This week, Symfony 4.4.37, 5.3.14, 5.4.3 and 6.0.3 maintenance versions were released. In addition, a potential security vulnerability related to CSRF tokens in forms was found and fixed in security releases for all maintained versions.
Symfony development highlights
This week, 45 pull requests were merged (37 in code and 8 in docs) and 44 issues were closed (35 in code and 9 in docs). Excluding merges, 36 authors made 1,509 additions and 272 deletions. See det
Description The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded,
Symfony 5.3.15 has just been released. Here is the list of the most important changes since 5.3.14: security #cve-2022-xxxx [FrameworkBundle] Enable CSRF in FORM by default (@jderusse) Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be
Symfony 5.4.4 has just been released. Here is the list of the most important changes since 5.4.3: security #cve-2022-xxxx [FrameworkBundle] Enable CSRF in FORM by default (@jderusse) Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be no
Symfony 6.0.4 has just been released. Here is the list of the most important changes since 6.0.3: security #cve-2022-xxxx [FrameworkBundle] Enable CSRF in FORM by default (@jderusse) Want to upgrade to this new release? Because Symfony protects backwards-compatibility very closely, this should be quite easy. Use SymfonyInsight upgrade reports to detect the code you will need to change in your project and read our upgrade documentation to learn more. Want to be no
Symfony 6.0.3 has just been released. Here is the list of the most important changes since 6.0.2: bug #45193 [FrameworkBundle] Fix missing arguments when a serialization default context is bound (@ArnoudThibaut) bug #44997 [Runtime] Fix --env and --no-debug with dotenv_overload (@fancyweb) bug #45188 [Dotenv] Fix bootEnv() override with .env.local.php when the env key already exists (@fancyweb) bug #45095 [Finder] Fix finding VCS re-included files in excluded dir
Symfony 5.4.3 has just been released. Here is the list of the most important changes since 5.4.2: bug #45193 [FrameworkBundle] Fix missing arguments when a serialization default context is bound (@ArnoudThibaut) bug #44997 [Runtime] Fix --env and --no-debug with dotenv_overload (@fancyweb) bug #45188 [Dotenv] Fix bootEnv() override with .env.local.php when the env key already exists (@fancyweb) bug #45095 [Finder] Fix finding VCS re-included files in excluded dir
Symfony 4.4.37 has just been released. Here is the list of the most important changes since 4.4.36: bug #44939 [Form] UrlType should not add protocol to emails (@GromNaN) bug #43149 Silence warnings during tty detection (@neclimdul) bug #45181 [Console] Fix PHP 8.1 deprecation in ChoiceQuestion (@BrokenSourceCode) bug #45140 [Yaml] Making the parser stateless (@mamazu) bug #45103 [Process] Avoid calling fclose on an already closed resource (@Seldaek) bug #45088 [
Symfony 5.3.14 has just been released. Here is the list of the most important changes since 5.3.13: bug #44860 [Validator] Fix Choice constraint with associative choices array (@derrabus) bug #44939 [Form] UrlType should not add protocol to emails (@GromNaN) bug #43149 Silence warnings during tty detection (@neclimdul) bug #45154 [Serializer] Fix AbstractObjectNormalizer not considering pseudo type false (@Thomas Nunninger) bug #45185 [Notifier] Fix encoding of m
This was a very intense week for Symfony: first we introduced the new Symfony 6 certification exam, then we announced a new and better way to start Symfony projects and finally, we updated Symfony Flex to provide [fast, smart Flex recipe upgrades](https://symfony.com/blog/fast-smart-flex-recipe-upgrades-with-recipes-update
