Releases: symfony/security-http
Releases · symfony/security-http
v7.0.0-BETA3
Changelog (v7.0.0-BETA2...v7.0.0-BETA3)
- security symfony/symfony#cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
- bug symfony/symfony#52469 Check whether secrets are empty and mark them all as sensitive (@nicolas-grekas)
v6.4.0-BETA3
Changelog (v6.4.0-BETA2...v6.4.0-BETA3)
- security symfony/symfony#cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
- bug symfony/symfony#52469 Check whether secrets are empty and mark them all as sensitive (@nicolas-grekas)
v6.3.8
Changelog (v6.3.7...v6.3.8)
- security symfony/symfony#cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
v5.4.31
Changelog (v5.4.30...v5.4.31)
- security symfony/symfony#cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
v5.4.30
Changelog (v5.4.29...v5.4.30)
- no significant changes
v7.0.0-BETA1
Changelog (v6.3.6...v7.0.0-BETA1)
- feature symfony/symfony#51804 [Security] Make
impersonation_path()
argument mandatory and addimpersonation_url()
(@alexandre-daubois) - feature symfony/symfony#50030 Add new twig bridge function to generate impersonation path (@PhilETaylor)
- feature symfony/symfony#51585 [Security] Add badge resolution to profiler (@Jean-Beru)
- feature symfony/symfony#51434 [Security] [Throttling] Hide username and client ip in logs (@Spomky)
- feature symfony/symfony#51250 Remove remaining experimental classes (@fabpot)
- feature symfony/symfony#51069 Add types to public and protected properties (@nicolas-grekas)
- feature symfony/symfony#50290 [Security] Make
PersistentToken
immutable and tellTokenProviderInterface::updateToken()
implementations should acceptDateTimeInterface
(@nicolas-grekas) - feature symfony/symfony#50852 [Components] Convert to native return types (@wouterj)
- feature symfony/symfony#50842 Add missing return types to magic methods (@wouterj)
- feature symfony/symfony#50873 Remove remaining deprecated code paths (@nicolas-grekas)
- feature symfony/symfony#50858 [HttpKernel] Remove deprecated code paths (@nicolas-grekas)
- feature symfony/symfony#50866 [Security] Remove deprecated code paths (@nicolas-grekas)
- feature symfony/symfony#50839 Remove BC layers related to new methods and new parameters (@nicolas-grekas)
- feature symfony/symfony#50404 Bump to PHP 8.2 minimum (@nicolas-grekas)
v6.4.0-BETA1
Changelog (v6.3.6...v6.4.0-BETA1)
- feature symfony/symfony#51804 [Security] Make
impersonation_path()
argument mandatory and addimpersonation_url()
(@alexandre-daubois) - feature symfony/symfony#50030 Add new twig bridge function to generate impersonation path (@PhilETaylor)
- feature symfony/symfony#51585 [Security] Add badge resolution to profiler (@Jean-Beru)
- feature symfony/symfony#51434 [Security] [Throttling] Hide username and client ip in logs (@Spomky)
- feature symfony/symfony#51250 Remove remaining experimental classes (@fabpot)
- feature symfony/symfony#50290 [Security] Make
PersistentToken
immutable and tellTokenProviderInterface::updateToken()
implementations should acceptDateTimeInterface
(@nicolas-grekas) - feature symfony/symfony#50842 Add missing return types to magic methods (@wouterj)
v6.3.6
Changelog (v6.3.5...v6.3.6)
- bug symfony/symfony#51858 [Security] Fix resetting traceable listeners (@chalasr)
v6.3.5
Changelog (v6.3.4...v6.3.5)
- no significant changes
v6.3.4
Changelog (v6.3.3...v6.3.4)
- bug symfony/symfony#51350 [Security] Prevent creating session in stateless firewalls (@Seb33300)
- bug symfony/symfony#51104 [Security] Fix loading user from UserBadge (@guillaumesmo)
- bug symfony/symfony#51445 [Security] FormLoginAuthenticator: fail for non-string password (@dmaicher)