Release notes
*Sourced from [symfony/symfony's releases](https://github.com/symfony/symfony/releases).*
> ## v2.8.52
> **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.51...v2.8.52)
>
> * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash ([@nicolas-grekas](https://github.com/nicolas-grekas))
> * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner ([@stof](https://github.com/stof))
>
> [PR] [symfony/symfony#34349](https://github-redirect.dependabot.com/symfony/symfony/pull/34349)
> [SECURITY] Security release
>
> ## v2.8.50
> **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.49...v2.8.50)
>
> * security #cve-2019-10910 [DI] Check service IDs are valid ([@nicolas-grekas](https://github.com/nicolas-grekas))
> * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine ([@stof](https://github.com/stof))
> * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized ([@nicolas-grekas](https://github.com/nicolas-grekas))
> * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash ([@pborreli](https://github.com/pborreli))
> * security #cve-2019-10913 [HttpFoundation] reject invalid method override ([@nicolas-grekas](https://github.com/nicolas-grekas))
>
> [PR] [symfony/symfony#31145](https://github-redirect.dependabot.com/symfony/symfony/pull/31145)
> [SECURITY] Security release
>
> ## v2.8.49
> **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.48...v2.8.49)
>
> * security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes ([@xabbuh](https://github.com/xabbuh))
> * security #cve-2018-19789 [Form] Filter file uploads out of regular form types ([@nicolas-grekas](https://github.com/nicolas-grekas))
>
> [PR] [symfony/symfony#29487](https://github-redirect.dependabot.com/symfony/symfony/pull/29487)
> [SECURITY] Security release
>
> ## v2.8.48
> **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.47...v2.8.48)
>
> * bug [#28917](https://github-redirect.dependabot.com/symfony/symfony/issues/28917) [DoctrineBridge] catch errors while converting to db values in data collector ([@alekitto](https://github.com/alekitto))
> * bug [#27314](https://github-redirect.dependabot.com/symfony/symfony/issues/27314) [DoctrineBridge] fix case sensitivity issue in RememberMe\DoctrineTokenProvider ([@PF4Public](https://github.com/PF4Public))
> * bug [#29308](https://github-redirect.dependabot.com/symfony/symfony/issues/29308) [Translation] Use XLIFF source rather than resname when there's no target ([@thewilkybarkid](https://github.com/thewilkybarkid))
> * bug [#26244](https://github-redirect.dependabot.com/symfony/symfony/issues/26244) [BrowserKit] fixed BC Break for HTTP_HOST header ([@brizzz](https://github.com/brizzz))
> * bug [#28147](https://github-redirect.dependabot.com/symfony/symfony/issues/28147) [DomCrawler] exclude fields inside "template" tags ([@Gorjunov](https://github.com/Gorjunov))
> * bug [#29271](https://github-redirect.dependabot.com/symfony/symfony/issues/29271) [HttpFoundation] Fix trailing space for mime-type with parameters ([@Sascha](https://github.com/Sascha) Dens)
> * bug [#29223](https://github-redirect.dependabot.com/symfony/symfony/issues/29223) [Validator] Added the missing constraints instance checks ([@thomasbisignani](https://github.com/thomasbisignani))
> * bug [#29182](https://github-redirect.dependabot.com/symfony/symfony/issues/29182) [Form] Fixed empty data for compound date types ([@HeahDude](https://github.com/HeahDude))
> * bug [#29185](https://github-redirect.dependabot.com/symfony/symfony/issues/29185) [Form] Fixed keeping hash of equal \DateTimeInterface on submit ([@HeahDude](https://github.com/HeahDude))
> * bug [#28731](https://github-redirect.dependabot.com/symfony/symfony/issues/28731) [Form] invalidate forms on transformation failures ([@xabbuh](https://github.com/xabbuh))
> * bug [#29152](https://github-redirect.dependabot.com/symfony/symfony/issues/29152) [Config] Unset key during normalization ([@ro0NL](https://github.com/ro0NL))
> * bug [#29057](https://github-redirect.dependabot.com/symfony/symfony/issues/29057) [HttpFoundation] replace any preexisting Content-Type headers ([@nicolas-grekas](https://github.com/nicolas-grekas))
>
> [PR] [symfony/symfony#29333](https://github-redirect.dependabot.com/symfony/symfony/pull/29333)
>
> ## v2.8.47
> **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.46...v2.8.47)
> ... (truncated)
Commits
- [`88f3ef6`](https://github.com/symfony/symfony/commit/88f3ef62d6ab870128352c8686c7889562698faf) Merge pull request [#34349](https://github-redirect.dependabot.com/symfony/symfony/issues/34349) from fabpot/release-2.8.52
- [`44dbe04`](https://github.com/symfony/symfony/commit/44dbe046a56b1e510b40ab7ecdeb946e7388d709) updated VERSION for 2.8.52
- [`be612fe`](https://github.com/symfony/symfony/commit/be612fe316924132f286db6374c656dbcc564242) updated CHANGELOG for 2.8.52
- [`2d6bf2e`](https://github.com/symfony/symfony/commit/2d6bf2e689cbaf6500ed21a6ccfd45bcd5f3c931) Fix CHANGELOG
- [`af70ccb`](https://github.com/symfony/symfony/commit/af70ccb73b9bf994774be39226446b3802def601) security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi...
