1CHANGELOG
2=========
3
45.0.0
5-----
6
7 * made `Cookie` auto-secure and lax by default
8 * removed classes in the `MimeType` namespace, use the Symfony Mime component instead
9 * removed method `UploadedFile::getClientSize()` and the related constructor argument
10 * made `Request::getSession()` throw if the session has not been set before
11 * removed `Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL`
12 * passing a null url when instantiating a `RedirectResponse` is not allowed
13
144.4.0
15-----
16
17 * passing arguments to `Request::isMethodSafe()` is deprecated.
18 * `ApacheRequest` is deprecated, use the `Request` class instead.
19 * passing a third argument to `HeaderBag::get()` is deprecated, use method `all()` instead
20 * [BC BREAK] `PdoSessionHandler` with MySQL changed the type of the lifetime column,
21   make sure to run `ALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL` to
22   update your database.
23 * `PdoSessionHandler` now precalculates the expiry timestamp in the lifetime column,
24    make sure to run `CREATE INDEX EXPIRY ON sessions (sess_lifetime)` to update your database
25    to speed up garbage collection of expired sessions.
26 * added `SessionHandlerFactory` to create session handlers with a DSN
27 * added `IpUtils::anonymize()` to help with GDPR compliance.
28
294.3.0
30-----
31
32 * added PHPUnit constraints: `RequestAttributeValueSame`, `ResponseCookieValueSame`, `ResponseHasCookie`,
33   `ResponseHasHeader`, `ResponseHeaderSame`, `ResponseIsRedirected`, `ResponseIsSuccessful`, and `ResponseStatusCodeSame`
34 * deprecated `MimeTypeGuesserInterface` and `ExtensionGuesserInterface` in favor of `Symfony\Component\Mime\MimeTypesInterface`.
35 * deprecated `MimeType` and `MimeTypeExtensionGuesser` in favor of `Symfony\Component\Mime\MimeTypes`.
36 * deprecated `FileBinaryMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileBinaryMimeTypeGuesser`.
37 * deprecated `FileinfoMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileinfoMimeTypeGuesser`.
38 * added `UrlHelper` that allows to get an absolute URL and a relative path for a given path
39
404.2.0
41-----
42
43 * the default value of the "$secure" and "$samesite" arguments of Cookie's constructor
44   will respectively change from "false" to "null" and from "null" to "lax" in Symfony
45   5.0, you should define their values explicitly or use "Cookie::create()" instead.
46 * added `matchPort()` in RequestMatcher
47
484.1.3
49-----
50
51 * [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL`
52   HTTP headers has been dropped for security reasons.
53
544.1.0
55-----
56
57 * Query string normalization uses `parse_str()` instead of custom parsing logic.
58 * Passing the file size to the constructor of the `UploadedFile` class is deprecated.
59 * The `getClientSize()` method of the `UploadedFile` class is deprecated. Use `getSize()` instead.
60 * added `RedisSessionHandler` to use Redis as a session storage
61 * The `get()` method of the `AcceptHeader` class now takes into account the
62   `*` and `*/*` default values (if they are present in the Accept HTTP header)
63   when looking for items.
64 * deprecated `Request::getSession()` when no session has been set. Use `Request::hasSession()` instead.
65 * added `CannotWriteFileException`, `ExtensionFileException`, `FormSizeFileException`,
66   `IniSizeFileException`, `NoFileException`, `NoTmpDirFileException`, `PartialFileException` to
67   handle failed `UploadedFile`.
68 * added `MigratingSessionHandler` for migrating between two session handlers without losing sessions
69 * added `HeaderUtils`.
70
714.0.0
72-----
73
74 * the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()`
75   methods have been removed
76 * the `Request::HEADER_CLIENT_IP` constant has been removed, use
77   `Request::HEADER_X_FORWARDED_FOR` instead
78 * the `Request::HEADER_CLIENT_HOST` constant has been removed, use
79   `Request::HEADER_X_FORWARDED_HOST` instead
80 * the `Request::HEADER_CLIENT_PROTO` constant has been removed, use
81   `Request::HEADER_X_FORWARDED_PROTO` instead
82 * the `Request::HEADER_CLIENT_PORT` constant has been removed, use
83   `Request::HEADER_X_FORWARDED_PORT` instead
84 * checking for cacheable HTTP methods using the `Request::isMethodSafe()`
85   method (by not passing `false` as its argument) is not supported anymore and
86   throws a `\BadMethodCallException`
87 * the `WriteCheckSessionHandler`, `NativeSessionHandler` and `NativeProxy` classes have been removed
88 * setting session save handlers that do not implement `\SessionHandlerInterface` in
89   `NativeSessionStorage::setSaveHandler()` is not supported anymore and throws a
90   `\TypeError`
91
923.4.0
93-----
94
95 * implemented PHP 7.0's `SessionUpdateTimestampHandlerInterface` with a new
96   `AbstractSessionHandler` base class and a new `StrictSessionHandler` wrapper
97 * deprecated the `WriteCheckSessionHandler`, `NativeSessionHandler` and `NativeProxy` classes
98 * deprecated setting session save handlers that do not implement `\SessionHandlerInterface` in `NativeSessionStorage::setSaveHandler()`
99 * deprecated using `MongoDbSessionHandler` with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead
100 * deprecated `MemcacheSessionHandler`; use `MemcachedSessionHandler` instead
101
1023.3.0
103-----
104
105 * the `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument,
106   see https://symfony.com/doc/current/deployment/proxies.html for more info,
107 * deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
108 * added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
109   disabling `Range` and `Content-Length` handling, switching to chunked encoding instead
110 * added the `Cookie::fromString()` method that allows to create a cookie from a
111   raw header string
112
1133.1.0
114-----
115
116 * Added support for creating `JsonResponse` with a string of JSON data
117
1183.0.0
119-----
120
121 * The precedence of parameters returned from `Request::get()` changed from "GET, PATH, BODY" to "PATH, GET, BODY"
122
1232.8.0
124-----
125
126 * Finding deep items in `ParameterBag::get()` is deprecated since version 2.8 and
127   will be removed in 3.0.
128
1292.6.0
130-----
131
132 * PdoSessionHandler changes
133   - implemented different session locking strategies to prevent loss of data by concurrent access to the same session
134   - [BC BREAK] save session data in a binary column without base64_encode
135   - [BC BREAK] added lifetime column to the session table which allows to have different lifetimes for each session
136   - implemented lazy connections that are only opened when a session is used by either passing a dsn string
137     explicitly or falling back to session.save_path ini setting
138   - added a createTable method that initializes a correctly defined table depending on the database vendor
139
1402.5.0
141-----
142
143 * added `JsonResponse::setEncodingOptions()` & `JsonResponse::getEncodingOptions()` for easier manipulation
144   of the options used while encoding data to JSON format.
145
1462.4.0
147-----
148
149 * added RequestStack
150 * added Request::getEncodings()
151 * added accessors methods to session handlers
152
1532.3.0
154-----
155
156 * added support for ranges of IPs in trusted proxies
157 * `UploadedFile::isValid` now returns false if the file was not uploaded via HTTP (in a non-test mode)
158 * Improved error-handling of `\Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler`
159   to ensure the supplied PDO handler throws Exceptions on error (as the class expects). Added related test cases
160   to verify that Exceptions are properly thrown when the PDO queries fail.
161
1622.2.0
163-----
164
165 * fixed the Request::create() precedence (URI information always take precedence now)
166 * added Request::getTrustedProxies()
167 * deprecated Request::isProxyTrusted()
168 * [BC BREAK] JsonResponse does not turn a top level empty array to an object anymore, use an ArrayObject to enforce objects
169 * added a IpUtils class to check if an IP belongs to a CIDR
170 * added Request::getRealMethod() to get the "real" HTTP method (getMethod() returns the "intended" HTTP method)
171 * disabled _method request parameter support by default (call Request::enableHttpMethodParameterOverride() to
172   enable it, and Request::getHttpMethodParameterOverride() to check if it is supported)
173 * Request::splitHttpAcceptHeader() method is deprecated and will be removed in 2.3
174 * Deprecated Flashbag::count() and \Countable interface, will be removed in 2.3
175
1762.1.0
177-----
178
179 * added Request::getSchemeAndHttpHost() and Request::getUserInfo()
180 * added a fluent interface to the Response class
181 * added Request::isProxyTrusted()
182 * added JsonResponse
183 * added a getTargetUrl method to RedirectResponse
184 * added support for streamed responses
185 * made Response::prepare() method the place to enforce HTTP specification
186 * [BC BREAK] moved management of the locale from the Session class to the Request class
187 * added a generic access to the PHP built-in filter mechanism: ParameterBag::filter()
188 * made FileBinaryMimeTypeGuesser command configurable
189 * added Request::getUser() and Request::getPassword()
190 * added support for the PATCH method in Request
191 * removed the ContentTypeMimeTypeGuesser class as it is deprecated and never used on PHP 5.3
192 * added ResponseHeaderBag::makeDisposition() (implements RFC 6266)
193 * made mimetype to extension conversion configurable
194 * [BC BREAK] Moved all session related classes and interfaces into own namespace, as
195   `Symfony\Component\HttpFoundation\Session` and renamed classes accordingly.
