- deprecated
getKey()of theAnonymousToken,RememberMeTokenandAbstractRememberMeServicesclasses in favor ofgetSecret(). - deprecated
Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface, useSymfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterfaceinstead - deprecated
Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface, useSymfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterfaceinstead - deprecated
Symfony\Component\Security\Core\Util\ClassUtils, useSymfony\Component\Security\Acl\Util\ClassUtilsinstead
- added LogoutUrlGenerator
- added the triggering of the
Symfony\Component\Security\Http\SecurityEvents::INTERACTIVE_LOGINinSymfony\Component\Security\Http\Firewall\SimplePreAuthenticationListener - The MaskBuilder logic has been abstracted in the
Symfony\Component\Security\Acl\Permission\AbstractMaskBuilderand described in theSymfony\Component\Security\Acl\Permission\MaskBuilderInterface - added interface
Symfony\Component\Security\Acl\Permission\MaskBuilderRetrievalInterface
- added Symfony\Component\Security\Http\Authentication\AuthenticationUtils
- Deprecated the
SecurityContextclass in favor of theAuthorizationCheckerandTokenStorageclasses
- Translations in the
src/Symfony/Component/Security/Resources/translations/directory are deprecated, ones insrc/Symfony/Component/Security/Core/Resources/translations/must be used instead. - The switch user listener now preserves the query string when switching a user
- The remember-me cookie hashes now use HMAC, which means that current cookies will be invalidated
- added simpler customization options
- structured component into three sub-components Acl, Core and Http
- added Csrf sub-component
- changed Http sub-component to depend on Csrf sub-component instead of the Form component
- [BC BREAK] the BCrypt encoder constructor signature has changed (the first argument was removed) To use the BCrypt encoder, you now need PHP 5.5 or "ircmaxell/password-compat" as a composer dependency
- [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
- added a
require_previous_sessionoption toAbstractAuthenticationListener
Symfony\Component\Security\Http\FirewallandSymfony\Component\Security\Http\RememberMe\ResponseListenernow implements EventSubscriberInterface- added secure random number generator
- added PBKDF2 Password encoder
- added BCrypt password encoder
- [BC BREAK] The signature of ExceptionListener has changed
- changed the HttpUtils constructor signature to take a UrlGenerator and a UrlMatcher instead of a Router
- EncoderFactoryInterface::getEncoder() can now also take a class name as an argument
- allow switching to the user that is already impersonated
- added support for the remember_me parameter in the query
- added AccessMapInterface
- [BC BREAK] moved user comparison logic out of UserInterface
- made the logout path check configurable
- after login, the user is now redirected to
default_target_pathifuse_refereris true and the referrer is thelogin_path. - added a way to remove a token from a session
- [BC BREAK] changed
MutableAclInterface::setParentAclto acceptnull, review your implementation to reflect this change. ObjectIdentity::fromDomainObject,UserSecurityIdentity::fromAccountandUserSecurityIdentity::fromTokennow return correct identities for proxies objects (e.g. Doctrine proxies)- [BC BREAK] moved the default authentication success and failure handling to
separate classes. The order of arguments in the constructor of the
AbstractAuthenticationListenerhas changed. - [BC BREAK] moved the default logout success handling to a separate class. The
order of arguments in the constructor of
LogoutListenerhas changed. - [BC BREAK] The constructor of
AuthenticationExceptionand all child classes now matches the constructor of\Exception. The extra information getters and setters are removed. There are now dedicated getters/setters for token (AuthenticationException'), user (AccountStatusException) and username (UsernameNotFoundException`).