• a1760b1 version
• 49563a8 [6.x] Limit expected bindings (#35865)
• 4611ba6 Retry if DNS lookup fails (#35790)
• 21a9293 Update DetectsLostConnections.php (#35744) (#35752)
• 13ae12f Merge branch '6.x' into 7.x
• c3e7c3d [6.x] Backport for fix issue with polymorphic morphMaps with literal 0 (#3536...
• cadbd47 Merge branch '6.x' into 7.x
• 8f318e4 [8.x] Fix generic DetectsLostConnection string (#35323)
• 1e516c6 fix conflicts
• 091a784 Reset array keys for restoration (#35218)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from symfony/http-kernel's releases.

v5.1.5

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.4...v5.1.5)

• no changes

v5.1.4

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.3...v5.1.4)

• bug #37841 Backport handler lock when using VAR_DUMPER_FORMAT (ogizanagi)

v5.1.3

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.2...v5.1.3)

• bug #37341 Fix support for PHP8 union types (nicolas-grekas)

v5.1.2

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.1...v5.1.2)

• no changes

v5.1.1

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.0...v5.1.1)

• bug #37182 Fix regression where Store does not return response body correctly (mpdude)

v5.1.0

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.0-RC2...v5.1.0)

• no changes

v5.1.0-RC2

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.0-RC1...v5.1.0-RC2)

• bug #36891 Address deprecation of ReflectionType::getClass() (derrabus)
• bug #36833 Fix that the Store would not save responses with the X-Content-Digest header present (mpdude)
• bug #36855 Fix error logger when stderr is redirected to /dev/null (fabpot)
• bug #36838 Bring back the debug toolbar (derrabus)

v5.1.0-RC1

Changelog (https://github.com/symfony/http-kernel/compare/v5.1.0-BETA1...v5.1.0-RC1)

• bug #36789 Change priority of KernelEvents::RESPONSE subscriber (marcw)

v5.0.11

Changelog (https://github.com/symfony/http-kernel/compare/v5.0.10...v5.0.11)

• bug #37341 Fix support for PHP8 union types (nicolas-grekas)

v5.0.10

Changelog (https://github.com/symfony/http-kernel/compare/v5.0.9...v5.0.10)

Sourced from symfony/http-kernel's changelog.

CHANGELOG

5.2.0

• added session usage
• made the public http_cache service handle requests when available
• allowed enabling trusted hosts and proxies using new kernel.trusted_hosts, kernel.trusted_proxies and kernel.trusted_headers parameters
• content of request parameter _password is now also hidden in the request profiler raw content section

5.1.0

• allowed to use a specific logger channel for deprecations
• made WarmableInterface::warmUp() return a list of classes or files to preload on PHP 7.4+; not returning an array is deprecated
• made kernels implementing WarmableInterface be part of the cache warmup stage
• deprecated support for service:action syntax to reference controllers, use serviceOrFqcn::method instead
• allowed using public aliases to reference controllers
• added session usage reporting when the _stateless attribute of the request is set to true
• added AbstractSessionListener::onSessionUsage() to report when the session is used while a request is stateless

5.0.0

• removed support for getting the container from a non-booted kernel
• removed the first and second constructor argument of ConfigDataCollector
• removed ConfigDataCollector::getApplicationName()
• removed ConfigDataCollector::getApplicationVersion()
• removed support for Symfony\Component\Templating\EngineInterface in HIncludeFragmentRenderer, use a Twig\Environment only
• removed TranslatorListener in favor of LocaleAwareListener
• removed getRootDir() and getName() from Kernel and KernelInterface
• removed FilterControllerArgumentsEvent, use ControllerArgumentsEvent instead
• removed FilterControllerEvent, use ControllerEvent instead
• removed FilterResponseEvent, use ResponseEvent instead
• removed GetResponseEvent, use RequestEvent instead
• removed GetResponseForControllerResultEvent, use ViewEvent instead
• removed GetResponseForExceptionEvent, use ExceptionEvent instead
• removed PostResponseEvent, use TerminateEvent instead
• removed SaveSessionListener in favor of AbstractSessionListener
• removed Client, use HttpKernelBrowser instead
• added method getProjectDir() to KernelInterface
• removed methods serialize and unserialize from DataCollector, store the serialized state in the data property instead
• made ProfilerStorageInterface internal
• removed the second and third argument of KernelInterface::locateResource
• removed the second and third argument of FileLocator::__construct
• removed loading resources from %kernel.root_dir%/Resources and %kernel.root_dir% as

• 3e32676 Update VERSION for 5.1.5
• f855601 Merge branch '4.4' into 5.1
• cdf1e9b security #cve-2020-15094 Remove headers with internal meaning from HttpClient...
• 8e8d0ed Remove headers with internal meaning from HttpClient responses
• 05293dd Bump Symfony version to 5.1.5
• f829c24 Update VERSION for 5.1.4
• a5ed890 Bump Symfony version to 4.4.13
• f93f6b3 Update VERSION for 4.4.12
• 794f3d4 Merge branch '4.4' into 5.1
• 98fb210 minor #37831 stop using deprecated PHPUnit APIs (xabbuh)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• c7a3569 fix conflicts
• 00b016a formatting
• fd2d667 Add limit bindings for having between + tests.
• 7797c2a Update whereDay and whereYear to clean value.
• c2d71ad Limit expected bindingx v2.
• a1760b1 version
• 49563a8 [6.x] Limit expected bindings (#35865)
• 4611ba6 Retry if DNS lookup fails (#35790)
• 21a9293 Update DetectsLostConnections.php (#35744) (#35752)
• 13ae12f Merge branch '6.x' into 7.x
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from symfony/http-foundation's releases.

v5.0.7

Changelog (https://github.com/symfony/http-foundation/compare/v5.0.6...v5.0.7)

• no changes

• 26fb006 Merge branch '4.4' into 5.0
• 62f9250 [HttpFoundation] Do not set the default Content-Type based on the Accept header
• 98b44bd Merge branch '4.4' into 5.0
• 67d0196 add missing gitattributes for phpunit-bridge
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from symfony/http-foundation's releases.

v3.4.38

Changelog (https://github.com/symfony/http-foundation/compare/v3.4.37...v3.4.38)

• bug #35605 fix support for samesite in session cookies (fabpot)
• bug #35305  Fix stale-if-error behavior, add tests (mpdude)

Sourced from symfony/http-foundation's changelog.

CHANGELOG

5.1.0

• added Cookie::withValue, Cookie::withDomain, Cookie::withExpires, Cookie::withPath, Cookie::withSecure, Cookie::withHttpOnly, Cookie::withRaw, Cookie::withSameSite
• Deprecate Response::create(), JsonResponse::create(), RedirectResponse::create(), and StreamedResponse::create() methods (use __construct() instead)
• added Request::preferSafeContent() and Response::setContentSafe() to handle "safe" HTTP preference according to RFC 8674
• made the Mime component an optional dependency
• added MarshallingSessionHandler, IdentityMarshaller

5.0.0

• made Cookie auto-secure and lax by default
• removed classes in the MimeType namespace, use the Symfony Mime component instead
• removed method UploadedFile::getClientSize() and the related constructor argument
• made Request::getSession() throw if the session has not been set before
• removed Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL
• passing a null url when instantiating a RedirectResponse is not allowed

4.4.0

• passing arguments to Request::isMethodSafe() is deprecated.
• ApacheRequest is deprecated, use the Request class instead.
• passing a third argument to HeaderBag::get() is deprecated, use method all() instead
• [BC BREAK] PdoSessionHandler with MySQL changed the type of the lifetime column, make sure to run ALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL to update your database.
• PdoSessionHandler now precalculates the expiry timestamp in the lifetime column, make sure to run CREATE INDEX EXPIRY ON sessions (sess_lifetime) to update your database to speed up garbage collection of expired sessions.
• added SessionHandlerFactory to create session handlers with a DSN
• added IpUtils::anonymize() to help with GDPR compliance.

4.3.0

• added PHPUnit constraints: RequestAttributeValueSame, ResponseCookieValueSame, ResponseHasCookie, ResponseHasHeader, ResponseHeaderSame, ResponseIsRedirected, ResponseIsSuccessful, and ResponseStatusCodeSame
• deprecated MimeTypeGuesserInterface and ExtensionGuesserInterface in favor of Symfony\Component\Mime\MimeTypesInterface.
• deprecated MimeType and MimeTypeExtensionGuesser in favor of Symfony\Component\Mime\MimeTypes.
• deprecated FileBinaryMimeTypeGuesser in favor of Symfony\Component\Mime\FileBinaryMimeTypeGuesser.

... (truncated)

• 4d440be [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
• 7a2ab8c Fix CS
• 3bdf327 [HttpKernel] Fix stale-if-error behavior, add tests
• f3abd07 Update links to documentation
• 45285ab Update year in license files
• de7e6cd X-Accel Nginx URL updated
• 5b932ee Fix typo
• 7d2f82a use utf8mb4_bin to align code with documentation
• 723b5ca [HttpFoundation] Use Cache-Control: must-revalidate only if explicit lifeti...
• d2d0cfe [HttpFoundation] Fixed typo
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from symfony/http-kernel's releases.

v5.2.6

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.5...v5.2.6)

• bug #40535 ConfigDataCollector to return known data without the need of a Kernel (topikito)

v5.2.5

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.4...v5.2.5)

• no significant changes

v5.2.4

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.3...v5.2.4)

• bug #40231 Configure session.cookie_secure earlier (tamcy)
• bug #40104 Silence failed deprecations logs writes (fancyweb)

v5.2.3

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.2...v5.2.3)

• no changes

v5.2.2

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.1...v5.2.2)

• bug #39944 Configure the ErrorHandler even when it is overriden (nicolas-grekas)
• bug #39797 Dont allow unserializing classes with a destructor (jderusse)

v5.2.1

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.0...v5.2.1)

• bug #39360 Fix cache:clear with buildDir (jderusse)
• bug #39220 Fix bug with whitespace in Kernel::stripComments() (ausi)

v5.2.0

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.0-RC2...v5.2.0)

• no changes

v5.2.0-RC2

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.0-RC1...v5.2.0-RC2)

• no changes

v5.2.0-RC1

Changelog (https://github.com/symfony/http-kernel/compare/v5.2.0-BETA3...v5.2.0-RC1)

• feature #38954 Deprecate the HEADER_X_FORWARDED_ALL constant (jderusse)
• bug #38910 Fix session initialized several times (jderusse)
• bug #38894 Remove Symfony 3 compatibility code (derrabus)

... (truncated)

Sourced from symfony/http-kernel's changelog.

CHANGELOG

5.3

• Deprecate ArgumentInterface
• Add ArgumentMetadata::getAttributes()
• Deprecate ArgumentMetadata::getAttribute(), use getAttributes() instead
• Mark the class Symfony\Component\HttpKernel\EventListener\DebugHandlersListener as internal
• Deprecate returning a ContainerBuilder from KernelInterface::registerContainerConfiguration()
• Deprecate HttpKernelInterface::MASTER_REQUEST and add HttpKernelInterface::MAIN_REQUEST as replacement
• Deprecate KernelEvent::isMasterRequest() and add isMainRequest() as replacement
• Add #[AsController] attribute for declaring standalone controllers on PHP 8
• Add FragmentUriGeneratorInterface and FragmentUriGenerator to generate the URI of a fragment

5.2.0

• added session usage
• made the public http_cache service handle requests when available
• allowed enabling trusted hosts and proxies using new kernel.trusted_hosts, kernel.trusted_proxies and kernel.trusted_headers parameters
• content of request parameter _password is now also hidden in the request profiler raw content section
• Allowed adding attributes on controller arguments that will be passed to argument resolvers.
• kernels implementing the ExtensionInterface will now be auto-registered to the container
• added parameter kernel.runtime_environment, defined as %env(default:kernel.environment:APP_RUNTIME_ENV)%
• do not set a default Accept HTTP header when using HttpKernelBrowser

5.1.0

• allowed to use a specific logger channel for deprecations
• made WarmableInterface::warmUp() return a list of classes or files to preload on PHP 7.4+; not returning an array is deprecated
• made kernels implementing WarmableInterface be part of the cache warmup stage
• deprecated support for service:action syntax to reference controllers, use serviceOrFqcn::method instead
• allowed using public aliases to reference controllers
• added session usage reporting when the _stateless attribute of the request is set to true
• added AbstractSessionListener::onSessionUsage() to report when the session is used while a request is stateless

5.0.0

• removed support for getting the container from a non-booted kernel
• removed the first and second constructor argument of ConfigDataCollector
• removed ConfigDataCollector::getApplicationName()
• removed ConfigDataCollector::getApplicationVersion()
• removed support for Symfony\Component\Templating\EngineInterface in HIncludeFragmentRenderer, use a Twig\Environment only

... (truncated)

• f34de4c Update VERSION for 5.2.6
• 38d4a70 fix docblock
• ac127ca Merge branch '4.4' into 5.2
• cf71f2a bug #40535 [HttpKernel] ConfigDataCollector to return known data without the ...
• 59ea1e0 [HttpKernel] ConfigDataCollector to return known data without the need of a K...
• 84d3b1a Merge branch '4.4' into 5.2
• 021c219 Hardening Security - Unserialize DumpDataCollector
• 12485b0 Merge branch '4.4' into 5.2
• 835cfc2 [HttpKernel] do is_file check before include
• 10fdbbc Bump Symfony version to 5.2.6
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.