Affected versions

Symfony 4.4.0 to 4.4.3 and 5.0.0 to 5.0.4 versions of the Symfony ErrorHandler component are affected by this security issue.

The issue has been fixed in Symfony 4.4.4 and 5.0.4.

Description

When ErrorHandler renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-debug environments.

Resolution

The ErrorHandler class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-debug environments.

The patches for this issue are available here and here for 4.4 branch.

Credits

I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.

Affected versions

Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony ErrorHandler component are affected by this security issue.

The issue has been fixed in Symfony 4.4.7 and 5.0.7.

Description

When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a corrupted cache where the cached format is not the right one.

Resolution

Symfony does not use the Accept header anymore to guess the Content-Type.

The patch for this issue is available here for the 4.4 branch.

Credits

I would like to thank Xavier Lacot from JoliCode for reporting & Yonel Ceruto and Tobias Schultze for fixing the issue.

Affected versions

Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony ErrorHandler component are affected by this security issue.

The issue has been fixed in Symfony 4.4.7 and 5.0.7.

Description

On Symfony before 4.4.0, when a Firewall checks an access control rule (using the unanimous strategy), it iterates over all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access.

As of Symfony 4.4.0, a bug was introduced that prevents the check of attributes as soon as accessDecisionManager decide to grant access on one attribute.

Resolution

The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute.

The patch for this issue is available here for the 4.4 branch.

Credits

I would like to thank Antonio J. García Lagar for reporting & Robin Chalas for fixing the issue.

Symfony 4.4.7 has just been released. Here is a list of the most important changes:

• security #cve-2020-5255 [HttpFoundation] Do not set the default Content-Type based on the Accept header (@yceruto)
• security #cve-2020-5275 [Security] Fix acces _control behavior with unanimous decision strategy (@chalasr)
• bug #36262 [DI] fix generating TypedReference from PriorityTaggedServiceTrait (@nicolas-grekas)
• bug #36252 [Security/Http] Allow setting cookie security settings for delet _cookies (@wouterj)
• bug #36261 [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected (@nicolas-grekas)
• bug #36259 [DomCrawler] Fix BC break in assertions breaking Panther (@dunglas)
• bug #36181 [BrowserKit] fixed missing post request parameters in file uploads (@codebay)
• bug #36216 [Validator] Assert Valid with many groups (@phucwan91)
• bug #36222 [Console] Fix OutputStream for PHP 7.4 (@guillbdx)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. UseSymfonyInsight upgrade reports to detect the code you will need to change in your project andread our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Symfony 5.0.7 has just been released. Here is a list of the most important changes:

• security #cve-2020-5255 [HttpFoundation] Do not set the default Content-Type based on the Accept header (@yceruto)
• security #cve-2020-5275 [Security] Fix acces _control behavior with unanimous decision strategy (@chalasr)
• bug #36262 [DI] fix generating TypedReference from PriorityTaggedServiceTrait (@nicolas-grekas)
• bug #36252 [Security/Http] Allow setting cookie security settings for delet _cookies (@wouterj)
• bug #36261 [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected (@nicolas-grekas)
• bug #36259 [DomCrawler] Fix BC break in assertions breaking Panther (@dunglas)
• bug #36181 [BrowserKit] fixed missing post request parameters in file uploads (@codebay)
• bug #36216 [Validator] Assert Valid with many groups (@phucwan91)
• bug #36222 [Console] Fix OutputStream for PHP 7.4 (@guillbdx)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. UseSymfonyInsight upgrade reports to detect the code you will need to change in your project andread our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Contributed by
Jules Pietri
in #30501.

Redirections to other URLs and routes allow Symfony applications evolve without breaking any existing links. These redirections are configured in YAML, XML or PHP files instead of annotations, and the resulting config was a bit verbose.

In Symfony 5.1, we've improved it to make the config much more concise. The following examples show the changes for the config/routes.yaml file, but the improvement is very similar for XML and PHP config files.

