-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Symfony 6 Support #1588
Comments
I've made a start by adding
I think, looking at this, we may have to finish upgrading gettext as well.. I'm not sure this is feasible for our next major release.. |
It’s not required that it works without any deprecation? Deprecated == it still works |
You are correct Thijs.. Apparently the phpunit-bridge also detects PHP deprecations.. I must add that this text comes from the PHPUnit test for PHP 8.1.. We could decide to have SSP 2.0 only support up to PHP 8.0, but that's probably gonna disappoint some people.. Anyway, I think it's safe to add support for symfony 6.0 and start doing some tests with it.. |
Ok, so I've added Symfony 6 support to the composer-files.. It could work on PHP 8.0, but we probably have to resolve the above issues for PHP 8.1.. |
I am using php 8.1 so should I wait until we have a known compatible version on master before I begin testing? |
|
The first error i'm seeing is
|
Hmm, the only way around this would be to bump the minimum PHP-version to 8.0 and drop Symfony 5.4 support.. |
We've discussed this internally and we feel that it's too soon to drop support for Symfony 5.4 and we don't see a way to support 5.4 and 6.x simultaneously due to the changes in method signatures in Symfony. |
I've been giving this a little bit more thought and we could work our way around this if we duplicate the following classes; |
Adding to the discussion, I'd say there is nothing wrong with releasing a two major versions simultaneously. 2.x and 3.x with the same features, but different baseline dependencies. Why not? It adds a bit to the maintenance complexity, but if the real changes are only in a few classes' signatures, the complexity involves merging changes to two major-version-specific branches, instead of one. Symfony project itself does it all the time. |
Yeah, with current capacity, that's just not going to happen.. |
Isn't a major version jump (e.g. 1.x → 2.x) the perfect opportunity to make important breaking changes like moving to Symfony 6? PHP 7 is fully EOL in November, which is only 6 months away... and this library is already facing compatibility problems with environments and packages that are, as of now, already out-of-date themselves. Not moving on to Symfony 6 and PHP 8 before November 28 (PHP 7.4's EOL date), simplesamlphp itself stands to be considered inherently insecure itself, does it not? |
@Veraxus It does not, because vendors like RedHat keep maintaining PHP... We have been postponing our 2.0 release for too long, so our current goal is to release this ASAP and from then up the release-cycle.. |
I've spent the night checking into this to see if there's an easy way.. There's just so much stuff breaking with Symfony 6 that there is absolutely no way we're adding this to SSP 2.0... Feel free to file a PR if this is important to you. |
For years I'd made the assumption "supported" meant "secure" in LTS linux distros. About 3 years ago we did our own internal audit of the LTS distros from the mainstream vendors and their patching of the major packages as the distro aged. We found that the backporting was more "best effort", and as things age (and packages like PHP get older and further from the upstream supported version), it takes more effort to do the backport. Something like Apache httpd (which doesn't move much) would be fairly easy to backport for. Backporting to PHP 5.6 patches when 7.4 is only months away from being EOL? The outcome of our audit actually showed the short term supported distributions were actually the best at patching, because the amount of effort to patch recently released software was trivial compared to attempting to backport from something several major versions into the future. The LTS distros (paid or free) were pretty hit and miss, and didn't really map to the sales pitch. Short version: Ignore what RHEL 7 ships with on a product which is designed to run on the public internet. In the case of RHEL, they use short term supported software collections to provide more up to date packages than in the base distribution, which currently includes PHP 7.3 (also not supported upstream anymore). |
No. Symfony 5.x does support PHP 8. If you take a look through the Symfony 5.4 changelog, there's PRs being merged for issues with PHP 8.1 and 8.2, so it should work. To be clear, I'd like Symfony 6 support too. We use simpleSAMLphp as a library within our Symfony apps, and so it holds us back from upgrading. When it does finally support Symfony 6, we'll need to upgrade all of our apps to Symfony 6 at that time. Hopefully they can figure out a way to support Symfony 5.x and 6.x in parallel for a short period of time to allow people to upgrade. |
Again, PR's are welcome. I wasn't able to get 6.x to work at all and there is zero Symfony-expertise here. |
PR for Symfony 6 compatiblity: #1675 No major breaking changes, all the required changes are compatible with Symfony 5.4 as well. Please test and give feedback. |
Was backported to 2.0 release branch. A new release candidate for 2.0 will be released soon |
\n This issue has been automatically locked since there has \n not been any recent activity after it was closed.\n Please open a new issue for related bugs. |
Is your feature request related to a problem? Please describe.
Symfony 6 has been stable since November 2021 and simplesamlphp only supports v5 currently. This blocks installation of other packages, e.g.
illuminate v9
which require symfony 6.Describe the solution you'd like
Add support for Symfony 6.
Describe alternatives you've considered
None
The text was updated successfully, but these errors were encountered: