- Removed
RemoteJsonManifestVersionStrategy
, useJsonManifestVersionStrategy
instead.
- Remove
UserLoaderInterface::loadUserByUsername()
in favor ofUserLoaderInterface::loadUserByIdentifier()
- Remove
DoctrineProvider
andDoctrineAdapter
because these classes have been added to thedoctrine/cache
package PdoAdapter
does not acceptDoctrine\DBAL\Connection
or DBAL URL. Use the newDoctrineDbalAdapter
instead
- The signature of method
NodeDefinition::setDeprecated()
has been updated toNodeDefinition::setDeprecation(string $package, string $version, string $message)
. - The signature of method
BaseNode::setDeprecated()
has been updated toBaseNode::setDeprecation(string $package, string $version, string $message)
. - Passing a null message to
BaseNode::setDeprecated()
to un-deprecate a node is not supported anymore. - Removed
BaseNode::getDeprecationMessage()
, useBaseNode::getDeprecation()
instead.
Command::setHidden()
has a default value (true
) for$hidden
parameter- Remove
Helper::strlen()
, useHelper::width()
instead. - Remove
Helper::strlenWithoutDecoration()
, useHelper::removeDecoration()
instead. - Remove
HelperSet::setCommand()
andgetCommand()
without replacement
- The signature of method
Definition::setDeprecated()
has been updated toDefinition::setDeprecation(string $package, string $version, string $message)
. - The signature of method
Alias::setDeprecated()
has been updated toAlias::setDeprecation(string $package, string $version, string $message)
. - The signature of method
DeprecateTrait::deprecate()
has been updated toDeprecateTrait::deprecation(string $package, string $version, string $message)
. - Removed the
Psr\Container\ContainerInterface
andSymfony\Component\DependencyInjection\ContainerInterface
aliases of theservice_container
service, configure them explicitly instead. - Removed
Definition::getDeprecationMessage()
, useDefinition::getDeprecation()
instead. - Removed
Alias::getDeprecationMessage()
, useAlias::getDeprecation()
instead. - The
inline()
function from the PHP-DSL has been removed, useinline_service()
instead. - The
ref()
function from the PHP-DSL has been removed, useservice()
instead. - Removed
Definition::setPrivate()
andAlias::setPrivate()
, usesetPublic()
instead
- Removed the
parents()
method, useancestors()
instead.
- Removed argument
$usePutenv
from Dotenv's constructor, useDotenv::usePutenv()
instead.
- Removed
LegacyEventDispatcherProxy
. Use the event dispatcher without the proxy.
- Remove
Comparator::setTarget()
andComparator::setOperator()
- The
$target
parameter ofComparator::__construct()
is now mandatory
FormErrorIterator::children()
throws an exception if the current element is not iterable.- The default value of the
rounding_mode
option of thePercentType
has been changed to\NumberFormatter::ROUND_HALFUP
. - The default rounding mode of the
PercentToLocalizedStringTransformer
has been changed to\NumberFormatter::ROUND_HALFUP
. - Added the
getIsEmptyCallback()
method to theFormConfigInterface
. - Added the
setIsEmptyCallback()
method to theFormConfigBuilderInterface
. - Added argument
callable|null $filter
toChoiceListFactoryInterface::createListFromChoices()
andcreateListFromLoader()
. - The
Symfony\Component\Form\Extension\Validator\Util\ServerParams
class has been removed, use its parentSymfony\Component\Form\Util\ServerParams
instead. - The
NumberToLocalizedStringTransformer::ROUND_*
constants have been removed, use\NumberFormatter::ROUND_*
instead. - Removed
PropertyPathMapper
in favor ofDataMapper
andPropertyPathAccessor
. - Changed
$forms
parameter type of theDataMapper::mapDataToForms()
method fromiterable
to\Traversable
. - Changed
$forms
parameter type of theDataMapper::mapFormsToData()
method fromiterable
to\Traversable
. - Changed
$checkboxes
parameter type of theCheckboxListMapper::mapDataToForms()
method fromiterable
to\Traversable
. - Changed
$checkboxes
parameter type of theCheckboxListMapper::mapFormsToData()
method fromiterable
to\Traversable
. - Changed
$radios
parameter type of theRadioListMapper::mapDataToForms()
method fromiterable
to\Traversable
. - Changed
$radios
parameter type of theRadioListMapper::mapFormsToData()
method fromiterable
to\Traversable
.
