Contributed by Jesse Rushlow in #40323.
In Symfony applications there are several methods of passing data from the backend to the frontend. Some applications make Ajax requests whenever they need data and others prefer to pass it in Twig templates as HTML attributes or JavaScript variable values. In Symfony 5.3 we’ve added a simpler way of doing this: the new serialize Twig filter. Th
This week, Symfony 3.4.48, 4.4.23 and 5.2.8 maintenance versions were released to mitigate the CVE-2021-21424 security issue. In addition, the fourth beta of Symfony 5.3 was published and the first speakers of the SymfonyWorld 2021 conference were announced.
Symfony development highlights
This week, 61 pull requests were merged (56 in code and 5 in docs) and 37 issues were closed (30 in code and 7 in docs). Excluding merges, 25 authors made 397,998 additions and 353,391 deletions. See details
Contributed by Jérémy Derussé in #39919.
BREACH is a security exploit against HTTPS when using HTTP compression. This kind of compression side-channel attacks are used to read some data by knowing only the size of the compressed data. Your site is at risk if attackers can read the size of your encrypted traffic and can also make any number of HTTP requests with CSRF tokens. The tradit
Contributed by Yonel Ceruto in #39913.
The OptionsResolver component helps you configure objects with option arrays and is used by other components such as Form. In Symfony 5.3 we’ve improved it with prototype options, to resolve and validate a series of options repeatedly as part of another option. Consider a connections option which accepts an array of database connections, each of
Join us next month for SymfonyWorld 2021! We've announced last Monday the first selected speakers of the international conference on June 17 and 18. We can't wait to meet you for an entire week of Symfony:
2-day online pre-conference workshops on June 15-16 2-day online conference with 2 tracks per day on June 17-18
The entire event, workshops and conference will be organized in English. All talks will have English subtitles and will be available in replay as soon as the conference ends.
Me
Symfony 4.4.23 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr) bug #41176 [DependencyInjection] fix dumping service-closure-arguments (@nicolas-grekas) bug #41168 WDT: Only load “Sfjs” if it is not present already (@weaverryan) bug #41147 [Inflector][String] wrong plural form of words ending by “pectus” (@makraz) bug #41160 [HttpClient] Don’t prepare the request in ScopingHttpCli
Symfony 5.2.8 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr) bug #41176 [DependencyInjection] fix dumping service-closure-arguments (@nicolas-grekas) bug #41174 [Console] Fix Windows code page support (@orkan) bug #41173 [Security] Make Login Rate Limiter also case insensitive for non-ascii user identifiers (@Seldaek) bug #41168 WDT: Only load “Sfjs” if it is not present already
Affected versions¶ Symfony >=2.8.0, <3.4.48 || >= 4.0.0, <4.4.23 || >= 5.0.0, <5.2.8 versions of the Symfony Security, Security Guard, Security Core, and Security HTTP components are affected by this security issue. The issue has been fixed in Symfony 3.4.48, 4.4.23, 5.2.8, and 5.3.0 beta4. All other affected minor versions of Symfony won’t be patched as they are not maintained anymore. Description¶ The ability to enumerate users was possible without relevant permissions due
Symfony 5.3.0-BETA4 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr) feature #41178 [FrameworkBundle] Introduce AbstractController::renderForm() instead of handleForm() (@lyrixx) feature #41182 [DependencyInjection] allow PHP-DSL files to be env-conditional (@nicolas-grekas) bug #41177 [DependencyInjection] fix empty instanceof-conditionals created by AttributeAutoconfigurationPass (&
Symfony 3.4.48 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr)
Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be notified whenever a new Symfony release is publi