Redirecting to another route:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

# Beforedoc_shortcut:path:/doccontroller:Symfony\Bundle\FrameworkBundle\Controller\RedirectControllerdefaults:route:'doc_page'permanent:true# Afterdoc_shortcut:path:/docredirect_to_route:'doc_page'permanent:true

Redirecting to a URL:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

# Beforelegacy_doc:path:/legacy/doccontroller:Symfony\Bundle\FrameworkBundle\Controller\RedirectControllerdefaults:path:'https://legacy.example.com/doc'permanent:false# Afterlegacy_doc:path:/legacy/docredirect_to_url:'https://legacy.example.com/doc'permanent:false

We've also improved the config of routes that render a template directly, without executing any of your controller actions:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

# Beforepage_privacy:path:/site/privacy-policycontroller:Symfony\Bundle\FrameworkBundle\Controller\TemplateControllerdefaults:template:'static/privacy.html.twig'context:site_name:'ACME'# Afterpage_privacy:path:/site/privacy-policytemplate:'static/privacy.html.twig'context:site_name:'ACME'

Finally, in Symfony 5.1 you can also define that a URL is gone, temporarily (404 status) or permanently (410 status) with the gone option:

1
2
3
4

conference:path:/foo-conferencegone:truepermanent:true

Symfony 5.1 adds important new features related to routing, such aspriority for route annotations and simpler route config. In this article we'll show other minor but interesting features added to routing.

Added stateless route attribute¶

Contributed by
Mathias Arlaud
in #35732 and #35782.

Routes can now configure a stateless boolean option. If set to true, they declare that session won't be used during the handling of the request.

If a stateless route uses the session, you'll see an exception when debug is enabled in the application and you'll get a log message when debug is disabled:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

// src/Controller/MainController.phpnamespaceApp\Controller;useSymfony\Bundle\FrameworkBundle\Controller\AbstractController;useSymfony\Component\Routing\Annotation\Route;classMainControllerextendsAbstractController{/** * @Route("/", name="homepage", stateless=true) */publicfunctionhomepage(){// ...}}

Allow using env vars in route conditions¶

Contributed by
Ahmed Tailouloute
in #35747.

Routing conditions define expressions that routes must match. In Symfony 5.1, we've improved those expressions to allow using environment variables.

When using env vars, you can also apply any of the Symfony env var processors:

1 2 3 4 5 6 7 8

/** * @Route("/new-feature", condition="env('bool:IS_FEATURE_ENABLED') === true") */publicfunction__invoke(){// this route will only execute when the value of the// IS_FEATURE_ENABLED env var is TRUE}

Simpler RequestContext configuration¶

Contributed by
Benjamin Lévêque
in #35281.

Generating URLs in console commands and any other place outside of the web context is challenging because Symfony doesn't have access to the current host, the base URL, etc.

In those cases, you need to configure the request context using container parameters such as router.request_context.host. In Symfony 5.1, you can configure those values via the framework.router option:

1 2 3 4 5 6 7

# config/packages/routing.yamlframework:router:# ...host:'example.org'scheme:'https'base_url:'my/path'

The String component was introduced in Symfony 5.0 as an experimental feature. In Symfony 5.1 it will be no longer experimental and we've improved it with new features.

Use Stringable interface¶

Contributed by
Nicolas Grekas
in #36059.

PHP 8 will be published in December 2020, but you can already use some of its features in your PHP applications thanks to the Symfony PHP 8 Polyfill. In Symfony 5.1 we use that polyfill to make all string objects implement theStringable interface.

This will allow you to use union types such as string|Stringable in the future when you later upgrade to PHP 8.

Keep the last word when truncating¶

Contributed by
Fran Moreno
in #35649.

When truncating text with the truncate() method, it's common to keep the last word unchanged, even if that means generating a string slightly longer than initially desired.

That is now possible thanks to a new optional argument called cut which istrue by default. Set it to false to keep the last word unchanged:

1 2 3 4

usefunctionSymfony\Component\String\u;u('Lorem Ipsum')->truncate(8,'…');// 'Lorem I…'u('Lorem Ipsum')->truncate(8,'…',false);// 'Lorem Ipsum'

Added a containsAny() method¶

Contributed by
Nicolas Grekas
in #35936.

A common need when working with strings is to check if a given string contains some other string. That's why we added a new containsAny() method, which not only checks if a string contains another one, but it can also check if it contains at least one of all the given strings:

1 2 3 4 5

usefunctionSymfony\Component\String\u;u('aeiou')->containsAny('a');// trueu('aeiou')->containsAny(['ab','efg']);// falseu('aeiou')->containsAny(['eio','foo','z']);// true

Added a reverse() method¶

Contributed by
Thomas Calvet
in #35091.

