
+
+Exception messages from internal exceptions (like database exception) are wrapped by 
+`\Symfony\Component\Security\Core\Exception\AuthenticationServiceException` and propagated through the system to UI. 
+Therefore, some internal system information may leak and be visible to the customer.
+
+A validation message with the exception details will be presented to the user when one will try to log into the shop.
+
+**Solution:**
+
+This release patches the reported vulnerability. The `src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig` 
+file from Sylius should be overridden and `{{ messages.error(last_error.message) }}` changed to `{{ messages.error(last_error.messageKey) }}`.
+
 ## v1.4.9 (2019-10-09)
 
 The last bugfix release for v1.4.x.

CHANGELOG-1.5.md

@@ -1,8 +1,37 @@
 # CHANGELOG FOR `1.5.X`
 
+## v1.5.7 (2019-12-03)
+
+#### CVE-2019-16768: Internal exception message exposure in login action.
+
+**Details:**
+
+Exception messages from internal exceptions (like database exception) are wrapped by 
+`\Symfony\Component\Security\Core\Exception\AuthenticationServiceException` and propagated through the system to UI. 
+Therefore, some internal system information may leak and be visible to the customer.
+
+A validation message with the exception details will be presented to the user when one will try to log into the shop.
+
+**Solution:**
+
+This release patches the reported vulnerability. The `src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig` 
+file from Sylius should be overridden and `{{ messages.error(last_error.message) }}` changed to `{{ messages.error(last_error.messageKey) }}`.
+
+#### Details
+
+- [#10835](https://github.com/Sylius/Sylius/issues/10835) Improve deprecation message for "Sylius\Bundle\CoreBundle\Application\Kernel" ([@pamil](https://github.com/pamil))
+- [#10841](https://github.com/Sylius/Sylius/issues/10841) [Docs] Include link to ShopApi docs to REST API Reference ([@Zales0123](https://github.com/Zales0123))
+- [#10846](https://github.com/Sylius/Sylius/issues/10846) [Order] Include order unit promotion adjustments and order item promotion adjustments in order promotion total ([@Tomanhez](https://github.com/Tomanhez))
+- [#10849](https://github.com/Sylius/Sylius/issues/10849) Move ShopApi reference to main menu ([@Zales0123](https://github.com/Zales0123))
+- [#10855](https://github.com/Sylius/Sylius/issues/10855) [Docs] Open external links in a new tab ([@Zales0123](https://github.com/Zales0123))
+- [#10857](https://github.com/Sylius/Sylius/issues/10857) Change readme banner ([@kulczy](https://github.com/kulczy))
+- [#10880](https://github.com/Sylius/Sylius/issues/10880) [Promotion] Improve coupon generation validation message ([@GSadee](https://github.com/GSadee))
+- [#10881](https://github.com/Sylius/Sylius/issues/10881) Add docs banner ([@kulczy](https://github.com/kulczy))
+- [#10891](https://github.com/Sylius/Sylius/issues/10891) Update release process docs for 1.2 ([@pamil](https://github.com/pamil))
+
 ## v1.5.6 (2019-11-11)
 
-### Details
+#### Details
 
 - [#9931](https://github.com/Sylius/Sylius/issues/9931) [Payum] infinite loop on state machine exception fixed ([@tautelis](https://github.com/tautelis))
 - [#10734](https://github.com/Sylius/Sylius/issues/10734) Added: TimestampableInterface to core TaxonInterface (fixes #10728) ([@igormukhingmailcom](https://github.com/igormukhingmailcom))

