fidzu : symfony

This week Symfony 5.1 was released. This major version contains hundreds of tweaks and improvements and tens of nice new features. Symfony also released its 3.4.41, 4.4.9 and 5.0.9 maintenance versions. In addition, this week we published the 700th issue of "A Week of Symfony". Thanks for reading us every week for more than 13 years, making it one of the longest-running blog series in the entire software industry.

Symfony development highlights

3.4 changelog:

• ce61bb0: [Security] fixed handling of CSRF logout error
• e1e314d: handle fetch mode deprecation of DBAL 2.11
• b7cd22c: [Console] added meaningful message when using ProcessHelper and Process is not installed
• a3c460f: [Form] updated Hungarian translations
• 8861ee1, 03cad5a: [Validator] updated Czech translation
• 2e8ae40: [Form] validated subforms in all validation groups
• ca66e6c: [PropertyAccess] fixed TypeError parsing again
• 8e40814: [Console] fixed QuestionHelper::disableStty()
• 84081ad: [Validator] never directly validate Existence (Required/Optional) constraints

4.4 changelog:

• b524e04: [Mime] allowed email message to have "To"
• 0d2bc7b: [ErrorHandler] fixed setting $trace to null in FatalError
• 96d2d19: [TwigBridge] fixed fallback html-to-txt body converter
• 5e0e9a8: [Validator] used Mime component to determine mime type for file validator
• bdb01db: [Security] fixed AbstractToken::hasUserChanged()

5.1 changelog:

• 3693875: [FrameworkBundle] fixed MicroKernelTrait for php 8
• 4739835: [HttpClient] fixed management of shorter-than-requested timeouts with AmpHttpClient
• 7f6934c: [Doctrine] fixed extra SQL support in Doctrine migrations
• 2ff26b7: [Messenger] changed the default notify timeout value for PostgreSQL
• af444f8: [Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint

Newest issues and pull requests

• [Messenger] Provide a safe single handler strategy
• [HttpClient] CachingHttpClient defeats concurrency
• [DependencyInjection] dump xml container definition without debug enabled
• Route controller linter

They talked about us

• Moving a Symfony app using Doctrine ORM from PostgreSQL to MySQL
• [Angular + Symfony] A quick website setup
• Symfony 5 confirmation email without FosUserBundle
• Securing your Symfony forms with Google reCAPTCHA v2
• The Bulletproof Event Naming For Symfony Event Dispatcher
• Configuring API Platform resources by following DDD principles
• Nuevo en Symfony 5.1: Nuevo sistema de seguridad

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.

31 May 2020 8:09am GMT

Symfony 5.1.0 has just been released. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without changing anything in your code.

During the last couple of months, we've blogged about the great 5.1 new features. I highly recommend you to read the 47 articles about Symfony 5.1 as they contain the major changes for this new version:

• Added support for typed properties in PropertyInfo: In Symfony 5.1, the PropertyInfo component can extract information from the new typed properties introduced in PHP 7.4.
• Autowire public typed properties: In Symfony 5.1, public properties typed with classes related to services are autowired automatically, which is equivalent to the traditional setter injection.
• The "safe" HTTP Preference: Symfony 5.1 supports the "safe" HTTP preference defined in RFC 8674.
• Single command applications: In Symfony 5.1, creating single command console applications will be easier thanks to the new SingleCommandApplication class.
• Reusable sets of constraints: In Symfony 5.1 you can define reusable sets of constraints and you can also apply constraints sequentially to stop the validation as soon as one validation fails.
• Route annotations priority: In Symfony 5.1, routes defined as annotations can include a priority option to better control the URL matching without having to reorder the controller actions.
• Simpler security attributes: In Symfony 5.1, security attributes will be easier to use and a new IS_IMPERSONATOR attribute will simplify how to detect impersonating users.
• Improved UriSigner: In Symfony 5.1 we've improved the UriSigner service to make it autowireable and easier to use.
• Hostname Validator: Symfony 5.1 includes a new validator to check that a given value is valid as a hostname.
• Workflow improvements: In Symfony 5.1, the Workflow component has been improved to allow disable announce events, check if a workflow exists and explain blocked transitions.
• Simpler login in tests: Symfony 5.1 adds a new loginUser() method to simplify testing protected resources.
• Uid component: Symfony 5.1 will include a new component called Uid which generates UUIDs and ULIDs and provides some utilities for them.
• Translation improvements: Symfony 5.1 adds new features related to translations to configure the enabled locales, to improve the translation debug command, to support name attributes in Xliff2 and to allow translating each language into its own language.
• Form theme improvements: Symfony 5.1 adds a new form theme for Foundation 6, improves the translation of Bootstrap custom forms and allows to customize collection entries.
• Improved route configuration: In Symfony 5.1, configuring redirections and rendering templates from route configuration will be much simpler.
• Routing improvements: In Symfony 5.1, routes can be stateless, route conditions can include env vars and the request context is easier to configure.
• String improvements: In Symfony 5.1, the String component uses the Stringable interface from PHP 8, improves methods such as truncate() and adds useful methods such as containsAny() and reverse().
• Portable HTTP/2 implementation: In Symfony 5.1, the HttpClient component can use HTTP/2 without installing the cURL library thanks to the amp/http-client PHP package.
• Configurable PHP Preloading: In Symfony 5.1, you can configure PHP preloading by using some dependency injection tags to define which classes should be preloaded and which ones should not.
• Cursor control: Symfony 5.1 introduces new utilities to control the cursor in console commands.
• Simpler logout customization: In Symfony 5.1, logout customization will be much easier to implement thanks to a new LogoutEvent.
• Remote asset manifest: In Symfony 5.1, the asset manifest file can be stored in remote servers, which is ideal when using CDNs.
• Different hosts per locale: In Symfony 5.1, routes can define different hosts for each locale, which is useful to create fully internationalized URLs.
• Simpler service decoration: In Symfony 5.1, it's much easier to refer to the original service when using service decoration.
• Abstract service arguments: In Symfony 5.1, services can define abstract arguments whose values are calculated at runtime.
• Improved Microkernel: In Symfony 5.1 we've improved MicroKernelTrait to allow using the Kernel as a registry of autowired controllers and service factories.
• Stack decorators: Symfony 5.1 introduces a new syntax to stack decorators, providing a simpler alternative to classic middleware.
• New and Improved Integrations: Symfony 5.1 adds new integrations with third-party technologies and services in the Lock, Cache, Mailer, Messenger and Notifier components.
• URI Resolver: In Symfony 5.1, the DomCrawler component provides a new utility to resolve relative links into absolute URLs.
• Serializer improvements: Symfony 5.1 improves the serializer with a new @Ignore annotation, an unwrapping denormalizer, support for stdClass and scalar denormalization.
• Async AWS Support: Symfony 5.1 will use Async AWS, a modern alternative to the official Amazon AWS SDK for PHP, in components like Mailer and Messenger.
• Simpler Request Context: Symfony 5.1 allows to configure the entire request context using a single config parameter called "default_uri".
• ExpressionLanguage validator: In Symfony 5.1 you can validate the syntax of your ExpressionLanguage expressions without parsing or evaluating them.
• Server-side request forgery protection: Symfony 5.1 improves the HttpClient component to provide out-of-the-box protection against SSRF (Server-side request forgery).
• Deprecate public services into private services: In Symfony 5.1, you can turn public services into private services while keeping the backward compatibility of your code.
• Deprecated the Inflector component: In Symfony 5.1, the Inflector component has been deprecated and its logic has been moved into the String component.
• AtLeastOneOf validator: Symfony 5.1 adds a new AtLeastOneOf validator to check that a given value satisfies at least one of the given constraints.
• Access decision based on voter priority: Symfony 5.1 adds a new access decision strategy called "priority" which uses the decision from the highest priority security voter.
• OptionsResolver improvements: In Symfony 5.1, the OptionsResolver component has introduced an optional fluent interface to configure options and a way to provide extra debug information per option.
• Validator improvements: Symfony 5.1 validator adds support for three-letter country and language codes, adds an option to check that the collection items is divisible by a certain number and allows to define validation callables.
• Form improvements: Symfony 5.1 improves forms to validate HTML5 colors, allow rounding percent values, display HTML contents in labels, simplify timezone management, provide better defaults for inputmode option and other improvements in choice types.
• HttpFoundation improvements: Symfony 5.1 adds a new InputBag class, adds support for encrypting session data, adds more cache-control directives and allows to build cookie objects more easily.
• Automatic schema updates: Symfony 5.1 automates the creation of the database tables required by some components to store their contents (Messenger, Lock, Cache, etc.)
• Updated Security System: Symfony 5.1 includes a new Security system which simplifies the existing security features while giving developers more flexibility in a much more approachable way.
• Misc. improvements (Part 1): Some of the minor new features included in Symfony 5.1 will make your work easier, such as using constants for command exit codes, a better tempnam() function and customized random strings.
• Misc. improvements (Part 2): Symfony 5.1 will include a stand-alone YAML linter command, a better RoundRobin mailer transport, a separate log channel for deprecations and support for tags/metadata in mailers.
• Misc. improvements (Part 3): Symfony 5.1 will allow to include the severity in ConstraintViolationList, will add a new mailer log handler and a new deprecation contract, and will enable "dark mode" in exception pages.

31 May 2020 7:16am GMT

Symfony 5.1.0 has just been released. Here is a list of the most important changes:

• bug #37009 [Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint (@xabbuh)
• bug #37008 [Security] Fixed AbstractToken::hasUserChanged() (@wouterj)
• bug #36894 [Validator] never directly validate Existence (Required/Optional) constraints (@xabbuh)
• bug #37007 [Console] Fix QuestionHelper::disableStty() (@chalasr)
• bug #36865 [Form] validate subforms in all validation groups (@xabbuh)
• bug #36907 Fixes sprintf(): Too few arguments in form transformer (@pedrocasado)
• bug #36868 [Validator] Use Mime component to determine mime type for file validator (@pierredup)
• bug #37000 Add meaningful message when using ProcessHelper and Process is not installed (@l-vo)
• bug #36990 [Messenger] Change the default notify timeout value for PostgreSQL (@fabpot)
• bug #36995 [TwigBridge] fix fallback html-to-txt body converter (@nicolas-grekas)
• bug #36993 [ErrorHandler] fix setting $trace to null in FatalError (@nicolas-grekas)
• bug #36987 Handle fetch mode deprecation of DBAL 2.11. (@derrabus)
• bug #36984 [SecurityBundle] Fixed version constraint on security-core and security-guard (@wouterj)
• bug #36974 [Security] Fixed handling of CSRF logout error (@wouterj)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

31 May 2020 6:17am GMT