Symfony Release Notes

Symfony 6.4 is backed by:

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.

Symfony 6.4.35 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 6.4.34

• bug #63604 Fix ApplicationTester ignoring interactive and verbosity options when SHELL_VERBOSITY is set (@nicolas-grekas)
• bug #63602 Fix denormalization of magic __set properties (@nicolas-grekas)
• bug #63603 Fix session cookie_lifetime not applied in mock session storage (@nicolas-grekas)
• bug #63598 Add 'sms' to hostless schemes (@hivokas)
• bug #63592 Add timeout and slot eviction to LockRegistry stampede prevention (@nicolas-grekas)
• bug #63570 Fix OUTPUT_RAW corrupting binary content on Windows (@guillaumeVDP)
• bug #63584 Use shell_exec() instead of passthru() in FileBinaryMimeTypeGuesser (@nicolas-grekas)
• bug #63574 Fix stale container after reboot in KernelTestCase (@nicolas-grekas)
• bug #63572 Fix duplicate validation errors when ValidatorExtension is instantiated multiple times (@nicolas-grekas)
• bug #63568 Fix Bootstrap 4 horizontal layout broken by form errors moved outside label (@nicolas-grekas)
• bug #63555 Fix int-to-float coercion for JSON # with pre-parsed array data (@eyupcanakman)
• bug #63559 Flush batch handlers after inactivity timeout when worker is busy (@nicolas-grekas)
• bug #63523 Fix inline attachments with custom Content-ID (@99Vicky)
• bug #63550 Prevent negative token from causing integer underflow (@jhogervorst)
• bug #63526 Fix Symfony web debug toolbar not being displayed (@zoglo)
• bug #63500 Consider PSR-0/PSR-4 fallback dirs when building paths (@mpdude)
• bug #63533 gracefully handle the kernel.runtime_mode.web parameter missing (@xabbuh)
• bug #63534 Regex bypass when match is false with too big input (@vincent4vx)
• bug #63496 Defer variable and command expansion to account for overrides from subsequent .env files (@nicolas-grekas)
• bug #63506 Fix TypeError when using a custom container base class with typed $parameterBag (@nicolas-grekas)

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

💼 Backend Symfony Developer at Finviu AG
View Symfony jobs →

€35 – €50 / hour - Full remote

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

redirection.io logs all your website’s HTTP traffic, and lets you fix errors with redirect rules in seconds. Give your marketing, SEO and IT teams the right tool to manage your website traffic efficiently!

Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.

JoliCode is a team of passionate developers and open-source lovers, with a strong expertise in PHP & Symfony technologies. They can help you build your projects using state-of-the-art practices.

Symfony 7.4.7 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 7.4.6

• bug #63604 Fix ApplicationTester ignoring interactive and verbosity options when SHELL_VERBOSITY is set (@nicolas-grekas)
• bug #63602 Fix denormalization of magic __set properties (@nicolas-grekas)
• bug #63603 Fix session cookie_lifetime not applied in mock session storage (@nicolas-grekas)
• bug #63598 Add 'sms' to hostless schemes (@hivokas)
• bug #63599 Fix required options check when extending a constraint with a simplified constructor (@nicolas-grekas)
• bug #63592 Add timeout and slot eviction to LockRegistry stampede prevention (@nicolas-grekas)
• bug #63591 Fix when constraint without expression language installed, when using closure expression (@annadamm-check24)
• bug #63589 Fix session data contamination by non-serializable objects in form flow (@nicolas-grekas)
• bug #63570 Fix OUTPUT_RAW corrupting binary content on Windows (@guillaumeVDP)
• bug #63584 Use shell_exec() instead of passthru() in FileBinaryMimeTypeGuesser (@nicolas-grekas)
• bug #63583 Rename schema_subscriber_check table to schema_subscriber_check for Oracle compatibility (@moneire)
• bug #63573 Fix CachingHttpClient compatibility with decorator clients on 304 responses (@nicolas-grekas)
• bug #63574 Fix stale container after reboot in KernelTestCase (@nicolas-grekas)
• bug #63572 Fix duplicate validation errors when ValidatorExtension is instantiated multiple times (@nicolas-grekas)
• bug #63568 Fix Bootstrap 4 horizontal layout broken by form errors moved outside label (@nicolas-grekas)
• bug #63555 Fix int-to-float coercion for JSON # with pre-parsed array data (@eyupcanakman)
• bug #63559 Flush batch handlers after inactivity timeout when worker is busy (@nicolas-grekas)
• bug #63563 Fix StringTypeResolver calling Type::enum() on interfaces extending BackedEnum (@gnutix)
• bug #63547 Fix nullable array constructor parameter overriding collection value type (@nicolas-grekas)
• bug #63523 Fix inline attachments with custom Content-ID (@99Vicky)
• bug #63550 Prevent negative token from causing integer underflow (@jhogervorst)
• bug #63542 Fix resolving class const type (@gharlan)
• bug #63510 fix is/can/has type resolver on method without property (@Guilain)
• bug #63522 Fix SweegoTransport by allowing bool values (@qdequippe)
• bug #63526 Fix Symfony web debug toolbar not being displayed (@zoglo)
• bug #63500 Consider PSR-0/PSR-4 fallback dirs when building paths (@mpdude)
• bug #63508 Handle Stringable for string-typed arguments in CheckTypeDeclarationsPass (@yoeunes)
• bug #63509 Fix missing generator for shared types in self-referencing objects (@mtarld)
• bug #63533 gracefully handle the kernel.runtime_mode.web parameter missing (@xabbuh)
• bug #63534 Regex bypass when match is false with too big input (@vincent4vx)
• bug #63496 Defer variable and command expansion to account for overrides from subsequent .env files (@nicolas-grekas)
• bug #63506 Fix TypeError when using a custom container base class with typed $parameterBag (@nicolas-grekas)