CHANGELOG-1.6.md

@@ -1,8 +1,44 @@
 # CHANGELOG FOR `1.6.X`
 
+## v1.6.3 (2019-12-03)
+
+#### CVE-2019-16768: Internal exception message exposure in login action.
+
+**Details:**
+
+Exception messages from internal exceptions (like database exception) are wrapped by 
+`\Symfony\Component\Security\Core\Exception\AuthenticationServiceException` and propagated through the system to UI. 
+Therefore, some internal system information may leak and be visible to the customer.
+
+A validation message with the exception details will be presented to the user when one will try to log into the shop.
+
+**Solution:**
+
+This release patches the reported vulnerability. The `src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig` 
+file from Sylius should be overridden and `{{ messages.error(last_error.message) }}` changed to `{{ messages.error(last_error.messageKey) }}`.
+
+#### Details
+
+- [#10835](https://github.com/Sylius/Sylius/issues/10835) Improve deprecation message for "Sylius\Bundle\CoreBundle\Application\Kernel" ([@pamil](https://github.com/pamil))
+- [#10837](https://github.com/Sylius/Sylius/issues/10837) Remove unused templating engine from RemoveAvatarAction ([@pamil](https://github.com/pamil))
+- [#10841](https://github.com/Sylius/Sylius/issues/10841) [Docs] Include link to ShopApi docs to REST API Reference ([@Zales0123](https://github.com/Zales0123))
+- [#10842](https://github.com/Sylius/Sylius/issues/10842) [Docs] Update core team ([@lchrusciel](https://github.com/lchrusciel))
+- [#10844](https://github.com/Sylius/Sylius/issues/10844) Clarify BC promise for final controllers ([@pamil](https://github.com/pamil))
+- [#10846](https://github.com/Sylius/Sylius/issues/10846) [Order] Include order unit promotion adjustments and order item promotion adjustments in order promotion total ([@Tomanhez](https://github.com/Tomanhez))
+- [#10849](https://github.com/Sylius/Sylius/issues/10849) Move ShopApi reference to main menu ([@Zales0123](https://github.com/Zales0123))
+- [#10853](https://github.com/Sylius/Sylius/issues/10853) [Behat][Admin][Order] Fix scenarios for displaying promotions on 1.6 after upmerge ([@GSadee](https://github.com/GSadee))
+- [#10855](https://github.com/Sylius/Sylius/issues/10855) [Docs] Open external links in a new tab ([@Zales0123](https://github.com/Zales0123))
+- [#10857](https://github.com/Sylius/Sylius/issues/10857) Change readme banner ([@kulczy](https://github.com/kulczy))
+- [#10865](https://github.com/Sylius/Sylius/issues/10865) [Admin][Promotion] Fix the prevention of generating too many coupons ([@GSadee](https://github.com/GSadee))
+- [#10880](https://github.com/Sylius/Sylius/issues/10880) [Promotion] Improve coupon generation validation message ([@GSadee](https://github.com/GSadee))
+- [#10881](https://github.com/Sylius/Sylius/issues/10881) Add docs banner ([@kulczy](https://github.com/kulczy))
+- [#10889](https://github.com/Sylius/Sylius/issues/10889) [Fixtures] Update product names ([@CoderMaggie](https://github.com/CoderMaggie))
+- [#10890](https://github.com/Sylius/Sylius/issues/10890) Fix build - remove redundant validation message part ([@Zales0123](https://github.com/Zales0123))
+- [#10891](https://github.com/Sylius/Sylius/issues/10891) Update release process docs for 1.2 ([@pamil](https://github.com/pamil))
+
 ## v1.6.2 (2019-11-11)
 
-### Details
+#### Details
 
 - [#9931](https://github.com/Sylius/Sylius/issues/9931) [Payum] infinite loop on state machine exception fixed ([@tautelis](https://github.com/tautelis))
 - [#10733](https://github.com/Sylius/Sylius/issues/10733) Fix 10719 infinite order fixture loading ([@igormukhingmailcom](https://github.com/igormukhingmailcom))

