stable

php-symfony-2.8.42-1.fc27

FEDORA-2018-2bdfc9dc67 created by siwinski 6 years ago for Fedora 27

2.8.42 (2018-06-25)

  • bug #27669 [Filesystem] fix file lock on SunOS (fritzmg)
  • bug #27309 Fix surrogate not using original request (Toflar)
  • bug #27630 [Validator][Form] Remove BOM in some xlf files (gautierderuette)
  • bug #27591 [VarDumper] Fix dumping ArrayObject and ArrayIterator instances (nicolas-grekas)
  • bug #27581 Fix bad method call with guard authentication + session migration (weaverryan)
  • bug #27452 Avoid migration on stateless firewalls (weaverryan)
  • bug #27514 [Debug] Pass previous exception to FatalErrorException (pmontoya)
  • bug #26973 [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer. (kmadejski)
  • bug #27303 [Process] Consider "executable" suffixes first on Windows (sanmai)
  • bug #27297 Triggering RememberMe's loginFail() when token cannot be created (weaverryan)
  • bug #27366 [DI] never inline lazy services (nicolas-grekas)

2.8.41 (2018-05-25)

  • bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas)
  • security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured
  • security #cve-2018-11406 clear CSRF tokens when the user is logged out
  • security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
  • security #cve-2018-11385 Adding session strategy to ALL listeners to avoid any possible fixation
  • security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode

2.8.40 (2018-05-21)

  • bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov)
  • bug #27286 [Translation] Add Occitan plural rule (kylekatarnls)
  • bug #27246 Disallow invalid characters in session.name (ostrolucky)
  • bug #24805 [Security] Fix logout (MatTheCat)
  • bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074)
  • bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev)
  • bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas)
  • bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas)
  • bug #27152 [HttpFoundation] use brace-style regex delimiters (xabbuh)
  • feature #24896 Add CODE_OF_CONDUCT.md (egircys)

2.8.39 (2018-04-30)

  • bug #27067 [HttpFoundation] Fix setting session-related ini settings (e-moe)
  • bug #27016 [Security][Guard] GuardAuthenticationProvider::authenticate cannot return null (biomedia-thomas)
  • bug #26831 [Bridge/Doctrine] count(): Parameter must be an array or an object that implements Countable (gpenverne)
  • bug #27044 [Security] Skip user checks if not implementing UserInterface (chalasr)
  • bug #26014 [Security] Fixed being logged out on failed attempt in guard (iltar)
  • bug #26910 Use new PHP7.2 functions in hasColorSupport (johnstevenson)
  • bug #26999 [VarDumper] Fix dumping of SplObjectStorage (corphi)
  • bug #25841 [DoctrineBridge] Fix bug when indexBy is meta key in PropertyInfo\DoctrineExtractor (insekticid)
  • bug #26886 Don't assume that file binary exists on *nix OS (teohhanhui)
  • bug #26643 Fix that ESI/SSI processing can turn a "private" response "public" (mpdude)
  • bug #26932 [Form] Fixed trimming choice values (HeahDude)
  • bug #26875 [Console] Don't go past exact matches when autocompleting (nicolas-grekas)
  • bug #26823 [Validator] Fix LazyLoadingMetadataFactory with PSR6Cache for non classname if tested values isn't existing class (Pascal Montoya, pmontoya)
  • bug #26834 [Yaml] Throw parse error on unfinished inline map (nicolas-grekas)

2.8.38 (2018-04-06)

  • bug #26788 [Security] Load the user before pre/post auth checks when needed (chalasr)
  • bug #26774 [SecurityBundle] Add missing argument to security.authentication.provider.simple (i3or1s, chalasr)
  • bug #26763 [Finder] Remove duplicate slashes in filenames (helhum)
  • bug #26749 Add PHPDbg support to HTTP components (hkdobrev)
  • bug #26609 [Console] Fix check of color support on Windows (mlocati)

2.8.37 (2018-04-02)

  • bug #26727 [HttpCache] Unlink tmp file on error (Chansig)
  • bug #26675 [HttpKernel] DumpDataCollector: do not flush when a dumper is provided (ogizanagi)
  • bug #26663 [TwigBridge] Fix rendering of currency by MoneyType (ro0NL)
  • bug #26677 Support phpdbg SAPI in Debug::enable() (hkdobrev)
  • bug #26589 [Ldap] cast to string when checking empty passwords (ismail1432)
  • bug #26621 [Form] no type errors with invalid submitted data types (xabbuh)
  • bug #26337 [Finder] Fixed leading/trailing / in filename (lyrixx)
  • bug #26584 [TwigBridge] allow html5 compatible rendering of forms with null names (systemist)
  • bug #24401 [Form] Change datetime to datetime-local for HTML5 datetime input (pierredup)
  • bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (i3or1s)
  • bug #26569 [BrowserKit] Fix cookie path handling when $domain is null (dunglas)
  • bug #26598 Fixes #26563 (open_basedir restriction in effect) (temperatur)
  • bug #26568 [Debug] Reset previous exception handler earlier to prevent infinite loop (nicolas-grekas)
  • bug #26567 [DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore (fancyweb)
  • bug #26356 [FrameworkBundle] HttpCache is not longer abstract (lyrixx)
  • bug #26548 [DomCrawler] Change bad wording in ChoiceFormField::untick (dunglas)
  • bug #26433 [DomCrawler] extract(): fix a bug when the attribute list is empty (dunglas)
  • bug #26452 [Intl] Load locale aliases to support alias fallbacks (jakzal)
  • bug #26450 [CssSelector] Fix CSS identifiers parsing - they can start with dash (jakubkulhan)

2.8.36 (2018-03-05)

  • bug #26368 [WebProfilerBundle] Fix Debug toolbar breaks app (xkobal)

2.8.35 (2018-03-01)

  • bug #26338 [Debug] Keep previous errors of Error instances (Philipp91)
  • bug #26312 [Routing] Don't throw 405 when scheme requirement doesn't match (nicolas-grekas)
  • bug #26298 Fix ArrayInput::toString() for InputArgument::IS_ARRAY args (maximium)
  • bug #26236 [PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties (dunglas)
  • bug #25557 [WebProfilerBundle] add a way to limit ajax request (Simperfit)
  • bug #26228 [HttpFoundation] Fix missing "throw" in JsonResponse (nicolas-grekas)
  • bug #26211 [Console] Suppress warning from sapi_windows_vt100_support (adawolfa)
  • bug #26156 Fixes #26136: Avoid emitting warning in hasParameterOption() (greg-1-anderson)
  • bug #26183 [DI] Add null check for removeChild (changmin.keum)
  • bug #26173 [Security] fix accessing request values (xabbuh)
  • bug #26159 created validator.tl.xlf for Form/Translations (ergiegonzaga)
  • bug #26100 [Routing] Throw 405 instead of 404 when redirect is not possible (nicolas-grekas)
  • bug #26040 [Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder (nicolas-grekas)
  • bug #26012 Exit as late as possible (greg0ire)
  • bug #26111 [Security] fix merge of 2.7 into 2.8 + add test case (dmaicher)
  • bug #25893 [Console] Fix hasParameterOption / getParameterOption when used with multiple flags (greg-1-anderson)
  • bug #25940 [Form] keep the context when validating forms (xabbuh)
  • bug #25373 Use the PCRE_DOLLAR_ENDONLY modifier in route regexes (mpdude)
  • bug #26010 [CssSelector] For AND operator, the left operand should have parentheses, not only right operand (Arnaud CHASSEUX)
  • bug #25971 [Debug] Fix bad registration of exception handler, leading to mem leak (nicolas-grekas)
  • bug #25962 [Routing] Fix trailing slash redirection for non-safe verbs (nicolas-grekas)
  • bug #25948 [Form] Fixed empty data on expanded ChoiceType and FileType (HeahDude)
  • bug #25972 support sapi_windows_vt100_support for php 7.2+ (jhdxr)
  • bug #25744 [TwigBridge] Allow label translation to be safe (MatTheCat)

2.8.34 (2018-01-29)

