A Week of Symfony #880 (6-12 November 2023)

This week, Symfony 6.4.0 beta 3 and Symfony 7.0.0 beta 3 were published because their final release is approaching fast and it will take place before the end of November 2023. Meanwhile, the maintenance versions 4.4.51, 5.4.31 and 6.3.8 were published to fix some potential security vulnerabilities.

Symfony development highlights

This week, 47 pull requests were merged (43 in code and 4 in docs) and 26 issues were closed (22 in code and 4 in docs). Excluding merges, 22 authors made 937 additions and 334 deletions. See details for code and docs.

5.4 changelog:

de8c5fc: [Cache, HttpFoundation, Lock] fix empty username/password for PDO PostgreSQL
03ef859: [HttpFoundation] ensure string type with mbstring func overloading enabled
a454d0c: [Messenger] fix compatibility with Doctrine DBAL 4
0ff9ed4: [String] method toByteString conversion using iconv is unreachable
9b2c2a4: [Config] prefix FileExistenceResource::__toString() to avoid conflict with FileResource
86c8f97: [SecurityBundle] wire the secret for Symfony 6.4 compatibility
7467bd7: [Security] fix possible session fixation when only the token changes
5d095d5: [TwigBridge] ensure CodeExtension’s filters properly escape their input
5611ed4: [Validator] update Greek translation

6.3 changelog:

b8bba36: [HttpClient, WebProfilerBundle] do not generate cURL command when files are uploaded
03ef859: [HttpFoundation] ensure string type with mbstring func overloading enabled
3922e80: [VarDumper] accept mixed key on DsPairStub
d42b5c3: [FrameworkBundle] don’t reference SYMFONY_IDE env var in non-debug mode
5d095d5: [TwigBridge] ensure CodeExtension’s filters properly escape their input
82b811d: [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens
c329f2d: [Webhook] remove user-submitted type from HTTP response

6.4 changelog:

d308e2c: [Console, FrameworkBundle] fix missing profile option for console commands
fbc44f2: [HttpKernel] the debug log processor must be a callable
cf5510d: check whether secrets are empty and mark them all as sensitive
f0fcc9f: [HttpKernel] add ControllerResolver::allowControllers() to define which callables are legit controllers when the _check_controller_is_allowed request attribute is set
caf41fc: [Webhook] check that the secret passed to RequestParser is not empty
1984b96: [HttpKernel] check controllers are allowed when using the fallback surrogate strategy
f04ea7c: [Ldap] set exception code to ldap error number
1ec29ce: [String] remove error handler not needed on PHP 8
3128c60: [AssetMapper] fix jsdelivr import parsing with no imported value
fa4726f: [AssetMapper] if assets are served from a subdirectory or CDN, also adjust importmap keys
a647f55: [AssetMapper] avoid caching MappedAsset inside JavaScript Import
18d866c: [AssetMapper] improving exception if a vendor asset’s path is not mapped
541c80c: [AssetMapper] only download a CSS file if it is explicitly advertised

Newest issues and pull requests

[Webhook] Multiple consumer for one parser
Add missing console/tester assertion
[RateLimiter] controller attribute

Symfony CLI

Symfony CLI is a must-have tool when developing
Symfony applications on your local machine. It includes the
Symfony Local Server,
the best way to run local Symfony applications. This week Symfony CLI released
its new 5.7.1
and 5.7.2
versions with the following changes:

Use the original inotify repository (@fabpot)
Make DOCKER_HOST configurable (@fabpot)
Add support for PHP streaming support (@tucksaun)
Use –wait instead of –detach for docker_composer worker (@tucksaun)

SymfonyCasts Updates

SymfonyCasts is the official way to learn Symfony.
Select a track for a guided path through 100+ video tutorial courses about
Symfony, PHP and JavaScript.

This week, SymfonyCasts announced a new course called 30 Days with LAST Stack. These were some of the most relevant SymfonyCasts updates
of the week:

(Video) PHPUnit: Integration Testing with Live Services, Chapter 01: Hello Integration Tests!
(Video) PHPUnit: Integration Testing with Live Services, Chapter 02: KernelTestCase: Fetching Services
(Video) PHPUnit: Integration Testing with Live Services, Chapter 03: Test Environment Database Setup
(Video) PHPUnit: Integration Testing with Live Services, Chapter 04: Resetting the Database
(Video) PHPUnit: Integration Testing with Live Services, Chapter 05: Factory Data Seeding
(Video) PHPUnit: Integration Testing with Live Services, Chapter 06: Testing a Service

They talked about us

Symfony Station Communiqué – 10 November 2023
Making a Single-Page Application with HTMX and Symfony
Common Security Pitfalls in Symfony and How to Avoid Them
Symfony Event Dispatcher alias the pattern observer
DatePoint: A new immutable date/time class for Symfony 6.4
API Platform Con 2023 replay : stateOptions, materialized view PostgreSQL et subresources
Utilisation de Stopwatch et WebProfiler dans Symfony
Symfony Legacy: Delete After ACK
Новое в Symfony 6.4: Больше тестируемых утверждений
Новое в Symfony 6.4: Улучшения локали
Новое в Symfony 6.4: Больше встроенных обработчиков сообщений
Наводим порядок в наших миграциях

Call to Action

Follow Symfony on Twitter and retweet this article.
Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Sponsor the Symfony project.

Symfony Blog

Read More

Generated by Feedzy