This changelog references the relevant changes (bug and security fixes) done in 2.1 minor versions.
To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.1.0...v2.1.1
- added a default implementation of the ManagerRegistry
- added a session storage for Doctrine DBAL
- added a csrf_token function
- added a way to specify a default domain for a Twig template (via the 'trans_default_domain' tag)
- This bundle has been removed and the relevant code has been moved to the Doctrine bridge
- This bundle has been moved to the Doctrine organization
- added optional
group_by
property toEntityType
that supports either aPropertyPath
or a\Closure
that is evaluated on the entity choices - The
em
option for theUniqueEntity
constraint is now optional (and should probably not be used anymore).
- added a router:match command
- added a config:dump-reference command
- added kernel.event_subscriber tag
- added a way to create relative symlinks when running assets:install command (--relative option)
- added Controller::getUser()
- [BC BREAK] assets_base_urls and base_urls merging strategy has changed
- changed the default profiler storage to use the filesystem instead of SQLite
- added support for placeholders in route defaults and requirements (replaced by the value set in the service container)
- added Filesystem component as a dependency
- added support for hinclude (use
standalone: 'js'
in render tag) - session options: lifetime, path, domain, secure, httponly were deprecated. Prefixed versions should now be used instead: cookie_lifetime, cookie_path, cookie_domain, cookie_secure, cookie_httponly
- [BC BREAK] following session options: 'lifetime', 'path', 'domain', 'secure', 'httponly' are now prefixed with cookie_ when dumped to the container
- This bundle has been moved to its own repository (https://github.com/symfony/MonologBundle)
-
[BC BREAK] The custom factories for the firewall configuration are now registered during the build method of bundles instead of being registered by the end-user (you need to remove the 'factories' keys in your security configuration).
-
[BC BREAK] The Firewall listener is now registered after the Router one. It means that specific Firewall URLs (like /login_check and /logout must now have proper route defined in your routing configuration)
-
[BC BREAK] refactored the user provider configuration. The configuration changed for the chain provider and the memory provider:
Before:
security: providers: my_chain_provider: providers: [my_memory_provider, my_doctrine_provider] my_memory_provider: users: toto: { password: foobar, roles: [ROLE_USER] } foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
After:
security: providers: my_chain_provider: chain: providers: [my_memory_provider, my_doctrine_provider] my_memory_provider: memory: users: toto: { password: foobar, roles: [ROLE_USER] } foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
-
[BC BREAK] Method
equals
was removed fromUserInterface
to its own newEquatableInterface
, now user class can implement this interface to override the default implementation of users equality test. -
added a validator for the user password
-
added 'erase_credentials' as a configuration key (true by default)
-
added new events:
security.authentication.success
andsecurity.authentication.failure
fired on authentication success/failure, regardless of authentication method, events are defined in new event class:Symfony\Component\Security\Core\AuthenticationEvents
. -
Added optional CSRF protection to LogoutListener:
security: firewalls: default: logout: path: /logout_path target: / csrf_parameter: _csrf_token # Optional (defaults to "_csrf_token") csrf_provider: form.csrf_provider # Required to enable protection intention: logout # Optional (defaults to "logout")
If the LogoutListener has CSRF protection enabled but cannot validate a token, then a LogoutException will be thrown.
-
Added
logout_url
templating helper and Twig extension, which may be used to generate logout URL's within templates. The security firewall's config key must be specified. If a firewall's logout listener has CSRF protection enabled, a token will be automatically added to the generated URL.