CHANGELOG-1.7.md

@@ -1 +1,73 @@
 # CHANGELOG FOR `1.7.X`
+
+## v1.7.0-ALPHA.1
+
+#### Details
+
+- CVE-2019-16768: Internal exception message exposure in login action.
+- [#10632](https://github.com/Sylius/Sylius/issues/10632) [ShopBundle] Logged customer after completing checkout can view order in his account ([@Tomanhez](https://github.com/Tomanhez))
+- [#10638](https://github.com/Sylius/Sylius/issues/10638) [Behat][Minor] Add a few typehints ([@lchrusciel](https://github.com/lchrusciel))
+- [#10643](https://github.com/Sylius/Sylius/issues/10643) [Fixture] channel fixture fix ([@AdamKasp](https://github.com/AdamKasp))
+- [#10651](https://github.com/Sylius/Sylius/issues/10651) removed customer from customer order grid ([@AdamKasp](https://github.com/AdamKasp))
+- [#10653](https://github.com/Sylius/Sylius/issues/10653) [Order] Added "no payments" label for order without payment ([@AdamKasp](https://github.com/AdamKasp), [@Zales0123](https://github.com/Zales0123))
+- [#10658](https://github.com/Sylius/Sylius/issues/10658) [Payment] Filtering payments by channel ([@AdamKasp](https://github.com/AdamKasp), [@Zales0123](https://github.com/Zales0123))
+- [#10660](https://github.com/Sylius/Sylius/issues/10660) [Fixture] Shipment and payment date are same like order ([@AdamKasp](https://github.com/AdamKasp))
+- [#10665](https://github.com/Sylius/Sylius/issues/10665) Remove ShippingBundle spec from autoload-dev ([@mmenozzi](https://github.com/mmenozzi))
+- [#10666](https://github.com/Sylius/Sylius/issues/10666) Test doctrine migrations up & down ([@loic425](https://github.com/loic425))
+- [#10670](https://github.com/Sylius/Sylius/issues/10670) Fix unnecessarily centered payment ([@Zales0123](https://github.com/Zales0123))
+- [#10674](https://github.com/Sylius/Sylius/issues/10674) Add authorize constant to payment transitions ([@alexander-schranz](https://github.com/alexander-schranz))
+- [#10679](https://github.com/Sylius/Sylius/issues/10679) Change channel code to name ([@AdamKasp](https://github.com/AdamKasp))
+- [#10687](https://github.com/Sylius/Sylius/issues/10687) Add support menu and CTAs ([@pjedrzejewski](https://github.com/pjedrzejewski))
+- [#10694](https://github.com/Sylius/Sylius/issues/10694) [Admin][Product] Extract some variant related templates from product show ([@GSadee](https://github.com/GSadee))
+- [#10699](https://github.com/Sylius/Sylius/issues/10699) Admin avatar - fixtures ([@AdamKasp](https://github.com/AdamKasp))
+- [#10702](https://github.com/Sylius/Sylius/issues/10702) fix order orders grid ([@AdamKasp](https://github.com/AdamKasp))
+- [#10707](https://github.com/Sylius/Sylius/issues/10707) [Currency] added parameterized currency during installation (, [@Jeroen-G](https://github.com/Jeroen-G))
+- [#10711](https://github.com/Sylius/Sylius/issues/10711) [Docs] update docs. ([@AdamKasp](https://github.com/AdamKasp))
+- [#10715](https://github.com/Sylius/Sylius/issues/10715) [Fixtures] Add env variable for channel hostname ([@GSadee](https://github.com/GSadee))
+- [#10718](https://github.com/Sylius/Sylius/issues/10718) [Product] Go to edit from product show page ([@AdamKasp](https://github.com/AdamKasp))
+- [#10721](https://github.com/Sylius/Sylius/issues/10721) Fixed: use_authorize option comparison ([@igormukhingmailcom](https://github.com/igormukhingmailcom))
+- [#10723](https://github.com/Sylius/Sylius/issues/10723) [Admin][Product] Fix displaying variants on product show page ([@GSadee](https://github.com/GSadee))
