Software Update: Symfony 5.3.0 / 5.2.9 / 4.4.24 / 3.4.49

Symfony is a PHP web application framework and is available under the mit license. In addition to a framework and reusable components offers Symfony a philosophy, methodology and community, supported by SensioLabs. Various topics can also be found on our Forum. The developers released version 5.3.0 today and released versions 5.2.9, 4.4.24 and 3.4.49 earlier this month. The corresponding announcement and lists of changes look like this:

Symfony 5.3 curated new features

Symfony 5.3.0 has just been released. As for any other Symfony minor release, our backward compatibility promise applies and this means that you should be able to upgrade easily without changing anything in your code.

During the last couple of months, we’ve blogged about the great 5.3 new features. I highly recommend you to read these articles about Symfony 5.3 as they contain the major changes for this new version:

• Config Builder Classes: Symfony 5.3 automatically generates config builder classes for all installed bundles, allowing you to configure your applications with PHP using a fluent interface.
• Negatable Command Options: Symfony 5.3 includes support for negatable options, which simplify the definition of two related, but opposite, options in a console command.
• Tailwind CSS Form Theme: Symfony 5.3 includes an official form theme for Tailwind CSS, the most popular utility-first CSS framework.
• PasswordHasher Component: Symfony 5.3 includes a new PasswordHasher component which is extracted from the existing “password encoding” features.
• Form Handler Helper: Symfony 5.3 includes a new optional renderForm () helper to manage the rendering of forms.
• Improvements for Security Users: In Symfony 5.3, the “in memory” user class has been renamed, UserInterface has been simplified and usernames have been renamed as user identifiers.
• UID Improvements: Symfony 5.3 provides new ways to generate UIDs (including console commands) and full integration of UIDs with the Form and Serializer components.
• Session Service Deprecation: In Symfony 5.3, the session service is deprecated in favor of the RequestStack service and the new getSession () method.
• Improved Debug Commands: In Symfony 5.3, the command to debug events can filter results by event dispatcher and it accepts search patterns. In addition, a new command was added to debug security firewalls.
• Configure Multiple Environments in a Single File: In Symfony 5.3 you can configure multiple environments using a single file.
• Inlined Serialization Context: In Symfony 5.3, you can define the serialization context as part of the mapping information, thanks to a new Serializer Context annotation / attribute.
• Logging Improvements: Symfony 5.3 will reset loggers automatically on Messenger workers and will allow to dump deprecations into a separate file when running tests.
• Service Autoconfiguration and Attributes: In Symfony 5.3 you can define service autoconfiguration using PHP attributes.
• Prototype Options: In Symfony 5.3 we’ve added prototype options to the OptionsResolver component, to resolve and validate a series of options which are part of another option.
• Better Protection Against BREACH Attack: Symfony 5.3 randomizes CSRF tokens to better protect you against BREACH attacks.
• Twig Serialize Filter: In Symfony 5.3, Twig templates can use the new “serialize” filter to pass data from the backend to the frontend.
• Service Autowiring with Attributes: In Symfony 5.3 you can use PHP attributes to autowire tagged services and service locators, as well as selecting the autowiring alias to inject in some service.
• Form Field Sorting: In Symfony 5.3 you can use the new “priority” option to control the order in which form fields are rendered.
• Translation Providers: In Symfony 5.3, you can use third-party services such as Crowdin and PoEditor to manage the translations of your applications.
• Notifier Integrations: In Symfony 5.3, the Notifier component provides integrations with many more third-party services.

Symfony 5.2.9 released

Symfony 5.2.9 has just been released. Here is a list of the most important changes:

• security # cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr)
• bug # 41275 Fixes Undefined method call (@ faizanakram99)
• bug # 41269 [SecurityBundle] Remove invalid unused service (@chalasr)
• bug # 41139 [Security] [DataCollector] Remove allows anonymous information in datacollector (@ ismail1432)
• bug # 41230 [FrameworkBundle][Validator] Fix deprecations from Doctrine Annotations + Cache (@derrabus)
• bug # 41206 [Mailer] Fix SES API call with UTF-8 Addresses (@jderusse)
• bug # 41240 Fixed deprecation warnings about passing null as parameter (@derrabus)
• bug # 41241 [Finder] Fix gitignore regex build with “” (@mvorisek)
• bug # 41224 [HttpClient] fix adding query string to relative URLs with scoped clients (@ nicolas-grekas)
• bug # 41233 [DependencyInjection][ProxyManagerBridge] Don’t call clas _exists () on null (@derrabus)
• bug # 41211 [Notifier] Add missing charset to content-type for Slack notifier (@norkunas)
• bug # 41210 [Console] Fix Windows code page support (@orkan)

Symfony 4.4.24 released

Symfony 4.4.24 has just been released. Here is a list of the most important changes:

• security # cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr)
• bug # 41230 [FrameworkBundle][Validator] Fix deprecations from Doctrine Annotations + Cache (@derrabus)
• bug # 41240 Fixed deprecation warnings about passing null as parameter (@derrabus)
• bug # 41241 [Finder] Fix gitignore regex build with “” (@mvorisek)
• bug # 41224 [HttpClient] fix adding query string to relative URLs with scoped clients (@ nicolas-grekas)
• bug # 41233 [DependencyInjection][ProxyManagerBridge] Don’t call clas _exists () on null (@derrabus)
• bug # 41210 [Console] Fix Windows code page support (@orkan)

Symfony 3.4.49 released

Symfony 3.4.49 has just been released. Here is a list of the most important changes:

• security # cve-2021-21424 [SecurityCore] Fix user enumeration via response body on invalid credentials (@chalasr)