Symfony 2.7.44 has just been released. Here is a list of the most important changes:

• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 3.4.7 has just been released. Here is a list of the most important changes:

• bug #26387 [Yaml] Fix regression when trying to parse multiline (@antograssiot)
• bug #26749 Add PHPDbg support to HTTP components (@hkdobrev)
• bug #26609 [Console] Fix check of color support on Windows (@mlocati)
• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26595 [DI] Do not suggest writing an implementation when multiple exist (@chalasr)
• bug #26662 [DI] Fix hardcoded cache dir for warmups (@nicolas-grekas)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26600 [Routing] Fixed the importing of files using glob patterns that match multiple resources (@skalpa)
• bug #26589 [Ldap] cast to string when checking empty passwords (@ismail1432)
• bug #26626 [WebProfilerBundle] use the router to resolve file links (@nicolas-grekas)
• bug #26635 [DI] Dont tell about autoregistration in strict autowiring mode (@nicolas-grekas)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26612 [PHPunit] suite variable should be used (@prisis)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26513 [FrameworkBundle] Respect debug mode when warm up annotations (@Strate)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26273 [Security][Profiler] Display the original expression in 'Access decision log' (@lyrixx)
• bug #26427 [DependencyInjection] fix regression when extending the Container class without a constructor (@lsmith77)
• bug #26562 [BridgePhpUnit] Cannot autoload class "SymfonyBridgePhpUnitSymfonyTestsListener" (@Jake Bishop)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26590 Make sure form errors is valid HTML (@Nyholm)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• feature #26408 Readd 'form_label_errors' block to disable errors on form labels (@birkof)
• bug #26591 [TwigBridge] Make sure we always render errors. Eventhough labels are disabled (@Nyholm)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26482 [PhpUnitBridge] Ability to use different composer.json file (@amcastror)
• bug #26443 [Fix][HttpFoundation] Fix the updating of timestamp in the MemcachedSessionHandler (@Alessandro Loffredo)
• bug #26400 [Config] ReflectionClassResource check abstract class (@andrey1s)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26041 Display the Welcome Page when there is no homepage defined (@javiereguiluz)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 4.0.7 has just been released. Here is a list of the most important changes:

• bug #26387 [Yaml] Fix regression when trying to parse multiline (@antograssiot)
• bug #26749 Add PHPDbg support to HTTP components (@hkdobrev)
• bug #26609 [Console] Fix check of color support on Windows (@mlocati)
• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26595 [DI] Do not suggest writing an implementation when multiple exist (@chalasr)
• bug #26662 [DI] Fix hardcoded cache dir for warmups (@nicolas-grekas)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26600 [Routing] Fixed the importing of files using glob patterns that match multiple resources (@skalpa)
• bug #26589 [Ldap] cast to string when checking empty passwords (@ismail1432)
• bug #26626 [WebProfilerBundle] use the router to resolve file links (@nicolas-grekas)
• bug #26634 [DI] Cleanup remainings from autoregistration (@nicolas-grekas)
• bug #26635 [DI] Dont tell about autoregistration in strict autowiring mode (@nicolas-grekas)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26612 [PHPunit] suite variable should be used (@prisis)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26513 [FrameworkBundle] Respect debug mode when warm up annotations (@Strate)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26273 [Security][Profiler] Display the original expression in 'Access decision log' (@lyrixx)
• bug #26427 [DependencyInjection] fix regression when extending the Container class without a constructor (@lsmith77)
• bug #26562 [BridgePhpUnit] Cannot autoload class "SymfonyBridgePhpUnitSymfonyTestsListener" (@Jake Bishop)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26590 Make sure form errors is valid HTML (@Nyholm)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• feature #26408 Readd 'form_label_errors' block to disable errors on form labels (@birkof)
• bug #26591 [TwigBridge] Make sure we always render errors. Eventhough labels are disabled (@Nyholm)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26482 [PhpUnitBridge] Ability to use different composer.json file (@amcastror)
• bug #26443 [Fix][HttpFoundation] Fix the updating of timestamp in the MemcachedSessionHandler (@Alessandro Loffredo)
• bug #26400 [Config] ReflectionClassResource check abstract class (@andrey1s)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26041 Display the Welcome Page when there is no homepage defined (@javiereguiluz)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Security is the hardest part of most applications. Even if you follow the latest best practices about security in your own code, there's still the issue of inspecting the third-party code of the dependencies used in your projects.

You can't review every single line of external code used in your application. That's why we've created Symfony Security Monitoring, a service that checks your dependencies continuously for known security vulnerabilities and it'scompatible with any PHP project that uses Composer.

The service is simple to use: upload the contents of your composer.lock file and we'll start monitoring those packages and those exact versions continuously to alert you as soon as a vulnerability is disclosed for them.

This continuous security monitoring is better than checking your dependencies automatically on your continuous integration platform. Instead of checking for vulnerabilities when building or deploying the project, we check them 24 hours a day, every day.

This service is also great for projects that you don't work on anymore or with a low maintenance. In those cases, continuous integration is not interesting anymore, and it's useful to have instead a bot that alerts you whenever a new vulnerability is discovered and impacts your project.

The pricing of the service is simple too. Instead of a monthly subscription, the service charges you once for three years of unlimited alerts and security checks for one project. The equivalent monthly price is as low as 2 euros.

Contributed by
Samuel Roze
in #24411.

In Symfony 4.1, we added a new Messenger component that helps applications send and receive messages to/from other applications or via message queues. It provides a message bus and some routing capabilities to send messages in any service where you need it, like in a controller:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

// src/Controller/DefaultController.phpnamespaceApp\Controller;useSymfony\Bundle\FrameworkBundle\Controller\Controller;useSymfony\Component\Messenger\MessageBusInterface;useSymfony\Component\Routing\Annotation\Route;classDefaultControllerextendsController{/**     * @Route("/", name="homepage")     */publicfunctionindex(MessageBusInterface$bus){// ...$bus->dispatch(newMyMessage());}}

Sending messages is the first part of the process. Then you need to create a"message handler" and register it as a service with the messenger.message_handler tag to receive the message and do something with it:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

// src/MessageHandler/MyMessageHandler.phpnamespaceApp\MessageHandler;classMyMessageHandler{publicfunction__invoke(MyMessage$message){// do something with the message}}

1
2
3
4
5

# config/packages/messenger.yamlframework:messenger:adapters:default:"amqp://guest:guest@localhost:5672/%2f/messages"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

# config/packages/messenger.yamlframework:messenger:routing:# route this message to a single sender'My\Message\Message':messenger.default_sender# route this message to multiple senders'My\Message\ToBeSentToTwoSenders':[messenger.default_sender,messenger.audit_sender]# route the rest of messages to the default sender'*':messenger.default_sender

1

$ bin/console messenger:consume-messages messenger.default_receiver

Contributed by
Pierre du Plessis
in #24363.

The Console component is the second most popular Symfony component (more than 82 million downloads!) and it's packed with amazing features. In Symfony 4.1 we improved it even more with a feature to create and manipulate multiple output sections.

Currently, displaying information in a command console is a pretty basic operation:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

classMyCommandextendsCommand{protectedfunctionexecute(InputInterface$input,OutputInterface$output){$output->writeln('Display some information...');// ...$output->writeln('Display more information...');}}

In Symfony 4.1 you'll be able to display information, overwrite it, delete part of it and update different parts of the output simultaneously. The new operations are based on "output sections" which are independently managed regions of the console output:

1
2
3
4
5
6
7
8
9

classMyCommandextendsCommand{protectedfunctionexecute(InputInterface$input,OutputInterface$output){$section=$output->section();$section->writeln('Display some information...');// ...}}

1
2
3
4
5
6
7

$section=$output->section();$section->writeln('Downloading the file...');// ...$section->overwrite('Uncompressing the file...');// ...$section->overwrite('Copying the contents...');// ...

1
2
3
4
5
6
7
8

$section=$output->section();$section->writeln('Welcome to the installation Process!');$section->writeln('Downloading the file...');$section->writeln('Uncompressing the file...');$section->writeln('Copying the contents...');// ...$section->clear(3);$section->writeln('The installation is complete!');

1
2
3
4
5
6
7
8
9

$section=$output->section();$table=newTable($section);$table->addRow(['Row 1']);// display the table with the known contents$table->render();// add a new row with new contents to the already displayed table$table->appendRow(['Row 2']);

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

$section1=$output->section();$section2=$output->section();$progress=newProgressBar($section1);$progress->start(5);$table=newTable($section2);$table->addRow(['Row 1']);$table->render();foreach($rowsToProcessas$i=>$row){$table->appendRow(['Row '.$i++]);$progress->advance();// ...}$progress->finish();$section1->clear();

Symfony 4 was released in November 2017, alongside new best practices and Symfony Flex, the new way to manage Symfony applications. This new version is so different from Symfony 3 that we've decided to introduce a newSymfony 4 certification program.

The Symfony 4 exam consists of 75 questions to be answered in 90 minutes or less and you can take the exam in any of the 4,000 test centers available worldwide. The list of topics covers the most important parts of the core framework, excluding third-party libraries like Doctrine, Monolog, etc. Depending on your results, you'll get the Advanced Certified badge or the more difficultExpert Certified badge.

You can buy your exam voucher today and take the exam up to one year later. If you already have a voucher for the Symfony 3 exam, you can use it for the new Symfony 4 exam as long as you haven't activated the voucher and made an exam appointment yet. If you have any question, contact with us.

This week, Symfony 4.1 entered into its "feature freeze" period, so we finished some of its pending features: improved the Ajax panel in the debug toolbar, made exception pages more compact, avoid the double cache generation when running cache:clear command and lots of other minor changes. In addition, the French Symfony community celebrated the SymfonyLive Paris 2018 conference with great success. Lastly, we added Samuel Rozé as a new member of the Symfony Core Team.

Symfony development highlights

2.7 changelog:

• 3faa1d5: [Debug] supported phpdbg SAPI in Debug::enable()
• ae80466: [Intl] updated ICU data to 61.1
• 4243db5: [TwigBridge] fixed rendering of currency by MoneyType
• 98ee8ab: [HttpKernel] do not flush in DumpDataCollector when a dumper is provided

3.4 changelog:

• 02e59d4: [DependencyInjection] fixed hardcoded cache dir for warmups
• 99df7cb: [DependencyInjection] do not suggest writing an implementation when multiple exist
• 10ba44c: [Cache] import InvalidArgumentException in PdoAdapter

Master changelog:

• 5acc51f: [Messenger] removed the default transport if no serializer service
• c2a67aa: [DependencyInjection] validate env vars in config
• 209b32f: [Form] add Bootstrap 4 style for field FileType
• 05b9f64: [TwigBundle] more compact display of vendor code in exception pages
• 6806f66: [Messenger] use the messenger.message_handler tag instead of message.handler
• d329a7a: [WebProfilerBundle] updated the Messenger profiler panel
• 9dd89e0: [Form] added a data_help method
• be1b55b: [VarDumper] provide binary to allow starting a server easily
• a949484: [WebProfilerBundle] improved the Ajax profiler panel when there are exceptions
• 7b20b8c: [FrameworkBundle] keep query in redirect
• 5b27c2f: [Messenger] clone messages to show in profiler
• 5b6ff93: [WebProfilerBundle] show the duration of AJAX requests in real time
• ea6d861: [Messenger] add a middleware that wraps all handlers in one Doctrine transaction
• 3424cc7: [DependencyInjection] allow binary values in parameters
• 2e47edc: [DependencyInjection] allow json env var processor to accept null value
• 44a6f60: [FrameworkBundle] framework.php_errors.log now accept a log level
• 820b728: [DependencyInjection] add runtime service exceptions to improve the error message when controller arguments cannot be injected
• e3f964f: [FrameworkBundle] removed double cache generation by detecting fresh kernels on cache:clear
• ecb629a: [Messenger] compile-time errors fixes and tweaks
• f62a6d7: [HttpKernel] allow to easily ask Symfony not to set a response to private automatically
• f568271: [Translation] improved the lint:xliff command
• 9b25573: [Translation] make sure to trim source in XLIFF2 if it is too long for name
• 6bfc082: [Console] use a UTF-8 bullet for listing
• 40fbaa2: [Console] add box-double table style

Newest issues and pull requests

• [RFC] [Graph] Introduce a non-oriented graph management
• [Finder] Allow to ignore paths from .gitignore
• [Serializer] General issues with usability and functionality
• [DI][Config] How to allow to merge parameters from parent configs?
• [Config] Add and() method as an alternative to end()

They talked about us

• REST vs GraphQL: illustrated examples with the API Platform framework
• Drupal 8 core and Symfony components
• Symfony 4 and Doctrine Mongo DB
• Symfony 4 : Routes, Controllers & Templates
• Nuevo en Symfony 4.1: Prioridad en las extensiones Twig
• Nuevo en Symfony 4.1: soporte mejorado de Bootstrap 4
• Los nuevos generadores de MakerBundle
• Outils pour améliorer la vie des développeurs Symfony
• Servidor VarDumper adicionado no Symfony 4.1
• DoctrineSolrBundle — поиск по Doctrine entity на базе Solr в Symfony2
• 【Symfony】Requestオブジェクトからリクエストパラメータを取得する

Symfony 2.8.37 has just been released. Here is a list of the most important changes:

• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26589 [Ldap] cast to string when checking empty passwords (@ismail1432)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 2.7.44 has just been released. Here is a list of the most important changes:

• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 3.4.7 has just been released. Here is a list of the most important changes:

• bug #26387 [Yaml] Fix regression when trying to parse multiline (@antograssiot)
• bug #26749 Add PHPDbg support to HTTP components (@hkdobrev)
• bug #26609 [Console] Fix check of color support on Windows (@mlocati)
• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26595 [DI] Do not suggest writing an implementation when multiple exist (@chalasr)
• bug #26662 [DI] Fix hardcoded cache dir for warmups (@nicolas-grekas)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26600 [Routing] Fixed the importing of files using glob patterns that match multiple resources (@skalpa)
• bug #26589 [Ldap] cast to string when checking empty passwords (@ismail1432)
• bug #26626 [WebProfilerBundle] use the router to resolve file links (@nicolas-grekas)
• bug #26635 [DI] Dont tell about autoregistration in strict autowiring mode (@nicolas-grekas)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26612 [PHPunit] suite variable should be used (@prisis)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26513 [FrameworkBundle] Respect debug mode when warm up annotations (@Strate)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26273 [Security][Profiler] Display the original expression in 'Access decision log' (@lyrixx)
• bug #26427 [DependencyInjection] fix regression when extending the Container class without a constructor (@lsmith77)
• bug #26562 [BridgePhpUnit] Cannot autoload class "SymfonyBridgePhpUnitSymfonyTestsListener" (@Jake Bishop)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26590 Make sure form errors is valid HTML (@Nyholm)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• feature #26408 Readd 'form_label_errors' block to disable errors on form labels (@birkof)
• bug #26591 [TwigBridge] Make sure we always render errors. Eventhough labels are disabled (@Nyholm)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26482 [PhpUnitBridge] Ability to use different composer.json file (@amcastror)
• bug #26443 [Fix][HttpFoundation] Fix the updating of timestamp in the MemcachedSessionHandler (@Alessandro Loffredo)
• bug #26400 [Config] ReflectionClassResource check abstract class (@andrey1s)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26041 Display the Welcome Page when there is no homepage defined (@javiereguiluz)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 4.0.7 has just been released. Here is a list of the most important changes:

• bug #26387 [Yaml] Fix regression when trying to parse multiline (@antograssiot)
• bug #26749 Add PHPDbg support to HTTP components (@hkdobrev)
• bug #26609 [Console] Fix check of color support on Windows (@mlocati)
• bug #26727 [HttpCache] Unlink tmp file on error (@Chansig)
• bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (@ogizanagi)
• bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (@ro0NL)
• bug #26595 [DI] Do not suggest writing an implementation when multiple exist (@chalasr)
• bug #26662 [DI] Fix hardcoded cache dir for warmups (@nicolas-grekas)
• bug #26677 Support phpdbg SAPI in Debug::enable() (@hkdobrev)
• bug #26600 [Routing] Fixed the importing of files using glob patterns that match multiple resources (@skalpa)
• bug #26589 [Ldap] cast to string when checking empty passwords (@ismail1432)
• bug #26626 [WebProfilerBundle] use the router to resolve file links (@nicolas-grekas)
• bug #26634 [DI] Cleanup remainings from autoregistration (@nicolas-grekas)
• bug #26635 [DI] Dont tell about autoregistration in strict autowiring mode (@nicolas-grekas)
• bug #26621 [Form] no type errors with invalid submitted data types (@xabbuh)
• bug #26612 [PHPunit] suite variable should be used (@prisis)
• bug #26337 [Finder] Fixed leading/trailing / in filename (@lyrixx)
• bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (@systemist)
• bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (@pierredup)
• bug #26513 [FrameworkBundle] Respect debug mode when warm up annotations (@Strate)
• bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (@i3or1s)
• bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (@dunglas)
• bug #26273 [Security][Profiler] Display the original expression in 'Access decision log' (@lyrixx)
• bug #26427 [DependencyInjection] fix regression when extending the Container class without a constructor (@lsmith77)
• bug #26562 [BridgePhpUnit] Cannot autoload class "SymfonyBridgePhpUnitSymfonyTestsListener" (@Jake Bishop)
• bug #26598 Fixes #26563 (open_basedir restriction in effect) (@temperatur)
• bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (@nicolas-grekas)
• bug #26590 Make sure form errors is valid HTML (@Nyholm)
• bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (@fancyweb)
• feature #26408 Readd 'form_label_errors' block to disable errors on form labels (@birkof)
• bug #26591 [TwigBridge] Make sure we always render errors. Eventhough labels are disabled (@Nyholm)
• bug #26356 [FrameworkBundle] HttpCache is not longer abstract (@lyrixx)
• bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (@dunglas)
• bug #26482 [PhpUnitBridge] Ability to use different composer.json file (@amcastror)
• bug #26443 [Fix][HttpFoundation] Fix the updating of timestamp in the MemcachedSessionHandler (@Alessandro Loffredo)
• bug #26400 [Config] ReflectionClassResource check abstract class (@andrey1s)
• bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (@dunglas)
• bug #26041 Display the Welcome Page when there is no homepage defined (@javiereguiluz)
• bug #26452 [Intl] Load locale aliases to support alias fallbacks (@jakzal)
• bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (@jakubkulhan)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Security is the hardest part of most applications. Even if you follow the latest best practices about security in your own code, there's still the issue of inspecting the third-party code of the dependencies used in your projects.

You can't review every single line of external code used in your application. That's why we've created Symfony Security Monitoring, a service that checks your dependencies continuously for known security vulnerabilities and it'scompatible with any PHP project that uses Composer.

The service is simple to use: upload the contents of your composer.lock file and we'll start monitoring those packages and those exact versions continuously to alert you as soon as a vulnerability is disclosed for them.

This continuous security monitoring is better than checking your dependencies automatically on your continuous integration platform. Instead of checking for vulnerabilities when building or deploying the project, we check them 24 hours a day, every day.

This service is also great for projects that you don't work on anymore or with a low maintenance. In those cases, continuous integration is not interesting anymore, and it's useful to have instead a bot that alerts you whenever a new vulnerability is discovered and impacts your project.

The pricing of the service is simple too. Instead of a monthly subscription, the service charges you once for three years of unlimited alerts and security checks for one project. The equivalent monthly price is as low as 2 euros.

Symfony 2.7.45 has just been released. Here is a list of the most important changes:

• bug #26763 [Finder] Remove duplicate slashes in filenames (@helhum)
• bug #26749 Add PHPDbg support to HTTP components (@hkdobrev)
• bug #26609 [Console] Fix check of color support on Windows (@mlocati)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 2.8.38 has just been released. Here is a list of the most important changes:

• bug #26788 [Security] Load the user before pre/post auth checks when needed (@chalasr)
• bug #26774 [SecurityBundle] Add missing argument to security.authentication.provider.simple (@i3or1s, @chalasr)
• bug #26763 [Finder] Remove duplicate slashes in filenames (@helhum)
• bug #26749 Add PHPDbg support to HTTP components (@hkdobrev)
• bug #26609 [Console] Fix check of color support on Windows (@mlocati)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 3.4.8 has just been released. Here is a list of the most important changes:

