5.3.1 (2019-06-14)
Overview of merged pull requests
TASK: Tweak dev dependencies
See https://github.com/neos/flow-development-collection/pull/1584
BUGFIX: Avoid error in Debugger::findProxyAndShortFilePath()
If $file points to eval’d code, the @file(…) code does not return an array, leading to count() being called on an incompatible value.
Packages:
Flow
TASK: Fix formatting of note
Related to #1587
Packages:
Flow
BUGFIX: Flow CLI command warns of mismatching php version
If Flow builds a PHP command for a subrequest, it uses the system default if nothing else is configured. With this change, we avoid Flow executing that request if it isn’t explicitly configured to use that same PHP version internally too. This should avoid some errors especially in shared hosting scenarios for less experienced users.
Packages:
Flow
BUGFIX: Avoid problem loading files in SimpleXML
Workaround for https://bugs.php.net/bug.php?id=62577
Fixes #1598
BUGFIX: Fix InvalidControllerException is never thrown
IDE complained that a InvalidControllerException is never thrown in the corresponding try-catch-block and i think thats right. Instead there is a InvalidRoutePartValueException thrown in Route:resolves() that should be caught.
Packages:
Flow
BUGFIX: Fix TypeError if subpackage is empty
Sorry, found another one…
if subpackage is empty RoutingCommandController:getControllerObjectName() should be called with an empty string for the subPackageKey argument. Otherwise an TypeError is thrown because the argument is not nullable.
Packages:
Flow
TASK: Synchronise .travis.yml with Neos
Backport of bcab2bb4fbea62f3ba7bfddc5bd4f22ab4d96675 to fix builds on 4.3 that use wrong DB in mysql setups and fail https://travis-ci.org/neos/flow-development-collection/builds/536249389
BUGFIX: Return type hint should reflect nullable
If no controller could be found for the given arguments RoutingCommandController:getControllerObjectName() returns null. The return type hint should reflect that to avoid a TypeError.
Packages:
Flow
TASK: Add section for configuration of trusted proxies in container
Adds a small note that mentions having to configure the trusted proxies in ddev and similar environments. Also explains that Flow therefore trusts all proxies by default in Development context.
Depends on #1586
Packages:
Flow
TASK: Translator uses locale chain
This change makes getTranslationById and getTranslationByOriginalLabel use the configured locale chain.
This is an updated version of #327 and #328. Please see the discussions there. May be retargeted on master.
Packages:
Flow
TASK: Restrict allowed classes in unserialize call
Packages:
Flow
BUGFIX: Remove Doctrine from require-dev
It’s already a require, so the duplication just causes problems, when the versions don’t match any more (as they do in current master).
BUGFIX: Use source as target if target-language is empty in XLIFF
The target element in XLIFF is optional, and even though we recommend in the documentation to set it, most people omit the target for “source” XLIFF files (i.e. having english content and target-language being unset).
For these cases the XliffParser now reads the source element content into the target element. This makes the fallback rules work for individual translations and not only full XLIFF files.
In other words: when a new string is added to a source catalog, it will be used as is even when no translation is available – instead of simply the id being output.
Packages:
Flow
BUGFIX: Avoid PHP exception in NamespaceDetectionTemplateProcessor
Add error checking when splitting on shorthand syntax.
See https://github.com/neos/neos-development-collection/pull/2484 Related to https://github.com/neos/neos-development-collection/issues/2479
Packages:
Flow
FluidAdaptor
TASK: Fix name of index on PersistentResource.sha1
The name IDX_35DC14F03332102A is different from what Doctrine does auto-generate, but needs to be used due to BC reasons with existing migrations.
See https://github.com/neos/neos-development-collection/issues/2475
Packages:
Flow
[SECURITY] Avoid OpenSSL padding oracle attacks
This avoids OpenSSL Padding Oracle Information Disclosure by allowing to specify the padding algorithm used in the RSA wallet service.
Most probably you are not even affected, since only OpenSSL 1.0.1t and 1.0.2h are vulnerable, but better safe than sorry.
The padding algorithm default is changed to OPENSSL_PKCS1_OAEP_PADDING, but a fallback decryption is in place for all data that was encrypted with the previously unsafe padding algorithm. Therefore you should migrate all your existing encrypted data, by running it through decryptWithPrivateKey and then again through encryptWithPublicKey ONCE.
Fixes #1566
BUGFIX: Fix log environment in logging aspects
As the ‘FLOW_LOG_ENVIRONMENT’ => [] level was missing in the log data, the log environment data was not set correctly and written to the log by the file writer.
Packages:
Flow
BUGFIX: Avoid type error when a non taggable cache backend gets flushed by tag
The typehint of the flushByTag method expected an int return type, but the method inside the AbstractFrontend returned void when a non taggable backend was flushed. This was the case for a SimpleFileBackend for example and led to an error.
Packages:
Cache
Flow
TASK: Better naming for include and exclude paths/patterns
Get rid of wording “blacklist”/”whitelist” because there’s better terms. Should have been named like this from the start. I’m to blame.
Packages:
Flow
BUGFIX: Fix package:create and derived commands when private packagist is used
When private packagist is used the following setting isn added to the repositories section of the composer.json:
``` repositories: [
- {
“packagist.org”: false
}
]
This caused an error because the package:create command tried to access the undefined type property of each defined repository.
This change simply checks for the existence of the type key before acessing it.
#fixes https://github.com/neos/neos-development-collection/issues/2448
Packages:
Flow
TASK: Update release notes
Packages:
Flow