Release notes
*Sourced from [symfony/symfony's releases](https://github.com/symfony/symfony/releases).*
> ## v3.4.26
> **Changelog** (since https://github.com/symfony/symfony/compare/v3.4.25...v3.4.26)
>
> * bug [#31084](https://github-redirect.dependabot.com/symfony/symfony/issues/31084) [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive ([@vermeirentony](https://github.com/vermeirentony))
> * bug [#31142](https://github-redirect.dependabot.com/symfony/symfony/issues/31142) Revert "bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule (dimabory)" ([@chalasr](https://github.com/chalasr))
> * security #cve-2019-10910 [DI] Check service IDs are valid ([@nicolas-grekas](https://github.com/nicolas-grekas))
> * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine ([@stof](https://github.com/stof))
> * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized ([@nicolas-grekas](https://github.com/nicolas-grekas))
> * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash ([@pborreli](https://github.com/pborreli))
> * security #cve-2019-10913 [HttpFoundation] reject invalid method override ([@nicolas-grekas](https://github.com/nicolas-grekas))
>
> [PR] [symfony/symfony#31146](https://github-redirect.dependabot.com/symfony/symfony/pull/31146)
> [SECURITY] Security release
>
> ## v3.4.25
> **Changelog** (since https://github.com/symfony/symfony/compare/v3.4.24...v3.4.25)
>
> * bug [#29944](https://github-redirect.dependabot.com/symfony/symfony/issues/29944) [DI] Overriding services autowired by name under _defaults bind not working ([@przemyslaw-bogusz](https://github.com/przemyslaw-bogusz), [@renanbr](https://github.com/renanbr))
> * bug [#31076](https://github-redirect.dependabot.com/symfony/symfony/issues/31076) [HttpKernel] Fixed LoggerDataCollector crashing on empty file ([@althaus](https://github.com/althaus))
> * bug [#31071](https://github-redirect.dependabot.com/symfony/symfony/issues/31071) property normalizer should also pass format and context to isAllowedAttribute ([@dbu](https://github.com/dbu))
> * bug [#31059](https://github-redirect.dependabot.com/symfony/symfony/issues/31059) Show more accurate message in profiler when missing stopwatch ([@linaori](https://github.com/linaori))
> * bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule ([@dimabory](https://github.com/dimabory))
> * bug [#31012](https://github-redirect.dependabot.com/symfony/symfony/issues/31012) [Process] Fix missing $extraDirs when open_basedir returns ([@arsonik](https://github.com/arsonik))
> * bug [#30907](https://github-redirect.dependabot.com/symfony/symfony/issues/30907) [Serializer] Respect ignored attributes in cache key of normalizer ([@dbu](https://github.com/dbu))
> * bug [#30085](https://github-redirect.dependabot.com/symfony/symfony/issues/30085) Fix TestRunner compatibility to PhpUnit 8 ([@alexander-schranz](https://github.com/alexander-schranz))
> * bug [#30977](https://github-redirect.dependabot.com/symfony/symfony/issues/30977) [serializer] prevent mixup in normalizer of the object to populate ([@dbu](https://github.com/dbu))
> * bug [#30976](https://github-redirect.dependabot.com/symfony/symfony/issues/30976) [Debug] Fixed error handling when an error is already handled when another error is already handled (5) ([@lyrixx](https://github.com/lyrixx))
> * bug [#30979](https://github-redirect.dependabot.com/symfony/symfony/issues/30979) Fix the configurability of CoreExtension deps in standalone usage ([@stof](https://github.com/stof))
> * bug [#30918](https://github-redirect.dependabot.com/symfony/symfony/issues/30918) [Cache] fix using ProxyAdapter inside TagAwareAdapter ([@dmaicher](https://github.com/dmaicher))
> * bug [#30961](https://github-redirect.dependabot.com/symfony/symfony/issues/30961) [Form] fix translating file validation error message ([@xabbuh](https://github.com/xabbuh))