- Remove the
framework.translator.enabled_locales
config option, useframework.enabled_locales
instead - Remove the
session.storage
alias andsession.storage.*
services, use thesession.storage.factory
alias andsession.storage.factory.*
services instead - Remove
framework.session.storage_id
configuration option, use theframework.session.storage_factory_id
configuration option instead - Remove the
session
service and theSessionInterface
alias, use the\Symfony\Component\HttpFoundation\Request::getSession()
or the new\Symfony\Component\HttpFoundation\RequestStack::getSession()
methods instead MicroKernelTrait::configureRoutes()
is now always called with aRoutingConfigurator
- The "framework.router.utf8" configuration option defaults to
true
- Removed
session.attribute_bag
service andsession.flash_bag
service. - The
form.factory
,form.type.file
,profiler
,translator
,security.csrf.token_manager
,serializer
,cache_clearer
,filesystem
andvalidator
services are now private. - Removed the
lock.RESOURCE_NAME
andlock.RESOURCE_NAME.store
services and thelock
,LockInterface
,lock.store
andPersistingStoreInterface
aliases, uselock.RESOURCE_NAME.factory
,lock.factory
orLockFactory
instead. - Remove the
KernelTestCase::$container
property, useKernelTestCase::getContainer()
instead - Registered workflow services are now private
- Remove option
--xliff-version
of thetranslation:update
command, use e.g.--output-format=xlf20
instead - Remove option
--output-format
of thetranslation:update
command, use e.g.--output-format=xlf20
instead - Remove the
AdapterInterface
autowiring alias, useCacheItemPoolInterface
instead - Remove
get()
,has()
,getDoctrine()
, anddispatchMessage()
inAbstractController
, use method/constructor injection instead - Deprecate the
cache.adapter.doctrine
service: The Doctrine Cache library is deprecated. Either switch to Symfony Cache or use the PSR-6 adapters provided by Doctrine Cache.
- Remove the
NamespacedAttributeBag
class - Removed
Response::create()
,JsonResponse::create()
,RedirectResponse::create()
,StreamedResponse::create()
andBinaryFileResponse::create()
methods (use__construct()
instead) - Not passing a
Closure
together withFILTER_CALLBACK
toParameterBag::filter()
throws anInvalidArgumentException
; wrap your filter in a closure instead. - Removed the
Request::HEADER_X_FORWARDED_ALL
constant, use eitherRequest::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO
orRequest::HEADER_X_FORWARDED_AWS_ELB
orRequest::HEADER_X_FORWARDED_TRAEFIK
constants instead. - Rename
RequestStack::getMasterRequest()
togetMainRequest()
- Remove
ArgumentInterface
- Remove
ArgumentMetadata::getAttribute()
, usegetAttributes()
instead - Make
WarmableInterface::warmUp()
return a list of classes or files to preload on PHP 7.4+ - Remove support for
service:action
syntax to reference controllers. UseserviceOrFqcn::method
instead. - Remove support for returning a
ContainerBuilder
fromKernelInterface::registerContainerConfiguration()
- Rename
HttpKernelInterface::MASTER_REQUEST
toMAIN_REQUEST
- Rename
KernelEvent::isMasterRequest()
toisMainRequest()
- The component has been removed, use
EnglishInflector
from the String component instead.
- Removed the
NotSupportedException
. It shouldn't be thrown anymore. - Removed the
RetryTillSaveStore
. Logic has been moved inLock
and is not needed anymore. - Removed usage of
PdoStore
with aDoctrine\DBAL\Connection
or a DBAL url, use the newDoctrineDbalStore
instead - Removed usage of
PostgreSqlStore
with aDoctrine\DBAL\Connection
or a DBAL url, use the newDoctrineDbalPostgreSqlStore
instead
- Removed the
SesApiTransport
class. UseSesApiAsyncAwsTransport
instead. - Removed the
SesHttpTransport
class. UseSesHttpAsyncAwsTransport
instead.
- Removed AmqpExt transport. Run
composer require symfony/amqp-messenger
to keep the transport in your application. - Removed Doctrine transport. Run
composer require symfony/doctrine-messenger
to keep the transport in your application. - Removed RedisExt transport. Run
composer require symfony/redis-messenger
to keep the transport in your application. - Use of invalid options in Redis and AMQP connections now throws an error.
