Symfony News

Symfony 5.3.2 released

Symfony 5.3.2 has just been released. Here is a list of the most important changes:

• security #cve-2021-32693 [SecurityHttp] Fix “Authentication granted with multiple firewalls” (@wouterj)
• bug #41693 [Uid] fix performance and prevent collisions with the real cloc _seq (@nicolas-grekas)
• bug #41700 [Security] Fix deprecation notice on TokenInterface::getUser() stringable return (@tscni)
• bug #41703 [Security] Restore extension point in MessageDigestPasswordEncoder (@derrabus)
• bug #41716 [Messenger] Fix RequestContext not updated (@jderusse)
• bug #41616 [Messenger] Remove TLS related options when not using TLS (@odolbeau)
• bug #41719 [FrameworkBundle] fix Could not find service “test.servic _container” (@smilesrg)
• bug #41686 [Console] Fix using #[AsCommand] without DI (@nicolas-grekas)
• bug #41673 [DependencyInjection] fix parsing classes for attributes (@nicolas-grekas)
• bug #41675 [Runtime] fix overriding –env|-e with single-command apps (@nicolas-grekas)
• bug #41674 [HttpClient] fix compat with cURL <= 7.37 (@nicolas-grekas)
• bug #41680 [Console] fix managing signals when commands are lazy loaded (@nicolas-grekas)
• bug #41678 [PasswordHasher] Fix missing PasswordHasherAwareInterface allowed type (@chalasr)
• bug #41656 [HttpClient] throw exception when AsyncDecoratorTrait gets an already consumed response (@nicolas-grekas)
• bug #41600 [Notifier] Escape . char for Telegram transport (@Clément)
• bug #41644 [Config] fix tracking attributes in ReflectionClassResource (@nicolas-grekas)
• bug #41621 [Process] Fix incorrect parameter type (@bch36)
• bug #41624 [HttpClient] Revert bindto workaround for unaffected PHP versions (@derrabus)
• bug #41597 [DependencyInjection] fix when@{env} inside imported files (@nusje2000)
• bug #41553 [Messenger] fix BC for FrameworkBundle 4.4 with a non-existence alias being used (@monteiro)
• bug #41582 Fix not null get collection key types (@dragosprotung)
• bug #41572 [PasswordHasher] Prevent PHP fatal error when using auto algorithm (@matason)
• bug #41549 [Security] Fix opcache preload with alias classes (@jderusse)
• bug #41491 [Serializer] Do not allow to denormalize string with spaces only to valid a DateTime object (@sidz)
• bug #41535 [Console] Fix negated options not accessible (@jderusse)
• bug #41472 [Validator] remove service if its class doesn’t exist (@xabbuh)
• bug #41218 [DependencyInjection] Update loader’s directory when calling ContainerConfigurator::withPath (@MatTheCat)
• bug #41505 [FrameworkBundle] fix KernelBrowser::loginUser with a stateless firewall (@dunglas)
• bug #41509 [SecurityBundle] Link UserProviderListener to correct firewall dispatcher (@Matth–)
• bug #41386 [Console] Escape synopsis output (@jschaedl)
• bug #41523 [Notifier] [Bridge] Remove hidden dependency on HttpFoundation for SmsBiurasTransport (@fre5h)
• bug #41512 Relax requirement on symfony/runtime (@lyrixx)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.