- This bundle has been moved to its own repository (https://github.com/symfony/SwiftmailerBundle)
- moved the data collector to the bridge
- replaced MessageLogger class with the one from Swiftmailer 4.1.3
- added the real template name when an error occurs in a Twig template
[BC BREAK] You must clear old profiles after upgrading to 2.1 (don't forget to remove the table if you are using a DB)
- added support for the request method
- added a routing panel
- added a timeline panel
- The toolbar position can now be configured via the
position
option (can betop
orbottom
)
- [BC BREAK] The CookieJar internals have changed to allow cookies with the same name on different sub-domains/sub-paths
- added a way to add documentation on configuration
- implemented
Serializable
on resources - LoaderResolverInterface is now used instead of LoaderResolver for type hinting
- added a --raw option to the list command
- added support for STDERR in the console output class (errors are now sent to STDERR)
- made the defaults (helper set, commands, input definition) in Application more easily customizable
- added support for the shell even if readline is not available
- added support for process isolation in Symfony shell via
--process-isolation
switch
- added a class map generator
- added support for loading globally-installed PEAR packages
- component exceptions that inherit base SPL classes are now used exclusively (this includes dumped containers)
- refactor the Form class internals to support multi-dimensional fields (the public API is backward compatible)
- added a way to get parsing errors for Crawler::addHtmlContent() and Crawler::addXmlContent() via libxml functions
- added support for submitting a form without a submit button
- added a reference to the EventDispatcher on the Event
- added a reference to the Event name on the event
- added fluid interface to the dispatch() method which now returns the Event object
- created this new component
- Finder::exclude() now supports an array of directories as an argument
-
[BC BREAK]
read_only
field attribute now renders asreadonly="readonly"
, usedisabled
instead -
[BC BREAK] child forms now aren't validated anymore by default
-
made validation of form children configurable (new option: cascade_validation)
-
added support for validation groups as callbacks
-
made the translation catalogue configurable via the "translation_domain" option
-
added Form::getErrorsAsString() to help debugging forms
-
allowed setting different options for RepeatedType fields (like the label)
-
added support for empty form name at root level, this enables rendering forms without form name prefix in field names
-
[BC BREAK] form and field names must start with a letter, digit or underscore and only contain letters, digits, underscores, hyphens and colons
-
[BC BREAK] changed default name of the prototype in the "collection" type from "$$name$$" to "name". No dollars are appended/prepended to custom names anymore.
-
[BC BREAK] improved ChoiceListInterface
-
[BC BREAK] added SimpleChoiceList and LazyChoiceList as replacement of ArrayChoiceList
-
added ChoiceList and ObjectChoiceList to use objects as choices
-
[BC BREAK] removed EntitiesToArrayTransformer and EntityToIdTransformer. The former has been replaced by CollectionToArrayTransformer in combination with EntityChoiceList, the latter is not required in the core anymore.
-
[BC BREAK] renamed
- ArrayToBooleanChoicesTransformer to ChoicesToBooleanArrayTransformer
- ScalarToBooleanChoicesTransformer to ChoiceToBooleanArrayTransformer
- ArrayToChoicesTransformer to ChoicesToValuesTransformer
- ScalarToChoiceTransformer to ChoiceToValueTransformer
to be consistent with the naming in ChoiceListInterface.
-
[BC BREAK] removed FormUtil::toArrayKey() and FormUtil::toArrayKeys(). They were merged into ChoiceList and have no public equivalent anymore.
-
choice fields now throw a FormException if neither the "choices" nor the "choice_list" option is set
-
the radio type is now a child of the checkbox type
-
the collection, choice (with multiple selection) and entity (with multiple selection) types now make use of addXxx() and removeXxx() methods in your model
-
added options "add_method" and "remove_method" to collection and choice type
-
forms now don't create an empty object anymore if they are completely empty and not required. The empty value for such forms is null.
