Symfony News

Symfony 5.0.9 released

Symfony 5.0.9 has just been released. Here is a list of the most important changes:

• bug #37008 [Security] Fixed AbstractToken::hasUserChanged() (@wouterj)
• bug #36894 [Validator] never directly validate Existence (Required/Optional) constraints (@xabbuh)
• bug #37007 [Console] Fix QuestionHelper::disableStty() (@chalasr)
• bug #36865 [Form] validate subforms in all validation groups (@xabbuh)
• bug #36907 Fixes sprintf(): Too few arguments in form transformer (@pedrocasado)
• bug #36868 [Validator] Use Mime component to determine mime type for file validator (@pierredup)
• bug #37000 Add meaningful message when using ProcessHelper and Process is not installed (@l-vo)
• bug #36995 [TwigBridge] fix fallback html-to-txt body converter (@nicolas-grekas)
• bug #36993 [ErrorHandler] fix setting $trace to null in FatalError (@nicolas-grekas)
• bug #36987 Handle fetch mode deprecation of DBAL 2.11. (@derrabus)
• bug #36974 [Security] Fixed handling of CSRF logout error (@wouterj)
• bug #36947 [Mime] Allow email message to have "To", "Cc", or "Bcc" header to be valid (@Ernest Hymel)
• bug #36914 Parse and render anonymous classes correctly on php 8 (@derrabus)
• bug #36921 [OptionsResolver][Serializer] Remove calls to deprecated ReflectionParameter::getClass() (@derrabus)
• bug #36920 [VarDumper] fix PHP 8 support (@nicolas-grekas)
• bug #36917 [Cache] Accessing undefined constants raises an Error in php8 (@derrabus)
• bug #36891 Address deprecation of ReflectionType::getClass() (@derrabus)
• bug #36899 [VarDumper] ReflectionFunction::isDisabled() is deprecated (@derrabus)
• bug #36905 [Validator] Catch expected ValueError (@derrabus)
• bug #36915 [DomCrawler] Catch expected ValueError (@derrabus)
• bug #36908 [Cache][HttpClient] Made method signatures compatible with their corresponding traits (@derrabus)
• bug #36906 [DomCrawler] Catch expected ValueError (@derrabus)
• bug #36904 [PropertyAccess] Parse php 8 TypeErrors correctly (@derrabus)
• bug #36839 [BrowserKit] Raw body with custom Content-Type header (@azhurb)
• bug #36896 [Config] Removed implicit cast of ReflectionProperty to string (@derrabus)
• bug #35944 [Security/Core] Fix wrong roles comparison (@thlbaut)
• bug #36882 [PhpUnitBridge] fix installing under PHP >= 8 (@nicolas-grekas)
• bug #36833 [HttpKernel] Fix that the Store would not save responses with the X-Content-Digest header present (@mpdude)
• bug #36867 [PhpUnitBridge] fix bad detection of unsilenced deprecations (@nicolas-grekas)
• bug #36862 [Security] Unserialize $parentData, if needed, to avoid errors (@rfaivre)
• bug #36855 [HttpKernel] Fix error logger when stderr is redirected to /dev/null (@fabpot)
• bug #36838 [HttpKernel] Bring back the debug toolbar (@derrabus)
• bug #36592 [BrowserKit] Allow Referer set by history to be overridden (@Slamdunk)
• bug #36823 [HttpClient] fix PHP warning + accept status code >= 600 (@nicolas-grekas)
• bug #36824 [Security/Core] fix compat of NativePasswordEncoder with pre-PHP74 values of PASSWOR _ consts (@nicolas-grekas)
• bug #36811 [DependencyInjection] Fix register event listeners compiler pass (@X-Coder264)
• bug #36789 Change priority of KernelEvents::RESPONSE subscriber (@marcw)
• bug #36794 [Serializer] fix issue with PHP 8 (@nicolas-grekas)
• bug #36786 [WebProfiler] Remove 'none' when appending CSP tokens (@ndench)
• bug #36743 [Yaml] Fix escaped quotes in quoted multi-line string (@ossinkine)
• bug #36777 [TwigBundle] FormExtension does not have a constructor anymore since sf 4.0 (@Tobion)
• bug #36716 [Mime] handle passing custom mime types as string (@mcneely)
• bug #36747 Queue name is a required parameter (@theravel)
• bug #36751 [Mime] fix bad method call on EmailAddressContains (@Kocal)
• bug #36696 [Console] don't check tty on stdin, it breaks with "data lost during stream conversion" (@nicolas-grekas)
• bug #36569 [PhpUnitBridge] Mark parent class also covered in CoverageListener (@lyrixx)
• bug #36690 [Yaml] prevent notice for invalid octal numbers on PHP 7.4 (@xabbuh)
• bug #36590 [Console] Default hidden question to 1 attempt for non-tty session (@ostrolucky)
• bug #36497 [Filesystem] Handle paths on different drives (@crishoj)
• bug #36678 [WebProfiler] Do not add src-elem CSP directives if they do not exist (@ndench)
• bug #36501 [DX] Show the ParseException message in all YAML file loaders (@fancyweb)
• bug #36683 [Yaml] fix parse error when unindented collections contain a comment (@wdiesveld)
• bug #36672 [Validator] Skip validation when email is an empty object (@acrobat)
• bug #36673 [PhpUnitBridge] fix PHP 5.3 compat again (@nicolas-grekas)
• bug #36505 [Translation] Fix for translation:update command updating ICU messages (@artemoliynyk)
• bug #36627 [Validator] fix lazy property usage. (@bendavies)
• bug #36601 [Serializer] do not transform empty Traversable to Array (@soyuka)
• bug #36606 [Cache] Fixed not supported Redis eviction policies (@SerheyDolgushev)
• bug #36625 [PhpUnitBridge] fix compat with PHP 5.3 (@nicolas-grekas)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.