Another method added in Symfony 5.1 is reverse(), which flips the order of the string contents:

1 2 3 4

usefunctionSymfony\Component\String\u;u('foo bar')->reverse();// 'rab oof'u('さよなら')->reverse();// 'らなよさ'

This week, Symfony published 4.4.7 and 5.0.7 versions to address some security vulnerabilities. Meanwhile, the upcoming Symfony 5.1 version added a feature to dump factory files as classes and improved class preloading. This will be one of the topics of the next SymfonyLive Online event on April 17, 2020.

Symfony development highlights

This week, 76 pull requests were merged (42 in code and 34 in docs) and 49 issues were closed (43 in code and 6 in docs). Excluding merges, 42 authors made 3,915 additions and 1,484 deletions. See details for code and docs.

3.4 changelog:

• b9c2693: [Validator] fixed calling getters before resolving groups
• 0b27194: [HttpKernel] prevent keys collisions in the sanitized logs processing
• 6dbf9eb: [Serializer] fixed unitialized properties
• 6254cdb: [Validator] allow URL-encoded special characters in basic auth part of URLs
• 21a6ab0: [HttpFoundation] no need to reconnect the bags to the session after session_regenerate_id
• 004f1f3: [WebProfilerBundle] support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
• 60a35f8: [Validator] updated Ukrainian and Russian translations

4.4 changelog:

• ff2c362: [DomCrawler] fixed BC break in assertions breaking Panther
• c266ab1: [FrameworkBundle] reverted to legacy wiring of the session when circular refs are detected
• b1d21af: [Security] allow setting cookie security settings for delete_cookies
• fe091d4: [DependencyInjection] fixed generating TypedReference from PriorityTaggedServiceTrait
• c935e4a: [Security] fixed access_control behavior with unanimous decision strategy
• dca3434: [HttpFoundation] do not set the default Content-Type based on the Accept header
• 6f25ce5: [Security] forward multiple attributes voting flag
• a5af8f6: fixed the reporting of deprecations in twig:lint
• b9c2693: [Validator] fixed calling getters before resolving groups
• 15edfd3: [Security] ignored all non existent username protection errors in SwitchUserListener
• 38cbcc6: [Security] track session usage whenever a new token is set

Master changelog:

• bb9d522: [Uid] improve the code
• 0876480: [DependencyInjection] dump factory files as classes
• 0c74ff4: [FrameworkBundle] dump kernel extension configuration
• 2130465: [HttpFoundation] improve UnexpectedSessionUsageException backtrace
• c8f4d16: [DependencyInjection] improve the deprecation features by handling package and version
• 9381dd6: [HttpKernel] deprecate single-colon notation for controllers
• 09dcbfc: [FrameworkBundle] deprecate flashbag and attributebag services
• 2fc5f13: [DependencyInjection] deprecate ContainerInterface aliases
• 0bec08f: [Config] improve the deprecation features by handling package and version
• 5aeecc2: [Form] action allows only strings
• fdd8ac5: [Messenger] add a \Throwable argument in RetryStrategyInterface methods
• 1fc7b86: [Security] refactor logout listener to dispatch an event instead
• 6f57fcf: [Mime] strengthen is_resource() checks
• 8a2a69f: [HttpKernel] allow cache warmers to add to the list of preloaded classes and files
• 3b38f38: [DependencyInjection] add tags container.preload/.no_preload to declare extra classes to preload/services to not preload

Newest issues and pull requests

• [RFC] Decouple ArgumentResolver from Request context
• [DX][WebProfiler] Use distinct color for deprecations
• [RFC] disable langs in Internationalized routing and redirecting
• [RFC] Prevent reverse proxy cache flooding

They talked about us

• Using MJML with Twig
• How to Manage ACLs in Symfony the Easy Peasy Way
• Released doctrine/migrations 3.0-alpha
• Symfony 5 Security
• Nuevas funcionalidades añadidas en Symfony Polyfill 1.15
• Se publican las actualizaciones de seguridad Symfony 4.4.7 y 5.0.7
• Nuevo en Symfony 5.1: Configuración de rutas más sencilla
• Nuevo en Symfony 5.1: Mejoras en el enrutamiento
• Nuevo en Symfony 5.1: Nuevos métodos para trabajar con cadenas de texto
• Временная локализация на Symfony 4 + Twig

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.

The first edition of the SymfonyLive Online conference, hold on March 27th 2020, gathered about 1,600+ people. We’re very pleased to announce the next SymfonyLive Online conference: join us on Friday April 17th 2020 to learn from the best experts of Symfony. To enable everyone to join us, there are 2 conference sessions, you can attend the online conference edition at 8:00 UTC or at 15:00 UTC.

