@fabpot fabpot released this Dec 6, 2018 · 60 commits to master since this release

Assets 2

Changelog (since v4.2.0...v4.2.1)

  • security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (@xabbuh)
  • security #cve-2018-19789 [Form] Filter file uploads out of regular form types (@nicolas-grekas)
  • bug #29481 [TwigBridge] Deprecating legacy Twig paths in DebugCommand and simplifications (@yceruto)
  • bug #29436 [Cache] Fixed Memcached adapter doClear()to call flush() (@raitocz)
  • bug #29482 Fixes sprintf(): Too few arguments in MessageFormatter::choiceFormat (@stephanedelprat)
  • bug #29461 [Contracts] extract LocaleAwareInterface out of TranslatorInterface (@nicolas-grekas)
  • bug #29446 [VarExporter] fix dumping private properties from abstract classes (@nicolas-grekas)
  • bug #29441 [Routing] ignore trailing slash for non-GET requests (@nicolas-grekas)
  • bug #29445 [FrameworkBundle] Fix empty output for debug:autowiring when reflection-docblock is not installed (@chalasr)
  • bug #29444 [Workflow] Fixed BC break for Workflow metadata (@lyrixx)
  • bug #29432 [DI] dont inline when lazy edges are found (@nicolas-grekas)
  • bug #29413 [Serializer] fixed DateTimeNormalizer to maintain microseconds when a different timezone required (@rvitaliy)
  • bug #29424 [Routing] fix taking verb into account when redirecting (@nicolas-grekas)
  • bug #29418 [VarExporter] fix dumping protected property from abstract classes (@nicolas-grekas)
  • bug #29414 [DI] Fix dumping expressions accessing single-use private services (@chalasr)
  • bug #28853 [LDAP] Add TIMEOUT Option to LDAP Connection Options (@lmatte7)
  • bug #29399 [FrameworkBundle] define doctrine as default_pdo_provider only if the package is installed (@nicolas-grekas)
  • bug #29375 [Validator] Allow ConstraintViolation::__toString() to expose codes that are not null or emtpy strings (@phansys)
  • bug #29376 [EventDispatcher] Fix eventListener wrapper loop in TraceableEventDispatcher (@jderusse)
  • bug #29386 undeprecate the single-colon notation for controllers (@fbourigault)
  • bug #29393 [DI] fix edge case in InlineServiceDefinitionsPass (@nicolas-grekas)
  • bug #29394 [Config] fix path exclusion during glob discovery (@nicolas-grekas)
  • bug #29395 [FrameworkBundle][Messenger] Restore check for messenger serializer default id (@ogizanagi)
  • bug #29380 [Routing] fix greediness of trailing slash (@nicolas-grekas)

[PR] #29493
[SECURITY] Security release

@fabpot fabpot released this Dec 6, 2018 · 1142 commits to master since this release

Assets 2

Changelog (since v4.1.8...v4.1.9)

  • security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (@xabbuh)
  • security #cve-2018-19789 [Form] Filter file uploads out of regular form types (@nicolas-grekas)
  • bug #29436 [Cache] Fixed Memcached adapter doClear()to call flush() (@raitocz)
  • bug #29441 [Routing] ignore trailing slash for non-GET requests (@nicolas-grekas)
  • bug #29444 [Workflow] Fixed BC break for Workflow metadata (@lyrixx)
  • bug #29432 [DI] dont inline when lazy edges are found (@nicolas-grekas)
  • bug #29413 [Serializer] fixed DateTimeNormalizer to maintain microseconds when a different timezone required (@rvitaliy)
  • bug #29424 [Routing] fix taking verb into account when redirecting (@nicolas-grekas)
  • bug #29414 [DI] Fix dumping expressions accessing single-use private services (@chalasr)
  • bug #29375 [Validator] Allow ConstraintViolation::__toString() to expose codes that are not null or emtpy strings (@phansys)
  • bug #29376 [EventDispatcher] Fix eventListener wrapper loop in TraceableEventDispatcher (@jderusse)
  • bug #29386 undeprecate the single-colon notation for controllers (@fbourigault)
  • bug #29393 [DI] fix edge case in InlineServiceDefinitionsPass (@nicolas-grekas)
  • bug #29380 [Routing] fix greediness of trailing slash (@nicolas-grekas)
  • bug #29343 [Form] Handle all case variants of "nan" when parsing a number (@mwhudson, @xabbuh)
  • bug #29373 [Routing] fix trailing slash redirection (@nicolas-grekas)
  • bug #29355 [PropertyAccess] calculate cache keys for property setters depending on the value (@xabbuh)
  • bug #29369 [DI] fix combinatorial explosion when analyzing the service graph (@nicolas-grekas)
  • bug #29349 [Debug] workaround opcache bug mutating "$this" !?! (@nicolas-grekas)

[PR] #29492
[SECURITY] Security release

@fabpot fabpot released this Dec 6, 2018 · 3057 commits to master since this release

Assets 2

Changelog (since v4.0.14...v4.0.15)

  • security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (@xabbuh)
  • security #cve-2018-19789 [Form] Filter file uploads out of regular form types (@nicolas-grekas)

[PR] #29491
[SECURITY] Security release

@fabpot fabpot released this Dec 6, 2018 · 3317 commits to master since this release

Assets 2

Changelog (since v3.4.19...v3.4.20)

