This week, Symfony 4.4.37, 5.3.14, 5.4.3 and 6.0.3 maintenance versions were released. In addition, a potential security vulnerability related to CSRF tokens in forms was found and fixed in security releases for all maintained versions.

Symfony development highlights

This week, 45 pull requests were merged (37 in code and 8 in docs) and 44 issues were closed (35 in code and 9 in docs). Excluding merges, 36 authors made 1,509 additions and 272 deletions. See details for code and docs.

4.4 changelog:

859d4a1: [Process] avoid calling fclose on an already closed resource
8ba3fa7: [Yaml] make the parser stateless
747e298: [Console] fix PHP 8.1 deprecation in ChoiceQuestion
fa6a03a: [Form] UrlType should not add protocol to emails

5.3 changelog:

eda8537: [Console] fix restoring stty mode on CTRL+C
26c2a85: [Notifier] use the UTF-8 encoding in smsapi-notifier
4565edb: [Notifier] fix encoding of messages with FreeMobileTransport
1199672: [Serializer] fix AbstractObjectNormalizer not considering pseudo type false
5044a0a: [Validator] fix Choice constraint with associative choices array
dcfb493: [FrameworkBundle] enable CSRF in FORM by default

5.4 changelog:

9738b1d: [RateLimiter] resolve crash on near-round timestamps
5044a0a: [Validator] fix Choice constraint with associative choices array
5cad3b6: [DoctrineBridge] fix automapping
34a0893: [Yaml] improve the deprecation warnings for octal numbers to suggest migrating
79d1101: [Finder] fix finding VCS re-included files in excluded directory
9b7aac3: [Dotenv] fix bootEnv() override with .env.local.php when the env key already exists
5bb11d5: [Runtime] fix –env and –no-debug with dotenv_overload
111459e: [FrameworkBundle] fix missing arguments when a serialization default context is bound

6.1 changelog:

48bd710: [FrameworkBundle] allow PHP configuration in config/packages by default
b342c1b: [Serializer] set context annotation as not final

Newest issues and pull requests

Route different HTTP verbs to different methods, with the same route name, with annotations
Support option placeholder for all relevant form field types like TextType
Serializer: Currently it is not possible for custom formats to map basic non string attributes
Uuid::isValid() and Uuid() constraint does not accept other format of uuid than rfc4122

Symfony CLI

Symfony CLI is a must-have tool when developing
Symfony applications on your local machine. It includes the
Symfony Local Server,
the best way to run local Symfony applications. This week Symfony CLI released
its new 5.2.2
version with the following changes:

Fix logging
Bump deps to fix FORCED_PHP_VERSION support
Add some more logging to help debugging issues

SymfonyCasts Updates

SymfonyCasts is the official way to learn Symfony.
Select a track for a guided path through 100+ video tutorial courses about
Symfony, PHP and JavaScript.

These were some of the most relevant SymfonyCasts updates
of the week:

(Video) EasyAdmin! For an Awesomely Powerful Admin Area, Chapter 1: Installing EasyAdmin
(Video) EasyAdmin! For an Awesomely Powerful Admin Area, Chapter 2: Admin Dashboard
(Video) EasyAdmin! For an Awesomely Powerful Admin Area, Chapter 3: Hello CRUD Controller

They talked about us

Designing a Symfony Validator – the TDD way
Emoji flag in the Symfony CountryType
Voila! Symfony and PHP 8.1
Symfony Station Communiqué – 28 January 2022
Introducing Light Kernel for Symfony Console Apps
Use Symfony Components to Build WordPress Plugin Maker for CLI – Part 1

Call to Action

Follow Symfony on Twitter and retweet this article.
Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Symfony Blog
Read More