From cf0583a2a05b8b3d8728c5782189f414aac2849e Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 14:59:06 +0000 Subject: [PATCH 1/8] updated CHANGELOG for 3.4.20 --- CHANGELOG-3.4.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md index dcd1c3bf0629..d0d11555c73a 100644 --- a/CHANGELOG-3.4.md +++ b/CHANGELOG-3.4.md @@ -7,6 +7,23 @@ in 3.4 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1 +* 3.4.20 (2018-12-06) + + * security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (xabbuh) + * security #cve-2018-19789 [Form] Filter file uploads out of regular form types (nicolas-grekas) + * bug #29436 [Cache] Fixed Memcached adapter doClear()to call flush() (raitocz) + * bug #29441 [Routing] ignore trailing slash for non-GET requests (nicolas-grekas) + * bug #29432 [DI] dont inline when lazy edges are found (nicolas-grekas) + * bug #29413 [Serializer] fixed DateTimeNormalizer to maintain microseconds when a different timezone required (rvitaliy) + * bug #29424 [Routing] fix taking verb into account when redirecting (nicolas-grekas) + * bug #29414 [DI] Fix dumping expressions accessing single-use private services (chalasr) + * bug #29375 [Validator] Allow `ConstraintViolation::__toString()` to expose codes that are not null or emtpy strings (phansys) + * bug #29376 [EventDispatcher] Fix eventListener wrapper loop in TraceableEventDispatcher (jderusse) + * bug #29343 [Form] Handle all case variants of "nan" when parsing a number (mwhudson, xabbuh) + * bug #29355 [PropertyAccess] calculate cache keys for property setters depending on the value (xabbuh) + * bug #29369 [DI] fix combinatorial explosion when analyzing the service graph (nicolas-grekas) + * bug #29349 [Debug] workaround opcache bug mutating "$this" !?! (nicolas-grekas) + * 3.4.19 (2018-11-26) * bug #29318 [Console] Move back root exception to stack trace in verbose mode (chalasr) From 4386fb48b19fcb562f8550896ef23af188a8d404 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 14:59:29 +0000 Subject: [PATCH 2/8] update CONTRIBUTORS for 3.4.20 --- CONTRIBUTORS.md | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 1c329f2146c3..a6800f3acfb8 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -21,8 +21,8 @@ Symfony is the result of the work of many people who made the code better - Ryan Weaver (weaverryan) - Javier Eguiluz (javier.eguiluz) - Grégoire Pineau (lyrixx) - - Hugo Hamon (hhamon) - Roland Franssen (ro0) + - Hugo Hamon (hhamon) - Abdellatif Ait boudad (aitboudad) - Romain Neutron (romain) - Pascal Borreli (pborreli) @@ -56,12 +56,12 @@ Symfony is the result of the work of many people who made the code better - Bulat Shakirzyanov (avalanche123) - Matthias Pigulla (mpdude) - Peter Rehm (rpet) + - Jérémy DERUSSÉ (jderusse) - Saša Stamenković (umpirsky) - Pierre du Plessis (pierredup) - Kevin Bond (kbond) - Henrik Bjørnskov (henrikbjorn) - Miha Vrhovnik - - Jérémy DERUSSÉ (jderusse) - Diego Saint Esteben (dii3g0) - Alexander M. Turek (derrabus) - Konstantin Kudryashov (everzet) @@ -122,6 +122,8 @@ Symfony is the result of the work of many people who made the code better - Joshua Thijssen - excelwebzone - Gordon Franke (gimler) + - Chris Wilkinson (thewilkybarkid) + - Javier Spagnoletti (phansys) - Fabien Pennequin (fabienpennequin) - Eric GELOEN (gelo) - Sebastiaan Stok (sstok) @@ -129,11 +131,9 @@ Symfony is the result of the work of many people who made the code better - Lars Strojny (lstrojny) - Daniel Wehner (dawehner) - Tugdual Saunier (tucksaun) - - Javier Spagnoletti (phansys) - Théo FIDRY (theofidry) - Robert Schönthal (digitalkaoz) - Florian Lonqueu-Brochard (florianlb) - - Chris Wilkinson (thewilkybarkid) - Stefano Sala (stefano.sala) - Evgeniy (ewgraf) - Alex Pott @@ -165,6 +165,7 @@ Symfony is the result of the work of many people who made the code better - Rouven Weßling (realityking) - Clemens Tolboom - Helmer Aaviksoo + - Alessandro Chitolina (alekitto) - Hiromi Hishida (77web) - Niels Keurentjes (curry684) - Matthieu Ouellette-Vachon (maoueh) @@ -181,7 +182,7 @@ Symfony is the result of the work of many people who made the code better - Matthieu Napoli (mnapoli) - Florent Mata (fmata) - Warnar Boekkooi (boekkooi) - - Alessandro Chitolina (alekitto) + - Thomas Calvet (fancyweb) - Dmitrii Chekaliuk (lazyhammer) - Clément JOBEILI (dator) - Daniel Espendiller @@ -195,7 +196,6 @@ Symfony is the result of the work of many people who made the code better - DQNEO - Benjamin Dulau (dbenjamin) - Mathieu Lemoine (lemoinem) - - Thomas Calvet (fancyweb) - Christian Schmidt - Andreas Hucks (meandmymonkey) - Noel Guilbert (noel) @@ -217,6 +217,7 @@ Symfony is the result of the work of many people who made the code better - Jeremy Livingston (jeremylivingston) - Michael Lee (zerustech) - Matthieu Auger (matthieuauger) + - Oskar Stark (oskarstark) - Leszek Prabucki (l3l0) - François Zaninotto (fzaninotto) - Dustin Whittle (dustinwhittle) @@ -241,12 +242,12 @@ Symfony is the result of the work of many people who made the code better - Rob Frawley 2nd (robfrawley) - julien pauli (jpauli) - Lorenz Schori - - Oskar Stark (oskarstark) - Sébastien Lavoie (lavoiesl) - Gregor Harlan (gharlan) - Dariusz - Francois Zaninotto - Alexander Kotynia (olden) + - Fabien Bourigault (fbourigault) - Daniel Tschinder - Christian Schmidt - Marcos Sánchez @@ -295,7 +296,6 @@ Symfony is the result of the work of many people who made the code better - Thomas Lallement (raziel057) - mcfedr (mcfedr) - Colin O'Dell (colinodell) - - Fabien Bourigault (fbourigault) - Giorgio Premi - Jan Schädlich (jschaedl) - Beau Simensen (simensen) @@ -571,6 +571,7 @@ Symfony is the result of the work of many people who made the code better - Marcin Chyłek (songoq) - Ben Scott - Ned Schwartz + - Samuel NELA (snela) - Ziumin - Jeremy Benoist - fritzmg @@ -621,6 +622,7 @@ Symfony is the result of the work of many people who made the code better - Gunnstein Lye (glye) - Maxime Douailin - Jean Pasdeloup (pasdeloup) + - Sylvain Fabre (sylfabre) - Benjamin Cremer (bcremer) - Javier López (loalf) - Reinier Kip @@ -698,6 +700,7 @@ Symfony is the result of the work of many people who made the code better - Tiago Brito (blackmx) - - Richard van den Brand (ricbra) + - Thomas Bisignani (toma) - develop - flip111 - Greg Anderson @@ -841,7 +844,6 @@ Symfony is the result of the work of many people who made the code better - Jörn Lang (j.lang) - Omar Yepez (oyepez003) - Gawain Lynch (gawain) - - Samuel NELA (snela) - mwsaz - Jelle Kapitein - Benoît Bourgeois @@ -862,6 +864,7 @@ Symfony is the result of the work of many people who made the code better - Christian Morgan - Alexander Miehe (engerim) - Morgan Auchede (mauchede) + - Sascha Dens (saschadens) - Don Pinkster - Maksim Muruev - Emil Einarsson @@ -1034,6 +1037,7 @@ Symfony is the result of the work of many people who made the code better - Dominic Tubach - Nikita Konstantinov - Martijn Evers + - Vitaliy Ryaboy (vitaliy) - Benjamin Paap (benjaminpaap) - Christian - Denis Golubovskiy (bukashk0zzz) @@ -1061,6 +1065,7 @@ Symfony is the result of the work of many people who made the code better - Jakub Sacha - Olaf Klischat - orlovv + - Claude Dioudonnat - Jonathan Hedstrom - Peter Smeets (darkspartan) - Jhonny Lidfors (jhonny) @@ -1244,6 +1249,7 @@ Symfony is the result of the work of many people who made the code better - Sandro Hopf - Łukasz Makuch - George Giannoulopoulos + - Alexander Pasichnick - Luis Ramirez (luisdeimos) - Daniel Richter (richtermeister) - ChrisC @@ -1308,7 +1314,6 @@ Symfony is the result of the work of many people who made the code better - Jon Gotlin (jongotlin) - Michael Dowling (mtdowling) - Karlos Presumido (oneko) - - Sylvain Fabre (sylfabre) - Thomas Counsell - BilgeXA - r1pp3rj4ck @@ -1354,7 +1359,6 @@ Symfony is the result of the work of many people who made the code better - Andrew (drew) - kor3k kor3k (kor3k) - Stelian Mocanita (stelian) - - Thomas Bisignani (toma) - Justin (wackymole) - Flavian (2much) - Gautier Deuette @@ -1396,6 +1400,7 @@ Symfony is the result of the work of many people who made the code better - Alan Poulain - Martin Eckhardt - natechicago + - Sergei Gorjunov - Jonathan Poston - Adrian Olek (adrianolek) - Jody Mickey (jwmickey) @@ -1486,6 +1491,7 @@ Symfony is the result of the work of many people who made the code better - me_shaon - 蝦米 - Grayson Koonce (breerly) + - Andrey Helldar (helldar) - Karim Cassam Chenaï (ka) - Maksym Slesarenko (maksym_slesarenko) - Michal Kurzeja (mkurzeja) @@ -1612,6 +1618,7 @@ Symfony is the result of the work of many people who made the code better - Joel Marcey - David Christmann - root + - pf - Vincent Chalnot - James Hudson - Tom Maguire @@ -1754,6 +1761,7 @@ Symfony is the result of the work of many people who made the code better - Damian Sromek - Ben - Evgeniy Tetenchuk + - Shrey Puranik - dasmfm - Mathias Geat - Arnaud Buathier (arnapou) @@ -1774,6 +1782,7 @@ Symfony is the result of the work of many people who made the code better - Ulf Reimers (ureimers) - Wotre - goohib + - Tom Counsell - Xavier HAUSHERR - Ron Gähler - Edwin Hageman @@ -1811,6 +1820,7 @@ Symfony is the result of the work of many people who made the code better - Jörg Rühl - wesleyh - sergey + - Michael Hudson-Doyle - Daniel Bannert - Karim Miladi - Michael Genereux @@ -1840,11 +1850,13 @@ Symfony is the result of the work of many people who made the code better - Kasperki - Tammy D - Daniel STANCU + - Ryan Rud - Ondrej Slinták - vlechemin - Brian Corrigan - Ladislav Tánczos - Skorney + - Lucas Matte - fmarchalemisys - mieszko4 - Steve Preston @@ -1923,6 +1935,7 @@ Symfony is the result of the work of many people who made the code better - sualko - Bilge - ADmad + - Stéphane Delprat - Nicolas Roudaire - Alfonso (afgar) - Andreas Forsblom (aforsblo) @@ -2004,7 +2017,6 @@ Symfony is the result of the work of many people who made the code better - Rich Sage (richsage) - Rokas Mikalkėnas (rokasm) - Bart Ruysseveldt (ruyss) - - Sascha Dens (saschadens) - scourgen hung (scourgen) - Sebastian Busch (sebu) - Sepehr Lajevardi (sepehr) From b09cb1e8e63032a4518c08e9e712c9a08683175d Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 14:59:33 +0000 Subject: [PATCH 3/8] updated VERSION for 3.4.20 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 375e26ee0f5e..faea3086e542 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.20-DEV'; + const VERSION = '3.4.20'; const VERSION_ID = 30420; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; const RELEASE_VERSION = 20; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 9e84e0ff98286d5162b8cc2598e39f46d6fda879 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 15:57:52 +0000 Subject: [PATCH 4/8] bumped Symfony version to 3.4.21 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index faea3086e542..8635c2dfc444 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.20'; - const VERSION_ID = 30420; + const VERSION = '3.4.21-DEV'; + const VERSION_ID = 30421; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; - const RELEASE_VERSION = 20; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 21; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 7e1a7b6426567d85ea1202ce2c52f9389bf5970c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 17:34:35 +0000 Subject: [PATCH 5/8] updated CHANGELOG for 4.1.9 --- CHANGELOG-4.1.