196   Session handlers are located in the subnamespace `Symfony\Component\HttpFoundation\Session\Handler`.
197 * SessionHandlers must implement `\SessionHandlerInterface` or extend from the
198   `Symfony\Component\HttpFoundation\Storage\Handler\NativeSessionHandler` base class.
199 * Added internal storage driver proxy mechanism for forward compatibility with
200   PHP 5.4 `\SessionHandler` class.
201 * Added session handlers for custom Memcache, Memcached and Null session save handlers.
202 * [BC BREAK] Removed `NativeSessionStorage` and replaced with `NativeFileSessionHandler`.
203 * [BC BREAK] `SessionStorageInterface` methods removed: `write()`, `read()` and
204   `remove()`.  Added `getBag()`, `registerBag()`.  The `NativeSessionStorage` class
205   is a mediator for the session storage internals including the session handlers
206   which do the real work of participating in the internal PHP session workflow.
207 * [BC BREAK] Introduced mock implementations of `SessionStorage` to enable unit
208   and functional testing without starting real PHP sessions.  Removed
209   `ArraySessionStorage`, and replaced with `MockArraySessionStorage` for unit
210   tests; removed `FilesystemSessionStorage`, and replaced with`MockFileSessionStorage`
211   for functional tests.  These do not interact with global session ini
212   configuration values, session functions or `$_SESSION` superglobal. This means
213   they can be configured directly allowing multiple instances to work without
214   conflicting in the same PHP process.
215 * [BC BREAK] Removed the `close()` method from the `Session` class, as this is
216   now redundant.
217 * Deprecated the following methods from the Session class: `setFlash()`, `setFlashes()`
218   `getFlash()`, `hasFlash()`, and `removeFlash()`. Use `getFlashBag()` instead
219   which returns a `FlashBagInterface`.
220 * `Session->clear()` now only clears session attributes as before it cleared
221   flash messages and attributes. `Session->getFlashBag()->all()` clears flashes now.
222 * Session data is now managed by `SessionBagInterface` to better encapsulate
223   session data.
224 * Refactored session attribute and flash messages system to their own
225  `SessionBagInterface` implementations.
226 * Added `FlashBag`. Flashes expire when retrieved by `get()` or `all()`. This
227   implementation is ESI compatible.
228 * Added `AutoExpireFlashBag` (default) to replicate Symfony 2.0.x auto expire
229   behavior of messages auto expiring after one page page load.  Messages must
230   be retrieved by `get()` or `all()`.
231 * Added `Symfony\Component\HttpFoundation\Attribute\AttributeBag` to replicate
232   attributes storage behavior from 2.0.x (default).
233 * Added `Symfony\Component\HttpFoundation\Attribute\NamespacedAttributeBag` for
234   namespace session attributes.
235 * Flash API can stores messages in an array so there may be multiple messages
236   per flash type.  The old `Session` class API remains without BC break as it
237   will allow single messages as before.
238 * Added basic session meta-data to the session to record session create time,
239   last updated time, and the lifetime of the session cookie that was provided
240   to the client.
241 * Request::getClientIp() method doesn't take a parameter anymore but bases
242   itself on the trustProxy parameter.
243 * Added isMethod() to Request object.
244 * [BC BREAK] The methods `getPathInfo()`, `getBaseUrl()` and `getBasePath()` of
245   a `Request` now all return a raw value (vs a urldecoded value before). Any call
246   to one of these methods must be checked and wrapped in a `rawurldecode()` if
247   needed.
248