v7.0.0-BETA3

Changelog (v7.0.0-BETA2...v7.0.0-BETA3)

• bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)
• bug #52524 [AssetMapper] Only download a CSS file if it is explicitly advertised (@weaverryan)
• bug #52523 [AssetMapper] avoid caching MappedAsset inside JavaScript Import (@weaverryan)
• bug #52519 [AssetMapper] If assets are served from a subdirectory or CDN, also adjust importmap keys (@weaverryan)
• bug #52508 [AssetMapper] Fix jsdelivr import parsing with no imported value (@weaverryan)
• security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
• security #cve-2023-46735 [Webhook] Remove user-submitted type from HTTP response (@nicolas-grekas)
• security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
• bug #52514 [FrameworkBundle] Don't reference SYMFONY_IDE env var in non-debug mode (@nicolas-grekas)
• bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
• bug #52496 [VarDumper] Accept mixed key on DsPairStub (@marc-mabe)
• bug #52502 [Config] Prefixing FileExistenceResource::__toString() to avoid conflict with FileResource (@weaverryan)
• bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
• bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
• bug #52469 Check whether secrets are empty and mark them all as sensitive (@nicolas-grekas)
• feature #52471 [HttpKernel] Add ControllerResolver::allowControllers() to define which callables are legit controllers when the _check_controller_is_allowed request attribute is set (@nicolas-grekas)
• bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
• bug #52434 [Console][FrameworkBundle] Fix missing profile option for console commands (@keulinho)
• bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
• bug #52472 [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded (@MatTheCat)
• bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
• bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
• feature #52449 [TwigBridge] Mark CodeExtension as @internal (@fabpot)
• bug #52429 [HttpClient] Replace escapeshellarg to prevent overpassing ARG_MAX (@alexandre-daubois)
• bug #52442 Disable the "Copy as cURL" button when the debug info are disabled (@stof)
• bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
• bug #52438 [HttpKernel] Fix uninitialized property in Bundle class (@javiereguiluz)
• feature #52336 [HttpFoundation][Lock] Makes MongoDB adapters usable with ext-mongodb only (@GromNaN)
• bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
• bug #52427 [Console][Process] do not let context classes extend the message classes (@xabbuh)
• bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
• bug #52132 [Console] Fix horizontal table top border is incorrectly rendered (@OskarStark)
• bug #52368 [AssetMapper] Fixing bug where JSCompiler used non-absolute importmap entry path (@weaverryan)
• bug #52367 [Uid] Fix UuidV7 collisions within the same ms (@nicolas-grekas)
• bug #52287 [FrameworkBundle] Fix deprecation layer for "enable_annotations" in validation and serializer configuration (@lyrixx)
• bug #52222 [MonologBridge] Fix support for monolog 3.0 (@louismariegaborit)

[PR] #52541
[SECURITY] Security release