Symfony 5.1.6 has just been released. Here is a list of the most important changes:

• bug #38291 [OptionsResolver] Fix deprecation message access (@fancyweb)
• bug #38248 [HttpClient] Allow bearer token with colon (@stephanvierkant)
• bug #37837 [Form] Fix custom formats deprecation with HTML5 widgets (@fancyweb)
• bug #38285 [Contracts][Translation] Optional Intl dependency (@ro0NL)
• bug #38283 [Translator] Optional Intl dependency (@ro0NL)
• bug #38271 [ErrorHandler] Escape JSON encoded log context (@ro0NL)
• bug #38284 [Cache][Lock][Messenger] fix compatibility with Doctrine DBAL 3 (@xabbuh)
• bug #38228 [Yaml Parser] Fix edge cases when parsing multiple documents (@digilist)
• bug #38226 [FrameworkBundle] loadRoutes shoud receive RoutingPhpFileLoader (@grachevko)
• bug #38229 [Yaml] fix parsing comments not prefixed by a space (@xabbuh)
• bug #38127 [Translator] Make sure a null locale is handled properly (@jschaedl)
• bug #38221 [Cache] Allow cache tags to be objects implementing toString() (@lstrojny)
• bug #38212 [HttpKernel] Do not override ma _redirects option in HttpClientKernel (@dmolineus)
• bug #38215 [HttpClient] Support for CURLOP _LOCALPORT (@derrabus)
• bug #38202 [FrameworkBundle] Fix xsd definition which prevent to add more than one workflow metadata (@l-vo)
• bug #38195 [String] improve slugger’s portability accross implementations of iconv() (@nicolas-grekas)
• bug #38166 [Console] work around disabled putenv() (@SenTisso)
• bug #38190 [Notifier] Fix errors parsing in FirebaseTransport (@jderusse)
• bug #38173 [HttpClient][HttpClientTrait] don’t calculate alternatives if option is aut _ntlm (@ybenhssaien)
• bug #38169 [PhpUnitBridge] Internal classes are not legacy (@derrabus)
• feature #38160 [Security] In the new authenticator system, no auth listener is valid (@weaverryan)
• bug #38156 [Cache] fix ProxyAdapter not persisting items with infinite expiration (@dmaicher)
• bug #38148 [HttpClient] fail properly when the server replies with HTTP/0.9 (@nicolas-grekas)
• bug #38131 [Validator] allow consumers to mock all methods (@xabbuh)
• bug #38140 [DI] dump OS-indepent paths in the preload file (@nicolas-grekas)
• bug #38139 [DI] dump OS-indepent paths in the compiled container (@nicolas-grekas)
• bug #38147 [Mailer] Fixed Mailgun API bridge JsonException when API response is not applicaton/json (@asprega)
• bug #38126 [Cache] Limit cache version character range (@lstrojny)
• bug #38136 [Messenger] Run postgres setup trigger in transaction (@akondas)
• bug #38142 [FrameworkBundle] adopt src/.preload.php (@nicolas-grekas)
• bug #38108 [Cache] Fix key encoding issue in Memcached adapter (@lstrojny)
• bug #38122 [HttpClient] Fix Array to string conversion notice when parsing JSON error body with non-scalar detail property (@emarref)
• bug #37097 DateTime validator support for trailing data (@stefankleff)
• bug #38116 [Console] Silence warnings on sap _window _c _set() call (@chalasr)
• bug #38114 [Console] guard $argv + $token against null, preventing unnecessary exceptions (@bilogic)
• bug #38094 [PhpUnitBridge] Skip internal classes in CoverageListenerTrait (@sanmai)
• bug #38101 [VarExporter] unserialize() might throw an Exception on php 8 (@derrabus)
• bug #38100 [ErrorHandler] Parse “x not found” errors correctly on php 8 (@derrabus)
• bug #38099 Prevent parsing invalid octal digits as octal numbers (@julienfalque)
• bug #38095 [Mailer] Remove unnecessary check for existing request (@jschaedl)
• bug #38091 [DI] fix ContainerBuilder on PHP8 (@nicolas-grekas)
• bug #38086 [HttpClient] with “bindto” with NativeHttpClient (@nicolas-grekas)
• bug #38063 [FrameworkBundle] generate preload.php in src/ to make opcache.preload predictable (@nicolas-grekas)
• bug #38080 [Console] Make sure $maxAttempts is an int or null (@derrabus)
• bug #38075 esmtp error not being thrown properly (@Anton Zagorskii)
• bug #38040 [Yaml Parser] fixed Parser to skip comments when inlining sequences (@korve)
• bug #38073 [VarDumper] Fix caster for invalid SplFileInfo objects on php 8 (@derrabus)
• bug #38074 [Messenger] Remove DelaySeconds parameter for FIFO queues (@netbull)
• bug #38071 [PhpUnitBridge] Adjust output parsing of CoverageListenerTrait for PHPUnit 9.3 (@sanmai, @derrabus)
• bug #38062 [DI] fix generating preload file when cach _dir is outside projec _dir (@nicolas-grekas)
• bug #38059 [Cache] Fix CacheCollectorPass with decorated cache pools (@shyim)
• bug #38054 [PhpUnitBridge] CoverageListenerTrait update for PHPUnit 8.5/9.x (@sanmai)
• bug #38049 [Debug] Parse “x not found” errors correctly on php 8 (@derrabus)
• bug #38041 [PropertyInfo] Fix typed collections in PHP 7.4 (@ndench)
• bug #38013 [PHPUnitBridge] Fix deprecation type detection when trigge _deprecation is used (@l-vo)
• bug #37959 [PhpunitBridge] Fix deprecation type detection (when several autoload files are used) (@l-vo)
• bug #38031 Allow Drupal to wrap the Symfony test listener (5.1 backport) (@fabpot, @alexpott)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. UseSymfonyInsight upgrade reports to detect the code you will need to change in your project andread our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

This week, Symfony 3.4.45, 4.4.14 and 5.1.6 maintenance versions were released. Meanwhile, the upcoming Symfony 5.2 version added an html5 option to MoneyType and PercentType and introduced new test assertions for checkboxes and form values.

Symfony development highlights

This week, 64 pull requests were merged (32 in code and 32 in docs) and 40 issues were closed (22 in code and 18 in docs). Excluding merges, 36 authors made 2,861 additions and 479 deletions. See details for code and docs.

