Fedora 32: php-symfony4 FEDORA-2020-fade6a8df7
Summary
Symfony PHP framework (version 4).
NOTE: Does not require PHPUnit bridge.
**Version 4.4.7** (2020-03-30) * security #cve-2020-5255 [HttpFoundation] Do
not set the default Content-Type based on the Accept header (yceruto) *
security #cve-2020-5275 [Security] Fix access_control behavior with unanimous
decision strategy (chalasr) * bug #36262 [DI] fix generating TypedReference
from PriorityTaggedServiceTrait (nicolas-grekas) * bug #36252 [Security/Http]
Allow setting cookie security settings for delete_cookies (wouterj) * bug
#36261 [FrameworkBundle] revert to legacy wiring of the session when circular
refs are detected (nicolas-grekas) * bug #36259 [DomCrawler] Fix BC break in
assertions breaking Panther (dunglas) * bug #36181 [BrowserKit] fixed missing
post request parameters in file uploads (codebay) * bug #36216 [Validator]
Assert Valid with many groups (phucwan91) * bug #36222 [Console] Fix
OutputStream for PHP 7.4 (guillbdx) ---- **Version 4.4.6** (2020-03-27) *
bug #36169 [HttpKernel] fix locking for PHP 7.4+ (nicolas-grekas) * bug #36175
[Security/Http] Remember me: allow to set the samesite cookie flag (dunglas) *
bug #36173 [Http Foundation] Fix clear cookie samesite (guillbdx) * bug #36176
[Security] Check if firewall is stateless before checking for session/previous
session (koenreiniers) * bug #36149 [Form] Support customized intl php.ini
settings (jorrit) * bug #36172 [Debug] fix for PHP 7.3.16+/7.4.4+ (nicolas-grekas) * bug #36151 [Security] Fixed hardcoded value of
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE (lyrixx) * bug #36141 Prevent warning
in proc_open() (BenMorel) * bug #36143 [FrameworkBundle] Fix Router Cache
(guillbdx) * bug #36103 [DI] fix preloading script generation (nicolas-grekas)
* bug #36118 [Security/Http] don't require the session to be started when
tracking its id (nicolas-grekas) * bug #36108 [DI] Fix CheckTypeDeclarationPass
(guillbdx) * bug #36121 [VarDumper] fix side-effect by not using mt_rand()
(nicolas-grekas) * bug #36073 [PropertyAccess][DX] Improved errors when reading
uninitialized properties (HeahDude) * bug #36063 [FrameworkBundle] start
session on flashbag injection (William Arslett) * bug #36031 [Console] Fallback
to default answers when unable to read input (ostrolucky) * bug #36083
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
(wouterj) * bug #36026 [Mime] Fix boundary header (guillbdx) * bug #36020
[Form] ignore microseconds submitted by Edge (xabbuh) * bug #36038 [HttpClient]
disable debug log with curl 7.64.0 (nicolas-grekas) * bug #36041 fix import
from config file using type: glob (Tobion) * bug #35987
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
(fancyweb) * bug #35949 [DI] Fix container lint command when a synthetic
service is used in an expression (HypeMC) * bug #36023 [HttpClient] fix
requests to hosts that idn_to_ascii() cannot handle (nicolas-grekas) * bug
#35938 [Form] Handle false as empty value on expanded choices (fancyweb) * bug
#36030 [SecurityBundle] Minor fix in LDAP config tree builder (HeahDude) * bug
#35993 Remove int return type from FlattenException::getCode (wucdbm) * bug
#36004 [Yaml] fix dumping strings containing CRs (xabbuh) * bug #35982 [DI] Fix
XmlFileLoader bad error message (przemyslaw-bogusz) * bug #35957 [DI] ignore
extra tags added by autoconfiguration in PriorityTaggedServiceTrait (nicolas-grekas) * bug #35937 Revert "bug symfony#28179 [DomCrawler] Skip disabled
fields processing in Form" (dmaicher) * bug #35928 [Routing] Prevent localized
routes _locale default & requirement from being overridden (fancyweb) * bug
#35912 [FrameworkBundle] register only existing transport factories (xabbuh) *
bug #35899 [DomCrawler] prevent deprecation being triggered from assertion
(xabbuh) * bug #35910 [SecurityBundle] Minor fixes in configuration tree
builder (HeahDude)
* Tue Mar 31 2020 Remi Collet
- update to 4.4.7
* Fri Mar 27 2020 Remi Collet
- update to 4.4.6
