10000 Fix incompatibilities with upcoming security 6.0 by wouterj · Pull Request #42595 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

Fix incompatibilities with upcoming security 6.0 #42595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Aug 17, 2021
Merged

Fix incompatibilities with upcoming security 6.0 #42595

merged 8 commits into from
Aug 17, 2021
+99 −73

Conversation

wouterj
Copy link
Member
@wouterj wouterj commented Aug 17, 2021
Q A
Branch? 5.4
Bug fix? yes
New feature? no
Deprecations? yes
Tickets -
License MIT
Doc PR -

Hats of to the person that invented the flipped tests on a new major branch! All these incompatibility bugs were discovered by the flipped tests of #41613

@wouterj wouterj requested a review from chalasr as a code owner August 17, 2021 12:04
wouterj
wouterj commented Aug 17, 2021
View reviewed changes
UPGRADE-5.4.md
@@ -66,6 +66,7 @@ SecurityBundle
Security
--------

* Deprecate `AuthenticationEvents::AUTHENTICATION_FAILURE`, use the `LoginFailureEvent` instead
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This event has been deprecated in 5.3, but we forgot to deprecate this constant.

@wouterj wouterj mentioned this pull request Aug 17, 2021
Merged
@wouterj wouterj added this to the 5.4 milestone Aug 17, 2021
@wouterj
Copy link
Member Author
wouterj commented Aug 17, 2021

Build should be green after #42596 is merged (and this PR is rebased).

wouterj added a commit that referenced this pull request Aug 17, 2021
@wouterj
bug #42596 [Security] Fix wrong cache directive when using the new PU…
fd0dc96 
…BLIC_ACCESS attribute (wouterj)

This PR was squashed before being merged into the 5.3 branch.

Discussion
----------

[Security] Fix wrong cache directive when using the new PUBLIC_ACCESS attribute

| Q             | A
| ------------- | ---
| Branch?       |
10000
 5.3
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Ref #41613 (comment)
| License       | MIT
| Doc PR        | -

`PUBLIC_ACCESS` is the new `IS_AUTHENTICATED_ANONYMOUSLY` since 5.2, but we didn't correctly check for this causing a private cache directive for a stateless page.

This PR also includes 2 changes from #42595 that could be backported to 5.3

Commits
-------

ca80ee3 [Security] Fix wrong cache directive when using the new PUBLIC_ACCESS attribute
@fabpot
Copy link
Member
fabpot commented Aug 17, 2021

@wouterj This one can now be rebased.

@wouterj wouterj force-pushed the pull-41613/backport branch from a2f9279 to e6bfe38 Compare August 17, 2021 15:50
@wouterj wouterj force-pushed the pull-41613/backport branch from e6bfe38 to 96532e5 Compare August 17, 2021 15:54
@wouterj
Copy link
Member Author
wouterj commented Aug 17, 2021
edited
Loading

Check, done (and hopefully also fixed the 5.4 branch in this PR)

@fabpot
Copy link
Member
fabpot commented Aug 17, 2021

Thank you @wouterj.

@fabpot fabpot merged commit f1643e8 into symfony:5.4 Aug 17, 2021
@wouterj wouterj deleted the pull-41613/backport branch August 17, 2021 16:11
This was referenced Nov 5, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees
No one assigned
Labels
Bug Deprecation Status: Reviewed
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.
3 participants
@wouterj @fabpot @carsonbot
0