-
added constant Guess::VERY_HIGH_CONFIDENCE
-
FormType::getDefaultOptions() now sees default options defined by parent types
-
[BC BREAK] FormType::getParent() does not see default options anymore
-
[BC BREAK] The methods
add
,remove
,setParent
,bind
andsetData
in class Form now throw an exception if the form is already bound
- added a getTargetUrl method to RedirectResponse
- added support for streamed responses
- made Response::prepare() method the place to enforce HTTP specification
- [BC BREAK] moved management of the locale from the Session class to the Request class
- added a generic access to the PHP built-in filter mechanism: ParameterBag::filter()
- made FileBinaryMimeTypeGuesser command configurable
- added Request::getUser() and Request::getPassword()
- added support for the PATCH method in Request
- removed the ContentTypeMimeTypeGuesser class as it is deprecated and never used on PHP 5.3
- added ResponseHeaderBag::makeDisposition() (implements RFC 6266)
- made mimetype to extension conversion configurable
- [BC BREAK] Moved all session related classes and interfaces into own namespace, as
Symfony\Component\HttpFoudation\Session
and renamed classes accordingly. - Added
FlashBag
. Flashes expire when retrieved byget()
orall()
. This makes the implementation ESI compatible. - Added
AutoExpireFlashBag
(default) to replicate Symfony 2.0.x auto expire behaviour of messages auto expiring after one page page load. Messages must be retrived byget()
orall()
. - [BC BREAK] Removed the
close()
method from the Session class - Deprecated the following methods from the Session class:
setFlash()
,setFlashes()
getFlash()
,hasFlash()
, andremoveFlash()
. UsegetFlashBag()
instead which returns aFlashBagInterface
. Session->clear()
now only clears session attributes as before it cleared flash messages and attributes.Session->getFlashBag()->all()
clears flashes now.- Added
Symfony\Component\HttpFoundation\Session\Storage\AbstractSessionStorage
base class for session storage drivers. - Added
SessionHandlerInterface
interface which storage drivers should implement after inheriting fromSymfony\Component\HttpFoundation\Session\Storage\AbstractSessionStorage
when writing custom session save handlers using PHP 5.3. This interface is a stub for the PHP 5.4 interface. - [BC BREAK]
SessionStorageInterface
methods removed:write()
,read()
andremove()
. AddedgetBag()
,registerBag()
. - Moved attribute storage to
Symfony\Component\HttpFoundation\Attribute\AttributeBagInterface
. - Added
Symfony\Component\HttpFoundation\Attribute\AttributeBag
to replicate attributes storage behaviour from 2.0.x (default). - Added
Symfony\Component\HttpFoundation\Attribute\NamespacedAttributeBag
for namespace session attributes. - Session now implements
Symfony\Component\HttpFoundation\Session\SessionInterface
making implementation customizable and portable. - [BC BREAK] Removed
NativeSessionStorage
and replaced withNativeFileSessionStorage
. - Added session storage drivers for PHP native Memcache, Memcached and SQLite session save handlers.
- Added session storage drivers for custom Memcache, Memcached and Null session save handlers.
- Removed
FilesystemSessionStorage
, useMockFileSessionStorage
for functional testing instead.
- added CacheClearerInterface
- added a kernel.terminate event
- added a Stopwatch class
- added WarmableInterface
- improved extensibility between bundles
- added Memcache(d)-based profiler storages
- added a File-based profiler storage
- added a MongoDB-based profiler storage
- moved Filesystem class to its own component
- added Locale::getIcuVersion() and Locale::getIcuDataVersion()
- added ProcessBuilder
- the UrlMatcher does not throw a \LogicException any more when the required scheme is not the current one
- added a TraceableUrlMatcher
- added the possibility to define default values and requirements for placeholders in prefix, including imported routes
- added RouterInterface::getRouteCollection
- after login, the user is now redirected to
default_target_path
ifuse_referer
is true and the referrer is thelogin_path
. - added a way to remove a token from a session
- [BC BREAK] changed
MutableAclInterface::setParentAcl
to acceptnull
, review your implementation to reflect this change.
-
[BC BREAK] changed
GetSetMethodNormalizer
's key names from all lowercased to camelCased (e.g.mypropertyvalue
tomyPropertyValue
) -
[BC BREAK] convert the
item
XML tag to an array<?xml version="1.0"?> <response> <item><title><![CDATA[title1]]></title></item><item><title><![CDATA[title2]]></title></item> </response>
Before:
Array()
After:
Array( [item] => Array( [0] => Array( [title] => title1 ) [1] => Array( [title] => title2 ) ) )
- changed the default extension for XLIFF files from .xliff to .xlf
- added support for gettext
- added support for more than one fallback locale
- added support for translations in ResourceBundles
- added support for extracting translation messages from templates (Twig and PHP)
- added dumpers for translation catalogs
- added support for QT translations
- added support for
ctype_*
assertions inTypeValidator
- added a Size validator
- added a SizeLength validator
- improved the ImageValidator with min width, max width, min height, and max height constraints
- added support for MIME with wildcard in FileValidator
- changed Collection validator to add "missing" and "extra" errors to individual fields
- changed default value for
extraFieldsMessage
andmissingFieldsMessage
in Collection constraint - made ExecutionContext immutable
- deprecated Constraint methods
setMessage
,getMessageTemplate
andgetMessageParameters
- added support for dynamic group sequences with the GroupSequenceProvider pattern
- Yaml::parse() does not evaluate loaded files as PHP files by default anymore (call Yaml::enablePhpParsing() to get back the old behavior)