su -c 'dnf upgrade --advisory FEDORA-2020-fade6a8df7' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2020-fade6a8df7 2020-04-09 14:41:13.795324 Product : Fedora 32 Version : 4.4.7 Release : 1.fc32 URL : https://symfony.com Summary : Symfony PHP framework (version 4) Description : Symfony PHP framework (version 4). NOTE: Does not require PHPUnit bridge. **Version 4.4.7** (2020-03-30) * security #cve-2020-5255 [HttpFoundation] Do not set the default Content-Type based on the Accept header (yceruto) * security #cve-2020-5275 [Security] Fix access_control behavior with unanimous decision strategy (chalasr) * bug #36262 [DI] fix generating TypedReference from PriorityTaggedServiceTrait (nicolas-grekas) * bug #36252 [Security/Http] Allow setting cookie security settings for delete_cookies (wouterj) * bug #36261 [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected (nicolas-grekas) * bug #36259 [DomCrawler] Fix BC break in assertions breaking Panther (dunglas) * bug #36181 [BrowserKit] fixed missing post request parameters in file uploads (codebay) * bug #36216 [Validator] Assert Valid with many groups (phucwan91) * bug #36222 [Console] Fix OutputStream for PHP 7.4 (guillbdx) ---- **Version 4.4.6** (2020-03-27) * bug #36169 [HttpKernel] fix locking for PHP 7.4+ (nicolas-grekas) * bug #36175 [Security/Http] Remember me: allow to set the samesite cookie flag (dunglas) * bug #36173 [Http Foundation] Fix clear cookie samesite (guillbdx) * bug #36176 [Security] Check if firewall is stateless before checking for session/previous session (koenreiniers) * bug #36149 [Form] Support customized intl php.ini settings (jorrit) * bug #36172 [Debug] fix for PHP 7.3.16+/7.4.4+ (nicolas-grekas) * bug #36151 [Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE (lyrixx) * bug #36141 Prevent warning in proc_open() (BenMorel) * bug #36143 [FrameworkBundle] Fix Router Cache (guillbdx) * bug #36103 [DI] fix preloading script generation (nicolas-grekas) * bug #36118 [Security/Http] don't require the session to be started when tracking its id (nicolas-grekas) * bug #36108 [DI] Fix CheckTypeDeclarationPass (guillbdx) * bug #36121 [VarDumper] fix side-effect by not using mt_rand() (nicolas-grekas) * bug #36073 [PropertyAccess][DX] Improved errors when reading uninitialized properties (HeahDude) * bug #36063 [FrameworkBundle] start session on flashbag injection (William Arslett) * bug #36031 [Console] Fallback to default answers when unable to read input (ostrolucky) * bug #36083 [DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict) (wouterj) * bug #36026 [Mime] Fix boundary header (guillbdx) * bug #36020 [Form] ignore microseconds submitted by Edge (xabbuh) * bug #36038 [HttpClient] disable debug log with curl 7.64.0 (nicolas-grekas) * bug #36041 fix import from config file using type: glob (Tobion) * bug #35987 [DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type (fancyweb) * bug #35949 [DI] Fix container lint command when a synthetic service is used in an expression (HypeMC) * bug #36023 [HttpClient] fix requests to hosts that idn_to_ascii() cannot handle (nicolas-grekas) * bug #35938 [Form] Handle false as empty value on expanded choices (fancyweb) * bug #36030 [SecurityBundle] Minor fix in LDAP config tree builder (HeahDude) * bug #35993 Remove int return type from FlattenException::getCode (wucdbm) * bug #36004 [Yaml] fix dumping strings containing CRs (xabbuh) * bug #35982 [DI] Fix XmlFileLoader bad error message (przemyslaw-bogusz) * bug #35957 [DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait (nicolas-grekas) * bug #35937 Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form" (dmaicher) * bug #35928 [Routing] Prevent localized routes _locale default & requirement from being overridden (fancyweb) * bug #35912 [FrameworkBundle] register only existing transport factories (xabbuh) * bug #35899 [DomCrawler] prevent deprecation being triggered from assertion (xabbuh) * bug #35910 [SecurityBundle] Minor fixes in configuration tree builder (HeahDude) * Tue Mar 31 2020 Remi Collet - 4.4.7-1 - update to 4.4.7 * Fri Mar 27 2020 Remi Collet - 4.4.6-1 - update to 4.4.6 su -c 'dnf upgrade --advisory FEDORA-2020-fade6a8df7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References
Update Instructions