3.4 changelog:

• 5f94d34: Updated Arabic translations

4.4 changelog:

• 966dc58: [Cache, Lock, Messenger] fixed compatibility with Doctrine DBAL 3
• 02be26a: [ErrorHandler] escape JSON encoded log context
• d9bcb64: [Translator] made Intl dependency optional
• 9e7e2a8: [Form] fixed custom formats deprecation with HTML5 widgets
• caab0f1: [HttpClient] allow bearer tokens with colon
• f71d8cf: [OptionsResolver] assert that the error type is valid in deprecations test
• 6bb0ef4: [ErrorHandler] return false directly and remove unused variable

5.1 changelog:

• 44bd82c: [OptionsResolver] fixed deprecation message access

Master changelog:

• 90056b8: [Config] added the "info" to a missing option error messages
• d635390: [Doctrine Bride] always require SQL comment hint for UID types
• aa5d0ea: [String] allow passing null to string functions
• 6e9949b: [Form] added "html5" option to both MoneyType and PercentType
• 5c48235: [Mailer] added Sendinblue bridge
• 59f7124: [HttpKernel] auto-register kernel as an extension
• 2bdcf4a: [Validator] added invalid datetime message in Range validator
• af90e1e: [DomCrawler] added checkbox assertions for functional tests
• 713f30e: [DomCrawler] added assertFormValue() in WebTestCase
• e6dcf9b: [Doctrine Bride] register the UID binary types
• 02d879f: [PhpUnitBridge] enable a maximum PHPUnit version to be set via SYMFONY_MAX_PHPUNIT_VERSION
• ffb7f0e: [Translation] allow Translatable objects to be used as strings
• 013bbcc: [Messenger] fixed misleading comment about time-limit
• 934b125: [Notifier] added Sendinblue notifier
• a6aa08e: [Lock] provided default implementation when store does not support the behavior

Symfony CLI

Symfony CLI is a must-have tool when developing Symfony applications on your local machine. It includes theSymfony Local Server, the best way to run local Symfony applications. This week Symfony CLI released its new 4.19.0 version with the following changes:

• Fix warning when using the extended syntax for the PHP extensions config in .symfony.cloud.yaml
• Fix book:checkout command when migrations are stored under the new migrations/ directory instead of src/Migrations/
• Use localhost instead of 127.0.0.1 in the generated proxy PAC file
• Improve error feedback on server:start when PHP fails to start
• server:start now restarts PHP on php.ini changes
• server:start now restarts PHP on PHP failure
• server:start now restarts PHP when CGI stops after N requests
• Fix log file name when using PHP CLI and PHP CGI

Newest issues and pull requests

• [Console][UX][DX] shell completion support directly in the Console component
• [Messenger] Redis in cluster mode or custom instance
• Detect with lint:container if env vars or parameters are not correctly injected into services

They talked about us

• Bolt 4: the awesome CMS
• Web Scraping with PHP
• Dynamically changing the log level in Symfony apps
• Symfony meets Elasticsearch — Implement a search as you type feature
• Symfony route parameter with slash as part of the parameter
• Api Platform’da Yaml ile Serileştirme
• Symfony, lưu session trong database, đảm bảo chạy load balancing an toàn với ELB

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.

Contributed by
Alexander M. Turek
in #37474 and #37545.

PHP 8 is packed with new interesting features, such as union types,match expressions and constructor property promotion. However, the most sought-after new feature is built-in attributes (also called annotations).

Symfony 5.2 will include support for PHP 8 attributes to define routes and required dependencies. If you already use annotations, the transition will be seamless:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

// BEFORE: annotations defined with Doctrine Annotations libraryuseSymfony\Component\Routing\Annotation\Route;classSomeController{/**     * @Route("/path", name="action")     */publicfunctionsomeAction(){// ...}}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

// AFTER: annotations defined with PHP 8 attributesuseSymfony\Component\Routing\Annotation\Route;classSomeController{#[Route('/path', name: 'action')]publicfunctionsomeAction(){// ...}}

The same Route class provides support for Doctrine annotations and PHP attributes, so you don’t need to change the class import. The only required change is to update the annotation syntax, which now looks like this: #[...] That’s all! Your application is now using native PHP attributes and you can uninstall dependencies like doctrine/annotations if you don’t use them elsewhere.

We also added a #[Required] attribute to replace @Required annotation and tell Symfony that a property/method holds a required dependency:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

useSymfony\Contracts\Service\Attribute\Required;classSomeService{#[Required]publicBar$bar;#[Required]publicfunctionsetFoo(Foo$foo):void{// ...}}

PHP is entering a new golden era with the release of PHP 8 and Symfony will be fully-compatible since day one. These attributes are just the beginning and we’ll add many more (e.g. for validation) in the coming weeks.

We finally managed to organize the SymfonyLive Paris 2020 conference last week on September 23-24, initially scheduled at the end of March 2020. It was a great pleasure to meet the French Symfony community in this particular time!

We were supposed to organize the SymfonyLive Paris 2020 on March 26-27 but the global lockdown happened. With sadness, we had no other choice but to postpone the Parisian SymfonyLive conference to a later date. At first, we thought we could organize it in May or June, but as the global Covid-19 situation was still spreading all around the world, we decided to organize it late September. Month after month, the situation was still quite uncertain. The French Government finally agreed on having events back from the end of August so we were super happy with this decision.

On our side, we took all the sanitary rules to be able to safely organize the conference knowingly the current sanitary context. Here is a list of the most important sanitary rules we've taken for the SymfonyLive Paris 2020 conference:

• We’ve limited the event to 500 attendees, to only have one attendee every other seat, meaning that we were actually sold out from March. As this decision was taken in August, the sold out announce was made from then.
• We’ve asked people to wear a mask at all time, except at break and lunch times when they were seated to eat.
• For each break, the food was delivered in a package either a small packet with some cakes or in a lunch box. It was thus easy to take the food away and to eat seated in the conference room.
• Social distance was fully respected. We asked attendees to leave the conference room at breaks according to a specific protocol. Depending on where you were seated, you had to follow a special way to get your food and beverage. Several areas were established to pick up your food and beverage. Then people were able to gather in the exposition area to meet the sponsors, but still while wearing a mask and without creating groups of people.
• Hand sanitizers were available everywhere: at the entrance, on booths, at doors and even offered by our Diamond Sponsor SensioLabs.
• Badges were sent by PDF and attendees were scanned at the entrance, they were no more touches to get your conference badge. It was super easy to check-in!
• For Q&A at the end of talks, attendees were able to ask questions, **we handled the microphone so they didn’t have to touch it*, there was also a cover on top of it.
• Windows were open all time, except when it was raining.
• Cloakroom was only open for luggage, no clothes were taken.

Here is a sneak-peak of what we implemented during the conference to run it smoothly at no risks. This would not have been possible without all our attendees obedience. We’d like to particularly thank our conference attendees for participating in this special edition of the conference! Thank you for being so compliant with our sanitary rules and for your kindness. It was a great pleasure to meet you there!

A conference needs speakers! We’d like to thank all our wonderful speakers who came to share their Symfony knowledge and experience. Thank you to (in order of conference schedule): Fabien Potencier, Hubert Lenoir, Jérémy Derussé, Alexandre Salomé, Valentine Boineau, Timothée Barray, Grégoire Pineau, Nicolas Grekas, Danielle Kayumbi Bonkoto, Samuel Roze, Bastien Jaillot, Titouan Galopin, Stefan Richter and Kévin Dunglas.

Thank you also to our fantastic sponsors for their support! We could not organize a conference without their support, so a really big thank you to our:

• Diamond sponsor: SensioLabs
• Gold sponsors: Blackfire.io, Les-Tilleuls.coop, SymfonyCloud, SymfonyInsight and Webnet
• Silver sponsors: 24S, Hiway and Kaliop
• Bronze sponsors: 2le and Izi Solutions

All talks were recorded. Each conference attendee will receive an email to access the talks replay of the conference on SymfonyCasts as soon as possible. If you're already a subscriber of SymfonyCasts, you'll be able to watch the talks too! We're doing our best to publish them soon, but it depends on our provider reactivity.

We welcomed less than 500 attendees and it was just great! People had space to walk and move all around so they were never stuck. As we had a leftover of lunch boxes, despite the current context, we managed to give them away. We gave them to a French association called Action Partage from Neuilly sur Marne. It was very important for us not to waste the food leftover. Unfortunately, this year we were not able to recycle the lanyard and badge holders due to the current Covid-19 crisis.