> * bug [#30951](https://github-redirect.dependabot.com/symfony/symfony/issues/30951) Handle case where no translations were found ([@greg0ire](https://github.com/greg0ire))
> * bug [#29800](https://github-redirect.dependabot.com/symfony/symfony/issues/29800) [Validator] Only traverse arrays that are cascaded into ([@corphi](https://github.com/corphi))
> * bug [#30921](https://github-redirect.dependabot.com/symfony/symfony/issues/30921) [Translator] Warm up the translations cache in dev ([@tgalopin](https://github.com/tgalopin))
> * bug [#30922](https://github-redirect.dependabot.com/symfony/symfony/issues/30922) [TwigBridge] fix horizontal spacing of inlined Bootstrap forms ([@xabbuh](https://github.com/xabbuh))
> * bug [#30895](https://github-redirect.dependabot.com/symfony/symfony/issues/30895) [Form] turn failed file uploads into form errors ([@xabbuh](https://github.com/xabbuh))
> * bug [#30919](https://github-redirect.dependabot.com/symfony/symfony/issues/30919) [Translator] Fix wrong dump for PO files ([@deguif](https://github.com/deguif))
> * bug [#30889](https://github-redirect.dependabot.com/symfony/symfony/issues/30889) [DependencyInjection] Fix a wrong error when using a factory ([@Simperfit](https://github.com/Simperfit))
> * bug [#30879](https://github-redirect.dependabot.com/symfony/symfony/issues/30879) [Form] Php doc fixes and cs + optimizations ([@Jules](https://github.com/Jules) Pietri)
> * bug [#30883](https://github-redirect.dependabot.com/symfony/symfony/issues/30883) [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() ([@Simperfit](https://github.com/Simperfit))
> * bug [#30878](https://github-redirect.dependabot.com/symfony/symfony/issues/30878) [Console] Fix inconsistent result for choice questions in non-interactive mode ([@chalasr](https://github.com/chalasr))
>
> [PR] [symfony/symfony#31123](https://github-redirect.dependabot.com/symfony/symfony/pull/31123)
>
> ## v3.4.24
> **Changelog** (since https://github.com/symfony/symfony/compare/v3.4.23...v3.4.24)
>
> * bug [#30660](https://github-redirect.dependabot.com/symfony/symfony/issues/30660) [Bridge][Twig] DebugCommand - fix escaping and filter ([@SpacePossum](https://github.com/SpacePossum))
> * bug [#30720](https://github-redirect.dependabot.com/symfony/symfony/issues/30720) Fix getSetMethodNormalizer to correctly ignore the attributes specified in "ignored_attributes" ([@Emmanuel](https://github.com/Emmanuel) BORGES)
> * bug [#30749](https://github-redirect.dependabot.com/symfony/symfony/issues/30749) [Serializer] Added check of constuctor modifiers to AbstractNormalizer ([@NekaKawaii](https://github.com/NekaKawaii))
> * bug [#30776](https://github-redirect.dependabot.com/symfony/symfony/issues/30776) [Routing] Fix routes annotation loading with glob pattern ([@snoob](https://github.com/snoob))
> ... (truncated)
Commits
- [`1b89e7b`](https://github.com/symfony/symfony/commit/1b89e7baec9891c323bbf1ec81af77d901fc60c9) Merge pull request [#31146](https://github-redirect.dependabot.com/symfony/symfony/issues/31146) from fabpot/release-3.4.26
- [`ef3b684`](https://github.com/symfony/symfony/commit/ef3b684208f3450eb2cae8381ccbbd6c7ee5603e) updated VERSION for 3.4.26
- [`35741bd`](https://github.com/symfony/symfony/commit/35741bd475a7e24d4018c02a2840911d496719af) updated CHANGELOG for 3.4.26
- [`82f003e`](https://github.com/symfony/symfony/commit/82f003eaf35fa86fab216fcc71b1ea1dd0bd2a15) minor [#31132](https://github-redirect.dependabot.com/symfony/symfony/issues/31132) [VarDumper][Ldap] relax some locally failing tests (nicolas-grekas)
- [`f458e5b`](https://github.com/symfony/symfony/commit/f458e5b85a65343883a728406093d18405a54aea) minor [#31128](https://github-redirect.dependabot.com/symfony/symfony/issues/31128) [Validator] Added the missing translations for the Tagalog ("tl"...