• bug #26802 [Security] register custom providers on ExpressionLanguage directly (@dmaicher)
• bug #26794 [PhpUnitBridge] Catch deprecation error handler (@cvilleger)
• bug #26788 [Security] Load the user before pre/post auth checks when needed (@chalasr)
• bug #26792 [Routing] Fix throwing NoConfigurationException instead of 405 (@nicolas-grekas)
• bug #26774 [SecurityBundle] Add missing argument to security.authentication.provider.simple (@i3or1s, @chalasr)
• bug #26763 [Finder] Remove duplicate slashes in filenames (@helhum)
• bug #26758 [WebProfilerBundle][HttpKernel] Make FileLinkFormatter URL format generation lazy (@nicolas-grekas)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 4.0.8 has just been released. Here is a list of the most important changes:

• bug #26802 [Security] register custom providers on ExpressionLanguage directly (@dmaicher)
• bug #26794 [PhpUnitBridge] Catch deprecation error handler (@cvilleger)
• bug #26788 [Security] Load the user before pre/post auth checks when needed (@chalasr)
• bug #26792 [Routing] Fix throwing NoConfigurationException instead of 405 (@nicolas-grekas)
• bug #26774 [SecurityBundle] Add missing argument to security.authentication.provider.simple (@i3or1s, @chalasr)
• bug #26763 [Finder] Remove duplicate slashes in filenames (@helhum)
• bug #26758 [WebProfilerBundle][HttpKernel] Make FileLinkFormatter URL format generation lazy (@nicolas-grekas)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy.Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

This week was the first of the "feature freeze" period of Symfony 4.1. Development activity focused on finishing and polishing some of the pending features, such as a middleware that validates Messenger messages, a Monolog activation strategy for ignoring specific HTTP codes, the ability to set the rounding strategy for MoneyType and a feature to use custom functions inside allow_if security expressions.

Symfony development highlights

2.7 changelog:

• d73f491: [Console] fixed check of color support on Windows
• eac5ede: added PHPDbg support to HTTP components
• 7c4676a: [Finder] removed duplicate slashes in filenames
• c415e4c: [EventDispatcher] fixed wrong listener in stopEventPropagation test

3.4 changelog:

• c48af7c: [FrameworkBundle] added PHP errors options to XML schema definition
• ea69cc2: [Yaml] fixed regression when trying to parse multiline
• 341682e: [WebProfilerBundle] made FileLinkFormatter URL format generation lazy
• 3c54c4a: [SecurityBundle] added missing argument to security.authentication.provider.simple
• 0e67060: [Routing] fixed throwing NoConfigurationException instead of 405
• 1605684: [Security] load the user before pre/post auth checks when needed
• 603f3ab: [PhpUnitBridge] catch deprecation error handler
• 5fa9a58: [Security] register custom providers on ExpressionLanguage directly

Master changelog:

• 0ff2f8e: [Workflow] added a new all() method to Registry
• 382b586: [FrameworkBundle] fixed log level support config handling
• 9fda6d3: mark ExceptionInterfaces throwable
• 8912754: [HttpFoundation] split FileException into specialized ones about upload handling
• 56cd3d2: [Messenger] added a middleware that validates messages
• d5b88eb: [Messenger] added a MessageHandlerInterface (multiple messages + auto-configuration)
• ee51f74: [Monolog Bridge] added a Monolog activation strategy for ignoring specific HTTP codes
• fe6aa64: [Form] ability to set rounding strategy for MoneyType
• 2a4d024: [Ldap] allow adding and removing values to/from multi-valued attributes
• 572042c: [Messenger] remove the Doctrine middleware configuration from the FrameworkBundle
• f738013: [PhpUnitBridge] search for other SYMFONY_* env vars in phpunit.xml then phpunit.xml.dist
• 179fe2f: [FrameworkBundle] removed CSRF Twig extension when class is missing
• 3a37e41: [Messenger] moved collector and command into the component and other minor tweaks
• 47e2bd3: [Debug] support any Throwable object in FlattenException
• 0f4c0e9: [HttpFoundation] added a migrating session handler
• dc29b27: [SecurityBundle] allow using custom function inside allow_if expressions
• ec999c7: [Console] added support for iterable in output
• 629e82d: [HttpFoundation] have MigratingSessionHandler implement SessionUpdateTimestampHandlerInterface