Listen to 2 talks of 40 minutes each. Learn the latest about Symfony and enhance your knowledge from home! Here is the agenda of the upcoming Online conference on April 17th:

• The Symfony Notifier Component (40 min) by Fabien Potencier, project lead of Symfony, founder/CEO of Blackfire and Symfony SAS. Symfony 5.0 introduced a new Notifier Component. It is based on the work done previously in the Mailer, HttpClient, and Messenger component and leverages their features. Learn more about how to use it in your own applications.
• Preloading and Symfony, a love story (40 min) by Nicolas Grekas, core contributor of Symfony, principal engineer for Symfony SAS. Preloading is a hot topic these days, yet the first versions of PHP 7.4 crashed when it was enabled. Since September with the first experiments (and crash reports), Nicolas is tracking the beast: PHP 7.4.4 finally makes it usable in all contexts and a 75% boost has been measured on a "Hello World" app. Can you expect the same benefits on your apps? Preloading comes with its own challenges. Let's review them and figure how you can get the most out of it for the benefit of your server's efficiency and response time.

Register now at 9.99€, VAT excluded, per person and attend the online conference. You can buy one or more vouchers, for you or for someone else. Each voucher gives a license to attend one online conference to one person, either online (one screen per person) or offline (one shared screen in a projection room, in this case you need to buy as many vouchers as there are persons in the room). While this licensing policy is not technically enforced, we assume that the community will play fair. For companies, it is a legal requirement.

We'd like to invite the Symfony community at large to join us, both talks will be in English. Whether you can attend the international SymfonyCon or any local SymfonyLive conferences, these online gatherings might be the best opportunity to learn from the best experts of Symfony.

Stay safe and see you soon online!

Contributed by
Nicolas Grekas
in #35924.

Symfony HttpClient component has provided full HTTP/2 support since day one when the cURL PHP extension was installed on your machine. In Symfony 5.1 we've improved the HTTP client to provide a portable HTTP/2 implementation which doesn't require installing cURL.

The amphp/http-client library provides an async HTTP/1.1+2 client for PHP based on Amp (a non-blocking concurrency framework for PHP applications). The amphp/http-client manually implements HTTP over TCP sockets, so it has no dependency on the cURL extension.

In Symfony 5.1, Symfony HttpClient has been improved to detect not only cURL but also the Amp HTTP client. Therefore, HTTP/2 is enabled if one of the following tools is installed:

• The libcurl library version 7.36 or higher;
• The amphp/http-client PHP package version 4.2 or higher.

You won't need to do or configure anything else. Just upgrade to Symfony 5.1, install amphp/http-client and you'll have a portable HTTP/2 implementation.

This year the international SymfonyCon conference will take place in Disneyland® Paris from December 1st to 5th, 2020. We are super excited to meet you there to celebrate Symfony’s 15th anniversary. Enjoy the Early Bird registrationuntil April 27th!

Our Call for Papers is currently open until May 25th, 2020. If you didn’t submit yet your talk proposals (in English), submit them before it’s too late! If you never spoke at a conference before, we do have a special mentorship program for speakers to help you with your talk (slides, rehearsal…). Remember that each selected speaker will get a free conference ticket, among other things!

For this special conference, we’re also pleased to open a Call for Trainers! We’re looking for workshops in English related to Symfony and its ecosystem, not yet scheduled. If you’re an experienced trainer and are used to deliver workshops, send in your workshops proposals! As the Symfony ecosystem is wide and diverse, we’d like to offer more workshops to the community. The idea is to make sure every attendee can find the right knowledge to enhance his/her/their experience during the conference.

Our Call for Trainers is open until May 25th, 2020. Here are the selection criteria:

• If the workshop has already been organized please send us the comments sent by the attendees (If any).
• You must have an experience as a workshop trainer and must be able to prove it (past link to workshop details, surveys realized after the workshop sent to the attendees…).
• You must have an experience in the field of the workshop topic and be able to prove it.
• Symfony related workshops are prioritized over generic PHP workshops.
• If you want to present your workshop with someone else, please mention the name of the person you’d like to do the workshop with, along with their experience as a workshop trainer and about the workshop topic (maximum of 2 trainers per workshop).
• When you submit your workshop description, be sure that you have the right to use the workshop materials you’ll share with the attendees (all information mentioned in your workshop submission will appear on the website).
• We will review your workshop's slides during the selection process: please have them ready.