- [`1311324`](https://github.com/symfony/symfony/commit/13113245bf0cc8dfe17518ab9de89bea6675911b) bug [#31084](https://github-redirect.dependabot.com/symfony/symfony/issues/31084) [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (v...
- [`55a21fb`](https://github.com/symfony/symfony/commit/55a21fb08f2cdf1668bd31886406210bb035809e) bug [#31142](https://github-redirect.dependabot.com/symfony/symfony/issues/31142) Revert "bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule...
- [`70166f0`](https://github.com/symfony/symfony/commit/70166f03ebd637c9d6bd7c4de2be444b9fa7bf5b) Merge remote-tracking branch 'origin/3.4' into 3.4
- [`a288a74`](https://github.com/symfony/symfony/commit/a288a74d7479ab7227855e1af584bd0191d71b80) minor [#31137](https://github-redirect.dependabot.com/symfony/symfony/issues/31137) [FrameworkBundle] minor: remove a typo from changelog (Simperfit)
- [`cd77f6f`](https://github.com/symfony/symfony/commit/cd77f6f91c4e0fe733bae4bd8014ee81b06d7871) Revert "bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule (dimabory)"
- Additional commits viewable in [compare view](https://github.com/symfony/symfony/compare/v3.3.13...v3.4.26)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/symfony-cmf/cmf-sandbox/network/alerts).
Bumps symfony/symfony from 3.3.13 to 3.4.26.
Release notes
*Sourced from [symfony/symfony's releases](https://github.com/symfony/symfony/releases).* > ## v3.4.26 > **Changelog** (since https://github.com/symfony/symfony/compare/v3.4.25...v3.4.26) > > * bug [#31084](https://github-redirect.dependabot.com/symfony/symfony/issues/31084) [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive ([@vermeirentony](https://github.com/vermeirentony)) > * bug [#31142](https://github-redirect.dependabot.com/symfony/symfony/issues/31142) Revert "bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule (dimabory)" ([@chalasr](https://github.com/chalasr)) > * security #cve-2019-10910 [DI] Check service IDs are valid ([@nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine ([@stof](https://github.com/stof)) > * security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized ([@nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash ([@pborreli](https://github.com/pborreli)) > * security #cve-2019-10913 [HttpFoundation] reject invalid method override ([@nicolas-grekas](https://github.com/nicolas-grekas)) > > [PR] [symfony/symfony#31146](https://github-redirect.dependabot.com/symfony/symfony/pull/31146) > [SECURITY] Security release > > ## v3.4.25 > **Changelog** (since https://github.com/symfony/symfony/compare/v3.4.24...v3.4.25) > > * bug [#29944](https://github-redirect.dependabot.com/symfony/symfony/issues/29944) [DI] Overriding services autowired by name under _defaults bind not working ([@przemyslaw-bogusz](https://github.com/przemyslaw-bogusz), [@renanbr](https://github.com/renanbr)) > * bug [#31076](https://github-redirect.dependabot.com/symfony/symfony/issues/31076) [HttpKernel] Fixed LoggerDataCollector crashing on empty file ([@althaus](https://github.com/althaus)) > * bug [#31071](https://github-redirect.dependabot.com/symfony/symfony/issues/31071) property normalizer should also pass format and context to isAllowedAttribute ([@dbu](https://github.com/dbu)) > * bug [#31059](https://github-redirect.dependabot.com/symfony/symfony/issues/31059) Show more accurate message in profiler when missing stopwatch ([@linaori](https://github.com/linaori)) > * bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule ([@dimabory](https://github.com/dimabory)) > * bug [#31012](https://github-redirect.dependabot.com/symfony/symfony/issues/31012) [Process] Fix missing $extraDirs when open_basedir returns ([@arsonik](https://github.com/arsonik)) > * bug [#30907](https://github-redirect.dependabot.com/symfony/symfony/issues/30907) [Serializer] Respect ignored attributes in cache key of normalizer ([@dbu](https://github.com/dbu)) > * bug [#30085](https://github-redirect.dependabot.com/symfony/symfony/issues/30085) Fix TestRunner compatibility to PhpUnit 8 ([@alexander-schranz](https://github.com/alexander-schranz)) > * bug [#30977](https://github-redirect.dependabot.com/symfony/symfony/issues/30977) [serializer] prevent mixup in normalizer of the object to populate ([@dbu](https://github.com/dbu)) > * bug [#30976](https://github-redirect.dependabot.com/symfony/symfony/issues/30976) [Debug] Fixed error handling when an error is already handled when another error is already handled (5) ([@lyrixx](https://github.com/lyrixx)) > * bug [#30979](https://github-redirect.dependabot.com/symfony/symfony/issues/30979) Fix the configurability of CoreExtension deps in standalone usage ([@stof](https://github.com/stof)) > * bug [#30918](https://github-redirect.dependabot.com/symfony/symfony/issues/30918) [Cache] fix using ProxyAdapter inside TagAwareAdapter ([@dmaicher](https://github.com/dmaicher)) > * bug [#30961](https://github-redirect.dependabot.com/symfony/symfony/issues/30961) [Form] fix translating file validation error message ([@xabbuh](https://github.com/xabbuh)) > * bug [#30951](https://github-redirect.dependabot.com/symfony/symfony/issues/30951) Handle case where no translations were found ([@greg0ire](https://github.com/greg0ire)) > * bug [#29800](https://github-redirect.dependabot.com/symfony/symfony/issues/29800) [Validator] Only traverse arrays that are cascaded into ([@corphi](https://github.com/corphi)) > * bug [#30921](https://github-redirect.dependabot.com/symfony/symfony/issues/30921) [Translator] Warm up the translations cache in dev ([@tgalopin](https://github.com/tgalopin)) > * bug [#30922](https://github-redirect.dependabot.com/symfony/symfony/issues/30922) [TwigBridge] fix horizontal spacing of inlined Bootstrap forms ([@xabbuh](https://github.com/xabbuh)) > * bug [#30895](https://github-redirect.dependabot.com/symfony/symfony/issues/30895) [Form] turn failed file uploads into form errors ([@xabbuh](https://github.com/xabbuh)) > * bug [#30919](https://github-redirect.dependabot.com/symfony/symfony/issues/30919) [Translator] Fix wrong dump for PO files ([@deguif](https://github.com/deguif)) > * bug [#30889](https://github-redirect.dependabot.com/symfony/symfony/issues/30889) [DependencyInjection] Fix a wrong error when using a factory ([@Simperfit](https://github.com/Simperfit)) > * bug [#30879](https://github-redirect.dependabot.com/symfony/symfony/issues/30879) [Form] Php doc fixes and cs + optimizations ([@Jules](https://github.com/Jules) Pietri) > * bug [#30883](https://github-redirect.dependabot.com/symfony/symfony/issues/30883) [Console] Fix stty not reset when aborting in QuestionHelper::autocomplete() ([@Simperfit](https://github.com/Simperfit)) > * bug [#30878](https://github-redirect.dependabot.com/symfony/symfony/issues/30878) [Console] Fix inconsistent result for choice