  • bug #25922 [HttpFoundation] Use the correct syntax for session gc based on Pdo driver (tanasecosminromeo)
  • bug #25933 Disable CSP header on exception pages only in debug (ostrolucky)
  • bug #25926 [Form] Fixed Button::setParent() when already submitted (HeahDude)
  • bug #25927 [Form] Fixed submitting disabled buttons (HeahDude)
  • bug #25891 [DependencyInjection] allow null values for root nodes in YAML configs (xabbuh)
  • bug #25848 [Validator] add missing parent isset and add test (Simperfit)
  • bug #25861 do not conflict with egulias/email-validator 2.0+ (xabbuh)
  • bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)
  • bug #25837 [SecurityBundle] Don't register in memory users as services (chalasr)
  • bug #25835 [HttpKernel] DebugHandlersListener should always replace the existing exception handler (nicolas-grekas)
  • bug #25829 [Debug] Always decorate existing exception handlers to deal with fatal errors (nicolas-grekas)
  • bug #25824 Fixing a bug where the dump() function depended on bundle ordering (weaverryan)
  • bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)
  • bug #25816 Problem in phar see mergerequest #25579 (betzholz)
  • bug #25781 [Form] Disallow transform dates beyond the year 9999 (curry684)
  • bug #25812 Copied NO language files to the new NB locale (derrabus)
  • bug #25801 [Router] Skip anonymous classes when loading annotated routes (pierredup)
  • bug #25657 [Security] Fix fatal error on non string username (chalasr)
  • bug #25799 Fixed Request::__toString ignoring cookies (Toflar)
  • bug #25755 [Debug] prevent infinite loop with faulty exception handlers (nicolas-grekas)
  • bug #25771 [Validator] 19 digits VISA card numbers are valid (xabbuh)
  • bug #25751 [FrameworkBundle] Add the missing enabled session attribute (sroze)
  • bug #25750 [HttpKernel] Turn bad hosts into 400 instead of 500 (nicolas-grekas)
  • bug #25490 [Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR (diversantvlz)
  • bug #25709 Tweaked some styles in the profiler tables (javiereguiluz)
  • feature #25669 [Security] Fail gracefully if the security token cannot be unserialized from the session (thewilkybarkid)

2.8.33 (2018-01-05)

  • bug #25532 [HttpKernel] Disable CSP header on exception pages (ostrolucky)
  • bug #25491 [Routing] Use the default host even if context is empty (sroze)
  • bug #25662 Dumper shouldn't use html format for phpdbg / cli-server (jhoff)
  • bug #25529 [Validator] Fix access to root object when using composite constraint (ostrolucky)
  • bug #25430 Fixes for Oracle in PdoSessionHandler (elislenio)
  • bug #25599 Add application/ld+json format associated to json (vincentchalamon)
  • bug #25407 [Console] Commands with an alias should not be recognized as ambiguous (Simperfit)
  • bug #25521 [Console] fix a bug when you are passing a default value and passing -n would output the index (Simperfit)
  • bug #25489 [FrameworkBundle] remove esi/ssi renderers if inactive (dmaicher)
  • bug #25427 Preserve percent-encoding in URLs when performing redirects in the UrlMatcher (mpdude)
  • bug #25480 [FrameworkBundle] add missing validation options to XSD file (xabbuh)
  • bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)
  • bug #25233 [TwigBridge][Form] Fix hidden currency element with Bootstrap 3 theme (julienfalque)
  • bug #25408 [Debug] Fix catching fatal errors in case of nested error handlers (nicolas-grekas)
  • bug #25330 [HttpFoundation] Support 0 bit netmask in IPv6 (::/0) (stephank)
  • bug #25410 [HttpKernel] Fix logging of post-terminate errors/exceptions (nicolas-grekas)
  • bug #25323 [ExpressionLanguage] throw an SyntaxError instead of an undefined index notice (Simperfit)

2.8.32 (2017-12-04)

  • bug #25278 Fix for missing whitespace control modifier in form layout (kubawerlos)
  • bug #25236 [Form][TwigBridge] Fix collision between view properties and form fields (yceruto)
  • bug #25258 [link] Prevent warnings when running link with 2.7 (dunglas)
  • bug #24750 [Validator] ExpressionValidator should use OBJECT_TO_STRING (Simperfit)
  • bug #25182 [HttpFoundation] AutExpireFlashBag should not clear new flashes (Simperfit, sroze)
  • bug #25152 [Form] Don't rely on Symfony\Component\HttpFoundation\File\File if http-foundation isn't in FileType (issei-m)
  • bug #24987 [Console] Fix global console flag when used in chain (Simperfit)
  • bug #25043 [Yaml] added ability for substitute aliases when mapping is on single line (MichaƂ Strzelecki, xabbuh)
  • bug #25102 [Form] Fixed ContextErrorException in FileType (chihiro-adachi)
  • bug #25130 [DI] Fix handling of inlined definitions by ContainerBuilder (nicolas-grekas)
  • bug #25072 [Bridge/PhpUnit] Remove trailing "\n" from ClockMock::microtime(false) (joky)
  • bug #24956 Fix ambiguous pattern (weltling)