- The signature of method
RetryStrategyInterface::isRetryable()
has been updated toRetryStrategyInterface::isRetryable(Envelope $message, \Throwable $throwable = null)
. - The signature of method
RetryStrategyInterface::getWaitingTime()
has been updated toRetryStrategyInterface::getWaitingTime(Envelope $message, \Throwable $throwable = null)
. - Removed the
prefetch_count
parameter in the AMQP bridge. - Removed the use of TLS option for Redis Bridge, use
rediss://127.0.0.1
instead ofredis://127.0.0.1?tls=1
- The
delete_after_ack
config option of the Redis transport now defaults totrue
- The
reset_on_message
config option now defaults totrue
- Removed
Address::fromString()
, useAddress::create()
instead
- The
$actionLevel
constructor argument ofSymfony\Bridge\Monolog\Handler\FingersCrossed\NotFoundActivationStrategy
has been replaced by the$inner
one which expects an ActivationStrategyInterface to decorate instead.Symfony\Bridge\Monolog\Handler\FingersCrossed\NotFoundActivationStrategy
is now final. - The
$actionLevel
constructor argument ofSymfony\Bridge\Monolog\Handler\FingersCrossed\HttpCodeActivationStrategy
has been replaced by the$inner
one which expects an ActivationStrategyInterface to decorate instead.Symfony\Bridge\Monolog\Handler\FingersCrossed\HttpCodeActivationStrategy
is now final. - Remove
ResetLoggersWorkerSubscriber
in favor of "reset_on_message" option in messenger configuration
- Remove
SlackOptions::channel()
, useSlackOptions::recipient()
instead.
- The signature of method
OptionsResolver::setDeprecated()
has been updated toOptionsResolver::setDeprecated(string $option, string $package, string $version, $message)
. - Removed
OptionsResolverIntrospector::getDeprecationMessage()
, useOptionsResolverIntrospector::getDeprecation()
instead.
- Removed support for
@expectedDeprecation
annotations, use theExpectDeprecationTrait::expectDeprecation()
method instead. - Removed the
SetUpTearDownTrait
trait, use original methods with "void" return typehint.
- Drop support for booleans as the second argument of
PropertyAccessor::__construct()
, pass a combination of bitwise flags instead. - Dropped support for booleans as the first argument of
PropertyAccessor::__construct()
. Pass a combination of bitwise flags instead.
- Removed the
Type::getCollectionKeyType()
andType::getCollectionValueType()
methods, useType::getCollectionKeyTypes()
andType::getCollectionValueTypes()
instead. - Dropped the
enable_magic_call_extraction
context option inReflectionExtractor::getWriteInfo()
andReflectionExtractor::getReadInfo()
in favor ofenable_magic_methods_extraction
.
- Removed
RouteCollectionBuilder
. - Added argument
$priority
toRouteCollection::add()
- Removed the
RouteCompiler::REGEX_DELIMITER
constant - Removed the
$data
parameter from the constructor of theRoute
annotation class
-
Remove
AuthenticationEvents::AUTHENTICATION_FAILURE
, use theLoginFailureEvent
instead -
Remove the
$authenticationEntryPoint
argument ofChannelListener
-
Remove
RetryAuthenticationEntryPoint
, this code was inlined in theChannelListener
-
Remove
FormAuthenticationEntryPoint
andBasicAuthenticationEntryPoint
, theFormLoginAuthenticator
andHttpBasicAuthenticator
should be used instead. -
Remove
AbstractRememberMeServices
,PersistentTokenBasedRememberMeServices
,RememberMeServicesInterface
,TokenBasedRememberMeServices
, use the remember me handler alternatives instead -
Remove
AnonymousToken
-
Remove
Token::getCredentials()
, tokens should no longer contain credentials (as they represent authenticated sessions) -
Restrict the return type of
Token::getUser()
toUserInterface
(removingstring|\Stringable
) -
Remove
AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY
andAuthenticatedVoter::IS_ANONYMOUS
, useAuthenticatedVoter::PUBLIC_ACCESS
instead.Before:
# config/packages/security.yaml security: # ... access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
After:
# config/packages/security.yaml security: # ... access_control: - { path: ^/login, roles: PUBLIC_ACCESS }
-
Remove
AuthenticationTrustResolverInterface::isAnonymous()
and theis_anonymous()
expression function as anonymous no longer exists in version 6, use theisFullFledged()
or the newisAuthenticated()
instead if you want to check if the request is (fully) authenticated. -
Remove the 4th and 5th argument of
AuthorizationChecker
-
Remove the 5th argument of
AccessListener
-
Remove class
User
, useInMemoryUser
or your own implementation instead. If you are using theisAccountNonLocked()
,isAccountNonExpired()
orisCredentialsNonExpired()
method, consider re-implementing them in your own user class as they are not part of theInMemoryUser