We hope to see you soon physically at another conference. Stay tuned for the SymfonyTour 2021 announce! But before let's meet virtually at our first 100% online conference SymfonyWorld 2020, on December 3-4.

See you soon online!

Contributed by
Mathias Arlaud
in #36364.

The Symfony profiler is a powerful development tool that gives you detailed information about the execution of any request. In Symfony 5.2 we’ve improved it with session profiling, which displays all the information related to the session of the current request.

First, the debug toolbar now tells you if the current page is using the session or not and the if the session check was stateless:

In addition, the profiler now displays a new section called Session in the Request/Response panel. It displays the session metadata (e.g. creation date, lifetime, etc.), the session attributes names and values, and the full details of all session usages, including PHP backtraces:

We proudly launched the official Symfony Store mid-June 2020. At first, shipping was only available for Europe, but since August, shipping is now available anywhere in the world.

We’re now super pleased to unveil new Symfony swag items, available for purchase! Discover our new merchandise:

• The Symfony protection's mask: available in black only. Nowadays, wearing a protection mask is now part of our daily routine. Add to your collection the official Symfony protection's mask and walk with style while being safe! With its 3 folds and 2 layers of fabric, this washable mask is very soft and guaranteed for 20 washes. It is certified by the DGA standard, a French government standard. The mask is delivered in its individual packaging. Special launching sale, get your protection mask at 5€ VAT excl. instead of 8€ VAT excl..
• The Symfony metal cup (380ml): available in black or yellow. Drink any hot or cold beverage in this must-have vintage mug! Autumn is coming, it's time to get comfy and enjoy a nice beverage while reading for example "Symfony 5: the Fast Track" by Fabien Potencier, printed version available for purchase too! Special launching offer, get your metal cup at 8,25€ VAT excl. instead of 10,75€ VAT excl..
• The Symfony t-shirt: classic black Symfony t-shirt. Wear it as a daily outfit or for a special occasion. This chic t-shirt will suit you for any occasion! Special sale, get it for 10€ VAT excl. instead of 15€ VAT excl..
• Exclusive pre-order of the big limited edition 15 years Symfony elephpant: only available in grey with purple nails! Pre-order it today and receive it by the end of the year at the latest! This special elephpant won't be on sale for long, get it at 125€ VAT excl. before it's gone! Small 15 years Symfony elephpant can only be bought if you're registered to an upcoming Symfony conference. You can buy it at the same time as you are booking your conference tickets or later if you forgot to buy them!

Our regular Symfony swag is still on sale and our special discount on big order, when you order 10 or more small Symfony elephpants, is still on! For any 10 small Symfony elephpants package bought, we offer you a free one, on top of your order (you'll then receive 11 elephpants). This deal only works if you buy 10 elephpants of the same color. Select 11 small elephpants of the same color and add them to your cart, then use the following discount code to get your free one:

• BIG_DEAL_GREY for an order of 11 small grey Symfony elephpants
• BIG_DEAL_BLACK for an order of 11 small black Symfony elephpants

Buy online all our Symfony swag and receive it anywhere. Prices are excluding taxes and shipping is calculated depending on your shipping country. You want to show the world how much you love Symfony? Order now your swag and enjoy our exclusive discounts available until October 9th 2020.

Visit our shop today and wear Symfony's special outfit and accessories. Show your love to the framework!

Stay tuned for more announces!

Contributed by
Laurent Voullemier
in #37332.

The Symfony profiler uses data collectors to gather all the debug information that is later displayed in the toolbar and the profiler. These data collectors are services whose classes implement the DataCollectorInterface.

When the data collector includes Twig templates to display its data, you must register the service manually to define the template to use. For example, when using YAML for config:

1
2
3
4
5
6
7
8

# config/services.yamlservices:App\DataCollector\MyCustomDataCollector:tags:-name:data_collectortemplate:'data_collector/template.html.twig'id:'app.my_custom_collector'

In Symfony 5.2 we’ve simplified the creation of custom data collectors with the introduction of a new AbstractDataCollector class. If you extend this class in your custom collectors, you can optionally define the following methods:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

// src/DataCollector/MyCustomDataCollector.phpnamespaceApp\DataCollector;useSymfony\Bundle\FrameworkBundle\DataCollector\AbstractDataCollector;useSymfony\Component\HttpFoundation\Request;useSymfony\Component\HttpFoundation\Response;useSymfony\Component\HttpKernel\DataCollector\DataCollector;classMyCustomDataCollectorextendsAbstractDataCollector{// ...publicfunctioncollect(Request$request,Response$response,\Throwable$exception=null){$this->data='...';}publicstaticfunctiongetTemplate():?string{return'data_collector/template.html.twig';}publicfunctiongetName(){return'app.my_custom_collector';}}

That’s it! When using the default service configuration with autoconfigure Symfony will register this data collector automatically and will use it starting from the next request. You don’t need to register services manually anymore.

The only caveat is that the collector priority can’t be configured this way, so you must still register the service manually to set the priority.

After the success of SymfonyLive Paris 2020 last week, we're now focused on SymfonyWorld 2020. We are super excited to meet the entire international Symfony community from December 1st to 5th for our first ever 100% online event.

We've recently announced the first selected speakers of SymfonyWorld 2020. We know we will already be listening to:

• Ramona Schwering, Quality Assurance and Cypress Ambassador, speaking about "Symfony meets Cypress - E2E testing for symfony developers".
• Damien Alexandre, PHP and Elasticsearch consultant, talking about "Elasticsearch with Symfony, from development to production".
• Christopher Hertel, Software Architect, giving a talk about "Better Console Applications".
• Thomas Berends, PHP Developer, speaking about "PHP + Minecraft".

We're now super pleased to unveil more speakers for SymfonyWorld 2020. We'd be delighted to listen to:

• Nils Adermann, co-creator of Composer, will be talking about "Composer 2". He'll be speaking with Jordi Boggiano, co-creator of Composer. Composer has permanently altered the way of PHP development over the last decade. The tool's second major version comes with new features and many improvements to functionality and performance. The most important changes will be highlighted in this talk. We'll show you what you need to know to upgrade your own projects and explain some of the background which lead to version 2.
• David Buchmann, Software Developer, Open Source Contributor & Maintainer, strongly engaged with the Symfony CMF initiative, will be speaking about "Decoupling an application with Symfony Messenger". Quick response times are crucial. Time consuming tasks triggered in web requests should be executed asynchronously, if at all possible. In this talk I will give a short overview of what message queues are and then show a case study how we split up an application into smaller services and how we use message queues to coordinate the services.
• Chris Holland, Director of Engineering and contributor to NomadPHP and php[architect] magazine, will present a talk entitled "Password Hashing and You". At one point or another, odds are strong that users will need to create an account on our site, and we will likely be asking of them to create a password. The question then becomes: How should we store the password? While this is something we typically "let frameworks worry about", it is important to understand what the stakes are, current and emerging threats, as well as current best practices of this field.
• Benoit Jacquemont, Opensource advocate and co-founder and CTO of Akeneo, will be talking about "Why 0.1 + 0.2 != 0.3, or the mysterious world of floating-point numbers". Yes, running the above expression in PHP, and in a lot of other languages, will confirm that 0.1 + 0.2 does not equal to 0.3. This talk will go through a bit of theory, and a lot of concrete examples. From the Gulf War to the Quake graphics engine, via the Ariane 5 space rocket, we will see the benefits and the potential dangers of using floating-point numbers. And finally, the talk will cover when to use floating-point numbers, and when to avoid them, like when managing prices or billing, and what are the alternatives in those cases.