+- [#10731](https://github.com/Sylius/Sylius/issues/10731) [Docs] Plugins technical review checklist ([@Zales0123](https://github.com/Zales0123))
+- [#10735](https://github.com/Sylius/Sylius/issues/10735) Do not impose a length of two on attribute codes and names ([@loevgaard](https://github.com/loevgaard))
+- [#10736](https://github.com/Sylius/Sylius/issues/10736) Channel page rework ([@kulczy](https://github.com/kulczy))
+- [#10754](https://github.com/Sylius/Sylius/issues/10754) clean Twig unused variable ([@oallain](https://github.com/oallain))
+- [#10756](https://github.com/Sylius/Sylius/issues/10756) Changed visibility to make it usable when extending ([@loevgaard](https://github.com/loevgaard))
+- [#10759](https://github.com/Sylius/Sylius/issues/10759) Fix user impersonated listener when impersonating another user resource ([@loic425](https://github.com/loic425))
+- [#10783](https://github.com/Sylius/Sylius/issues/10783) [Admin] Fix Github issue tracker link ([@Zales0123](https://github.com/Zales0123))
+- [#10791](https://github.com/Sylius/Sylius/issues/10791) Allow to define free products ([@Zales0123](https://github.com/Zales0123))
+- [#10796](https://github.com/Sylius/Sylius/issues/10796) [Admin][Order] Add promotions to order summary ([@GSadee](https://github.com/GSadee))
+- [#10803](https://github.com/Sylius/Sylius/issues/10803) Add Webpack Encore ([@kulczy](https://github.com/kulczy))
+- [#10810](https://github.com/Sylius/Sylius/issues/10810) [Admin][Order] Remove unnecessary tag ([@GSadee](https://github.com/GSadee))
+- [#10811](https://github.com/Sylius/Sylius/issues/10811) Explicitly list deprecated things in the code & solve Twig deprecations ([@pamil](https://github.com/pamil))
+- [#10812](https://github.com/Sylius/Sylius/issues/10812) [Shop] Hide shipping costs for orders with virtual products ([@GSadee](https://github.com/GSadee))
+- [#10814](https://github.com/Sylius/Sylius/issues/10814) Make Psalm more aggressive ([@pamil](https://github.com/pamil))
+- [#10818](https://github.com/Sylius/Sylius/issues/10818) [Payum][Checkout] Pass address data to PayPal after checkout ([@Zales0123](https://github.com/Zales0123))
+- [#10822](https://github.com/Sylius/Sylius/issues/10822) Fix typo in TaxonomyElementInterface classname ([@pamil](https://github.com/pamil))
+- [#10827](https://github.com/Sylius/Sylius/issues/10827) New Webpack approach ([@kulczy](https://github.com/kulczy))
+- [#10829](https://github.com/Sylius/Sylius/issues/10829) Remove Symfony ^3.4 support on the master branch ([@pamil](https://github.com/pamil))
+- [#10831](https://github.com/Sylius/Sylius/issues/10831) [Docs] Theming Guide: Webpack Encore v1 ([@CoderMaggie](https://github.com/CoderMaggie))
+- [#10833](https://github.com/Sylius/Sylius/issues/10833) Change banner ([@kulczy](https://github.com/kulczy))
+- [#10834](https://github.com/Sylius/Sylius/issues/10834) Remove usage of deprecated "Symfony\Component\Config\Definition\Builder\TreeBuilder::root()" ([@pamil](https://github.com/pamil))
+- [#10836](https://github.com/Sylius/Sylius/issues/10836) Do not use deprecated Symfony events ([@pamil](https://github.com/pamil))
+- [#10839](https://github.com/Sylius/Sylius/issues/10839) [Psalm] Improve docblocks ([@pamil](https://github.com/pamil))
+- [#10840](https://github.com/Sylius/Sylius/issues/10840) [Psalm] Treat PossiblyUndefined* and PossiblyFalse* as errors ([@pamil](https://github.com/pamil))
+- [#10843](https://github.com/Sylius/Sylius/issues/10843) [Psalm] Treat checks from level 5 as errors ([@pamil](https://github.com/pamil))