  • security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (@xabbuh)
  • security #cve-2018-19789 [Form] Filter file uploads out of regular form types (@nicolas-grekas)
  • bug #29436 [Cache] Fixed Memcached adapter doClear()to call flush() (@raitocz)
  • bug #29441 [Routing] ignore trailing slash for non-GET requests (@nicolas-grekas)
  • bug #29432 [DI] dont inline when lazy edges are found (@nicolas-grekas)
  • bug #29413 [Serializer] fixed DateTimeNormalizer to maintain microseconds when a different timezone required (@rvitaliy)
  • bug #29424 [Routing] fix taking verb into account when redirecting (@nicolas-grekas)
  • bug #29414 [DI] Fix dumping expressions accessing single-use private services (@chalasr)
  • bug #29375 [Validator] Allow ConstraintViolation::__toString() to expose codes that are not null or emtpy strings (@phansys)
  • bug #29376 [EventDispatcher] Fix eventListener wrapper loop in TraceableEventDispatcher (@jderusse)
  • bug #29343 [Form] Handle all case variants of "nan" when parsing a number (@mwhudson, @xabbuh)
  • bug #29355 [PropertyAccess] calculate cache keys for property setters depending on the value (@xabbuh)
  • bug #29369 [DI] fix combinatorial explosion when analyzing the service graph (@nicolas-grekas)
  • bug #29349 [Debug] workaround opcache bug mutating "$this" !?! (@nicolas-grekas)

[PR] #29488
[SECURITY] Security release

@nicolas-grekas nicolas-grekas released this Dec 6, 2018 · 11104 commits to master since this release

Assets 2

Changelog (since v2.8.48...v2.8.49)

  • security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (@xabbuh)
  • security #cve-2018-19789 [Form] Filter file uploads out of regular form types (@nicolas-grekas)

[PR] #29487
[SECURITY] Security release

@fabpot fabpot released this Dec 6, 2018 · 13767 commits to master since this release

Assets 2

Changelog (since v2.7.49...v2.7.50)

  • security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (@xabbuh)
  • security #cve-2018-19789 [Form] Filter file uploads out of regular form types (@nicolas-grekas)

[PR] #29486
[SECURITY] Security release

@fabpot fabpot released this Nov 30, 2018 · 180 commits to master since this release

Assets 2

Changelog (since v4.2.0-RC1...v4.2.0)

[PR] #29383

Pre-release
Pre-release

@fabpot fabpot released this Nov 26, 2018 · 225 commits to master since this release

Assets 2

Changelog (since v4.2.0-BETA2...v4.2.0-RC1)

  • bug #29332 [PropertyAccess] make cache keys encoding bijective (@nicolas-grekas)
  • bug #29298 [Routing] fix trailing slash redirection when using RedirectableUrlMatcher (@nicolas-grekas)
  • bug #29297 [Routing] fix trailing slash redirection when using RedirectableUrlMatcher (@nicolas-grekas)
  • bug #29313 [PropertyAccessor] fix encoding of cache keys (@nicolas-grekas)
  • bug #29328 [HttpKernel] handle anonymous classes when generating the dumped container class name (@nicolas-grekas)
  • bug #28917 [DoctrineBridge] catch errors while converting to db values in data collector (@alekitto)
  • bug #29317 [WebProfiler] Detect non-file paths in file viewer (@ro0NL)
  • bug #29305 [EventDispatcher] Unwrap wrapped listeners internally (@ro0NL)
  • bug #29302 [Contracts][Cache] allow retrieving metadata of cached items (@nicolas-grekas)
  • bug #29315 [DI] fix copying expression providers when analyzing the service graph (@nicolas-grekas)
  • bug #27314 [DoctrineBridge] fix case sensitivity issue in RememberMe\DoctrineTokenProvider (@PF4Public)
  • bug #29310 [MonologBridge] Return empty list for unknown requests (@ro0NL)
  • bug #29316 [VarDumper] Fix ClassStub ellipsis (@ro0NL)
  • bug #29300 [Translation] fix dumping catalogues cache (@nicolas-grekas)
  • bug #29308 [Translation] Use XLIFF source rather than resname when there's no target (@thewilkybarkid)
  • bug #26244 [BrowserKit] fixed BC Break for HTTP_HOST header (@brizzz)
  • bug #28147 [DomCrawler] exclude fields inside "template" tags (@Gorjunov)
  • bug #29260 [Lock] Fixed PdoStore::putOffExpiration(), PdoStore::getHashedKey() (@PavelPrischepa)
  • bug #29222 [Dotenv] properly parse backslashes in unquoted env vars (@xabbuh)
  • bug #29256 [HttpFoundation] Fixed absolute Request URI with default port (@thomasbisignani)
  • bug #29274 [Routing] Remove duplicate schemes and methods for invokable controllers (@claudusd)
  • bug #29285 [HttpKernel][WebProfilerBundle] Getting the cached client mime type instead of guessing it again (@yceruto)
  • bug #29271 [HttpFoundation] Fix trailing space for mime-type with parameters (@sascha Dens)
  • feature #29167 [Messenger] Add a trait for synchronous query & command buses (@ogizanagi)
  • bug #29243 [Cache] fix optimizing Psr6Cache for AdapterInterface pools (@nicolas-grekas)
  • bug #29247 [DI] fix taking lazy services into account when dumping the container (@nicolas-grekas)
  • bug #29249 [Form] Fixed empty data for compound date interval (@HeahDude)
  • bug #29265 [Bridge/PhpUnit] Use composer to download phpunit (@nicolas-grekas)
  • bug #28769 [FrameworkBundle] deal with explicitly enabled workflow nodes (@xabbuh)

[PR] #29339

@fabpot fabpot released this Nov 26, 2018 · 1247 commits to master since this release

Assets 2

Changelog (since v4.1.7...v4.1.8)

[PR] #29335

@fabpot fabpot released this Nov 26, 2018 · 3394 commits to master since this release

Assets 2

Changelog (since v3.4.18...v3.4.19)

[PR] #29334