Deprecated HTTP-Digest authentication

javiereguiluz · javiereguiluz · commit 530c2fbb8192 · 2017-10-17T17:32:01.000+02:00
diff --git a/components/security.rst b/components/security.rst
@@ -6,10 +6,10 @@ The Security Component
 
     The Security component provides a complete security system for your web
     application. It ships with facilities for authenticating using HTTP basic
-    or digest authentication, interactive form login or X.509 certificate
-    login, but also allows you to implement your own authentication strategies.
-    Furthermore, the component provides ways to authorize authenticated users
-    based on their roles, and it contains an advanced ACL system.
+    authentication, interactive form login or X.509 certificate login, but also
+    allows you to implement your own authentication strategies. Furthermore, the
+    component provides ways to authorize authenticated users based on their
+    roles, and it contains an advanced ACL system.
 
 Installation
 ------------
diff --git a/components/security/authentication.rst b/components/security/authentication.rst
@@ -10,7 +10,7 @@ firewall map is able to extract the user's credentials from the current
 a token, containing these credentials. The next thing the listener should
 do is ask the authentication manager to validate the given token, and return
 an *authenticated* token if the supplied credentials were found to be valid.
-The listener should then store the authenticated token using 
+The listener should then store the authenticated token using
 :class:`the token storage <Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorageInterface>`::
 
     use Symfony\Component\Security\Http\Firewall\ListenerInterface;
@@ -306,7 +306,7 @@ logged into your website.  It is important to distinguish this action from
 non-interactive authentication methods, such as:
 
 * authentication based on your session.
-* authentication using a HTTP basic or HTTP digest header.
+* authentication using a HTTP basic header.
 
 You could listen on the ``security.interactive_login`` event, for example, in
 order to give your user a welcome flash message every time they log in.
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -690,6 +690,10 @@ multiple firewalls, the "context" could actually be shared:
 HTTP-Digest Authentication
 --------------------------
 
+.. versionadded:: 3.4
+    HTTP-Digest Authentication was deprecated in Symfony 3.4 and it will be
+    removed in Symfony 4.0.
+
 To use HTTP-Digest authentication you need to provide a realm and a secret:
 
 .. configuration-block::