- [`d41bd42`](https://github.com/symfony/symfony/commit/d41bd42ad5d51e0f4d24259ec2814ccb294c3ba2) security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign...
- [`2dfc115`](https://github.com/symfony/symfony/commit/2dfc115f6dd56fcc12a6941e8050349cc4d04dbe) [HttpFoundation] fix guessing mime-types of files with leading dash
- [`9a50fc5`](https://github.com/symfony/symfony/commit/9a50fc572202f0da41b095900eec79fa3694777c) [HttpKernel] Use constant time comparison in UriSigner
- [`78d86f8`](https://github.com/symfony/symfony/commit/78d86f8516ea82fa809c0289a01d04f5aa3c0cd0) bumped version
- [`d4843fe`](https://github.com/symfony/symfony/commit/d4843fe948d18611a07469d74eff0836ec988ce7) fixed version
- Additional commits viewable in [compare view](https://github.com/symfony/symfony/compare/v2.3.42...v2.8.52)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fmfi-svt/anketa/network/alerts).
Bumps symfony/symfony from 2.3.42 to 2.8.52.
Release notes
*Sourced from [symfony/symfony's releases](https://github.com/symfony/symfony/releases).* > ## v2.8.52 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.51...v2.8.52) > > * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash ([@nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner ([@stof](https://github.com/stof)) > > [PR] [symfony/symfony#34349](https://github-redirect.dependabot.com/symfony/symfony/pull/34349) > [SECURITY] Security release > > ## v2.8.50 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.49...v2.8.50) > > * security #cve-2019-10910 [DI] Check service IDs are valid ([@nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine ([@stof](https://github.com/stof)) > * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized ([@nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash ([@pborreli](https://github.com/pborreli)) > * security #cve-2019-10913 [HttpFoundation] reject invalid method override ([@nicolas-grekas](https://github.com/nicolas-grekas)) > > [PR] [symfony/symfony#31145](https://github-redirect.dependabot.com/symfony/symfony/pull/31145) > [SECURITY] Security release > > ## v2.8.49 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.48...v2.8.49) > > * security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes ([@xabbuh](https://github.com/xabbuh)) > * security #cve-2018-19789 [Form] Filter file uploads out of regular form types ([@nicolas-grekas](https://github.com/nicolas-grekas)) > > [PR] [symfony/symfony#29487](https://github-redirect.dependabot.com/symfony/symfony/pull/29487) > [SECURITY] Security release > > ## v2.8.48 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.47...v2.8.48) > > * bug [#28917](https://github-redirect.dependabot.com/symfony/symfony/issues/28917) [DoctrineBridge] catch errors while converting to db values in data collector ([@alekitto](https://github.com/alekitto)) > * bug [#27314](https://github-redirect.dependabot.com/symfony/symfony/issues/27314) [DoctrineBridge] fix case sensitivity issue in RememberMe\DoctrineTokenProvider ([@PF4Public](https://github.com/PF4Public)) > * bug [#29308](https://github-redirect.dependabot.com/symfony/symfony/issues/29308) [Translation] Use XLIFF source rather than resname when there's no target ([@thewilkybarkid](https://github.com/thewilkybarkid)) > * bug [#26244](https://github-redirect.dependabot.com/symfony/symfony/issues/26244) [BrowserKit] fixed BC Break for HTTP_HOST header ([@brizzz](https://github.com/brizzz)) > * bug [#28147](https://github-redirect.dependabot.com/symfony/symfony/issues/28147) [DomCrawler] exclude fields inside "template" tags ([@Gorjunov](https://github.com/Gorjunov)) > * bug [#29271](https://github-redirect.dependabot.com/symfony/symfony/issues/29271) [HttpFoundation] Fix trailing space for mime-type with parameters ([@Sascha](https://github.com/Sascha) Dens) > * bug [#29223](https://github-redirect.dependabot.com/symfony/symfony/issues/29223) [Validator] Added the missing constraints instance checks ([@thomasbisignani](https://github.com/thomasbisignani)) > * bug [#29182](https://github-redirect.dependabot.com/symfony/symfony/issues/29182) [Form] Fixed empty data for compound date types ([@HeahDude](https://github.com/HeahDude)) > * bug [#29185](https://github-redirect.dependabot.com/symfony/symfony/issues/29185) [Form] Fixed keeping hash of equal \DateTimeInterface on submit ([@HeahDude](https://github.com/HeahDude)) > * bug [#28731](https://github-redirect.dependabot.com/symfony/symfony/issues/28731) [Form] invalidate forms on transformation failures ([@xabbuh](https://github.com/xabbuh)) > * bug [#29152](https://github-redirect.dependabot.com/symfony/symfony/issues/29152) [Config] Unset key during normalization ([@ro0NL](https://github.com/ro0NL)) > * bug [#29057](https://github-redirect.dependabot.com/symfony/symfony/issues/29057) [HttpFoundation] replace any preexisting Content-Type headers ([@nicolas-grekas](https://github.com/nicolas-grekas)) > > [PR] [symfony/symfony#29333](https://github-redirect.dependabot.com/symfony/symfony/pull/29333) > > ## v2.8.47 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.46...v2.8.47) > ... (truncated)Commits
- [`88f3ef6`](https://github.com/symfony/symfony/commit/88f3ef62d6ab870128352c8686c7889562698faf) Merge pull request [#34349](https://github-redirect.dependabot.com/symfony/symfony/issues/34349) from fabpot/release-2.8.52 - [`44dbe04`](https://github.com/symfony/symfony/commit/44dbe046a56b1e510b40ab7ecdeb946e7388d709) updated VERSION for 2.8.52 - [`be612fe`](https://github.com/symfony/symfony/commit/be612fe316924132f286db6374c656dbcc564242) updated CHANGELOG for 2.8.52 - [`2d6bf2e`](https://github.com/symfony/symfony/commit/2d6bf2e689cbaf6500ed21a6ccfd45bcd5f3c931) Fix CHANGELOG - [`af70ccb`](https://github.com/symfony/symfony/commit/af70ccb73b9bf994774be39226446b3802def601) security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi... - [`d41bd42`](https://github.com/symfony/symfony/commit/d41bd42ad5d51e0f4d24259ec2814ccb294c3ba2) security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign... - [`2dfc115`](https://github.com/symfony/symfony/commit/2dfc115f6dd56fcc12a6941e8050349cc4d04dbe) [HttpFoundation] fix guessing mime-types of files with leading dash - [`9a50fc5`](https://github.com/symfony/symfony/commit/9a50fc572202f0da41b095900eec79fa3694777c) [HttpKernel] Use constant time comparison in UriSigner - [`78d86f8`](https://github.com/symfony/symfony/commit/78d86f8516ea82fa809c0289a01d04f5aa3c0cd0) bumped version - [`d4843fe`](https://github.com/symfony/symfony/commit/d4843fe948d18611a07469d74eff0836ec988ce7) fixed version - Additional commits viewable in [compare view](https://github.com/symfony/symfony/compare/v2.3.42...v2.8.52)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fmfi-svt/anketa/network/alerts).
This change is