This changelog references the relevant changes (bug and security fixes) done in 4.1 minor versions.
4.1.0 (2018-05-30)
bug #27420 Revert "feature #26702 Mark ExceptionInterfaces throwable (ostrolucky)" (nicolas-grekas)
bug #27415 Insert correct parameter_bag service in AbstractController (curry684)
4.1.0-BETA3 (2018-05-26)
bug #27388 [Routing] Account for greediness when merging route patterns (nicolas-grekas)
bug #27344 [HttpKernel] reset kernel start time on reboot (kiler129)
bug #27365 [Serializer] Check the value of enable_max_depth if defined (dunglas)
bug #27358 [PhpUnitBridge] silence some stderr outputs (ostrolucky)
bug #27366 [DI] never inline lazy services (nicolas-grekas)
bug #27352 Remove reference to the test container after kernel shutdown (stof)
bug #27350 [HttpKernel] fix deprecation in AbstractTestSessionListener (alekitto)
bug #27367 [FrameworkBundle] cleanup generated test container (nicolas-grekas)
bug #27379 [FrameworkBundle] Fix using test.service_container when Client is rebooted (nicolas-grekas)
bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (nicolas-grekas)
bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas)
security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured
security #cve-2018-11406 clear CSRF tokens when the user is logged out
security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener
security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
security #cve-2018-11385 Adding session strategy to ALL listeners to avoid any possible fixation
security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
bug #27341 [WebProfilerBundle] Fixed validator/dump trace CSS (yceruto)
bug #27337 [FrameworkBundle] fix typo in CacheClearCommand (emilielorenzo)
bug #27292 [Serializer] Fix and improve constraintViolationListNormalizer's RFC7807 compliance (dunglas)
4.1.0-BETA2 (2018-05-21)
bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)
feature #27275 [Messenger] Allow to scope handlers per bus (ogizanagi, sroze)
bug #27264 [Validator] Use strict type in URL validator (mimol91)
bug #27267 [DependencyInjection] resolve array env vars (jamesthomasonjr)
bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov)
bug #27270 [Routing] Fix adding name prefix to canonical route names (ismail1432)
bug #27286 [Translation] Add Occitan plural rule (kylekatarnls)
bug #27271 [DI] Allow defining bindings on ChildDefinition (nicolas-grekas)
bug #27246 Disallow invalid characters in (ostrolucky)
feature #27230 [Messenger] Select alternatives on missing receiver arg or typo (yceruto)
bug #27287 [PropertyInfo] fix resolving parent|self type hints (nicolas-grekas)
bug #27281 [HttpKernel] Fix dealing with self/parent in ArgumentMetadataFactory (fabpot)
bug #24805 [Security] Fix logout (MatTheCat)
bug #27265 [DI] Shared services should not be inlined in non-shared ones (nicolas-grekas)
bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074)
bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev)
feature #27128 [Messenger] Middleware factories support in config (ogizanagi)
bug #27214 [HttpKernel] Fix services are no longer injected into __invoke controllers method (ogizanagi)
bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas)
bug #27232 [Cache][Lock] Fix usages of error_get_last() (nicolas-grekas)
bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas)
feature #27202 [Messenger] Improve the profiler panel (ogizanagi)
bug #27191 [DI] Display previous error messages when throwing unused bindings (nicolas-grekas)
bug #27231 [FrameworkBundle] Fix cache:clear on vagrant (nicolas-grekas)
bug #27222 [WebProfilerBundle][Cache] Fix misses calculation when calling getItems (fsevestre)
bug #27227 [HttpKernel] Handle NoConfigurationException "onKernelException()" (nicolas-grekas)
feature #27034 [Messenger][DX] Uses custom method names for handlers (sroze)
bug #27228 [Messenger] Remove autoconfiguration for Sender/ReceiverInterface (kbond)
bug #27229 [Messenger] Rename tag attribute "name" by "alias" (yceruto)
bug #27224 [Messenger] Make sure default receiver name is set before command configuration (yceruto)
feature #27225 [Messenger] Autoconfiguring TransportFactoryInterface classes (yceruto)
bug #27220 [Messenger] Fix new AMQP Transport test with Envelope & fix contract (ogizanagi)
bug #27184 [Messenger] Fix return senders based on the message parents/interfaces (yceruto)
feature #27182 [Messenger] Re-introduce wrapped message configuration (with fix) (sroze, ogizanagi)
bug #27209 [Workflow] add is deprecated since Symfony 4.1. Use addWorkflow() instead (xkobal)
feature #26803 [Messenger] Add debug:messenger CLI command (ro0NL, sroze)
bug #27189 [Profiler] Fix dump makes toolbar disappear (ogizanagi)
bug #27199 [Messenger] Fix default bus name (ogizanagi)
bug #27198 [Messenger] Fix the transport factory after moving it (sroze)
bug #27197 [Messenger] Fix AMQP Transport factory & TransportFactoryInterface (ogizanagi)
bug #27196 [Messenger] Fix AMQP Transport (yceruto)
4.1.0-BETA1 (2018-05-07)
feature #26945 [Messenger] Support configuring messages when dispatching (ogizanagi)
feature #27168 [HttpKernel] Add Kernel::getAnnotatedClassesToCompile() (nicolas-grekas)
feature #27170 Show the deprecations tab by default in the logger panel (javiereguiluz)
feature #27130 [Messenger] Add a new time limit receiver (sdelicata)
feature #27104 [DX] Redirect to proper Symfony version documentation (noniagriconomie)
feature #27105 [Serializer] Add ->hasCacheableSupportsMethod() to CacheableSupportsMethodInterface (nicolas-grekas)
feature #24896 Add (egircys)
feature #27092 [Workflow] "clear()" instead of "reset()" (nicolas-grekas)
feature #26655 [WebProfilerBundle] Make WDT follow ajax requests if header set (jeffreymb)
feature #27049 [Serializer] Cache the normalizer to use when possible (dunglas, nicolas-grekas)
feature #27062 [SecurityBundle] Register a
alias if one provider only (sroze) -
feature #27065 [DI][Routing] Allow invokable objects to be used as PHP-DSL loaders (aurimasniekis)
feature #26975 [Messenger] Add a memory limit option for
(sdelicata) -
feature #26864 [Messenger] Define multiple buses from the
configuration (sroze) -
feature #27017 [Serializer] Allow to access to the context and various other infos in callbacks and max depth handler (dunglas)
feature #26832 [MonologBridge] Added WebSubscriberProcessor to ease processor configuration (lyrixx)
feature #24699 [HttpFoundation] Add HeaderUtils class (c960657)
feature #26791 [BrowserKit] Bypass Header Informations (cfjulien)
feature #26825 [Form] Add choice_translation_locale option for Intl choice types (yceruto, fabpot)
feature #26921 [DI][FrameworkBundle] Hide service ids that start with a dot (nicolas-grekas)
feature #23659 [HttpKernel] LoggerDataCollector: splitting logs on different sub-requests (vtsykun)
feature #26768 [DI] Allow autoconfigured calls in PHP (Gary PEGEOT, GaryPEGEOT)
feature #26833 [HttpKernel] Added support for timings in ArgumentValueResolvers (iltar)
feature #26770 Do not normalize array keys in twig globals (lstrojny)
feature #26787 [Security] Make security.providers optional (MatTheCat)
feature #26970 [VarDumper] Add dd() helper == dump() + exit() (nicolas-grekas)
feature #26941 [Messenger] Allow to configure the transport (sroze)
feature #26632 [Messenger] Add AMQP adapter (sroze)
feature #26863 [Console] Support iterable in SymfonyStyle::write/writeln (ogizanagi)
feature #26847 [Console] add support for iterable in output (Tobion)
feature #26660 [SecurityBundle] allow using custom function inside allow_if expressions (dmaicher)
feature #26096 [HttpFoundation] Added a migrating session handler (rossmotley)
feature #26528 [Debug] Support any Throwable object in FlattenException (derrabus)
feature #26811 [PhpUnitBridge] Search for other SYMFONY_* env vars in phpunit.xml then phpunit.xml.dist (lyrixx)
feature #26800 [PhpUnitBridge] Search for SYMFONY_PHPUNIT_REMOVE env var in phpunit.xml then phpunit.xml.dist (lyrixx)
feature #26684 [Messenger] Remove the Doctrine middleware configuration from the FrameworkBundle (sroze)
feature #21856 [LDAP] Allow adding and removing values to/from multi-valued attributes (jean-gui)
feature #26767 [Form] ability to set rounding strategy for MoneyType (syastrebov)
feature #23707 [Monolog Bridge][DX] Add a Monolog activation strategy for ignoring specific HTTP codes (simshaun, fabpot)
feature #26685 [Messenger] Add a
(multiple messages + auto-configuration) (sroze) -
feature #26648 [Messenger] Added a middleware that validates messages (Nyholm)
feature #26475 [HttpFoundation] split FileException into specialized ones about upload handling (fmata)
feature #26702 Mark ExceptionInterfaces throwable (ostrolucky)
feature #26656 [Workflow][Registry] Added a new 'all' method (alexpozzi, lyrixx)
feature #26693 [Console] Add box-double table style (maidmaid)
feature #26698 [Console] Use UTF-8 bullet for listing (ro0NL)
feature #26682 Improved the lint:xliff command (javiereguiluz)
feature #26681 Allow to easily ask Symfony not to set a response to private automatically (Toflar)
feature #26627 [DI] Add runtime service exceptions to improve the error message when controller arguments cannot be injected (nicolas-grekas)
feature #26504 [FrameworkBundle] framework.php_errors.log now accept a log level (Simperfit)
feature #26498 Allow "json:" env var processor to accept null value (mcfedr)
feature #25928 [DI] Allow binary values in parameters. (bburnichon)
feature #26647 [Messenger] Add a middleware that wraps all handlers in one Doctrine transaction. (Nyholm)
feature #26668 [WebProfilerBundle] Live duration of AJAX request (ostrolucky)
feature #26650 [Messenger] Clone messages to show in profiler (Nyholm)
feature #26281 [FrameworkBundle] keep query in redirect (Simperfit)
feature #26665 Improved the Ajax profiler panel when there are exceptions (javiereguiluz)
feature #26654 [VarDumper] Provide binary, allowing to start a server at any time (ogizanagi)
feature #26332 Add a data_help method in Form (mpiot, Nyholm)
feature #26671 More compact display of vendor code in exception pages (javiereguiluz)
feature #26502 [Form] Add Bootstrap 4 style for field FileType (zenmate)
feature #23888 [DI] Validate env vars in config (ro0NL)
feature #26658 Adding support to bind scalar values to controller arguments (weaverryan)
feature #26651 [Workflow] Added a TransitionException (andrewtch, lyrixx)
feature #23831 [VarDumper] Introduce a new way to collect dumps through a server dumper (ogizanagi, nicolas-grekas)
feature #26220 [HttpFoundation] Use parse_str() for query strings normalization (nicolas-grekas)
feature #24411 [Messenger] Add a new Messenger component (sroze)
feature #22150 [Serializer] Added a ConstraintViolationListNormalizer (lyrixx)
feature #26639 [SecurityBundle] Added an alias from RoleHierarchyInterface to security.role_hierarchy (lyrixx)
feature #26636 [DI] deprecate TypedReference::canBeAutoregistered() and getRequiringClass() (nicolas-grekas)
feature #26445 [Serializer] Ignore comments when decoding XML (q0rban)
feature #26284 [Routing] allow no-slash root on imported routes (nicolas-grekas)
feature #26092 [Workflow] Add a MetadataStore to fetch some metadata (lyrixx)
feature #26121 [FrameworkBundle] feature: add the ability to search a route (Simperfit)
feature #25197 [FrameworkBundle][TwigBridge] make csrf_token() usable without forms (xabbuh)
feature #25631 [DI] Service decoration: autowire the inner service (dunglas)
feature #26076 [Workflow] Add transition blockers (d-ph, lyrixx)
feature #24363 [Console] Modify console output and print multiple modifyable sections (pierredup)
feature #26381 Transform both switchToXHR() and removeXhr() to xmlHttpRequest() (Simperfit)
feature #26449 Make ProgressBar::setMaxSteps public (ostrolucky)
feature #26308 [Config] Introduce BuilderAwareInterface (ro0NL)
feature #26518 [Routing] Allow inline definition of requirements and defaults (nicolas-grekas)
feature #26143 [Routing] Implement i18n routing (frankdejonge, nicolas-grekas)
feature #26564 [HttpFoundation] deprecate call to Request::getSession() when Request::hasSession() returns false (fmata)
feature #26408 Readd 'form_label_errors' block to disable errors on form labels (birkof)
feature #25456 [Console] Make pretty the
style table (maidmaid) -
feature #26499 [FrameworkBundle] Allow fetching private services from test clients (nicolas-grekas)
feature #26509 [BrowserKit] Avoid nullable values in some Client's methods (ossinkine)
feature #26288 [FrameworkBundle] show the unregistered command warning at the end of the list command (Simperfit)
feature #26520 Added some HTML5 features to the Symfony Profiler (javiereguiluz)
feature #26398 [WebProfilerBundle] Display the missing translation panel by default (javiereguiluz)
feature #23409 [Security] AuthenticationUtils::getLastUsername() return type inconsistency (vudaltsov)
feature #26439 [Console] [DX] Fix command description/help display (noniagriconomie)
feature #26372 Revert "feature #24763 [Process] Allow writing portable "prepared" command lines (Simperfit)" (nicolas-grekas)
feature #26223 [FrameworkBundle] Add command to delete an item from a cache pool (pierredup)
feature #26341 Autoconfigure service locator tag (apfelbox)
feature #26330 [FORM] Fix HTML errors. (Nyholm)
feature #26334 [SecurityBundle] Deprecate switch_user.stateless config node (chalasr)
feature #26304 [Routing] support scheme requirement without redirectable dumped matcher (Tobion)
feature #26283 [Routing] Redirect from trailing slash to no-slash when possible (nicolas-grekas)
feature #25732 [Console] Add option to automatically run suggested command if there is only 1 alternative (pierredup)
feature #26085 Deprecate bundle:controller:action and service:method notation (Tobion)
feature #26175 [Security] Add configuration for Argon2i encryption (CoalaJoe)
feature #26075 [Validator] Deprecate use of
validation constraint without setting "canonicalize" option totrue
(phansys) -
feature #26218 [MonologBridge] Allow to change level format in ConsoleFormatter (ostrolucky)
feature #26232 [Lock] Add a TTL to refresh lock (jderusse)
feature #26108 [Serializer] Add a MaxDepth handler (dunglas)
feature #24778 [BrowserKit] add a way to switch to ajax for one request (Simperfit)
feature #25605 [PropertyInfo] Added support for extracting type from constructor (lyrixx)
feature #24763 [Process] Allow writing portable "prepared" command lines (Simperfit)
feature #25218 [Serializer] add a constructor arguement to return csv always as collection (Simperfit)
feature #25369 [Serializer] add a context key to return always as collection for XmlEncoder (Simperfit)
feature #26213 [FrameworkBundle] Add support to 307/308 HTTP status codes in RedirectController (ZipoKing)
feature #26149 Added support for name on the unit node (Nyholm)
feature #24308 [Validator] support protocolless urls validation (MyDigitalLife)
feature #26059 [Routing] Match 77.7x faster by compiling routes in one regexp (nicolas-grekas)
feature #22447 [WebProfilerBundle] Imply forward request by a new X-Previous-Debug-Token header (ro0NL)
feature #26152 [Intl] Add polyfill for Locale::canonicalize() (nicolas-grekas)
feature #26073 [DoctrineBridge] Add support for datetime immutable types in doctrine type guesser (jvasseur)
feature #26079 [Workflow] Remove constraints on transition/place name + Updated Dumper (lyrixx)
feature #23617 [PropertyInfo] Add hassers for accessors prefixes (sebdec)
feature #25997 Always show all deprecations except legacy ones when not weak (greg0ire)
feature #25582 [Form] Support \DateTimeImmutable (vudaltsov)
feature #24705 [Workflow] Add PlantUML dumper to workflow:dump command (Plopix)
feature #24508 [Serializer] Fix security issue on CsvEncoder about CSV injection (welcoMattic)
feature #25772 [Security] The AuthenticationException should implements Security's ExceptionInterface (sroze)
feature #25164 [WebProfilerBundle] Improve controller linking (ro0NL)
feature #22353 [Validator] Add
option forLocale
validator (phansys) -
feature #26036 Added support for getting default values in Accept headers (javiereguiluz)
feature #25780 [TwigBundle] Deprecating "false" in favor of "kernel.debug" as default value of "strict_variable" (yceruto)
feature #23508 Deprecated the AdvancedUserInterface (iltar)
feature #24781 [HttpFoundation] RedisSessionHandler (dkarlovi)
feature #26028 Unwrap errors in FlattenException (derrabus)
feature #25892 Adding an array adapter (weaverryan)
feature #24894 [FrameworkBundle] add a notice when passing a routerInterface without warmupInterface in RouterCacheWarmer (Simperfit)
feature #24632 [DependencyInjection] Anonymous services in PHP DSL (unkind)
feature #25836 [HttpKernel] Make session-related services extra-lazy (nicolas-grekas)
feature #25775 Introduce signaled process specific exception class (Soullivaneuh)
feature #22253 [Config] allow changing the path separator (bburnichon)
feature #25493 [Serializer]
context option for denormalization (Nek-) -
feature #25839 [SecurityBundle] Deprecate in_memory.user abstract service (chalasr)
feature #24392 Display orphaned events in profiler (kejwmen)
feature #25275 [DI] Allow for invokable event listeners (ro0NL)
feature #25627 [DI] Add a simple CSV env var processor (dunglas)
feature #25092 [Security] #25091 add target user to SwitchUserListener (jwmickey)
feature #24777 [TwigBundle] Added priority to twig extensions (Brunty)
feature #25710 [FrameworkBundle] add psr simple cache (dmaicher)
feature #25669 [Security] Fail gracefully if the security token cannot be unserialized from the session (thewilkybarkid)
feature #25504 [Validator] Add option to pass custom values to Expression validator (ostrolucky)
feature #25701 [FrameworkBundle] add autowiring aliases for TranslationReaderInterface, ExtractorInterface & TranslationWriterInterface (Dennis Langen)
feature #25516 [Validator] Deprecated "checkDNS" option in Url constraint (ro0NL)
feature #25588 Move SecurityUserValueResolver to security-http (chalasr)
feature #25629 [Process] Make
look for thePHP_BINARY
env var (nicolas-grekas) -
feature #25562 allow autowire for http_utils class (do-see)
feature #25478 [FrameworkBundle] add email_validation_mode option (xabbuh)
feature #25366 [HttpKernel] Decouple exception logging from rendering (ro0NL)
feature #25450 [PropertyAccess] add more information to NoSuchPropertyException Message (Simperfit)
feature #25148 Pr/workflow name as graph label (shdev)
feature #25324 [HttpFoundation] Incorrect documentation and method name for UploadedFile::getClientSize() (Simperfit)
feature #24738 [FrameworkBundle][Routing] Use a PSR-11 container in FrameworkBundle Router (ogizanagi)
feature #25439 Add ControllerTrait::getParameter() (chalasr)
feature #25332 [VarDumper] Allow VarDumperTestTrait expectation to be non-scalar (romainneutron)
feature #25301 [Console] Add box style table (maidmaid)
feature #25415 [FrameworkBundle] Add atom editor to ide config (lexcast)
feature #24442 [Validator] Html5 Email Validation (PurpleBooth)
feature #25288 [DI][FrameworkBundle] Add PSR-11 "ContainerBag" to access parameters as-a-service (nicolas-grekas, sroze)
feature #25290 [FrameworkBundle] debug:autowiring: don't list FQCN when they are aliased (nicolas-grekas)
feature #24375 [Serializer] Serialize and deserialize from abstract classes (sroze)
feature #25346 [DoctrineBridge] DoctrineDataCollector comments the non runnable part of the query (Simperfit)
feature #24216 added clean option to assets install command (robinlehrmann)
feature #25142 [Process] Create a "isTtySupported" static method (nesk)
feature #24751 [Workflow] Introduce a Workflow interface (Simperfit)
feature #25293 [Routing] Parse PHP constants in YAML routing files (ostrolucky)
feature #25295 [Translation] Parse PHP constants in YAML translation files (ostrolucky)
feature #25294 [Serializer] Parse PHP constants in YAML mappings (ostrolucky)
feature #24637 [FrameworkBundle] Improve the DX of TemplateController when using SF 4 (dunglas)
feature #25178 [Routing] Allow to set name prefixes from the configuration (sroze)
feature #25237 [VarDumper] add a GMP caster in order to cast GMP resources into string or integer (Simperfit)
feature #25166 [WebProfilerBundle] Expose dotenv variables (ro0NL)
feature #24785 [Profiler][Translation] Logging false by default and desactivated when using the profiler (Simperfit)
feature #24826 [FrameworkBundle] Allow to pass a logger instance to the Router (ogizanagi)
feature #24937 [DependencyInjection] Added support for variadics in named arguments (PabloKowalczyk)
feature #24819 [Console] add setInputs to ApplicationTester and share some code (Simperfit)
feature #25131 [SecurityBundle][Security][Translation] trigger some deprecations for legacy methods (xabbuh)