We are pleased to share our terms and conditions of this special Call for Trainers:

• Workshops are part of the global experience of the SymfonyCon, attendees registered to the workshops cannot be disappointed. By submitting a workshop proposal, you declare to be free and available to present the workshop on December 1st or 2nd.
• A technical committee will select the workshops among the proposals received at the closing deadline.
• The selected trainers will be contacted by email.
• If you are selected and your workshop doesn’t have the minimum number of attendees to be organized a month before the conference, your workshop will be canceled.
• For each selected workshop trainer, we’ll entirely cover the transport fees and book an hotel room to attend the workshops. We’ll offer each workshop trainer a free conference ticket to attend the conference.

You can submit several talk proposals and several workshop proposals, there are no limits! Share your knowledge with the Symfony community by organizing a training or by speaking on stage at the conference. Take part in our Call for Papers and Call for Trainers for SymfonyCon Disneyland® Paris 2020 until May 25th, 2020.

In the meanwhile we meet you there, stay home and safe!

The book “Symfony 5: The Fast Track” by Fabien Potencier has been released at the end of 2019. It is now available in 8 languages besides English. The book has been recently translated to Portuguese and Romanian on top of the already published versions in French, Spanish, German, Russian, Italian and Dutch.

“Symfony 5: The Fast Track” is the best resource to learn how to develop modern web applications with Symfony 5. The book was first published in paper and, by popular demand, it's now available for purchase as a PDF file too. You can buy it via several ways, check out how to get your own printed or PDF version.

We’d like to shout out a huge thank you to the Symfony community and the people working on the book translations. It’s a lot of work which requires time and they are all doing a great job, thank you for your help! Other languages will be soon available, don’t miss the announcement on Symfony’s blog or Fabien’s Twitter account (follow @fabpot on Twitter to get the announcement).

The book translations are part of the Symfony diversity initiative. They want to help developers who struggle with English as a second language to make Symfony more approachable. We'd love to translate all Symfony docs, but it's impossible because of how fast docs are updated. The book contents are much more stable, so they allow for these translations.

You’re probably wondering why you should pay for the PDF edition since the book contents will be published for free on symfony.com in the coming weeks. If you didn’t read the last blog post announcing the release of the PDF version of the book, you may be asking why isn't the PDF edition available for free.

If you missed it, here is the answer: on January 2018, Symfony became an independent company. More precisely, a private commercial company called "Symfony SAS" which sponsors the development of the Symfony framework.

This sponsoring includes the salaries of people like Fabien Potencier, the Symfony creator and project leader, Nicolas Grekas, the biggest code contributor and Javier Eguiluz, the biggest doc contributor.

The proceeds from the sale of the book, including the original Kickstarter campaign, go entirely to fund Symfony SAS business operations. In other words, purchasing the book (or gifting it to other developers) is a great way to learn Symfony and contribute to the project at the same time.

We also would like to thank all the book sponsors and Kickstarter funders. Without your support, this entire book project would not be possible. Your involvement is essential to help Symfony SAS running. On top, we want to give a special thanks to the main book sponsors: Blackfire.io, Private Packagist and Darkmira. Thank you for your support!

If you don't have it yet, get your own book edition in PDF or printed and support Symfony’s project and company. We need you to continue the great Symfony work!

Two weeks ago, we took the decision to postpone the SymfonyLive Warszawa 2020 conference initially scheduled on June 11-12. Due to the current global Coronavirus 2019 (COVID-19) situation, we decided to organize the conference in October to make sure the conditions will be safe for everyone: speakers, attendees, sponsors and staff.

Here is the new agenda of the SymfonyLive Warszawa 2020 conference organized at the Westin Warsaw:

• October 5th-6th: 2 conference days
• October 7th-8th: 2 workshop days

The early bird registration is currently open until May 4th. Get your conference ticket for 799zł or your combo conference and workshop ticket for 3039zł. Book your ticket before the price changes.

The Call for Papers is open until April 27th. Join the conference as a speaker, submit your talk proposals in Polish now! The entire conference will be organized in Polish, except for the Keynotes. Share your Symfony experience with the Polish community, become a speaker! If you never spoke at a conference before, we have a mentoring program for speakers to help you with your talk (slides, rehearsals...). Each selected speaker will receive a free conference ticket and more! Don't hesitate to submit more than one talk proposal.

