Symfony News

Symfony 3.4.37 released

Symfony 3.4.37 has just been released. Here is a list of the most important changes:

• bug #35065 [Security] Use supportsClass in addition to UnsupportedUserException (@linaori)
• bug #35343 [Security] Fix RememberMe with null password (@jderusse)
• bug #35318 [Yaml] fix PHP const mapping keys using the inline notation (@xabbuh)
• bug #35304 [HttpKernel] Fix that no-cache MUST revalidate with the origin (@mpdude)
• bug #35299 Avoid stale-if-error in FrameworkBundle's HttpCache if kernel.debug = true (@mpdude)
• bug #35151 [DI] deferred exceptions in ResolveParameterPlaceHoldersPass (@Islam93)
• bug #35254 [PHPUnit-Bridge] Fail-fast in simple-phpunit if one of the passthru() commands fails (@mpdude)
• bug #34643 [Dotenv] Fixed infinite loop with missing quote followed by quoted value (@naitsirch)
• bug #35239 [SecurityHttp] Prevent canceled remember-me cookie from being accepted (@chalasr)
• bug #35267 [Debug] fix ClassNotFoundFatalErrorHandler (@nicolas-grekas)
• bug #35193 [TwigBridge] butto _widget now has its title attr translated even if its label = null or false (@stephen-lewis)
• bug #35219 [PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script (@oleg-andreyev)
• bug #35170 [FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr (@fancyweb)
• bug #35134 [PropertyInfo] Fix BC issue in phpDoc Reflection library (@jaapio)
• bug #35125 [Translator] fix performance issue in MessageCatalogue and catalogue operations (@ArtemBrovko)
• bug #35103 [Translation] Use local _parse for computing fallback locales (@alanpoulain)
• bug #35094 [Console] Fix filtering out identical alternatives when there is a command loader (@fancyweb)
• bug #35039 [DI] skip looking for config class when the extension class is anonymous (@nicolas-grekas)
• bug #35049 [ProxyManager] fix generating proxies for root-namespaced classes (@nicolas-grekas)
• bug #35022 [Dotenv] FIX missing getenv (@mccullagh)
• bug #35010 [VarDumper] ignore failing debugInfo() (@nicolas-grekas)
• bug #35000 [Console][SymfonyQuestionHelper] Handle multibytes question choices keys and custom prompt (@fancyweb)
• bug #29839 [Validator] fix comparisons with null values at property paths (@xabbuh)
• bug #34900 [DoctrineBridge] Fixed submitting invalid ids when using queries with limit (@HeahDude)
• bug #34791 [Serializer] Skip uninitialized (PHP 7.4) properties in PropertyNormalizer and ObjectNormalizer (@vudaltsov)
• bug #34915 [FrameworkBundle] Fix invalid Windows path normalization in TemplateNameParser (@mvorisek)
• bug #34981 stop using deprecated Doctrine persistence classes (@xabbuh)
• bug #34904 [Validator][ConstraintValidator] Safe fail on invalid timezones (@fancyweb)
• bug #34918 [Translation] fix memoryleak in PhpFileLoader (@nicolas-grekas)
• bug #34438 [HttpFoundation] Use Cache-Control: must-revalidate only if explicit lifetime has been given (@mpdude)
• bug #34449 [Yaml] Implement multiline string as scalar block for tagged values (@natepage)
• bug #34601 [MonologBridge] Fix debug processor datetime type (@mRoca)
• bug #34842 [ExpressionLanguage] Process division by zero (@tigr1991)
• bug #34902 [PropertyAccess] forward caught exception (@xabbuh)
• bug #34888 [TwigBundle] add tags before processing them (@xabbuh)
• bug #34762 [Config] never try loading failed classes twice with ClassExistenceResource (@nicolas-grekas)
• bug #34839 [Cache] fix memory leak when using PhpArrayAdapter (@nicolas-grekas)
• bug #34812 [Yaml] fix parsing negative octal numbers (@xabbuh)
• bug #34788 [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass (@fancyweb)
• bug #34755 [FrameworkBundle] resolve service locators in debug: commands (@nicolas-grekas)
• bug #34832 [Validator] Allow underscore character _" in URL username and password (@romainneutron)
• bug #34738 [SecurityBundle] Passwords are not encoded when algorithm set to "true" (@nieuwenhuisen)
• bug #34779 [Security] do not validate passwords when the hash is null (@xabbuh)
• bug #34757 [DI] Fix making the container path-independent when the app is in /app (@nicolas-grekas)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.