github symfony/symfony v6.4.0-BETA3

latest releases: v7.2.0-RC1, v7.1.8, v6.4.15...
pre-release12 months ago

Changelog (v6.4.0-BETA2...v6.4.0-BETA3)

  • bug #51666 [RateLimiter] CompoundLimiter was accepting requests even when some limiters already consumed all tokens (@10n)
  • bug #52524 [AssetMapper] Only download a CSS file if it is explicitly advertised (@weaverryan)
  • bug #52523 [AssetMapper] avoid caching MappedAsset inside JavaScript Import (@weaverryan)
  • bug #52519 [AssetMapper] If assets are served from a subdirectory or CDN, also adjust importmap keys (@weaverryan)
  • bug #52508 [AssetMapper] Fix jsdelivr import parsing with no imported value (@weaverryan)
  • security #cve-2023-46734 [TwigBridge] Ensure CodeExtension's filters properly escape their input (@nicolas-grekas, @GromNaN)
  • security #cve-2023-46735 [Webhook] Remove user-submitted type from HTTP response (@nicolas-grekas)
  • security #cve-2023-46733 [Security] Fix possible session fixation when only the token changes (@RobertMe)
  • bug #52514 [FrameworkBundle] Don't reference SYMFONY_IDE env var in non-debug mode (@nicolas-grekas)
  • bug #52506 [SecurityBundle] wire the secret for Symfony 6.4 compatibility (@xabbuh)
  • bug #52496 [VarDumper] Accept mixed key on DsPairStub (@marc-mabe)
  • bug #52502 [Config] Prefixing FileExistenceResource::__toString() to avoid conflict with FileResource (@weaverryan)
  • bug #52491 [String] Method toByteString conversion using iconv is unreachable (@Vincentv92)
  • bug #52488 [HttpKernel] Fix PHP deprecation (@nicolas-grekas)
  • bug #52469 Check whether secrets are empty and mark them all as sensitive (@nicolas-grekas)
  • feature #52471 [HttpKernel] Add ControllerResolver::allowControllers() to define which callables are legit controllers when the _check_controller_is_allowed request attribute is set (@nicolas-grekas)
  • bug #52476 [Messenger] fix compatibility with Doctrine DBAL 4 (@xabbuh)
  • bug #52434 [Console][FrameworkBundle] Fix missing profile option for console commands (@keulinho)
  • bug #52474 [HttpFoundation] ensure string type with mbstring func overloading enabled (@xabbuh)
  • bug #52472 [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded (@MatTheCat)
  • bug #52457 [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL (@HypeMC)
  • bug #52443 [Yaml] Fix uid binary parsing (@mRoca)
  • feature #52449 [TwigBridge] Mark CodeExtension as @internal (@fabpot)
  • bug #52429 [HttpClient] Replace escapeshellarg to prevent overpassing ARG_MAX (@alexandre-daubois)
  • bug #52442 Disable the "Copy as cURL" button when the debug info are disabled (@stof)
  • bug #52444 Remove full DSNs from exception messages (@nicolas-grekas)
  • feature #52336 [HttpFoundation][Lock] Makes MongoDB adapters usable with ext-mongodb only (@GromNaN)
  • bug #52428 [HttpKernel] Preventing error 500 when function putenv is disabled (@ShaiMagal)
  • bug #52427 [Console][Process] do not let context classes extend the message classes (@xabbuh)
  • bug #52408 [Yaml] Fix block scalar array parsing (@NickSdot)
  • bug #52132 [Console] Fix horizontal table top border is incorrectly rendered (@OskarStark)
  • bug #52368 [AssetMapper] Fixing bug where JSCompiler used non-absolute importmap entry path (@weaverryan)
  • bug #52367 [Uid] Fix UuidV7 collisions within the same ms (@nicolas-grekas)
  • bug #52287 [FrameworkBundle] Fix deprecation layer for "enable_annotations" in validation and serializer configuration (@lyrixx)
  • bug #52222 [MonologBridge] Fix support for monolog 3.0 (@louismariegaborit)

[PR] #52538
[SECURITY] Security release

Don't miss a new symfony release

NewReleases is sending notifications on new releases.