If you are interested in sponsoring the conference, don't hesitate to contact us at event[at]symfony.com. We'd be pleased to present you our sponsorship packages.

We can't wait to meet the Symfony Polish community there. See you at SymfonyLive Warszawa 2020!

Contributed by
Nicolas Grekas
in #36195 and #36209.

PHP class preloading is one of the most important features added in PHP 7.4. On server startup - before any application code is run - PHP can load a certain set of PHP files into memory and make their contents permanently available to all subsequent requests.

During preloading, PHP also resolves class dependencies and links with parent, interfaces and traits. It also removes unnecessary includes and performs some other optimizations. The overall result is a very significant performance improvement in real applications.

Symfony is compatible with PHP preloading since 4.4 version. In Symfony 5.1 we've improved preloading to make it easier to configure thanks to two newdependency injection tags called container.preload and container.no_preload.

First, container.preload allows you to define which classes must be preloaded by PHP. Add one or more of these tags in your services to preload as many classes as you need. For example, in Symfony code we use this tag to preload some classes related to the twig service:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

services:twig:class:Twig\Environment# ...tags:-{ name:'container.preload', class:'Twig\Cache\FilesystemCache'}-{ name:'container.preload', class:'Twig\Extension\CoreExtension'}-{ name:'container.preload', class:'Twig\Extension\EscaperExtension'}-{ name:'container.preload', class:'Twig\Extension\OptimizerExtension'}# ...

The container.no_preload tag is used to tell PHP that it must not preload a certain class. In this case, the tag doesn't define a class attribute. Instead, apply the tag to some service and the class related to that service won't be preloaded:

1
2
3
4
5
6

services:twig.template_cache_warmer:class:Symfony\Bundle\TwigBundle\CacheWarmer\TemplateCacheWarmer# ...tags:-{ name:'container.no_preload'}

Another change related to PHP preloading is that the warmUp() method of theSymfony cache warmers now must return an array with the FQCN (fully-qualified class names) of the classes to warm up. Not doing that is deprecated since Symfony 5.1.

We've already implemented all these features in Symfony code. The result is that in our synthetic benchmarks, a sample application went from 360 requests per second to 630 requests per second, a 75% performance improvement.

In your own applications, performance improvements will vary. To learn more about preloading in Symfony applications, sign up for the next SymfonyLive Online event which will take place on Friday, April 17.

The SymfonyLive Berlin 2020 conference is coming from October 13th to 16th. Join us at the only Symfony conference organized in Germany in German at the beautiful Mercure Hotel Moa Berlin. Here is the entire event agenda:

• October 13-14: workshop days
• October 15-16: conference days

The Call for Papers is currently open until April 27th. If you are interested in sharing your Symfony experience to the community, this is the occasion! Submit your talk proposals now. If you've never been a speaker before, we have a mentoring program for speakers with experienced speakers ready to help you with your talk (slides, rehearsals...). Add in your talk proposal notes that you've never spoke on stage before and the team in charge of the mentoring program will work with you. For this conference, we're looking for talks in German about Symfony and its ecosystem. Take part in the Call for Papers for SymfonyLive Berlin 2020! Each selected speaker will receive a free conference ticket and more! Don't hesitate to submit more than one talk proposal.

Get your early bird conference ticket for 299€ (VAT excl.) or your early bird combo pre-conference workshop and conference ticket for 711€ (VAT excl.). Register until April 27th to enjoy our early bird prices!

If you are interested in being a sponsor of the conference, don't hesitate to contact us at event[at]symfony.com. We'd be pleased to present you our sponsorship packages.

We can't wait to meet the Symfony German community there. See you at SymfonyLive Berlin 2020!

This week, Symfony Conferences announced that their Call for Papers are still open for SymfonyLive Warszawa, for SymfonyLive Berlin and for SymfonyCon Disneyland Paris. In addition, MakerBundle added new features to reset passwords. Meanwhile, the upcoming Symfony 5.1 version simplified decorated services and added a way to control the Cursor in the terminal.

Symfony development highlights

This week, 50 pull requests were merged (32 in code and 18 in docs) and 62 issues were closed (49 in code and 13 in docs). Excluding merges, 28 authors made 1,886 additions and 515 deletions. See details for code and docs.