Check out the schedule! The speakers selection is not over yet, we're still selecting more conference speakers. Thank you again to all the people who took the time to submit a talk proposal!

The SymfonyWorld experience is a 5-day event and a new way to attend our conference. Here is the conference agenda:

• Pre-conference workshop days: December 1st and 2nd
• Conference days: December 3rd and 4th
• Hackday: December 5th all day via Slack, open to anyone

You'll have the choice between several conference tracks from beginner to advanced talks. The entire event will be organized online in English.

Take your ticket now! While ordering your online conference ticket, buy your conference goodies: the official conference t-shirt and the small 15 years Symfony elephpant, very limited edition of this elephpant! If you're interested in the big 15 years Symfony elephpant, find out more information here or check our Symfony Store. When you are registered to the online conference you can buy later your special Symfony conference swag, think about it!

Stay tuned for more announces!

Contributed by
Nicolas Grekas
in #30572.

A cache stampede is a type of cascading failure that can occur when caching mechanisms come under very high load. Symfony Cache component provides built-in protection against stampedes via “probabilistic early expiration”.

With this approach, each process accessing the cached value makes a decision about recomputing the value or not. This is a pure probabilistic decision where the probability increases as the cache value expiration gets closer.

In Symfony 5.2 we’ve improved this feature to allow you to recompute the cache value asynchronously by sending it to a message bus (using the Messenger component). First, add the new early_expiration_message_bus option to your cache pool and define the name of the bus where the message will be sent:

1
2
3
4
5
6

# config/packages/cache.yamlframework:cache:pools:test.cache:early_expiration_message_bus:messenger.default_bus

Then, route the new EarlyExpirationMessage message to one of your transports:

1
2
3
4
5

# config/packages/messenger.yamlframework:messenger:routing:'Symfony\Component\Cache\Messenger\EarlyExpirationMessage':amqp

That’s it. Symfony will now start sending messages whenever a cache value needs recomputing. Start your workers to consume those messages and get the work done. There’s two things to keep in mind when using this feature:

• You can only use callables in the form [$someService,'somePublicMethod'] because PHP closures can’t be serialized (and thus cannot be sent through the bus);
• The service must compute the value using just its cache key, which is the only context information included in the message.

Contributed by
Fabien Potencier
in #37165.

DKIM (DomainKeys Identified Mail) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.

DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. In Symfony 5.2 we’ve added support for DKIM in the Mailer component to allow you affix a digital signature, linked to a domain name, to each outgoing email messages:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

useSymfony\Component\Mime\Crypto\DkimSigner;useSymfony\Component\Mime\Email;$email=(newEmail())->from('hello@example.com')// ...->html('...');$signer=newDkimSigner('file:///path/to/private-key.key','example.com','sf');$signedEmail=$signer->sign($email);

Read the DKIM signer docs to learn about all the available configuration options.

This week, the upcoming Symfony 5 2. version added support for defining validation constraints as PHP 8 attributes, new Twig form helpers and a new magic login link authentication. Meanwhile, the official Symfony shop added new swag and the upcoming SymfonyWorld online conference announced new speakers.

Symfony development highlights

This week, 75 pull requests were merged (54 in code and 21 in docs) and 50 issues were closed (39 in code and 11 in docs). Excluding merges, 51 authors made 5,942 additions and 4,755 deletions. See details for code and docs.

3.4 changelog:

• 1b68947: [BrowserKit] cookie expiration at current timestamp
• 4be56f6: [Form] propagate validation groups to subforms

4.4 changelog:

• 8731a4f: [Messenger] fixed Redis connection error message
• dadce4b: [TwigBundle] only remove kernel exception listener if twig is used
• abe0eca: [HttpClient] fixed using HTTPS with proxies
• 9a5a856: [ErrorHandler, DebugClassLoader] do not check Mockery mocks classes
• 9c8a300: [Routing] fixed using !important and defaults/reqs in inline route definitions
• aca260f: [HttpClient] fixed using proxies with NativeHttpClient
• 7187539: [HttpClient] fixed unsetting context[ssl][peer_name]
• b3a20e4: [HttpClient] always buffer empty responses
• 35e04d9: [Lock] fixed StoreFactory to accept same DSN syntax as AbstractAdapter

5.1 changelog:

• 8065ab4: [FrameworkBundle] added Mailjet definition
• e36a36a: [DependencyInjection] fixed dumping non-shared lazy services
• 9c8a300: [Routing] fixed using !important and defaults/reqs in inline route definitions
• b94fef4: [Security] handle consecutive supports() calls in the RememberMeAuthenticator

Master changelog:

• a429dee: [Lock] fixed non-blocking store fallback
• 3113fce: [Uid] make UUIDv6 always return truly random nodes to prevent leaking the MAC of the host
• e159dff: [Validator] added Ulid constraint and validator
• d5ce0e3: [Contracts] added TranslatableInterface
• 72b94b8: [Console] improved description for the help flag
• 5eb442e: [Validator] constraints as PHP 8 Attributes
• aa66149: [RateLimiter] added limit object on RateLimiter consume method
• f06f2f0: [RateLimiter] call all compound limiters on failure and added IO blocking
• 3c7a131: [Security] improved exception when rate-limiter is not installed and throttling enabled
• e8dd14a: [Console] clone stream on multiline questions so EOT doesn't close input
• 127724d: [Security, RateLimiter] added request rate limiter to prevent breadth-first attacks
• b35bbdb: [HttpClient] provided response body to the RetryDecider
• 14942db: [Messenger] dispatch event when a message is retried
• 954009a: [Messenger] added ErrorDetailsStamp
• d0ded92: [RateLimiter] fixed cache storage
• bd8c3c1: [RateLimiter] added Limit::ensureAccepted() which throws RateLimitExceededException if not accepted
• a3e8c11: [Mime] allow multiple parts with the same name in FormDataPart
• 1f7b8fd: [HttpClient] fixed exception triggered with AsyncResponse
• f589ff4: [HttpFoundation] added Request::toArray() for JSON content
• 534466d: [Security] magic login link authentication
• 35e04d9: [Lock] fixed StoreFactory to accept same DSN syntax as AbstractAdapter
• 2be6787: [Form] implement Twig helpers to get field variables
• 3b524f6: [Lock] prevent user serializing the key when store does not support it

Newest issues and pull requests

• [RFC] Rename Translatable to better follow conventions
• Support plain PHP as serializer resource metadata
• Support for non-scalar tag attributes
• [DX] TestContainer should expose a getServiceByTag() method
• Allow to override unexpected type validation error message for Collection and All constraints

They talked about us

• Symfony messenger with JSON messages
• Symfony AutoBind Parameter is Dead, Long live Constant Parameters
• Modern PHP with Composer and Symfony
• Services in Symfony
• How to automatically login customer after registration with Symfony
• Symfony — Charger dynamiquement des services avec le ServiceSubscriber
• Валидация в PHP. Красота или лапша?

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.