Published in #Releases

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

💼 Symfony Developer at Paystone
View Symfony jobs →

CA$75,000 – CA$100,000 / year - Full remote

Symfony 8.0 is backed by:

PhpStorm is a JetBrains IDE designed specifically for PHP development. Out of the box, PhpStorm provides you with intelligent, feature-rich code editing tailored to every aspect of PHP programming – smart coding assistance, reliable refactorings, instant code navigation, built-in developer tools, PHP framework support, and more.

Sulu is the CMS for Symfony developers. It provides pre-built content-management features while giving developers the freedom to build, deploy, and maintain custom solutions using full-stack Symfony. Sulu is ideal for creating complex websites, integrating external tools, and building custom-built solutions.

Symfony 8.0.7 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 8.0.6

• bug #63604 Fix ApplicationTester ignoring interactive and verbosity options when SHELL_VERBOSITY is set (@nicolas-grekas)
• bug #63602 Fix denormalization of magic __set properties (@nicolas-grekas)
• bug #63603 Fix session cookie_lifetime not applied in mock session storage (@nicolas-grekas)
• bug #63598 Add 'sms' to hostless schemes (@hivokas)
• bug #63599 Fix required options check when extending a constraint with a simplified constructor (@nicolas-grekas)
• bug #63592 Add timeout and slot eviction to LockRegistry stampede prevention (@nicolas-grekas)
• bug #63591 Fix when constraint without expression language installed, when using closure expression (@annadamm-check24)
• bug #63589 Fix session data contamination by non-serializable objects in form flow (@nicolas-grekas)
• bug #63570 Fix OUTPUT_RAW corrupting binary content on Windows (@guillaumeVDP)
• bug #63584 Use shell_exec() instead of passthru() in FileBinaryMimeTypeGuesser (@nicolas-grekas)
• bug #63583 Rename schema_subscriber_check table to schema_subscriber_check for Oracle compatibility (@moneire)
• bug #63573 Fix CachingHttpClient compatibility with decorator clients on 304 responses (@nicolas-grekas)
• bug #63574 Fix stale container after reboot in KernelTestCase (@nicolas-grekas)
• bug #63572 Fix duplicate validation errors when ValidatorExtension is instantiated multiple times (@nicolas-grekas)
• bug #63568 Fix Bootstrap 4 horizontal layout broken by form errors moved outside label (@nicolas-grekas)
• bug #63555 Fix int-to-float coercion for JSON # with pre-parsed array data (@eyupcanakman)
• bug #63559 Flush batch handlers after inactivity timeout when worker is busy (@nicolas-grekas)
• bug #63563 Fix StringTypeResolver calling Type::enum() on interfaces extending BackedEnum (@gnutix)
• bug #63547 Fix nullable array constructor parameter overriding collection value type (@nicolas-grekas)
• bug #63523 Fix inline attachments with custom Content-ID (@99Vicky)
• bug #63550 Prevent negative token from causing integer underflow (@jhogervorst)
• bug #63542 Fix resolving class const type (@gharlan)
• bug #63510 fix is/can/has type resolver on method without property (@Guilain)
• bug #63522 Fix SweegoTransport by allowing bool values (@qdequippe)
• bug #63526 Fix Symfony web debug toolbar not being displayed (@zoglo)
• bug #63500 Consider PSR-0/PSR-4 fallback dirs when building paths (@mpdude)
• bug #63508 Handle Stringable for string-typed arguments in CheckTypeDeclarationsPass (@yoeunes)
• bug #63509 Fix missing generator for shared types in self-referencing objects (@mtarld)
• bug #63533 gracefully handle the kernel.runtime_mode.web parameter missing (@xabbuh)
• bug #63534 Regex bypass when match is false with too big input (@vincent4vx)
• bug #63496 Defer variable and command expansion to account for overrides from subsequent .env files (@nicolas-grekas)
• bug #63506 Fix TypeError when using a custom container base class with typed $parameterBag (@nicolas-grekas)

Published in #Releases

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Symfony 6.4 is backed by:

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.