3.4 changelog:

• efc93a7: [PropertyAccess] improve message of unitialized property in php 7.4
• 434a03a: [OptionsResolver] remove assertions that can never be reached
• 547c99e: [PropertyInfo] check the array mutator prefixes last when the property is singular in ReflectionExtractor
• 932a4f8: [Workflow] use a strict comparison when retrieving raw marking in MarkingStore
• db733da: [Form] removed legacy check in ValidationListener
• cd4a4bd: [Validator] do not merge constraints within interfaces
• 6a27337: [Validator] fixed default group for nested composite constraints

4.4 changelog:

• f2d4a29: [Process] fixed input/output error on PHP 7.4
• 2dd5fe6: [FrameworkBundle] allowing empty secrets to be set
• ba58c6f: [DependencyInjection] add missing property declarations in InlineServiceConfigurator
• 6f19746: [DependencyInjection] fix detecting short service syntax in yaml
• 977276e: [HttpClient] fix scoped client without query option configuration
• 280674f: [Mailer] force ping after transport exception
• f84592a: [HttpClient] fix HTTP/2 support on non-SSL connections

Master changelog:

• dadb5d8: [FrameworkBundle] revert to container.dumper.inline_factories=false by default
• 2d6327f: [VarCloner] cut Logger in dump
• aa44db0: [HttpFoundation] fix constant accessor
• c6a176d: [OptionsResolver] improve the deprecation feature by handling package and version
• 168574d: [Messenger] updated Amazon SQS connection
• 9a6695c: [DependencyInjection] allow decorators to reference their decorated service using the special .inner id
• 6ff7c2e: [DependencyInjection] deprecate the inline() function from the PHP-DSL in favor of service()
• 1ee1c81: [DependencyInjection] removed restriction and allow mixing "parent" and instanceof-conditionals/defaults/bindings
• 607e8d6: [ErrorHandler] remove trigger_deprecation frame from trace
• 7c98954: [Serializer] unwrapping denormalizer
• d69b8bb: [Console] add Cursor class to control the cursor in the terminal

Symfony CLI

Symfony CLI is a must-have tool when developing Symfony applications on your local machine. It includes theSymfony Local Server, the best way to run local Symfony applications. This week Symfony CLI released its new 4.14.0 version with the following changes:

• Update cron handling:
  • Crons emails are now sent using a predictable default email address project+env@cron.noreply.s5y.io
  • Allow to change croncape email sender using MAILFROM environment variable
  • Allow to change croncape host in subject using CRONCAPE_HOST environment variable (defaults to project ID)
  • Use MAILER_DSN and MAILER_URL if defined for sendmail configuration
  • Strip croncape from command when running a cron using env:cron
• Add support for --install-dir flag in the bash installer
• Add support for memcached in Docker Compose
• Add the --multiline flag to var:export to display each var on its own line
• Add env:deactivate command
• Add a check for the redis PHP extension in book:check-requirements command
• Update available PHP extensions list used during project initialization
• Refine SYMFONY_DEFAULT_ROUTE behavior to be more determinist and respect user's order
• Fix panic in env:urls and env:logs when there's no application selected or detected
• Fix php.ini and .symfony.cloud.yaml files guess when running a script outside of the root dir
• Fix check:requirements when the cache dir does not exist yet
• Fix the value of the PHP_BINARY and PHP_PATH env vars which must always point to the PHP CLI binary
• Fix parsing of the f flag in sendmail wrapper
• Fix default user and password for RabbitMQ local Docker tunnels

Newest issues and pull requests

• [Mailer] Ability to choose the Message class used by Mailer::send
• [Messenger] Ability to route a subclass to a different transport without duplicating the message
• ISIN code validator
• [PropertyAccess] Allow omitting array key when setting value

They talked about us

• A book review about Symfony 5: The Fast Track by Fabien Potencier
• Symfony environment setup without Vagrant or Docker (OSx)
• Multi-namespace migrations with doctrine/migrations 3.0
• Symfony on a lambda: conclusion
• CORS error using cors-bundle for not cors reasons
• Symfony. Crear una tabla de contenidos para un texto
• Nuevo en Symfony 5.1: HTTP/2 sin usar cURL
• MakerBundle añade nuevos comandos para resetear contraseñas y generar mensajes
• Nuevo en Symfony 5.1: Precarga de clases configurable

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.

At the end of 2020, Symfony will turn 15, already! It’s only been 5 years since we celebrated Symfony's 10th anniversary in Paris, time flies! We’re now eager to meet you again and celebrate Symfony’s 15th anniversary. For this special occasion, we decided to bring the entire community back to France in a very magical place… We’re very pleased to invite you to join us at Disneyland® Paris for SymfonyCon 2020 from December 1st to 5th!