WARNING: This version might break your application if you’ve already updated your dependencies to the latest patch versions and if you started using the new src/preload.php file. Unfortunately, we quickly discovered that it was a problem for many users just after the release, so we’ve then decided to revert it in favor of a config.preload.php file generated via a recipe. To upgrade, remove the src/preload.php file and create a config/preload.php file with the contents from the recipe depending on your version.

Symfony 4.4.15 has just been released. Here is a list of the most important changes:

• bug #36291 [Lock] Fix StoreFactory to accept same DSN syntax as AbstractAdapter (@Jontsa)
• bug #38390 [Serializer][Minor] Fix circular reference exception message (bad limit displayed) (@l-vo)
• bug #38388 [HttpClient] Always “buffer” empty responses (@nicolas-grekas)
• bug #38380 [Form] propagate validation groups to subforms (@johanderuijter, @xabbuh)
• bug #38377 Ignore more deprecations for Mockery mocks (@fancyweb)
• bug #38375 [HttpClient] fix using proxies with NativeHttpClient (@nicolas-grekas)
• bug #38372 [Routing] fix using !important and defaults/reqs in inline route definitions (@nicolas-grekas)
• bug #38373 [ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes (@fancyweb)
• bug #38368 [HttpClient] Fix using https with proxies (@bohanyang)
• bug #38350 [TwigBundle] Only remove kernel exception listener if twig is used (@dmolineus)
• bug #38360 [BrowserKit] Cookie expiration at current timestamp (@iquito)
• bug #38358 [Messenger] Fix redis connection error message (@alexander-schranz)
• bug #38343 Revert “bug #38063 [FrameworkBundle] generate preload.php in src/ to make opcache.preload predictable” (@nicolas-grekas)
• bug #38336 [PhpUnitBridge] Fixed clas _alias() for PHPUnitFrameworkErrorError (@stevegrunwell)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. UseSymfonyInsight upgrade reports to detect the code you will need to change in your project andread our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

WARNING: This version might break your application if you’ve already updated your dependencies to the latest patch versions and if you started using the new src/preload.php file. Unfortunately, we quickly discovered that it was a problem for many users just after the release, so we’ve then decided to revert it in favor of a config.preload.php file generated via a recipe. To upgrade, remove the src/preload.php file and create a config/preload.php file with the contents from the recipe depending on your version.

Symfony 5.1.7 has just been released. Here is a list of the most important changes:

• bug #38396 Handle consecutive supports() calls in the RememberMeAuthenticator (@wouterj)
• bug #36291 [Lock] Fix StoreFactory to accept same DSN syntax as AbstractAdapter (@Jontsa)
• bug #38390 [Serializer][Minor] Fix circular reference exception message (bad limit displayed) (@l-vo)
• bug #38388 [HttpClient] Always “buffer” empty responses (@nicolas-grekas)
• bug #38384 [PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener (@fancyweb)
• bug #38380 [Form] propagate validation groups to subforms (@johanderuijter, @xabbuh)
• bug #38377 Ignore more deprecations for Mockery mocks (@fancyweb)
• bug #38375 [HttpClient] fix using proxies with NativeHttpClient (@nicolas-grekas)
• bug #38372 [Routing] fix using !important and defaults/reqs in inline route definitions (@nicolas-grekas)
• bug #38373 [ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes (@fancyweb)
• bug #38368 [HttpClient] Fix using https with proxies (@bohanyang)
• bug #38350 [TwigBundle] Only remove kernel exception listener if twig is used (@dmolineus)
• bug #38360 [BrowserKit] Cookie expiration at current timestamp (@iquito)
• bug #38357 [DI] fix dumping non-shared lazy services (@nicolas-grekas)
• bug #38358 [Messenger] Fix redis connection error message (@alexander-schranz)
• bug #38343 Revert “bug #38063 [FrameworkBundle] generate preload.php in src/ to make opcache.preload predictable” (@nicolas-grekas)
• bug #38348 [FrameworkBundle] Add Mailjet definition (@michaelKaefer)
• bug #38336 [PhpUnitBridge] Fixed clas _alias() for PHPUnitFrameworkErrorError (@stevegrunwell)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. UseSymfonyInsight upgrade reports to detect the code you will need to change in your project andread our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Contributed by
Jérémy Derussé
in #38182.

Sometimes, requests made with an HTTP client fail because of different reasons, (network issues, temporary server errors, etc.) In Symfony 5.2 we’ve improved the HttpClient component with a new optional feature to automatically retry the failed requests.

When using the HttpClient inside a Symfony application, use the retry_failed option to enable and configure this feature:

1
2
3
4
5
6

# config/packages/framework.yamlframework:# ...http_client:# ...retry_failed:true

That’s all. Now Symfony will retry up to 3 times all failed requests with a status code included in (423,425,429,500,502,503,504,507,510) and it will wait exponentially from 1 second (first retry) to 4 seconds (third attempt).

All parameters of this feature are configurable as follows:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# config/packages/framework.yamlframework:# ...http_client:# ...retry_failed:# only retry errors with these HTTP codeshttp_codes:[429,500]max_retries:2# waiting time between retries (in milliseconds)delay:1000# if set, the waiting time of each retry increases by this factor# (e.g. first retry: 1000ms; second retry: 3 * 1000ms; etc.)multiplier:3

There are other configuration options to define the maximum delay, to use a custom service to implement a “backoff retry” strategy, etc.

When using the HttpClient outside of a Symfony application, use the newRetryableHttpClient class to wrap your regular HTTP client:

1
2
3

useSymfony\Component\HttpClient\RetryableHttpClient;$client=newRetryableHttpClient(HttpClient::create());

Symfony 5.2.0-BETA1 has just been released. Here is a list of the most important changes:

• feature #38382 [Validator] Use comparison constraints as attributes (@derrabus)
• feature #38369 [HttpFoundation] Expired cookies string representation consistency & tests (@iquito)
• feature #38407 [Mime] Prefer .jpg instead of .jpeg (@fabpot)
• feature #36479 [Notifier][WebProfilerBundle][FrameworkBundle] Add notifier section to profiler (@jschaedl)
• feature #38395 [lock] Prevent user serializing the key when store does not support it. (@jderusse)
• feature #38307 [Form] Implement Twig helpers to get field variables (@tgalopin)
• feature #38177 [Security] Magic login link authentication (@weaverryan)
• feature #38224 [HttpFoundation] Add Request::toArray() for JSON content (@Nyholm)
• feature #38323 [Mime] Allow multiple parts with the same name in FormDataPart (@HypeMC)
• feature #38354 [RateLimiter] add Limit::ensureAccepted() which throws RateLimitExceededException if not accepted (@kbond)
• feature #32904 [Messenger] Added ErrorDetailsStamp (@TimoBakx)
• feature #36152 [Messenger] dispatch event when a message is retried (@nikophil)
• feature #38361 Can define ChatMessage transport to null (@odolbeau)
• feature #38289 [HttpClient] provide response body to the RetryDecider (@jderusse)
• feature #38308 [Security][RateLimiter] Added request rate limiter to prevent breadth-first attacks (@wouterj)
• feature #38257 [RateLimiter] Add limit object on RateLimiter consume method (@Valentin, @vasilvestre)
• feature #38309 [Validator] Constraints as php 8 Attributes (@derrabus)
• feature #38332 [Validator] Add support for UUIDv6 in Uuid constraint (@nicolas-grekas)
• feature #38330 [Contracts] add TranslatableInterface (@nicolas-grekas)
• feature #38322 [Validator] Add Ulid constraint and validator (@Laurent Clouet)
• feature #38333 [Uid] make UUIDv6 always return truly random nodes to prevent leaking the MAC of the host (@nicolas-grekas)
• feature #38296 [lock] Provides default implementation when store does not supports the behavior (@jderusse)
• feature #38298 [Notifier] Add Sendinblue notifier. (@ptondereau)
• feature #38305 [PhpUnitBridge] Enable a maximum PHPUnit version to be set via SYMFON _MA _PHPUNI _VERSION (@stevegrunwell)
• feature #38288 [DomCrawler] Add assertFormValue() in WebTestCase (@mnapoli)
• feature #38287 [DomCrawler] Add checkbox assertions for functional tests (@mnapoli)
• feature #36326 [Validator] Add invalid datetime message in Range validator (@przemyslaw-bogusz)
• feature #38243 [HttpKernel] Auto-register kernel as an extension (@HypeMC)
• feature #38277 [Mailer] Added Sendinblue bridge (@drixs6o9)
• feature #35956 [Form] Added “html5” option to both MoneyType and PercentType (@romaricdrigon)
• feature #38269 [String] allow passing null to string functions (@kbond)
• feature #38176 [Config] Adding the “info” to a missing option error messages (@weaverryan)
• feature #38167 [VarDumper] Support for ReflectionAttribute (@derrabus)
• feature #35740 [MonologBridge] Use composition instead of inheritance in monolog bridge (@pvgnd, @mm-pvgnd)
• feature #38182 [HttpClient] Added RetryHttpClient (@jderusse)
• feature #38204 [Security] Added login throttling feature (@wouterj)
• feature #38007 [Amqp] Add amqps support (@vasilvestre-OS)
• feature #37546 [RFC] Introduce a RateLimiter component (@wouterj)
• feature #38193 Make RetryTillSaveStore implements the SharedLockStoreInterface (@jderusse)
• feature #37968 [Form] Add new way of mapping data using callback functions (@yceruto)
• feature #38198 [String] allow translit rules to be given as closure (@nicolas-grekas)
• feature #37829 [RFC][HttpKernel][Security] Allowed adding attributes on controller arguments that will be passed to argument resolvers. (@jvasseur)
• feature #37752 [RFC][lock] Introduce Shared Lock (or Read/Write Lock) (@jderusse)
• feature #37759 [Messenger] - Add option to confirm message delivery in Amqp connection (@scyzoryck)
• feature #30572 [Cache] add integration with Messenger to allow computing cached values in a worker (@nicolas-grekas)
• feature #38149 [SecurityBundle] Comma separated ips for security.acces _control (@a-menshchikov)
• feature #38151 [Serializer] add UidNormalizer (@guillbdx, @norkunas)
• feature #37976 [Messenger] Don’t prevent dispatch out of another bus (@ogizanagi)
• feature #38134 [Lock] Fix wrong interface for MongoDbStore (@jderusse)
• feature #38135 [AmazonSqsMessenger] Added the count message awareness on the transport (@raphahardt)
• feature #38026 [HttpClient] Allow to provide additional curl options to CurlHttpClient (@pizzaminded)
• feature #37559 [PropertyInfo] fix array types with keys (array<string, string>) (@digilist)
• feature #37519 [Process] allow setting options esp. “creat _ne _console” to detach a subprocess (@andrei0x309)
• feature #37704 [MonologBridge] Added SwitchUserTokenProcessor to log the impersonator (@IgorTimoshenko)
• feature #37545 [DependencyInjection] Add the Required attribute (@derrabus)
• feature #37474 [RFC][Routing] Added the Route attribute (@derrabus)
• feature #38068 [Notifier] Register NotificationDataCollector and NotificationLoggerListener service (@jschaedl)
• feature #32841 Create impersonatio _exi _path() and _url() functions (@dFayet)
• feature #37706 [Validator] Debug validator command (@loic425, @fabpot)
• feature #38052 Increase HttpBrowser::getHeaders() visibility to protected (@iansltx)
• feature #36727 [Messenger] Add option to prevent Redis from deleting messages on rejection (@Steveb-p)
• feature #37678 [DoctrineBridge] Ulid and Uuid as Doctrine Types (@gennadigennadigennadi)
• feature #38037 Translate failure messages of json authentication (@Malte Schlüter)
• feature #35890 [Cache] give control over cache prefix seed (@Tobion)
• feature #37337 [Security] Configurable execution order for firewall listeners (@scheb)
• feature #33850 [Serializer] fix denormalization of basic property-types in XML and CSV (@mkrauser)
• feature #38017 [PHPUnitBridge] deprecations not disabled anymore when disabled=0 (@l-vo)
• feature #33381 [Form] dispatch submit events for disabled forms too (@xabbuh)
• feature #35338 Added support for using the “{{ label }}” placeholder in constraint messages (@a-menshchikov)
• feature #34790 [Console] Remove restriction for choices to be strings (@LordZardeck, @YaFou, @ogizanagi)
• feature #37979 [Workflow] Expose the Metadata Store in the DIC (@lyrixx)
• feature #37371 [Translation] Add support for calling ‘trans’ with ICU formatted messages (@someonewithpc)
• feature #37670 [Translation] Translatable objects (@natewiebe13)
• feature #37432 [Mailer] Implement additional mailer transport options (@fritzmg)
• feature #35893 [HttpClient][DI] Add an option to use the MockClient in functional tests (@GaryPEGEOT)
• feature #35780 [Semaphore] Added the component (@lyrixx)
• feature #37846 [Security] Lazily load the user during the check passport event (@wouterj)
• feature #37934 [Mailer] Mailjet Add ability to pass custom headers to API (@tcheymol)
• feature #37942 [Security] Renamed provider key to firewall name (@wouterj)
• feature #37951 [FrameworkBundle] Make AbstractPhpFileCacheWarmer public (@ossinkine)
• feature #30335 [PropertyInfo] ConstructorExtractor which has higher priority than PhpDocExtractor and ReflectionExtractor (@karser)
• feature #37926 [lock] Lazy create table in lock PDO store (@jderusse)
• feature #36573 [Notifier] Add Esendex bridge (@odolbeau)
• feature #33540 [Serializer] Add special ‘’ serialization group that allows any group (@nrobinaubertin)
• feature #37708 Allow Drupal to wrap the Symfony test listener (@alexpott)
• feature #36211 [Serializer] Adds FormErrorNormalizer (@YaFou)
• feature #37087 [Messenger] Add FlattenException Normalizer (@monteiro)
• feature #37917 [Security] Pass Passport to LoginFailureEvent (@ihmels)
• feature #37734 [HttpFoundation] add support for _FORWARDE _PREFIX header (@jeff1985)
• feature #37897 [Mailer] Support Amazon SES ConfigurationSetName (@cvmiert)