Newest issues and pull requests

• Simpler testing of security protected resources
• [RFC][Form] Add locale option to all Intl choice types
• Flag all cookies as Secure
• Provide official docker images?
• [RFC] [Serializer] Handling circular reference at Encoder level
• [RFC] Rename some configuration node names
• [WebProfilerBundle] Allow custom protocols to be used with /open?file=

They talked about us

• The main reasons we use Symfony for web application developments
• How to manage static images with Symfony’s Webpack Encore
• Adding user management to your Symfony application
• 4 Ways to Speedup Your Symfony Development with PackageBuilder
• Symfony: Add custom template parameters in EasyAdmin
• Getting started with elastica queries in Symfony
• Stub ParamConverter in phpunit
• Configuración de Symfony y entornos
• Deploy Symfony
• SymfonyLive 2018 : Symfony 4 met le cap sur l'excellence
• 10e édition du SymfonyLive ! Retours sur l’événement Sensiolabs francophone annuel. Et quel événement !

This week, Symfony continued working on the new features of the upcoming 4.1 version, such as iterable support in the SymfonyStyle methods and a new AMQP adapter for the Messenger component. In addition, we opened the Call for Papers for SymfonyLive London 2018 conference.

Symfony development highlights

2.7 changelog:

• 0f9c45e: [Validator] fixed LazyLoadingMetadataFactory with PSR6Cache for non classname if tested values isn't existing class
• 1067468: [Console] don't go past exact matches when autocompleting

3.4 changelog:

• 11bdd80: [DependencyInjection] improve error message for non-autowirable scalar argument
• 16ae720: [HttpKernel] don't create mock cookie for new sessions in tests
• 811c4dd: [HttpKernel] made ServiceValueResolver work if controller namespace starts with a backslash in routing

Master changelog:

• 5736321: [Console] support iterable in SymfonyStyle::write/writeln
• a726f05: [Messenger] rename the middleware tag
• 9a99955: [FrameworkBundle] fixed configuration of php_errors.log
• aa04d06: [Messenger] added AMQP adapter

Newest issues and pull requests

• [RFC] Remove the internal flag on Inflector component
• Event Dispatcher on Router:generate
• Make it possible to omit keys for service locators
• [Form] Issue with the ordering of global form themes
• [Twig][DX] report unknown folders in templates/bundles in debug:twig
• [Messenger] Allow to provide context in the Serializer class

They talked about us

• Symfony 4 : WYSIWYG editors
• An efficient way to treat MongoDB in Symfony.
• Kunstmaan CMS Hackathon 2018
• Cleaning up the demo project
• DrupalCon Nashville 2018: Symfony 4: From zero to hero
• Symfony 4.1: Aperfeiçoamentos no Validador
• Novidade no Symfony 4.1: Saída Avançada do Console
• Componente Messenger adicionado no Symfony 4.1

Contributed by
Shaun Simmons
in #23707.

Logging as much information as possible is essential to help you debug the issues found in your applications. However, logging too much information can be as bad as logging too little, because of all the "noise" added to your logs.

That's why in Symfony 4.1 we've improved the Monolog integration to allow you exclude log messages related to specific HTTP codes. For example, when using afingers_crossed handler, use the following configuration to ignore the logs about 403 and 404 errors:

1
2
3
4
5
6
7

# config/packages/monolog.yamlmonolog:handlers:main:# ...type:'fingers_crossed'excluded_http_codes:[403,404]

For more complex needs, it's also possible to exclude logs only for certain URLs, defined as regular expression patterns:

1
2
3
4
5
6

# config/packages/monolog.yamlmonolog:handlers:main:# ...excluded_http_codes:[{400:['^/foo','^/bar']},403,404]

If you prefer XML configuration, this is how the previous example would look like:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

<!-- config/packages/monolog.xml --><monolog:config><monolog:handlertype="fingers_crossed"name="main"handler="..."><!-- ... --><monolog:excluded-http-codecode="400"><monolog:url>^/foo</monolog:url><monolog:url>^/bar</monolog:url></monolog:excluded-http-code><monolog:excluded-http-codecode="403"/><monolog:excluded-http-codecode="404"/></monolog:handler></monolog:config>