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CHANGELOG-4.1.md b/CHANGELOG-4.1.md index ad6a91cdd0b1..a547ce44c6b7 100644 --- a/CHANGELOG-4.1.md +++ b/CHANGELOG-4.1.md @@ -7,6 +7,28 @@ in 4.1 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.1.0...v4.1.1 +* 4.1.9 (2018-12-06) + + * security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (xabbuh) + * security #cve-2018-19789 [Form] Filter file uploads out of regular form types (nicolas-grekas) + * bug #29436 [Cache] Fixed Memcached adapter doClear()to call flush() (raitocz) + * bug #29441 [Routing] ignore trailing slash for non-GET requests (nicolas-grekas) + * bug #29444 [Workflow] Fixed BC break for Workflow metadata (lyrixx) + * bug #29432 [DI] dont inline when lazy edges are found (nicolas-grekas) + * bug #29413 [Serializer] fixed DateTimeNormalizer to maintain microseconds when a different timezone required (rvitaliy) + * bug #29424 [Routing] fix taking verb into account when redirecting (nicolas-grekas) + * bug #29414 [DI] Fix dumping expressions accessing single-use private services (chalasr) + * bug #29375 [Validator] Allow `ConstraintViolation::__toString()` to expose codes that are not null or emtpy strings (phansys) + * bug #29376 [EventDispatcher] Fix eventListener wrapper loop in TraceableEventDispatcher (jderusse) + * bug #29386 undeprecate the single-colon notation for controllers (fbourigault) + * bug #29393 [DI] fix edge case in InlineServiceDefinitionsPass (nicolas-grekas) + * bug #29380 [Routing] fix greediness of trailing slash (nicolas-grekas) + * bug #29343 [Form] Handle all case variants of "nan" when parsing a number (mwhudson, xabbuh) + * bug #29373 [Routing] fix trailing slash redirection (nicolas-grekas) + * bug #29355 [PropertyAccess] calculate cache keys for property setters depending on the value (xabbuh) + * bug #29369 [DI] fix combinatorial explosion when analyzing the service graph (nicolas-grekas) + * bug #29349 [Debug] workaround opcache bug mutating "$this" !?! (nicolas-grekas) + * 4.1.8 (2018-11-26) * bug #29318 [Console] Move back root exception to stack trace in verbose mode (chalasr) From c48d88379460d673a6ff6053de48e7a4b790e5b3 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 17:34:50 +0000 Subject: [PATCH 6/8] updated VERSION for 4.1.9 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 0a3909dff51c..1070b64cb96d 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.1.9-DEV'; + const VERSION = '4.1.9'; const VERSION_ID = 40109; const MAJOR_VERSION = 4; const MINOR_VERSION = 1; const RELEASE_VERSION = 9; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '01/2019'; const END_OF_LIFE = '07/2019'; From 9455c0b23339a0325fd332d6e60492d91071fcba Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 6 Dec 2018 17:39:00 +0000 Subject: [PATCH 7/8] bumped Symfony version to 4.1.10 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 1070b64cb96d..6c763b457ce6 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.1.9'; - const VERSION_ID = 40109; + const VERSION = '4.1.10-DEV'; + const VERSION_ID = 40110; const MAJOR_VERSION = 4; const MINOR_VERSION = 1; - const RELEASE_VERSION = 9; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 10; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '01/2019'; const END_OF_LIFE = '07/2019'; From 01a27e577c1d4212bae0542a4e2c4df629791ba6 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Fri, 7 Dec 2018 15:51:05 +0000 Subject: [PATCH 8/8] change timezone to fix tests on Windows As I understand the failing tests timezones have changed in Russia in 2016, but this is not reflected in the timezone database used on AppVeyor. Since the tests do not depend on a particular timezone (it's only important for it to be different from UTC) we should safely be able to switch to another timezone. --- .../Serializer/Tests/Normalizer/DateTimeNormalizerTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php b/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php index 99b224996cb1..e86fbdc48df0 100644 --- a/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php +++ b/src/Symfony/Component/Serializer/Tests/Normalizer/DateTimeNormalizerTest.php @@ -143,14 +143,14 @@ public function normalizeUsingTimeZonePassedInContextAndExpectedFormatWithMicros ); yield array( - '2018-12-01T21:03:06.067634', + '2018-12-01T19:03:06.067634', 'Y-m-d\TH:i:s.u', \DateTime::createFromFormat( 'Y-m-d\TH:i:s.u', '2018-12-01T18:03:06.067634', new \DateTimeZone('UTC') ), - new \DateTimeZone('Europe/Moscow'), + new \DateTimeZone('Europe/Berlin'), ); }