• feature #37915 Improve link script with rollback when using symlink (@noniagriconomie)
• feature #37889 Toolbar toggler accessibility (@Chi-teck)
• feature #36515 [HttpKernel] Add $kernel->getBuildDir() to separate it from the cache directory (@mnapoli)
• feature #32133 [PropertyAccess] Allow to disable magic get & set (@ogizanagi)
• feature #36016 [Translation] Add a pseudo localization translator (@fancyweb)
• feature #37755 Fix #37740: Cast all Request parameter values to string (@rgeraads)
• feature #36541✨ [Mailer] Add Mailjet bridge (@tcheymol)
• feature #36940 [Notifier] add support for smsapi-notifier (@szepczynski)
• feature #37830 [Notifier] Add LinkedIn provider (@ismail1432)
• feature #37867 [Messenger] Add message timestamp to amqp connection (@Bartłomiej Zając)
• feature #36925 [Security] Verifying if the password field is null (@Mbechezi Nawo)
• feature #37847 [Serializer][Mime] Fix Mime message serialization (@fabpot)
• feature #37338 [Console] added TableCellStyle (@khoptynskyi)
• feature #37840 [VarDumper] Support PHPUnit –colors option (@ogizanagi)
• feature #37138 [Notifier][Slack] Use Slack Web API chat.postMessage instead of WebHooks (@xavierbriand)
• feature #37827 [Console] Rework the signal integration (@lyrixx)
• feature #36131 [Mailer] Add a transport that uses php.ini settings for configuration (@l-vo)
• feature #36596 Add cache.adapter.redi _ta _aware to use RedisCacheAwareAdapter (@l-vo)
• feature #36582 [Messenger] Add Beanstalkd bridge (@X-Coder264)
• feature #35967 [VarDumper] Add VA _DUMPE _FORMAT=server format (@ogizanagi)
• feature #37815 [Workflow] Choose which Workflow events should be dispatched (@stewartmalik, @lyrixx)
• feature #20054 [Console] Different approach on merging application definition (@ro0NL)
• feature #36648 [Notifier] Add Mobyt bridge (@Deamon)
• feature #37332 [FrameworkBundle] Allow to leverage autoconfiguration for DataCollectors with template (@l-vo)
• feature #37359 [Security] Add event to inspect authenticated token before it becomes effective (@scheb)
• feature #37539 [Workflow] Added Context to Workflow Event (@epitre)
• feature #37683 [Console] allow multiline responses to console questions (@ramsey)
• feature #29117 [Serializer] Add CompiledClassMetadataFactory (@fbourigault)
• feature #37676 [Stopwatch] Add name property to the stopwatchEvent (@AhmedRaafat14)
• feature #34704 [Messenger] Add method HandlerFailedException::getNestedExceptionOfClass (@tyx)
• feature #37793 Revert “[DependencyInjection] Resolve parameters in tag arguments” (@rpkamp)
• feature #37537 [HttpKernel] Provide status code in fragment handler exception (@gonzalovilaseca)
• feature #36480 [Notifier] Add Infobip bridge (@jeremyFreeAgent)
• feature #36496 [Notifier] added telegram options (@krasilnikovm)
• feature #37754 [FrameworkBundle] Add days before expiration in “about” command (@noniagriconomie)
• feature #35773 [Notifier] Change notifier recipient handling (@jschaedl)
• feature #36488 [Notifier] Add Google Chat bridge (@GromNaN)
• feature #36692 [HttpClient] add EventSourceHttpClient to consume Server-Sent Events (@soyuka)
• feature #36616 [Notifier] Add Zulip notifier bridge (@phpfour)
• feature #37747 [Notifier] Make Freemobile config more flexible (@fabpot)
• feature #37718 [Security] class Security implements AuthorizationCheckerInterface (@SimonHeimberg)
• feature #37732 [Console] Allow testing single command apps using CommandTester (@chalasr)
• feature #37480 [Messenger] add redeliveredAt in RedeliveryStamp construct (@qkdreyer)
• feature #37565 [Validator] Add Isin validator constraint (@lmasforne)
• feature #37712 [Mailer] Prevent MessageLoggerListener from leaking in env=prod (@vudaltsov)
• feature #33729 [Console] Add signal event (@marie)
• feature #36352 [Validator] Added support for cascade validation on typed properties (@HeahDude)
• feature #37243 [DependencyInjection] Resolve parameters in tag arguments (@rpkamp)
• feature #37415 [Console] added info method to symfony style (@titospeakap, @titomiguelcosta)
• feature #36691 [FrameworkBundle] Deprecate some public services to private (@fancyweb)
• feature #36929 Added a FrenchInflector for the String component (@Alexandre-T)
• feature #37620 [Security] Use NullToken while checking authorization (@wouterj)
• feature #37711 [Router] allow to use A and z as regex start and end (@zlodes)
• feature #37703 Update StopwatchPeriod.php (@ThomasLandauer)
• feature #37696 [Routing] Allow inline definition of requirements and defaults for host (@julienfalque)
• feature #37567 [PhpUnitBridge] Polyfill new phpunit 9.1 assertions (@phpfour)
• feature #37479 [HttpFoundation] Added File::getContent() (@lyrixx)
• feature #36178 [Mime] allow non-ASCII characters in local part of email (@dmaicher)
• feature #30931 [Form] Improve invalid messages for form types (@hiddewie)
• feature #37492 [ErrorHandler] Allow override of the default non-debug template (@PhilETaylor)
• feature #37482 [HttpClient] always yield a LastChunk in AsyncResponse on destruction (@nicolas-grekas)
• feature #36364 [HttpKernel][WebProfilerBundle] Add session profiling (@mtarld)
• feature #37428 [Workflow] Added Function (and Twig extension) to retrieve a specific transition (@Carlos Pereira De Amorim)
• feature #36487 [HttpClient] Add MockResponse::getRequestMethod() and getRequestUrl() to allow inspecting which request has been sent (@javespi)
• feature #37295 Move event alias mappings to their components (@derrabus)
• feature #37443 [HttpClient] add StreamableInterface to ease turning responses into PHP streams (@nicolas-grekas)
• feature #36739 [TwigBundle] Deprecate the public “twig” service to private (@fancyweb)
• feature #37272 [HttpFoundation] add HeaderUtils::parseQuery(): it does the same as pars _str() but preserves dots in variable names (@nicolas-grekas)
• feature #37403 [Notifier] Return SentMessage from the Notifier message handler (@fabpot)
• feature #36611 Add Notifier SentMessage (@jeremyFreeAgent)
• feature #37357 [FrameworkBundle] allow configuring trusted proxies using semantic configuration (@nicolas-grekas)
• feature #37373 [DI] deprecate Definition/Alias::setPrivate() (@nicolas-grekas)
• feature #37351 [FrameworkBundle] allow enabling the HTTP cache using semantic configuration (@nicolas-grekas)
• feature #37306 [Messenger] added support for Amazon SQS QueueUrl as DSN (@starred-gijs)
• feature #37336 [Security] Let security factories add firewall listeners (@scheb)
• feature #37318 [Security] Add attributes on Passport (@fabpot)
• feature #37241 [Console] Fix Docblock for CommandTester::getExitCode (@Jean85)
• feature #35834 [Notifier] Remove default transport property in Transports class (@jschaedl)
• feature #37198 [FrameworkBundle] Add support for tagge _iterator/tagge _locator in unused tags util (@fabpot)
• feature #37165 [Mime] Add DKIM support (@fabpot)
• feature #36778 Use PHP instead of XML as the prefered service/route configuration in core (@fabpot)
• feature #36802 [Console] Add support for true colors (@fabpot)
• feature #36775 [DependencyInjection] Add abstrac _arg() and param() (@fabpot)
• feature #37040 [PropertyInfo] Support using the SerializerExtractor with no group check (@GuilhemN)
• feature #37175 [Mime] Deprecate Address::fromString() (@fabpot)
• feature #37114 Provides a way to override cache and log folders from the ENV (@Plopix)
• feature #36736 [FrameworkBundle][Mailer] Add a way to configure some email headers from semantic configuration (@fabpot)
• feature #37136 [HttpClient] added support for pausing responses with a new paus _handler callable exposed as an info item (@nicolas-grekas)
• feature #36779 [HttpClient] add AsyncDecoratorTrait to ease processing responses without breaking async (@nicolas-grekas)
• feature #36790 Bump Doctrine DBAL to 2.10+ (@fabpot)
• feature #36818 [Validator] deprecate the “allowEmptyString” option (@xabbuh)

Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. UseSymfonyInsight upgrade reports to detect the code you will need to change in your project andread our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

The Symfony Uid component provides tools to generate and work with unique identifiers such as UUIDs and ULIDs. In Symfony 5.2 we’re improving its integration with the rest of the framework. In a previous article we showed the new Doctrine types for UUID and ULID and this article shows the integration with the Serializer and Validation components.

Uid normalizer¶

Contributed by
guillbdx and Tomas Norkūnas in #36406 and #38151.

Symfony 5.2 introduces a new UidNormalizer which can normalize/denormalize both UUIDs and ULIDs.

Consider the following entity with a UUID property:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

// src/Entity/Product.phpnamespaceApp\Entity;useDoctrine\ORM\MappingasORM;/** * @ORM\Entity(repositoryClass="App\Repository\ProductRepository") */classProduct{/** * @ORM\Column(type="uuid") */private$id;// ...}

Thanks to the new Uid normalizer (which is enabled by default, so you don’t have to change anything in your application) this entity is automatically serialized and deserialized as expected:

1 2 3

$product=newProduct();$jsonContent=$serializer->serialize($product,'json');// $jsonContent contains {"id":"9b7541de-6f87-11ea-ab3c-9da9a81562fc","...":"..."}

Ulid validation¶

Contributed by
Laurent Clouet
in #38322.

Symfony has included a UUID validator since 2014 and, starting from Symfony 5.2, it now also includes a ULID validator:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

// src/Entity/Product.phpnamespaceApp\Entity;useDoctrine\ORM\MappingasORM;useSymfony\Component\Validator\ConstraintsasAssert;/** * @ORM\Entity(repositoryClass="App\Repository\ProductRepository") */classProduct{/** * @ORM\Column(type="ulid") * @Assert\Ulid */private$someProperty;// ...}

A final improvement done by Nicolas Grekas in the Pull Request #38332 is the update of the existing UUID validator to also validate UUIDv6 values.

Contributed by
Yonel Ceruto
in #37968.

Sometimes, the objects handled with Symfony forms don’t define the expected getter/setter methods (e.g. getName() and setName()) but other methods better aligned with the application needs (e.g. getName() and rename()).

In those cases, you can use a form data mapper to move the object data into the form fields and the other way around. In Symfony 5.2 we’ve improved this to allow using callback functions to get/set form fields. You only need to define the new getter or setter options (or both) and Symfony will run that callback to get/set the value from/into the object/array:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

// src/Form/Type/ProductType.phpnamespaceApp\Form\Type;useApp\Entity\Person;useSymfony\Component\Form\Extension\Core\Type\TextType;useSymfony\Component\Form\FormBuilderInterface;useSymfony\Component\Form\FormInterface;classPersonTypeextendsAbstractType{publicfunctionbuildForm(FormBuilderInterface$builder,array$options){$builder->add('name',TextType::class,['getter'=>function(Person$person,FormInterface$form):string{return$person->getUserData()->getFirstName();},'setter'=>function(Person&$person,?string$name,FormInterface$form):void{$person->rename($name);},])// ...;}// ...}

This new feature means that you no longer need to create a data mapper to solve this problem. However, you still need to use data mappers in certain situations (when several form fields are mapped to a single method, when the mapping of the model depends on the submitted form data, etc.)

Ensuring the quality of a software project over time is a difficult and high-stakes challenge, whether you are a company or not. Preventing bugs and problems is a regular concern in projects and can be difficult to achieve.

Following our first SymfonyInsight webinar earlier this year, we propose you to join us on our new discussion: How to steer my projects with confidence thanks to Quality Assurance Plans and SymfonyInsight, in partnership with SensioLabs. As the creator of Symfony, SensioLabs supports companies using Symfony, with a large range of offers such as consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

SymfonyInsight brings the most advanced analysis of Symfony projects to make sure an application is safe, reliable and maintainable. In this webinar, you will discover how SensioLabs leveraged SymfonyInsight in addition to internal quality processes in order to steer with success a large strategic project in the bank sector. We will also discuss how SymfonyInsight and SensioLabs Quality Assurance Plans can help you monitor quality over time and avoid risks to your business arising from technical problems.

You’re not yet familiar with SymfonyInsight? This is the perfect occasion to understand how to use it within your Symfony projects to ensure their code quality. Get rid of your critical problems and reduce your technical debt!

Join us for this free webinar on October 15th 2020, 3 PM UTC, register now! The webinar will last about 45 min to 1 hour. Registration is mandatory to attend the webinar.

See you soon online!

Contributed by
Jérôme Vasseur
in #37829.

PHP 8 will be released in a few weeks and it will include a game changer feature called attributes (or annotations). Symfony 5.2 already includes attributes todefine routes and required dependencies, but we continued adding attributes support where it makes sense.

That’s why in Symfony 5.2 you can also use PHP attributes for controller arguments. Thanks to this new feature, we’ve introduced a #[CurrentUser] attribute to turn a controller argument into the object the represents the currently logged user:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

// src/Controller/SomeController.phpnamespaceApp\Controller;useApp\Entity\MyUser;useSymfony\Bundle\FrameworkBundle\Controller\AbstractController;useSymfony\Component\Security\Http\Attribute\CurrentUser;classSomeControllerextendsAbstractController{publicfunctionindex(#[CurrentUser] MyUser $user){// ...}}

In practice, this works by adding a new method to the ArgumentMetadata object passed to the argument value resolvers. If you define your own resolvers, you can now use the getAttribute() method, which returns the attribute that was set on the argument (or null if none was set).

Contributed by
Matthieu Napoli
in #38288 and #38287.

Testing is an essential part of Symfony applications. That’s why we promote testing in the docs and provide specific testing utilities like the PhpUnit bridge. In Symfony 5.2 we’ve improved our list of custom test asserts with new asserts for the Symfony Forms.

In previous Symfony versions, testing Symfony forms required you to deal with the form view variables and do things like this:

1
2
3
4

$view=$this->factory->create(TestedType::class,$formData)->createView();$this->assertArrayHasKey('custom_var',$view->vars);$this->assertSame('expected value',$view->vars['custom_var']);

Now you can use the assertFormValue() and assertCheckboxChecked() methods to check form values without dealing with low-level details like the view variables:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

namespaceApp\Tests\Controller;useApp\Entity\Post;useSymfony\Bundle\FrameworkBundle\Test\WebTestCase;classSomeTestextendsWebTestCase{publicfunctiontestIndex():void{$client=static::createClient();$crawler=$client->request('GET','/some-page');$client->submitForm('Save',['activateMembership'=>'on','trialPeriod'=>'7',]);$this->assertFormValue('#form','trialPeriod','7');$this->assertCheckboxChecked('activateMembership');}}