2.8.31 (2017-11-16)

  • security #24995 Validate redirect targets using the session cookie domain (nicolas-grekas)
  • security #24994 Prevent bundle readers from breaking out of paths (xabbuh)
  • security #24993 Ensure that submitted data are uploaded files (xabbuh)
  • security #24992 Namespace generated CSRF tokens depending of the current scheme (dunglas)

2.8.30 (2017-11-13)

  • bug #24952 [HttpFoundation] Fix session-related BC break (nicolas-grekas, sroze)
  • bug #24929 [Console] Fix traversable autocomplete values (ro0NL)

2.8.29 (2017-11-10)

  • bug #24888 [FrameworkBundle] Specifically inject the debug dispatcher in the collector (ogizanagi)
  • bug #24909 [Intl] Update ICU data to 60.1 (jakzal)
  • bug #24906 [Bridge/ProxyManager] Remove direct reference to value holder property (nicolas-grekas)
  • bug #24900 [Validator] Fix Costa Rica IBAN format (Bozhidar Hristov)
  • bug #24904 [Validator] Add Belarus IBAN format (Bozhidar Hristov)
  • bug #24531 [HttpFoundation] Fix forward-compat of NativeSessionStorage with PHP 7.2 (sroze)
  • bug #24665 Fix dump panel hidden when closing a dump (julienfalque)
  • bug #24814 [Intl] Make intl-data tests pass and save language aliases again (jakzal)
  • bug #24764 [HttpFoundation] add Early Hints to Reponse to fix test (Simperfit)
  • bug #24605 [FrameworkBundle] Do not load property_access.xml if the component isn't installed (ogizanagi)
  • bug #24606 [HttpFoundation] Fix FileBag issue with associative arrays (enumag)
  • bug #24660 Escape trailing \ in QuestionHelper autocompletion (kamazee)
  • bug #24644 [Security] Fixed auth provider authenticate() cannot return void (glye)
  • bug #24642 [Routing] Fix resource miss (dunglas)
  • bug #24608 Adding the Form default theme files to be warmed up in Twig's cache (weaverryan)
  • bug #24626 streamed response should return $this (DQNEO)
  • bug #24589 Username and password in basic auth are allowed to contain '.' (Richard Quadling)
  • bug #24566 Fixed unsetting from loosely equal keys OrderedHashMap (maryo)
  • bug #24570 [Debug] Fix same vendor detection in class loader (Jean-Beru)
  • bug #24563 [Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed (dunglas)
  • bug #24571 [PropertyInfo] Add support for the iterable type (dunglas)
  • bug #24579 pdo session fix (mxp100)
  • bug #24536 [Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails (kbond)
  • bug #24519 [Validator] [Twig] added magic method __isset() to File Constraint class (loru88)
  • bug #24532 [DI] Fix possible incorrect php-code when dumped strings contains newlines (Strate)
  • bug #24502 [HttpFoundation] never match invalid IP addresses (xabbuh)
  • bug #24460 [Form] fix parsing invalid floating point numbers (xabbuh)
  • bug #24490 [HttpFoundation] Combine Cache-Control headers (c960657)
  • bug #23711 Fix support for PHP 7.2 (Simperfit, nicolas-grekas)
  • bug #24494 [HttpFoundation] Add missing session.lazy_write config option (nicolas-grekas)
  • bug #24434 [Form] Use for=ID on radio/checkbox label. (Nyholm)
  • bug #24455 [Console] Escape command usage (sroze)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-2bdfc9dc67

This update has been submitted for testing by siwinski.

6 years ago

This update has been pushed to testing.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by siwinski.

6 years ago

This update has been submitted for stable by siwinski.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1591300 CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws
0
0
BZ#1591303 CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws [fedora-all]
0
0

Automated Test Results