questions in non-interactive mode ([@chalasr](https://github.com/chalasr)) > > [PR] [symfony/symfony#31123](https://github-redirect.dependabot.com/symfony/symfony/pull/31123) > > ## v3.4.24 > **Changelog** (since https://github.com/symfony/symfony/compare/v3.4.23...v3.4.24) > > * bug [#30660](https://github-redirect.dependabot.com/symfony/symfony/issues/30660) [Bridge][Twig] DebugCommand - fix escaping and filter ([@SpacePossum](https://github.com/SpacePossum)) > * bug [#30720](https://github-redirect.dependabot.com/symfony/symfony/issues/30720) Fix getSetMethodNormalizer to correctly ignore the attributes specified in "ignored_attributes" ([@Emmanuel](https://github.com/Emmanuel) BORGES) > * bug [#30749](https://github-redirect.dependabot.com/symfony/symfony/issues/30749) [Serializer] Added check of constuctor modifiers to AbstractNormalizer ([@NekaKawaii](https://github.com/NekaKawaii)) > * bug [#30776](https://github-redirect.dependabot.com/symfony/symfony/issues/30776) [Routing] Fix routes annotation loading with glob pattern ([@snoob](https://github.com/snoob)) > ... (truncated)Commits
- [`1b89e7b`](https://github.com/symfony/symfony/commit/1b89e7baec9891c323bbf1ec81af77d901fc60c9) Merge pull request [#31146](https://github-redirect.dependabot.com/symfony/symfony/issues/31146) from fabpot/release-3.4.26 - [`ef3b684`](https://github.com/symfony/symfony/commit/ef3b684208f3450eb2cae8381ccbbd6c7ee5603e) updated VERSION for 3.4.26 - [`35741bd`](https://github.com/symfony/symfony/commit/35741bd475a7e24d4018c02a2840911d496719af) updated CHANGELOG for 3.4.26 - [`82f003e`](https://github.com/symfony/symfony/commit/82f003eaf35fa86fab216fcc71b1ea1dd0bd2a15) minor [#31132](https://github-redirect.dependabot.com/symfony/symfony/issues/31132) [VarDumper][Ldap] relax some locally failing tests (nicolas-grekas) - [`f458e5b`](https://github.com/symfony/symfony/commit/f458e5b85a65343883a728406093d18405a54aea) minor [#31128](https://github-redirect.dependabot.com/symfony/symfony/issues/31128) [Validator] Added the missing translations for the Tagalog ("tl"... - [`1311324`](https://github.com/symfony/symfony/commit/13113245bf0cc8dfe17518ab9de89bea6675911b) bug [#31084](https://github-redirect.dependabot.com/symfony/symfony/issues/31084) [HttpFoundation] Make MimeTypeExtensionGuesser case insensitive (v... - [`55a21fb`](https://github.com/symfony/symfony/commit/55a21fb08f2cdf1668bd31886406210bb035809e) bug [#31142](https://github-redirect.dependabot.com/symfony/symfony/issues/31142) Revert "bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule... - [`70166f0`](https://github.com/symfony/symfony/commit/70166f03ebd637c9d6bd7c4de2be444b9fa7bf5b) Merge remote-tracking branch 'origin/3.4' into 3.4 - [`a288a74`](https://github.com/symfony/symfony/commit/a288a74d7479ab7227855e1af584bd0191d71b80) minor [#31137](https://github-redirect.dependabot.com/symfony/symfony/issues/31137) [FrameworkBundle] minor: remove a typo from changelog (Simperfit) - [`cd77f6f`](https://github.com/symfony/symfony/commit/cd77f6f91c4e0fe733bae4bd8014ee81b06d7871) Revert "bug [#30423](https://github-redirect.dependabot.com/symfony/symfony/issues/30423) [Security] Rework firewall's access denied rule (dimabory)" - Additional commits viewable in [compare view](https://github.com/symfony/symfony/compare/v3.3.13...v3.4.26)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/symfony-cmf/cmf-sandbox/network/alerts).