Symfony 6.4.34 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 6.4.33

• bug #63492 Fix retryAfter when consuming exactly all remaining tokens in FixedWindow and TokenBucket (@ERuban)
• bug #63491 Fix retryAfter when consuming exactly all remaining tokens in SlidingWindow (@ERuban)
• bug #52413 Fix reservations outside the second fixed window (@SanderSander)
• bug #57392 Fix propertyPath in ConstraintViolationListNormalizer with MetadataAwareNameConverter (@antten)
• bug #54236 Fix exclude option being ignored for non-glob and PSR-4 resources (@NeilPeyssard)
• bug #47424 makePathRelative with existing files, remove ending / (Petar Marjanovic)
• bug #52083 Don't use retry routing key when sending to failure transport (Fabien Perroquin)
• bug #63275 Fix re-sending failed messages to a different failure transport (@bartholdbos)
• bug #63473 Fix PriorityTaggedServiceTrait not discovering # on decorated services (@lacatoire)
• bug #63472 Fix Bootstrap 4 form errors rendered inside (@asispts)
• bug #54324 Fix merging POST params and files when collection entries have mismatched indices (@priyadi)
• bug #52722 Fix type error for non-array items when Unique::fields is set (@aprat84)
• bug #54703 Fix default locale ignored when Accept-Language has no enabled-locale match (@karimmorel)
• bug #62681 Make ConfigDebugCommand use its container to resolve env vars (@MatTheCat)
• bug #47432 Fix various completion edge cases (@Seldaek)
• bug #63450 Fix missing resource tracking for type extensions in FormPass (@ranpafin)
• bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
• bug #63460 Implement missing reset() method in TraceableWorkflow (@santysisi)
• bug #63456 Fix validator exception masked by MissingInputException on empty input (@nicolas-grekas)
• bug #63428 Fix handling of constructor enum denormalization errors (@vvaswani)
• bug #63438 ProgressIndicator console helper display with multiple processes (@guillaumeVDP)
• bug #63436 Silence shell_exec warning in hasSttyAvailable (@lacatoire)
• bug #63448 Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (@nicolas-grekas)
• bug #63437 Wrap DoctrineDbalAdapter::doSave() in savepoint to prevent transaction poisoning (@lacatoire)
• bug #63405 Fix passing context option to property-info (@nicolas-grekas)
• bug #63400 Fix memory exhaustion by adding an LRU cache to CssSelectorConverter (@arcangelini)
• bug #63386 Handle invalid backed-enum values gracefully in RequestPayloadValueResolver (@nicolas-grekas)
• bug #63384 fail gracefully when the semaphore config is used but the component is missing (@xabbuh)
• bug #63379 Prevent false unused-env errors for abstract definitions removed at compile time (@nicolas-grekas)
• bug #63344 Prioritize property type over is/has/can accessors (@nicolas-grekas)
• bug #63353 Fix comparison validator crash on extreme dates (@lacatoire)
• bug #63351 Fix SymfonyStyle block output with \r\n line endings (@lacatoire)
• bug #63342 fix union with mixed handling for the legacy PropertyInfo Type (@xabbuh)
• bug #63319 BinaryFileResponse: always return 206 if Range is valid (@Jimbolino)
• bug #63307 Fix stale binding lookup in ResolveBindingsPass error message (@yoeunes)
• bug #63317 Fix JsonManifestVersionStrategy exception on missing manifest in non-strict mode (@claude)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@ckrack)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@ckrack)
• bug #57292 Fix parsing nested mappings in sequences (@HypeMC)
• bug #63306 Revert "Fix DSN auth not passed to clusters in RedisTrait" (@nicolas-grekas)
• bug #63272 Fix forwarding SSL settings to the redis sentinel (@CientistaDaWeb)
• bug #63288 Optimize serialized size of ErrorDetailsStamp (@nicolas-grekas)
• bug #63292 Fix AMQP heartbeat reconnection during in-flight message handling (@wazum)
• bug #63278 Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (@mwijngaard)
• bug #63282 Revert batch processing fix (@HypeMC)
• bug #63259 Fix BrowserKitAssertionsTrait compatibility with HttpBrowser (@thiagomp)
• bug #63281 Treat emoji VS16 as wide in width calc (@fabpot)
• bug #63279 Normalize static methods when they have groups (@digilist)
• bug #62970 Fix hot reload support (FrankenPHP) (@dunglas)
• bug #63271 Respect schema_filter in schema listeners (@wazum)
• bug #63262 Reject invalid paths (@nicolas-grekas)
• bug #58460 Fix destructor throwing while timeout was handled (@Seldaek, @nicolas-grekas)
• bug #63255 Add missing useAttributeAsKey calls (@MatTheCat)
• bug #57561 Fix ignore invalid_reference behavior param for the some services (@Nguyen26052004)
• bug #54304 When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (@ArmCyber)
• bug #63238 Fall back to 0 when getCode() does not provide an integer (@makomweb)
• bug #63239 Fix accessing the test container when using KernelTestCase in non-debug mode (@nicolas-grekas)
• bug #58433 Avoid skipping batch handlers on flush (Erwin Houtsma)
• bug #63234 Fix parsing Target attributes on properties and on controllers (@nicolas-grekas)
• bug #63231 Fix for Crowdin Translation File Replaced with Partial Data When Pushing Default Locale Without --force (@bhdnb)
• bug #63226 Fix calling nack() when ack() fails (@nicolas-grekas)
• bug #63230 fix engine declaration on mysql pdo table creations (@tandev)
• bug #63225 Fix SortableIterator inadvertently and inconsistently deduplicating appended iterators (@nicolas-grekas)

Symfony 7.4 is backed by:

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.

redirection.io logs all your website’s HTTP traffic, and lets you fix errors with redirect rules in seconds. Give your marketing, SEO and IT teams the right tool to manage your website traffic efficiently!

JoliCode is a team of passionate developers and open-source lovers, with a strong expertise in PHP & Symfony technologies. They can help you build your projects using state-of-the-art practices.

Symfony 7.4.6 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 7.4.5

• bug #63492 Fix retryAfter when consuming exactly all remaining tokens in FixedWindow and TokenBucket (@ERuban)
• bug #63491 Fix retryAfter when consuming exactly all remaining tokens in SlidingWindow (@ERuban)
• bug #52413 Fix reservations outside the second fixed window (@SanderSander)
• bug #57392 Fix propertyPath in ConstraintViolationListNormalizer with MetadataAwareNameConverter (@antten)
• bug #54236 Fix exclude option being ignored for non-glob and PSR-4 resources (@NeilPeyssard)
• bug #47424 makePathRelative with existing files, remove ending / (Petar Marjanovic)
• bug #52083 Don't use retry routing key when sending to failure transport (Fabien Perroquin)
• bug #63275 Fix re-sending failed messages to a different failure transport (@bartholdbos)
• bug #63478 Fix ArrayShapeGenerator required keys with deep merging (@lacatoire)
• bug #63476 Correctly handle null allowedVariables in ExpressionSyntaxValidator (@alexandre-daubois)
• bug #63473 Fix PriorityTaggedServiceTrait not discovering # on decorated services (@lacatoire)
• bug #63446 fix nested mapping with class-level transform (Thibaut Cholley)
• bug #63472 Fix Bootstrap 4 form errors rendered inside (@asispts)
• bug #54324 Fix merging POST params and files when collection entries have mismatched indices (@priyadi)
• bug #52722 Fix type error for non-array items when Unique::fields is set (@aprat84)
• bug #54703 Fix default locale ignored when Accept-Language has no enabled-locale match (@karimmorel)
• bug #62681 Make ConfigDebugCommand use its container to resolve env vars (@MatTheCat)
• bug #47432 Fix various completion edge cases (@Seldaek)
• bug #60662 assign attribute aliases to localized route if applicable (@alcohol)
• bug #63463 Fix required options not validated when constructor calls parent with null (@lacatoire)
• bug #63468 Fix webhook rejection by switching to form-encoded request parsing (@nicolas-grekas)
• bug #63450 Fix missing resource tracking for type extensions in FormPass (@ranpafin)
• bug #63435 Fix handling postal transport apikey (@MarcHagen)
• bug #63462 Fix phpstan false-positive about config/reference.php (@nicolas-grekas)
• bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
• bug #63460 Implement missing reset() method in TraceableWorkflow (@santysisi)
• bug #63456 Fix validator exception masked by MissingInputException on empty input (@nicolas-grekas)
• bug #63444 Fix arguments set via # wrongly considered null in profiler (@chalasr)
• bug #63439 Update security-1.0.xsd with missing oauth2 element (@welcoMattic)
• bug #63428 Fix handling of constructor enum denormalization errors (@vvaswani)
• bug #63438 ProgressIndicator console helper display with multiple processes (@guillaumeVDP)
• bug #63436 Silence shell_exec warning in hasSttyAvailable (@lacatoire)
• bug #63448 Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (@nicolas-grekas)
• bug #63437 Wrap DoctrineDbalAdapter::doSave() in savepoint to prevent transaction poisoning (@lacatoire)
• bug #63416 TypeContextFactory::collectTemplates now also works with @phpstan-template and @psalm-template (@TomasLudvik)
• bug #63415 Fix profiling commands that use # (@chalasr)
• bug #63401 Fix constructor parameter type override when property type extractor returns a different type (@nicolas-grekas)
• bug #63405 Fix passing context option to property-info (@nicolas-grekas)
• bug #63400 Fix memory exhaustion by adding an LRU cache to CssSelectorConverter (@arcangelini)
• bug #63391 Align Redis sentinel auth handling across components (@nicolas-grekas)
• bug #62738 Fix template key-type for array (@DjordyKoert)
• bug #63386 Handle invalid backed-enum values gracefully in RequestPayloadValueResolver (@nicolas-grekas)
• bug #63384 fail gracefully when the semaphore config is used but the component is missing (@xabbuh)
• bug #63380 Use mutable datetime columns in Doctrine transport schema (@nicolas-grekas)
• bug #63379 Prevent false unused-env errors for abstract definitions removed at compile time (@nicolas-grekas)
• bug #63375 prioritize property type over is/has/can accessors (@xabbuh)
• bug #63372 Use SYMFONY_DOTENV_PATH variable when dumping dotenv (@Spea)
• bug #63344 Prioritize property type over is/has/can accessors (@nicolas-grekas)
• bug #63368 Fix ProgressBar remaining and estimated placeholder guards (@yoeunes)
• bug #63363 Fix variadic argument handling with # (@nicolas-grekas)
• bug #63353 Fix comparison validator crash on extreme dates (@lacatoire)
• bug #63354 Fix invalid encoding of custom headers in SES API (@lacatoire)
• bug #63349 Fix AbstractComparison deprecation triggered for array values (@lacatoire)
• bug #63351 Fix SymfonyStyle block output with \r\n line endings (@lacatoire)
• bug #63342 fix union with mixed handling for the legacy PropertyInfo Type (@xabbuh)
• bug #59540 Fix support for inline @var docblocks on promoted properties (@wuchen90)
• bug #63247 Skip source mapping attempts when target class condition evaluates to false (@rrajkomar)
• bug #63333 Fix JsonStreamer forward compatibility (@mtarld)
• bug #63264 Also bypass Sender header within MicrosoftGraphApiTransport (@deeky666)
• bug #63330 Fix nested union null type detection in TypeFactoryTrait::union() (@yoeunes)
• bug #63319 BinaryFileResponse: always return 206 if Range is valid (@Jimbolino)
• bug #63329 Fix ArrayShapeType::getExtraValueType() return value (@yoeunes)
• bug #63309 Fix swapped workflow/transition names in WorkflowValidator (@yoeunes)
• bug #63315 Fix EventSource is missing static properties (Oleksii Kozhemiaka)
• bug #63307 Fix stale binding lookup in ResolveBindingsPass error message (@yoeunes)
• bug #63317 Fix JsonManifestVersionStrategy exception on missing manifest in non-strict mode (@claude)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@ckrack)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@ckrack)
• bug #57292 Fix parsing nested mappings in sequences (@HypeMC)
• bug #63294 Fix DateTime handling in union types (@mtarld)
• bug #63305 Fix autoconfiguring controllers using legacy Route annotations as attributes (@nicolas-grekas)
• bug #63306 Revert "Fix DSN auth not passed to clusters in RedisTrait" (@nicolas-grekas)
• bug #63272 Fix forwarding SSL settings to the redis sentinel (@CientistaDaWeb)
• bug #63288 Optimize serialized size of ErrorDetailsStamp (@nicolas-grekas)
• bug #63292 Fix AMQP heartbeat reconnection during in-flight message handling (@wazum)
• bug #63291 Fix composite node provider arguments in stream mode (@mtarld)
• bug #63289 Fix union with mixed handling (@mtarld)
• bug #63278 Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (@mwijngaard)
• bug #63282 Revert batch processing fix (@HypeMC)
• bug #63259 Fix BrowserKitAssertionsTrait compatibility with HttpBrowser (@thiagomp)
• bug #63281 Treat emoji VS16 as wide in width calc (@fabpot)
• bug #63279 Normalize static methods when they have groups (@digilist)
• bug #62970 Fix hot reload support (FrankenPHP) (@dunglas)
• bug #63271 Respect schema_filter in schema listeners (@wazum)
• bug #63235 phpdocumentor/reflection-docblock 6 compatibility (@mtarld)
• bug #63262 Reject invalid paths (@nicolas-grekas)
• bug #58460 Fix destructor throwing while timeout was handled (@Seldaek, @nicolas-grekas)
• bug #63260 Fix handling empty MapUploadedFile arrays (@nicolas-grekas)
• bug #63255 Add missing useAttributeAsKey calls (@MatTheCat)
• bug #57561 Fix ignore invalid_reference behavior param for the some services (@Nguyen26052004)
• bug #54304 When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (@ArmCyber)
• bug #63101 Bypass mapping construction when RedirectController::urlRedirectAction is triggered (@florianorineveu)
• bug #63238 Fall back to 0 when getCode() does not provide an integer (@makomweb)
• bug #63239 Fix accessing the test container when using KernelTestCase in non-debug mode (@nicolas-grekas)
• bug #58433 Avoid skipping batch handlers on flush (Erwin Houtsma)
• bug #63236 Fix clearing the HttpCache store in tests (@nicolas-grekas)
• bug #63234 Fix parsing Target attributes on properties and on controllers (@nicolas-grekas)
• bug #63231 Fix for Crowdin Translation File Replaced with Partial Data When Pushing Default Locale Without --force (@bhdnb)
• bug #63226 Fix calling nack() when ack() fails (@nicolas-grekas)
• bug #63230 fix engine declaration on mysql pdo table creations (@tandev)
• bug #63225 Fix SortableIterator inadvertently and inconsistently deduplicating appended iterators (@nicolas-grekas)

Symfony 8.0 is backed by:

Sulu is the CMS for Symfony developers. It provides pre-built content-management features while giving developers the freedom to build, deploy, and maintain custom solutions using full-stack Symfony. Sulu is ideal for creating complex websites, integrating external tools, and building custom-built solutions.

PhpStorm is a JetBrains IDE designed specifically for PHP development. Out of the box, PhpStorm provides you with intelligent, feature-rich code editing tailored to every aspect of PHP programming – smart coding assistance, reliable refactorings, instant code navigation, built-in developer tools, PHP framework support, and more.

Symfony 8.0.6 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 8.0.5

• bug #63492 Fix retryAfter when consuming exactly all remaining tokens in FixedWindow and TokenBucket (@ERuban)
• bug #63491 Fix retryAfter when consuming exactly all remaining tokens in SlidingWindow (@ERuban)
• bug #52413 Fix reservations outside the second fixed window (@SanderSander)
• bug #57392 Fix propertyPath in ConstraintViolationListNormalizer with MetadataAwareNameConverter (@antten)
• bug #54236 Fix exclude option being ignored for non-glob and PSR-4 resources (@NeilPeyssard)
• bug #47424 makePathRelative with existing files, remove ending / (Petar Marjanovic)
• bug #52083 Don't use retry routing key when sending to failure transport (Fabien Perroquin)
• bug #63275 Fix re-sending failed messages to a different failure transport (@bartholdbos)
• bug #63478 Fix ArrayShapeGenerator required keys with deep merging (@lacatoire)
• bug #63476 Correctly handle null allowedVariables in ExpressionSyntaxValidator (@alexandre-daubois)
• bug #63473 Fix PriorityTaggedServiceTrait not discovering # on decorated services (@lacatoire)
• bug #63446 fix nested mapping with class-level transform (Thibaut Cholley)
• bug #63472 Fix Bootstrap 4 form errors rendered inside (@asispts)
• bug #54324 Fix merging POST params and files when collection entries have mismatched indices (@priyadi)
• bug #52722 Fix type error for non-array items when Unique::fields is set (@aprat84)
• bug #54703 Fix default locale ignored when Accept-Language has no enabled-locale match (@karimmorel)
• bug #62681 Make ConfigDebugCommand use its container to resolve env vars (@MatTheCat)
• bug #47432 Fix various completion edge cases (@Seldaek)
• bug #60662 assign attribute aliases to localized route if applicable (@alcohol)
• bug #63463 Fix required options not validated when constructor calls parent with null (@lacatoire)
• bug #63468 Fix webhook rejection by switching to form-encoded request parsing (@nicolas-grekas)
• bug #63450 Fix missing resource tracking for type extensions in FormPass (@ranpafin)
• bug #63435 Fix handling postal transport apikey (@MarcHagen)
• bug #63462 Fix phpstan false-positive about config/reference.php (@nicolas-grekas)
• bug #63454 Fix lazy firewall triggering remember me authentication on POST requests to public routes (@nicolas-grekas)
• bug #63460 Implement missing reset() method in TraceableWorkflow (@santysisi)
• bug #63456 Fix validator exception masked by MissingInputException on empty input (@nicolas-grekas)
• bug #63444 Fix arguments set via # wrongly considered null in profiler (@chalasr)
• bug #63439 Update security-1.0.xsd with missing oauth2 element (@welcoMattic)
• bug #63428 Fix handling of constructor enum denormalization errors (@vvaswani)
• bug #63438 ProgressIndicator console helper display with multiple processes (@guillaumeVDP)
• bug #63436 Silence shell_exec warning in hasSttyAvailable (@lacatoire)
• bug #63448 Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (@nicolas-grekas)
• bug #63437 Wrap DoctrineDbalAdapter::doSave() in savepoint to prevent transaction poisoning (@lacatoire)
• bug #63416 TypeContextFactory::collectTemplates now also works with @phpstan-template and @psalm-template (@TomasLudvik)
• bug #63415 Fix profiling commands that use # (@chalasr)
• bug #63401 Fix constructor parameter type override when property type extractor returns a different type (@nicolas-grekas)
• bug #63405 Fix passing context option to property-info (@nicolas-grekas)
• bug #63400 Fix memory exhaustion by adding an LRU cache to CssSelectorConverter (@arcangelini)
• bug #63391 Align Redis sentinel auth handling across components (@nicolas-grekas)
• bug #62738 Fix template key-type for array (@DjordyKoert)
• bug #63386 Handle invalid backed-enum values gracefully in RequestPayloadValueResolver (@nicolas-grekas)
• bug #63384 fail gracefully when the semaphore config is used but the component is missing (@xabbuh)
• bug #63380 Use mutable datetime columns in Doctrine transport schema (@nicolas-grekas)
• bug #63379 Prevent false unused-env errors for abstract definitions removed at compile time (@nicolas-grekas)
• bug #63375 prioritize property type over is/has/can accessors (@xabbuh)
• bug #63372 Use SYMFONY_DOTENV_PATH variable when dumping dotenv (@Spea)
• bug #63344 Prioritize property type over is/has/can accessors (@nicolas-grekas)
• bug #63368 Fix ProgressBar remaining and estimated placeholder guards (@yoeunes)
• bug #63363 Fix variadic argument handling with # (@nicolas-grekas)
• bug #63353 Fix comparison validator crash on extreme dates (@lacatoire)
• bug #63354 Fix invalid encoding of custom headers in SES API (@lacatoire)
• bug #63349 Fix AbstractComparison deprecation triggered for array values (@lacatoire)
• bug #63351 Fix SymfonyStyle block output with \r\n line endings (@lacatoire)
• bug #63342 fix union with mixed handling for the legacy PropertyInfo Type (@xabbuh)
• bug #59540 Fix support for inline @var docblocks on promoted properties (@wuchen90)
• bug #63247 Skip source mapping attempts when target class condition evaluates to false (@rrajkomar)
• bug #63333 Fix JsonStreamer forward compatibility (@mtarld)
• bug #63264 Also bypass Sender header within MicrosoftGraphApiTransport (@deeky666)
• bug #63330 Fix nested union null type detection in TypeFactoryTrait::union() (@yoeunes)
• bug #63319 BinaryFileResponse: always return 206 if Range is valid (@Jimbolino)
• bug #63329 Fix ArrayShapeType::getExtraValueType() return value (@yoeunes)
• bug #63309 Fix swapped workflow/transition names in WorkflowValidator (@yoeunes)
• bug #63315 Fix EventSource is missing static properties (Oleksii Kozhemiaka)
• bug #63307 Fix stale binding lookup in ResolveBindingsPass error message (@yoeunes)
• bug #63317 Fix JsonManifestVersionStrategy exception on missing manifest in non-strict mode (@claude)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@ckrack)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@ckrack)
• bug #57292 Fix parsing nested mappings in sequences (@HypeMC)
• bug #63294 Fix DateTime handling in union types (@mtarld)
• bug #63305 Fix autoconfiguring controllers using legacy Route annotations as attributes (@nicolas-grekas)
• bug #63306 Revert "Fix DSN auth not passed to clusters in RedisTrait" (@nicolas-grekas)
• bug #63272 Fix forwarding SSL settings to the redis sentinel (@CientistaDaWeb)
• bug #63288 Optimize serialized size of ErrorDetailsStamp (@nicolas-grekas)
• bug #63292 Fix AMQP heartbeat reconnection during in-flight message handling (@wazum)
• bug #63291 Fix composite node provider arguments in stream mode (@mtarld)
• bug #63289 Fix union with mixed handling (@mtarld)
• bug #63278 Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (@mwijngaard)
• bug #63282 Revert batch processing fix (@HypeMC)
• bug #63259 Fix BrowserKitAssertionsTrait compatibility with HttpBrowser (@thiagomp)
• bug #63281 Treat emoji VS16 as wide in width calc (@fabpot)
• bug #63279 Normalize static methods when they have groups (@digilist)
• bug #62970 Fix hot reload support (FrankenPHP) (@dunglas)
• bug #63271 Respect schema_filter in schema listeners (@wazum)
• bug #63235 phpdocumentor/reflection-docblock 6 compatibility (@mtarld)
• bug #63262 Reject invalid paths (@nicolas-grekas)
• bug #58460 Fix destructor throwing while timeout was handled (@Seldaek, @nicolas-grekas)
• bug #63260 Fix handling empty MapUploadedFile arrays (@nicolas-grekas)
• bug #63255 Add missing useAttributeAsKey calls (@MatTheCat)
• bug #57561 Fix ignore invalid_reference behavior param for the some services (@Nguyen26052004)
• bug #54304 When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (@ArmCyber)
• bug #63101 Bypass mapping construction when RedirectController::urlRedirectAction is triggered (@florianorineveu)
• bug #63238 Fall back to 0 when getCode() does not provide an integer (@makomweb)
• bug #63239 Fix accessing the test container when using KernelTestCase in non-debug mode (@nicolas-grekas)
• bug #58433 Avoid skipping batch handlers on flush (Erwin Houtsma)
• bug #63236 Fix clearing the HttpCache store in tests (@nicolas-grekas)
• bug #63234 Fix parsing Target attributes on properties and on controllers (@nicolas-grekas)
• bug #63231 Fix for Crowdin Translation File Replaced with Partial Data When Pushing Default Locale Without --force (@bhdnb)
• bug #63226 Fix calling nack() when ack() fails (@nicolas-grekas)
• bug #63230 fix engine declaration on mysql pdo table creations (@tandev)
• bug #63225 Fix SortableIterator inadvertently and inconsistently deduplicating appended iterators (@nicolas-grekas)

Symfony 6.4 is backed by:

Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

Symfony 6.4.33 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 6.4.32

• bug #63212 Fix dealing with truncated streams after headers arrived with CurlHttpClient (nicolas-grekas)
• bug #63208 Fix DocBlock resolution for inherited promoted properties (yoeunes)
• bug #63170 Persist state when consuming negative tokens (jhogervorst)
• bug #63137 Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (samy-mahmoudi)
• bug #63211 Fix dealing with multiple levels of AsyncResponse decoration (nicolas-grekas)
• bug #63202 Only send UNLISTEN query if we are actively listening (jwage)
• security #cve-2026-24739 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63204 Fix resolution of self/parent types in inherited DocBlocks (yoeunes)
• bug #63195 Clean http_cache dir in KernelTestCase::ensureKernelShutdown() (nicolas-grekas)
• bug #63164 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63192 Fix appending empty iterators (nicolas-grekas)
• bug #63193 Conflict with phpdocumentor/reflection-docblock >= 6 (branch 6.4 only) (nicolas-grekas)
• bug #63191 Apply # to the right metadata (@VincentLanglet)

Published in

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

💼 Symfony Developer at ongoing.ch
View Symfony jobs →

€80,000 – €120,000 / year - Remote + part-time onsite (Zug, Switzerland)

Symfony 7.3 is backed by:

Les-Tilleuls.coop is a team of 70+ Symfony experts who can help you design, develop and fix your projects. We provide a wide range of professional services including development, consulting, coaching, training and audits. We also are highly skilled in JS, Go and DevOps. We are a worker cooperative!

Warning: Symfony 7.3 is no longer supported. Consider upgrading your applications to the most recent Symfony version.

Symfony 7.3.11 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 7.3.10

• bug #63213 Fix lazy proxy type resolution for decorated services (nicolas-grekas)
• bug #63212 Fix dealing with truncated streams after headers arrived with CurlHttpClient (nicolas-grekas)
• bug #63208 Fix DocBlock resolution for inherited promoted properties (yoeunes)
• bug #63170 Persist state when consuming negative tokens (jhogervorst)
• bug #63137 Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (samy-mahmoudi)
• bug #63211 Fix dealing with multiple levels of AsyncResponse decoration (nicolas-grekas)
• bug #63202 Only send UNLISTEN query if we are actively listening (jwage)
• security #cve-2026-24739 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63206 Conflict with phpdocumentor/reflection-docblock >= 6 (all branches) (nicolas-grekas)
• bug #63204 Fix resolution of self/parent types in inherited DocBlocks (yoeunes)
• bug #63195 Clean http_cache dir in KernelTestCase::ensureKernelShutdown() (nicolas-grekas)
• bug #63164 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63192 Fix appending empty iterators (nicolas-grekas)
• bug #63193 Conflict with phpdocumentor/reflection-docblock >= 6 (branch 6.4 only) (nicolas-grekas)
• bug #63191 Apply # to the right metadata (@VincentLanglet)

Published in Releases

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

💼 Symfony Developer at ongoing.ch
View Symfony jobs →

€80,000 – €120,000 / year - Remote + part-time onsite (Zug, Switzerland)

Symfony 7.4 is backed by:

Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.

JoliCode is a team of passionate developers and open-source lovers, with a strong expertise in PHP & Symfony technologies. They can help you build your projects using state-of-the-art practices.

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.

redirection.io logs all your website’s HTTP traffic, and lets you fix errors with redirect rules in seconds. Give your marketing, SEO and IT teams the right tool to manage your website traffic efficiently!

Symfony 7.4.5 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 7.4.4

• bug #63213 Fix lazy proxy type resolution for decorated services (nicolas-grekas)
• bug #63212 Fix dealing with truncated streams after headers arrived with CurlHttpClient (nicolas-grekas)
• bug #63208 Fix DocBlock resolution for inherited promoted properties (yoeunes)
• bug #63170 Persist state when consuming negative tokens (jhogervorst)
• bug #63137 Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (samy-mahmoudi)
• bug #63211 Fix dealing with multiple levels of AsyncResponse decoration (nicolas-grekas)
• bug #63202 Only send UNLISTEN query if we are actively listening (jwage)
• security #cve-2026-24739 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63206 Conflict with phpdocumentor/reflection-docblock >= 6 (all branches) (nicolas-grekas)
• bug #63204 Fix resolution of self/parent types in inherited DocBlocks (yoeunes)
• bug #63141 apply conditions to constructor arguments (soyuka)
• bug #63195 Clean http_cache dir in KernelTestCase::ensureKernelShutdown() (nicolas-grekas)
• bug #63164 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63192 Fix appending empty iterators (nicolas-grekas)
• bug #63193 Conflict with phpdocumentor/reflection-docblock >= 6 (branch 6.4 only) (nicolas-grekas)
• bug #63191 Apply # to the right metadata (@VincentLanglet)

Published in #Releases

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Symfony 8.0 is backed by:

Sulu is the CMS for Symfony developers. It provides pre-built content-management features while giving developers the freedom to build, deploy, and maintain custom solutions using full-stack Symfony. Sulu is ideal for creating complex websites, integrating external tools, and building custom-built solutions.

PhpStorm is a JetBrains IDE designed specifically for PHP development. Out of the box, PhpStorm provides you with intelligent, feature-rich code editing tailored to every aspect of PHP programming – smart coding assistance, reliable refactorings, instant code navigation, built-in developer tools, PHP framework support, and more.

Symfony 8.0.5 has just been released.

Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.

Changelog Since Symfony 8.0.4

• bug #63213 Fix lazy proxy type resolution for decorated services (nicolas-grekas)
• bug #63212 Fix dealing with truncated streams after headers arrived with CurlHttpClient (nicolas-grekas)
• bug #63208 Fix DocBlock resolution for inherited promoted properties (yoeunes)
• bug #63170 Persist state when consuming negative tokens (jhogervorst)
• bug #63137 Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (samy-mahmoudi)
• bug #63211 Fix dealing with multiple levels of AsyncResponse decoration (nicolas-grekas)
• bug #63202 Only send UNLISTEN query if we are actively listening (jwage)
• security #cve-2026-24739 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63206 Conflict with phpdocumentor/reflection-docblock >= 6 (all branches) (nicolas-grekas)
• bug #63204 Fix resolution of self/parent types in inherited DocBlocks (yoeunes)
• bug #63141 apply conditions to constructor arguments (soyuka)
• bug #63195 Clean http_cache dir in KernelTestCase::ensureKernelShutdown() (nicolas-grekas)
• bug #63164 Fix escaping for MSYS on Windows (nicolas-grekas)
• bug #63192 Fix appending empty iterators (nicolas-grekas)
• bug #63193 Conflict with phpdocumentor/reflection-docblock >= 6 (branch 6.4 only) (nicolas-grekas)
• bug #63191 Apply # to the right metadata (@VincentLanglet)

Published in #Releases

❤️
Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

💼 Lead Symfony Developer at Gravitiq
View Symfony jobs →

$3,000 – $5,000 / month - Full remote