On top of organizing the conference in this amazing venue, we’ll have the extraordinary privilege to enjoy Walt Disney Studios Park during a special night on December 3rd from 8pm to 11:30pm. The Walt Disney Studios Park will only be open for SymfonyCon’s attendees and their families! If you like Symfony, if you want to meet the community, share knowledge and fun, this is where you want to be next December!

SymfonyCon Disneyland Paris is a 5-day event from December 1st to December 5th, the entire event will be held in English in Disneyland Paris village and hotels:

• Two-day workshop: Tuesday, December 1st and Wednesday, December 2nd
• Two-day conference: Thursday, December 3rd and Friday, December 4th
• One hackday: Saturday, December 5th

Early bird tickets are available until April 27th, book yours now before the price changes!

What’s included in your conference ticket:

• Ticket to attend all talks on December 3rd and 4th including a morning coffee break, lunch and afternoon coffee break on both conference days
• Ticket to attend the special night for Symfony’s 15th birthday at Walt Disney Studios Park on December 3rd! From 8pm to 11:30pm, enjoy the unmissable attractions of Walt Disney Studios Park, only open for us!
• Free admission to the Hackday on December 5th including food and beverages
• Official goodies of the conference and our sponsors

What’s included in your combo workshop and conference ticket:

• Ticket to attend both days of workshops on December 1st and 2nd including a morning coffee break, lunch and afternoon coffee break on both workshop days
• Ticket to attend both conference days (as detailed above)

If you're planning your trip to come there, here are some useful tips:

Tip #1: we've secured hotel rooms and negotiated great rates in some fantastic hotels of Disneyland® Paris. You can book your hotel room online, via the online booking service provided to you by Disneyland® Paris Business Solutions: http://poa.disneylandparis-business.com/en. To access the secure page to book your hotel room, please use the following login: symfonycon and password: disney100719. If you need more details, read our blog post.

Tip #2: we'll sell tickets to enable your family to join you at the conference party organized at Walt Disney Studios Park on December 3rd from 8pm to 11:30pm, only open for SymfonyCon’s attendees! If your family wants to join you in this special moment, you'll be able to buy a ticket for the party only at the price of 30€ per adult (VAT excluded), 15€ for a kid between 3 years and 11 years (VAT excluded), for kids of 2 years or under it will be free. This ticket will include the access to Walt Disney Studios Park on December 3rd from 8pm to 11:30 pm. Tickets for the party only will be soon available for purchase on the conference website.

Lastly, if your company wants to support the biggest Symfony conference of the year and celebrate Symfony's anniversary, contact us at event[at]symfony.com for any sponsorship requests. We'd be very happy to discuss about our sponsorship options!

Don't miss this unique and amazing conference, join us! We are super excited to meet you there, in the meantime stay safe!

Contributed by
Pierre du Plessis
in #27444.

Symfony Console component provides lots of utilities to render contents in the command console, such as progress bars, tables with all kinds of styles, interactive questions, etc.

In Symfony 4.1 we even introduced output sections allowing to update different parts of the output independently. In Symfony 5.1 we've introduced another advanced feature which will allow you control the cursor.

Thanks to the new Symfony\Component\Console\Cursor class and its expressive API, you can show/hide the cursor, move it up/down/left/right, clear parts of the output, etc.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

namespaceApp\Command;useSymfony\Component\Console\Command\Command;useSymfony\Component\Console\Cursor;useSymfony\Component\Console\Input\InputInterface;useSymfony\Component\Console\Output\OutputInterface;classSomeCommandextendsCommand{protectedstatic$defaultName='app:some-command';// ...protectedfunctionexecute(InputInterface$input,OutputInterface$output){// ...$cursor=newCursor();// argument for left/right is "number of columns" (1 by default)// argument for top/bottom is "number of rows" (1 by default)$cursor->moveUp(2)->moveRight();$cursor->moveDown();// move to an arbitrary (column, row) position$cursor->moveToPosition(7,15);// you can show/hide the cursor, save/restore its position, etc.$cursor->savePosition()->hide();}}

In addition to these methods, the new Cursor class provides several utilities to clean the output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

// clears the entire line where the cursor is at$cursor->clearLine();// clears the contents of the current line starting from the cursor position$cursor->clearLineAfter();// clears all the output from the cursors' current position to the end of the screen.$cursor->clearOutput();// clears the entire screen$cursor->clearScreen();