Symfony News

A week of symfony #465 (23-29 November 2015)

This week Symfony published the 2.3.35, 2.6.12 and 2.7.7 security releases. Meanwhile, the development activity focused on 2.8 and 3.0 versions, which will be published at the beginning of the next week. Finally, the Symfony Business and Community Awards were announced and they'll be awarded during the SymfonyCon Paris 2015 conference at the end of the next week.

Symfony2 development highlights

2.3 changelog:

• f1fd768: [Security] fixed potential timing attack issue
• 557ea17: [Form] mitigated CSRF timing attack vulnerability
• 819aa54: [Form] prevented timing attacks in digest auth listener
• f88e600: [Security] migrated session after remember me authentication
• 0113ac3: [Router] fixed an issue in applications that defined several thousands of routes
• 4a17c9e: [ClassLoader] fixed parsing namespace when token_get_all() is missing
• 55f84a3: [SecurityBundle] disabled the init:acl command if ACL is not used

2.7 changelog:

• 01c08fc: [Debug] ensured class declarations are loaded only once
• f495410: [Form] disabled view data validation if "data_class" is set to null
• 3ab8189, 1179f07: [Form] deprecated setting "choices_as_values" to "false"
• a35d3d4: [Form] added missing tests for Bootstrap horizontal for theme

2.8 changelog:

• 8feb9ef: [Routing] changed RouteCollectionBuilder::import() behavior to add to the builder
• 922b946: [HttpKernel] don't reset on shutdown but in FrameworkBundle/Test/KernelTestCase
• fd8b87c: [Security] deprecated AbstractVoter in favor of Voter
• 0e0b904: [Translation, Form] do not translate form labels and placeholders when 'translation_domain' is false
• 41df3fc: [Form] deprecated TimezoneType::getTimezones()
• 5386752: [Form] deprecated ArrayKeyChoiceList
• f4f082e: [HttpFoundation] deprecated $deep parameter on ParameterBag
• 5a88fb6: [Bridge\PhpUnit] display the stack trace of a deprecation on-demand
• 683f0f7: [Serializer] improved ObjectNormalizer performance
• 0450865: [Security] use csrf_token_id instead of deprecated intention
• 96afff6, b272ab5: [SecurityBundle] fixed disabling of RoleHierarchyVoter when passing empty hierarchy

Master changelog:

• 1ab7316: [DependencyInjection] used try-finally for container
• 5bc34d2: [Form] droped remaing CsrfProviderAdapter/Interface mentions
• 812396d: [Security] removed deprecated HTTP digest auth key
• d834cd3: [Form] added getBlockPrefix to FormTypeInterface
• d641fc5: [Form] removed deprecated CSRF options

Newest issues and pull requests

• [Expression-Language] Introduce the possibility of overriding builtin operators
• Request Accept Header with multiple values returns inconsistent contains() responses
• Constraint caching causes Callback to be executed only for the first group
• Static code analysis failure on ApacheUrlMatcher
• [Process] Issue with setTTY=true

They talked about us

• How to Deploy a Symfony Application to Production on Ubuntu 14.04
• Your Packages Dependencies
• My slides about API Platform from AFUP's Forum PHP 2015
• How to execute an external PHP application inside Symfony/Drupal in a Sandbox
• Symfony and eCommerce: Elcodi, Sylius and Thelia
• Drupal Commerce 2 and PHP Components
• Anunciada la tercera edición de los premios Symfony Community & Business Awards
• Se publican las actualizaciones de seguridad 2.3.35, 2.6.12 y 2.7.7
• Actualización de Seguridad en #Symfony 2.6.x y 2.7.x
• Le microframework Symfony 2.8 sera disponible avant la fin du mois
• Un microframework Symfony 2.8 arrive