Skip to content

Latest commit

 

History

History
73 lines (56 loc) · 3.42 KB

CHANGELOG.md

File metadata and controls

73 lines (56 loc) · 3.42 KB

CHANGELOG

7.0

  • Remove the Security class, use Symfony\Bundle\SecurityBundle\Security instead
  • Require explicit argument when calling TokenStorage::setToken()
  • Change argument $lastUsed of TokenProviderInterface::updateToken() to accept DateTimeInterface

6.4

  • Make PersistentToken immutable
  • Deprecate accepting only DateTime for TokenProviderInterface::updateToken(), use DateTimeInterface instead

6.3

  • Add AttributesBasedUserProviderInterface to allow $attributes optional argument on loadUserByIdentifier
  • Add OidcUser with OIDC support for OidcUserInfoTokenHandler

6.2

  • Deprecate the Security class, use Symfony\Bundle\SecurityBundle\Security instead
  • Change the signature of TokenStorageInterface::setToken() to setToken(?TokenInterface $token)
  • Deprecate calling TokenStorage::setToken() without arguments
  • Add a ChainUserChecker to allow calling multiple user checkers for a firewall

6.0

  • TokenInterface does not extend Serializable anymore
  • Remove all classes in the Core\Encoder\ sub-namespace, use the PasswordHasher component instead
  • Remove methods getPassword() and getSalt() from UserInterface, use PasswordAuthenticatedUserInterface or LegacyPasswordAuthenticatedUserInterface instead
  • AccessDecisionManager requires the strategy to be passed as in instance of AccessDecisionStrategyInterface

5.4.21

  • [BC BREAK] AccessDecisionStrategyTestCase::provideStrategyTests() is now static

5.4

  • Add a CacheableVoterInterface for voters that vote only on identified attributes and subjects
  • Deprecate AuthenticationEvents::AUTHENTICATION_FAILURE, use the LoginFailureEvent instead
  • Deprecate AnonymousToken, as the related authenticator was deprecated in 5.3
  • Deprecate Token::getCredentials(), tokens should no longer contain credentials (as they represent authenticated sessions)
  • Deprecate returning string|\Stringable from Token::getUser() (it must return a UserInterface)
  • Deprecate AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY and AuthenticatedVoter::IS_ANONYMOUS, use AuthenticatedVoter::IS_AUTHENTICATED_FULLY or AuthenticatedVoter::IS_AUTHENTICATED instead.
  • Deprecate AuthenticationTrustResolverInterface::isAnonymous() and the is_anonymous() expression function as anonymous no longer exists in version 6, use the isFullFledged() or the new isAuthenticated() instead if you want to check if the request is (fully) authenticated.
  • Deprecate the $authenticationManager argument of the AuthorizationChecker constructor
  • Deprecate setting the $alwaysAuthenticate argument to true and not setting the $exceptionOnNoToken argument to false of AuthorizationChecker
  • Deprecate methods TokenInterface::isAuthenticated() and setAuthenticated, return null from "getUser()" instead when a token is not authenticated
  • Add AccessDecisionStrategyInterface to allow custom access decision strategies
  • Add access decision strategies AffirmativeStrategy, ConsensusStrategy, PriorityStrategy, UnanimousStrategy
  • Deprecate passing the strategy as string to AccessDecisionManager, pass an instance of AccessDecisionStrategyInterface instead
  • Flag AccessDecisionManager as @final

5.3

The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md