Contributed by Jérémy Derussé in #39919.
BREACH is a security exploit against HTTPS when using HTTP compression. This kind of compression side-channel attacks are used to read some data by knowing only the size of the compressed data. Your site is at risk if attackers can read the size of your encrypted traffic and can also make any number of HTTP requests with CSRF tokens. The tradit
Contributed by Yonel Ceruto in #39913.
The OptionsResolver component helps you configure objects with option arrays and is used by other components such as Form. In Symfony 5.3 we’ve improved it with prototype options, to resolve and validate a series of options repeatedly as part of another option. Consider a connections option which accepts an array of database connections, each of
Join us next month for SymfonyWorld 2021! We've announced last Monday the first selected speakers of the international conference on June 17 and 18. We can't wait to meet you for an entire week of Symfony:
2-day online pre-conference workshops on June 15-16 2-day online conference with 2 tracks per day on June 17-18
The entire event, workshops and conference will be organized in English. All talks will have English subtitles and will be available in replay as soon as the conference ends.
Me
Symfony 4.4.23 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr) bug #41176 [DependencyInjection] fix dumping service-closure-arguments (@nicolas-grekas) bug #41168 WDT: Only load “Sfjs” if it is not present already (@weaverryan) bug #41147 [Inflector][String] wrong plural form of words ending by “pectus” (@makraz) bug #41160 [HttpClient] Don’t prepare the request in ScopingHttpCli
Symfony 5.2.8 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr) bug #41176 [DependencyInjection] fix dumping service-closure-arguments (@nicolas-grekas) bug #41174 [Console] Fix Windows code page support (@orkan) bug #41173 [Security] Make Login Rate Limiter also case insensitive for non-ascii user identifiers (@Seldaek) bug #41168 WDT: Only load “Sfjs” if it is not present already
Affected versions¶ Symfony >=2.8.0, <3.4.48 || >= 4.0.0, <4.4.23 || >= 5.0.0, <5.2.8 versions of the Symfony Security, Security Guard, Security Core, and Security HTTP components are affected by this security issue. The issue has been fixed in Symfony 3.4.48, 4.4.23, 5.2.8, and 5.3.0 beta4. All other affected minor versions of Symfony won’t be patched as they are not maintained anymore. Description¶ The ability to enumerate users was possible without relevant permissions due
Symfony 5.3.0-BETA4 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr) feature #41178 [FrameworkBundle] Introduce AbstractController::renderForm() instead of handleForm() (@lyrixx) feature #41182 [DependencyInjection] allow PHP-DSL files to be env-conditional (@nicolas-grekas) bug #41177 [DependencyInjection] fix empty instanceof-conditionals created by AttributeAutoconfigurationPass (&
Symfony 3.4.48 has just been released. Here is a list of the most important changes:
security #cve-2021-21424 [Security][Guard] Prevent user enumeration (@chalasr)
Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be notified whenever a new Symfony release is publi
Service Autoconfiguration Using Attributes¶
Contributed by
Nicolas Grekas
in #39804.Service autoconfiguration allows to automatically apply certain configuration to your services, based on your service’s class. This is useful for example to apply certain service tag to classes that implement some interface (e.g. when you create a class implementing Twig\Extension\AbstractExtension,
Reset Loggers on Messenger Workers¶
Contributed by
Laurent Voullemier
in #40761.One of the most important elements of the Messenger component are the workers that handle and process the messages. In Symfony 4.4 we improved workers to automatically clear the Doctrine entity manager after each message is processed (or failed) to avoid having issues with outdated entities. In Symfony 5