API -
Remove class
UserChecker
, useInMemoryUserChecker
or your own implementation instead -
Remove
UserInterface::getPassword()
If yourgetPassword()
method does not returnnull
(i.e. you are using password-based authentication), you should implementPasswordAuthenticatedUserInterface
.Before:
use Symfony\Component\Security\Core\User\UserInterface; class User implements UserInterface { // ... public function getPassword() { return $this->password; } }
After:
use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; class User implements UserInterface, PasswordAuthenticatedUserInterface { // ... public function getPassword(): ?string { return $this->password; } }
-
Remove
UserInterface::getSalt()
If yourgetSalt()
method does not returnnull
(i.e. you are using password-based authentication with an old password hash algorithm that requires user-provided salts), implementLegacyPasswordAuthenticatedUserInterface
.Before:
use Symfony\Component\Security\Core\User\UserInterface; class User implements UserInterface { // ... public function getPassword() { return $this->password; } public function getSalt() { return $this->salt; } }
After:
use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface; class User implements UserInterface, LegacyPasswordAuthenticatedUserInterface { // ... public function getPassword(): ?string { return $this->password; } public function getSalt(): ?string { return $this->salt; } }
-
Remove
UserInterface::getUsername()
in favor ofUserInterface::getUserIdentifier()
-
Remove
TokenInterface::getUsername()
in favor ofTokenInterface::getUserIdentifier()
-
Remove
UserProviderInterface::loadUserByUsername()
in favor ofUserProviderInterface::loadUserByIdentifier()
-
Remove
UsernameNotFoundException
in favor ofUserNotFoundException
andgetUsername()
/setUsername()
in favor ofgetUserIdentifier()
/setUserIdentifier()
-
Remove
PersistentTokenInterface::getUsername()
in favor ofPersistentTokenInterface::getUserIdentifier()
-
Calling
PasswordUpgraderInterface::upgradePassword()
with aUserInterface
instance that does not implementPasswordAuthenticatedUserInterface
now throws a\TypeError
. -
Calling methods
hashPassword()
,isPasswordValid()
andneedsRehash()
onUserPasswordHasherInterface
with aUserInterface
instance that does not implementPasswordAuthenticatedUserInterface
now throws a\TypeError
-
Drop all classes in the
Core\Encoder\
sub-namespace, use thePasswordHasher
component instead -
Drop support for
SessionInterface $session
as constructor argument ofSessionTokenStorage
, inject a\Symfony\Component\HttpFoundation\RequestStack $requestStack
instead -
Drop support for
session
provided by the ServiceLocator injected inUsageTrackingTokenStorage
, provide arequest_stack
service instead -
Make
SessionTokenStorage
throw aSessionNotFoundException
when called outside a request context -
Removed
ROLE_PREVIOUS_ADMIN
role in favor ofIS_IMPERSONATOR
attribute -
Removed
LogoutSuccessHandlerInterface
andLogoutHandlerInterface
, register a listener on theLogoutEvent
event instead. -
Removed
DefaultLogoutSuccessHandler
in favor ofDefaultLogoutListener
. -
Added a
logout(Request $request, Response $response, TokenInterface $token)
method to theRememberMeServicesInterface
. -
Removed
setProviderKey()
/getProviderKey()
in favor ofsetFirewallName()/getFirewallName()
inPreAuthenticatedToken
,RememberMeToken
,SwitchUserToken
,UsernamePasswordToken
,DefaultAuthenticationSuccessHandler
. -
Removed the
AbstractRememberMeServices::$providerKey
property in favor ofAbstractRememberMeServices::$firewallName
-
AccessDecisionManager
now throw an exception when a voter does not return a valid decision. -
Remove
AuthenticationManagerInterface
,AuthenticationProviderManager
,AnonymousAuthenticationProvider
,AuthenticationProviderInterface
,DaoAuthenticationProvider
,LdapBindAuthenticationProvider
,PreAuthenticatedAuthenticationProvider
,RememberMeAuthenticationProvider
,UserAuthenticationProvider
andAuthenticationFailureEvent
from security-core, use the new authenticator system instead -
Remove
AbstractAuthenticationListener
,AbstractPreAuthenticatedListener
,AnonymousAuthenticationListener
,BasicAuthenticationListener
,RememberMeListener
,RemoteUserAuthenticationListener
,UsernamePasswordFormAuthenticationListener
,UsernamePasswordJsonAuthenticationListener
andX509AuthenticationListener
from security-http, use the new authenticator system instead -
Remove the Guard component, use the new authenticator system instead
-
Remove
TokenInterface:isAuthenticated()
andsetAuthenticated()
, returnnull
fromgetUser()
instead when a token is not authenticated -
Remove
DeauthenticatedEvent
, useTokenDeauthenticatedEvent
instead -
Remove
CookieClearingLogoutHandler
,SessionLogoutHandler
andCsrfTokenClearingLogoutHandler
. UseCookieClearingLogoutListener
,SessionLogoutListener
andCsrfTokenClearingLogoutListener
instead -
Remove
AuthenticatorInterface::createAuthenticatedToken()
, useAuthenticatorInterface::createToken()
instead -
Remove
PassportInterface
,UserPassportInterface
andPassportTrait
, usePassport
instead. Also, the return type declaration ofAuthenticatorInterface::authenticate()
was changed toPassport
Before:
class MyAuthenticator implements AuthenticatorInterface { public function authenticate(Request $request): PassportInterface { } }
After:
class MyAuthenticator implements AuthenticatorInterface { public function authenticate(Request $request): Passport { } }
-
Remove
FirewallConfig::getListeners()
, useFirewallConfig::getAuthenticators()
instead -
Remove
security.authentication.basic_entry_point
andsecurity.authentication.retry_entry_point
services, the logic is moved into theHttpBasicAuthenticator
andChannelListener
respectively -
Remove
SecurityFactoryInterface
andSecurityExtension::addSecurityListenerFactory()
in favor ofAuthenticatorFactoryInterface
andSecurityExtension::addAuthenticatorFactory()
-
Add
AuthenticatorFactoryInterface::getPriority()
which replacesSecurityFactoryInterface::getPosition()
. Previous positions are mapped to the following priorities:Position Constant Priority pre_auth RemoteUserFactory::PRIORITY
/X509Factory::PRIORITY
-10 form FormLoginFactory::PRIORITY
-30 http HttpBasicFactory::PRIORITY
-50 remember_me RememberMeFactory::PRIORITY
-60 anonymous n/a -70 -
Remove passing an array of arrays as 1st argument to
MainConfiguration
, pass a sorted flat array of factories instead. -
Remove the
always_authenticate_before_granting
option -
Remove the
UserPasswordEncoderCommand
class and the correspondinguser:encode-password
command, useUserPasswordHashCommand
anduser:hash-password
instead -
Remove the
security.encoder_factory.generic
service, thesecurity.encoder_factory
andSymfony\Component\Security\Core\Encoder\EncoderFactoryInterface
aliases, usesecurity.password_hasher_factory
andSymfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface
instead -
Remove the
security.user_password_encoder.generic
service, thesecurity.password_encoder
and theSymfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface
aliases, usesecurity.user_password_hasher
,security.password_hasher
andSymfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface
instead -
The
security.authorization_checker
andsecurity.token_storage
services are now private -
Not setting the
enable_authenticator_manager
option totrue
now throws an exception -
Remove the
security.authentication.provider.*
services, use the new authenticator system instead -
Remove the
security.authentication.listener.*
services, use the new authenticator system instead -
Remove the Guard component integration, use the new authenticator system instead
- Removed
ArrayDenormalizer::setSerializer()
, callsetDenormalizer()
instead. ArrayDenormalizer
does not implementSerializerAwareInterface
anymore.- The annotation classes cannot be constructed by passing an array of parameters as first argument anymore, use named arguments instead
- The
twig
service is now private.
-
Removed the
allowEmptyString
option from theLength
constraint.Before:
use Symfony\Component\Validator\Constraints as Assert; /** * @Assert\Length(min=5, allowEmptyString=true) */
After:
use Symfony\Component\Validator\Constraints as Assert; /** * @Assert\AtLeastOneOf({ * @Assert\Blank(), * @Assert\Length(min=5) * }) */
-
Removed the
NumberConstraintTrait
trait. -
ValidatorBuilder::enableAnnotationMapping()
does not accept a Doctrine annotation reader anymore.
Before:
$builder->enableAnnotationMapping($reader);
After:
$builder->enableAnnotationMapping(true)
->setDoctrineAnnotationReader($reader);
ValidatorBuilder::enableAnnotationMapping()
won't automatically setup a Doctrine annotation reader anymore.
Before:
$builder->enableAnnotationMapping();
After:
$builder->enableAnnotationMapping(true)
->addDefaultDoctrineAnnotationReader();
- Remove
InvalidTokenConfigurationException
-
Added support for parsing numbers prefixed with
0o
as octal numbers. -
Removed support for parsing numbers starting with
0
as octal numbers. They will be parsed as strings. Prefix numbers with0o
so that they are parsed as octal numbers.Before:
Yaml::parse('072');
After:
Yaml::parse('0o72');
-
Removed support for using the
!php/object
and!php/const
tags without a value.