+- [#10845](https://github.com/Sylius/Sylius/issues/10845) [Psalm] Fix the build ([@pamil](https://github.com/pamil))
+- [#10847](https://github.com/Sylius/Sylius/issues/10847) Deprecate Stripe Checkout due to lacking support for SCA ([@pamil](https://github.com/pamil))
+- [#10848](https://github.com/Sylius/Sylius/issues/10848) Update Webpack docs ([@kulczy](https://github.com/kulczy))
+- [#10854](https://github.com/Sylius/Sylius/issues/10854) [Behat][Admin][Order] Fix scenarios for displaying promotions on master after upmerge ([@GSadee](https://github.com/GSadee))
+- [#10858](https://github.com/Sylius/Sylius/issues/10858) [Psalm] Treat MismatchingDocblockReturnType as errors ([@pamil](https://github.com/pamil))
+- [#10859](https://github.com/Sylius/Sylius/issues/10859) [Psalm] Treat MethodSignatureMismatch as errors ([@pamil](https://github.com/pamil))
+- [#10860](https://github.com/Sylius/Sylius/issues/10860) [Channel] channel types ([@AdamKasp](https://github.com/AdamKasp))
+- [#10861](https://github.com/Sylius/Sylius/issues/10861) Add Bootstrap based theming guide ([@kulczy](https://github.com/kulczy))
+- [#10873](https://github.com/Sylius/Sylius/issues/10873) [Psalm] Fix the build after Symfony 4.4 update ([@pamil](https://github.com/pamil))
+- [#10875](https://github.com/Sylius/Sylius/issues/10875) Revert changes causing BC break ([@pamil](https://github.com/pamil))
+- [#10876](https://github.com/Sylius/Sylius/issues/10876) Add warning message to the theming guide ([@kulczy](https://github.com/kulczy))
+- [#10883](https://github.com/Sylius/Sylius/issues/10883) Rework Behat testing from classes/ids to attributes for login and registration pages ([@Tomanhez](https://github.com/Tomanhez))
+- [#10885](https://github.com/Sylius/Sylius/issues/10885) Add help messages to settings requirements checked in CLI ([@akondas](https://github.com/akondas))
+- [#10888](https://github.com/Sylius/Sylius/issues/10888) Add missing sass-loader to dependencies ([@kulczy](https://github.com/kulczy))
+- [#10893](https://github.com/Sylius/Sylius/issues/10893) Improve emails templates ([@kulczy](https://github.com/kulczy), [@GSadee](https://github.com/GSadee), [@pamil](https://github.com/pamil))
+- [#10894](https://github.com/Sylius/Sylius/issues/10894) Add documentation for customising emails per channel ([@pamil](https://github.com/pamil))
+- [#10895](https://github.com/Sylius/Sylius/issues/10895) Fix misspellings in french fixtures files ([@DjLeChuck](https://github.com/DjLeChuck))
+- [#10897](https://github.com/Sylius/Sylius/issues/10897) Minor fixes - Rework behat tests ([@Tomanhez](https://github.com/Tomanhez))
+- [#10900](https://github.com/Sylius/Sylius/issues/10900) [Docs] [Channel]Fix docs with channel ([@AdamKasp](https://github.com/AdamKasp))

src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig

@@ -14,7 +14,7 @@
 
         {% if last_error %}
             <div class="ui left aligned basic segment">
-                {{ messages.error(last_error.message) }}
+                {{ messages.error(last_error.messageKey) }}
             </div>
         {% endif %}
 

symfony.lock

@@ -866,6 +866,12 @@
     "symplify/package-builder": {
         "version": "v4.6.1"
     },
+    "symplify/set-config-resolver": {
+        "version": "v7.0.2"
+    },
+    "symplify/smart-file-system": {
+        "version": "v7.0.2"
+    },
     "theofidry/alice-data-fixtures": {
         "version": "1.0",
         "recipe": {