Permalink
Commits on Aug 24, 2018
  1. minor #28258 [travis] fix composer.lock invalidation for deps=low (ni…

    nicolas-grekas committed Aug 24, 2018
    …colas-grekas)
    
    This PR was merged into the 2.8 branch.
    
    Discussion
    ----------
    
    [travis] fix composer.lock invalidation for deps=low
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 2.8
    | Bug fix?      | no
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    Commits
    -------
    
    41ffba1 [travis] fix composer.lock invalidation for deps=low
Commits on Aug 19, 2018
  1. [travis] fix composer.lock invalidation for PRs patching several comp…

    nicolas-grekas committed Aug 19, 2018
    …onents
  2. [travis] fix composer.lock invalidation for deps=low

    nicolas-grekas committed Aug 19, 2018
Commits on Aug 18, 2018
  1. minor #28199 [travis][appveyor] use symfony/flex to accelerate builds…

    fabpot authored and nicolas-grekas committed Aug 18, 2018
    … (nicolas-grekas)
    
    This PR was merged into the 2.8 branch.
    
    Discussion
    ----------
    
    [travis][appveyor] use symfony/flex to accelerate builds
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 2.8
    | Bug fix?      | no
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    Playing with symfony/flex#409
    
    The optimization is required because appveyor is transiently failing with OOM errors, see e.g.
    https://ci.appveyor.com/project/fabpot/symfony/build/1.0.39377
    
    Commits
    -------
    
    940ec8f [travis][appveyor] use symfony/flex to accelerate builds
Commits on Aug 7, 2018
  1. [travis] ignore ordering when validating composer.lock files for deps…

    nicolas-grekas committed Aug 7, 2018
    …=low
  2. minor #28146 [travis] cache composer.lock files for deps=low (nicolas…

    nicolas-grekas committed Aug 7, 2018
    …-grekas)
    
    This PR was merged into the 2.8 branch.
    
    Discussion
    ----------
    
    [travis] cache composer.lock files for deps=low
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 2.8
    | Bug fix?      | no
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    I just realized that the resolved package versions for lowest deps depends only on the root composer.json, and not on transitive deps.
    This means we can cache the lock files and save ~10 minutes required to resolve the lowest deps of the SecurityBundle.
    
    Commits
    -------
    
    caaa74c [travis] cache composer.lock files for deps=low
Commits on Aug 3, 2018
  1. fix ci

    nicolas-grekas committed Aug 3, 2018
  2. [travis] fix requiring mongodb/mongodb before composer up

    nicolas-grekas committed Aug 3, 2018
  3. minor #28114 [travis] merge "same Symfony version" jobs in one (nicol…

    nicolas-grekas committed Aug 3, 2018
    …as-grekas)
    
    This PR was merged into the 2.8 branch.
    
    Discussion
    ----------
    
    [travis] merge "same Symfony version" jobs in one
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 2.8
    | Bug fix?      | no
    | New feature?  |
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    Allowing to consume fewer jobs and save the 1 to 2 minutes bootstrap time of workers.
    
    Commits
    -------
    
    9857ca0 [travis] merge "same Symfony version" jobs in one
Commits on Aug 2, 2018
  1. minor #28110 [2.7] Make CI green (nicolas-grekas)

    fabpot committed Aug 2, 2018
    This PR was merged into the 2.7 branch.
    
    Discussion
    ----------
    
    [2.7] Make CI green
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 2.7
    | Bug fix?      | no
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    2.7 still receives security fixes for a few more months, let's keep its CI green.
    
    Commits
    -------
    
    ced4201 [2.7] Make CI green
  2. [2.7] Make CI green

    nicolas-grekas committed Aug 2, 2018
Commits on Aug 1, 2018
  1. Merge pull request #28098 from fabpot/release-2.7.49

    fabpot committed Aug 1, 2018
    released v2.7.49
  2. updated VERSION for 2.7.49

    fabpot committed Aug 1, 2018
  3. updated CHANGELOG for 2.7.49

    fabpot committed Aug 1, 2018
  4. security #cve-2018-14774 [HttpKernel] fix trusted headers management …

    nicolas-grekas committed Aug 1, 2018
    …in HttpCache and InlineFragmentRenderer (nicolas-grekas)
    
    * commit '08a32d44b6':
      [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
  5. security #cve-2018-14773 [HttpFoundation] Remove support for legacy a…

    nicolas-grekas committed Aug 1, 2018
    …nd risky HTTP headers (nicolas-grekas)
    
    This PR was merged into the 2.7 branch.
    
    Discussion
    ----------
    
    [2.7][HttpFoundation] Remove support for legacy and risky HTTP headers
    
    Commits
    -------
    
    eda2b20 [HttpFoundation] Remove support for legacy and risky HTTP headers
Commits on Jul 31, 2018
Commits on May 25, 2018
  1. Merge pull request #27374 from fabpot/release-2.7.48

    fabpot committed May 25, 2018
    released v2.7.48
  2. updated VERSION for 2.7.48

    fabpot committed May 25, 2018
  3. update CONTRIBUTORS for 2.7.48

    fabpot committed May 25, 2018
  4. updated CHANGELOG for 2.7.48

    fabpot committed May 25, 2018
  5. bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser int…

    fabpot committed May 25, 2018
    …ialization (nicolas-grekas)
    
    This PR was merged into the 2.7 branch.
    
    Discussion
    ----------
    
    [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 2.7
    | Bug fix?      | yes
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | #27307
    | License       | MIT
    | Doc PR        | -
    
    introduced in #26886
    
    ![image](https://user-images.githubusercontent.com/243674/40451947-918f5358-5ee0-11e8-9f1a-cf707bf3cefa.png)
    
    Commits
    -------
    
    f8e7a18 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization
  6. fixed constraints

    fabpot committed May 25, 2018
  7. bumped dep

    fabpot committed May 25, 2018
  8. bumped dep

    fabpot committed May 25, 2018
Commits on May 24, 2018
  1. security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils…

    fabpot committed May 24, 2018
    … cannot be configured
    
    * cve-2018-11408-2.7:
      [SecurityBundle] Fail if security.http_utils cannot be configured
  2. security #cve-2018-11406 clear CSRF tokens when the user is logged out

    fabpot committed May 24, 2018
    * cve-2018-11406-2.7:
      clear CSRF tokens when the user is logged out
Commits on May 23, 2018
  1. security #cve-2018-11385 Adding session strategy to ALL listeners to …

    fabpot committed May 23, 2018
    …avoid *any* possible fixation
    
    * cve-2018-11385-2.7:
      Adding session strategy to ALL listeners to avoid *any* possible fixation
  2. security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoS…

    fabpot committed May 23, 2018
    …essionHandler when MySQL is in loose mode
    
    * cve-2018-11386:
      [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode