74 lines
3.3 KiB
Markdown
74 lines
3.3 KiB
Markdown
CHANGELOG
|
|
=========
|
|
|
|
7.1
|
|
---
|
|
|
|
* Add `#[IsCsrfTokenValid]` attribute
|
|
* Add CAS 2.0 access token handler
|
|
* Make empty username or empty password on form login attempts return Bad Request (400)
|
|
|
|
7.0
|
|
---
|
|
|
|
* Add argument `$badgeFqcn` to `Passport::addBadge()`
|
|
* Add argument `$lifetime` to `LoginLinkHandlerInterface::createLoginLink()`
|
|
* Throw when calling the constructor of `DefaultLoginRateLimiter` with an empty secret
|
|
|
|
6.4
|
|
---
|
|
|
|
* `UserValueResolver` no longer implements `ArgumentValueResolverInterface`
|
|
* Deprecate calling the constructor of `DefaultLoginRateLimiter` with an empty secret
|
|
|
|
6.3
|
|
---
|
|
|
|
* Add `RememberMeBadge` to `JsonLoginAuthenticator` and enable reading parameter in JSON request body
|
|
* Add argument `$exceptionCode` to `#[IsGranted]`
|
|
* Deprecate passing a secret as the 2nd argument to the constructor of `Symfony\Component\Security\Http\RememberMe\PersistentRememberMeHandler`
|
|
* Add `OidcUserInfoTokenHandler` and `OidcTokenHandler` with OIDC support for `AccessTokenAuthenticator`
|
|
* Add `attributes` optional array argument in `UserBadge`
|
|
* Call `UserBadge::userLoader` with attributes if the argument is set
|
|
* Allow to override badge fqcn on `Passport::addBadge`
|
|
* Add `SecurityTokenValueResolver` to inject token as controller argument
|
|
|
|
6.2
|
|
---
|
|
|
|
* Add maximum username length enforcement of 4096 characters in `UserBadge`
|
|
* Add `#[IsGranted()]`
|
|
* Deprecate empty username or password when using when using `JsonLoginAuthenticator`
|
|
* Set custom lifetime for login link
|
|
* Add `$lifetime` parameter to `LoginLinkHandlerInterface::createLoginLink()`
|
|
* Add RFC6750 Access Token support to allow token-based authentication
|
|
* Allow using expressions as `#[IsGranted()]` attribute and subject
|
|
|
|
6.0
|
|
---
|
|
|
|
* Remove `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead
|
|
* Remove `CookieClearingLogoutHandler`, `SessionLogoutHandler` and `CsrfTokenClearingLogoutHandler`.
|
|
Use `CookieClearingLogoutListener`, `SessionLogoutListener` and `CsrfTokenClearingLogoutListener` instead
|
|
|
|
5.4
|
|
---
|
|
|
|
* Deprecate the `$authenticationEntryPoint` argument of `ChannelListener`, and add `$httpPort` and `$httpsPort` arguments
|
|
* Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener`
|
|
* Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator`
|
|
and `HttpBasicAuthenticator` should be used instead
|
|
* Deprecate `AbstractRememberMeServices`, `PersistentTokenBasedRememberMeServices`, `RememberMeServicesInterface`,
|
|
`TokenBasedRememberMeServices`, use the remember me handler alternatives instead
|
|
* Deprecate the `$authManager` argument of `AccessListener`
|
|
* Deprecate not setting the `$exceptionOnNoToken` argument of `AccessListener` to `false`
|
|
* Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead
|
|
* Deprecate `CookieClearingLogoutHandler`, `SessionLogoutHandler` and `CsrfTokenClearingLogoutHandler`.
|
|
Use `CookieClearingLogoutListener`, `SessionLogoutListener` and `CsrfTokenClearingLogoutListener` instead
|
|
* Deprecate `PassportInterface`, `UserPassportInterface` and `PassportTrait`, use `Passport` instead
|
|
|
|
5.3
|
|
---
|
|
|
|
The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md
|