- Deprecate
DoctrineProvider
andDoctrineAdapter
because these classes have been added to thedoctrine/cache
package - Deprecate usage of
PdoAdapter
with aDoctrine\DBAL\Connection
or a DBAL URL. Use the newDoctrineDbalAdapter
instead
- Deprecate
HelperSet::setCommand()
andgetCommand()
without replacement
- Deprecate
Comparator::setTarget()
andComparator::setOperator()
- Add a constructor to
Comparator
that allows setting target and operator
- Deprecate calling
FormErrorIterator::children()
if the current element is not iterable.
- Deprecate the
framework.translator.enabled_locales
config option, useframework.enabled_locales
instead - Deprecate the
AdapterInterface
autowiring alias, useCacheItemPoolInterface
instead - Deprecate the public
profiler
service to private - Deprecate
get()
,has()
,getDoctrine()
, anddispatchMessage()
inAbstractController
, use method/constructor injection instead - Deprecate the
cache.adapter.doctrine
service: The Doctrine Cache library is deprecated. Either switch to Symfony Cache or use the PSR-6 adapters provided by Doctrine Cache.
- Deprecate
AbstractTestSessionListener::getSession
inject a session in the request instead
- Deprecate passing
null
as$requestIp
toIpUtils::checkIp()
,IpUtils::checkIp4()
orIpUtils::checkIp6()
, pass an empty string instead. - Mark
Request::get()
internal, use explicit input sources instead - Deprecate
upload_progress.*
andurl_rewriter.tags
session options
- Deprecate usage of
PdoStore
with aDoctrine\DBAL\Connection
or a DBAL url, use the newDoctrineDbalStore
instead - Deprecate usage of
PostgreSqlStore
with aDoctrine\DBAL\Connection
or a DBAL url, use the newDoctrineDbalPostgreSqlStore
instead
- Deprecate not setting the
delete_after_ack
config option (or DSN parameter) using the Redis transport, its default value will change totrue
in 6.0 - Deprecate not setting the
reset_on_message
config option, its default value will change totrue
in 6.0
- Deprecate
ResetLoggersWorkerSubscriber
to reset buffered logs in messenger workers, use "reset_on_message" option in messenger configuration instead.
-
Deprecate
FirewallConfig::getListeners()
, useFirewallConfig::getAuthenticators()
instead -
Deprecate
security.authentication.basic_entry_point
andsecurity.authentication.retry_entry_point
services, the logic is moved into theHttpBasicAuthenticator
andChannelListener
respectively -
Deprecate not setting
$authenticatorManagerEnabled
totrue
inSecurityDataCollector
andDebugFirewallCommand
-
Deprecate
SecurityFactoryInterface
andSecurityExtension::addSecurityListenerFactory()
in favor ofAuthenticatorFactoryInterface
andSecurityExtension::addAuthenticatorFactory()
-
Add
AuthenticatorFactoryInterface::getPriority()
which replacesSecurityFactoryInterface::getPosition()
. Previous positions are mapped to the following priorities:Position Constant Priority pre_auth RemoteUserFactory::PRIORITY
/X509Factory::PRIORITY
-10 form FormLoginFactory::PRIORITY
-30 http HttpBasicFactory::PRIORITY
-50 remember_me RememberMeFactory::PRIORITY
-60 anonymous n/a -70 -
Deprecate passing an array of arrays as 1st argument to
MainConfiguration
, pass a sorted flat array of factories instead. -
Deprecate the
always_authenticate_before_granting
option
-
Deprecate
AuthenticationEvents::AUTHENTICATION_FAILURE
, use theLoginFailureEvent
instead -
Deprecate the
$authenticationEntryPoint
argument ofChannelListener
, and add$httpPort
and$httpsPort
arguments -
Deprecate
RetryAuthenticationEntryPoint
, this code is now inlined in theChannelListener
-
Deprecate
FormAuthenticationEntryPoint
andBasicAuthenticationEntryPoint
, in the new system theFormLoginAuthenticator
andHttpBasicAuthenticator
should be used instead -
Deprecate
AbstractRememberMeServices
,PersistentTokenBasedRememberMeServices
,RememberMeServicesInterface
,TokenBasedRememberMeServices
, use the remember me handler alternatives instead -
Deprecate
AnonymousToken
, as the related authenticator was deprecated in 5.3 -
Deprecate
Token::getCredentials()
, tokens should no longer contain credentials (as they represent authenticated sessions) -
Deprecate not returning an
UserInterface
fromToken::getUser()
-
Deprecate
AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY
andAuthenticatedVoter::IS_ANONYMOUS
, useAuthenticatedVoter::PUBLIC_ACCESS
instead.Before:
# config/packages/security.yaml security: # ... access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
After:
# config/packages/security.yaml security: # ... access_control: - { path: ^/login, roles: PUBLIC_ACCESS }
-
Deprecate
AuthenticationTrustResolverInterface::isAnonymous()
and theis_anonymous()
expression function as anonymous no longer exists in version 6, use theisFullFledged()
or the newisAuthenticated()
instead if you want to check if the request is (fully) authenticated. -
Deprecate the
$authManager
argument ofAccessListener
, the argument will be removed -
Deprecate the
$authenticationManager
argument of theAuthorizationChecker
constructor, the argument will be removed -
Deprecate setting the
$alwaysAuthenticate
argument totrue
and not setting the$exceptionOnNoToken argument to
falseof
AuthorizationChecker(this is the default behavior when using
enable_authenticator_manager: true`) -
Deprecate not setting the
$exceptionOnNoToken
argument ofAccessListener
tofalse
(this is the default behavior when usingenable_authenticator_manager: true
) -
Deprecate
TokenInterface:isAuthenticated()
andsetAuthenticated()
methods, returnnull
fromgetUser()
instead when a token is not authenticated -
Deprecate
DeauthenticatedEvent
, useTokenDeauthenticatedEvent
instead -
Deprecate
CookieClearingLogoutHandler
,SessionLogoutHandler
andCsrfTokenClearingLogoutHandler
. UseCookieClearingLogoutListener
,SessionLogoutListener
andCsrfTokenClearingLogoutListener
instead -
Deprecate
AuthenticatorInterface::createAuthenticatedToken()
, useAuthenticatorInterface::createToken()
instead -
Deprecate
PassportInterface
,UserPassportInterface
andPassportTrait
, usePassport
instead. As such, the return type declaration ofAuthenticatorInterface::authenticate()
will change toPassport
in 6.0 -
Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
Before:
class MyAuthenticator implements AuthenticatorInterface { public function authenticate(Request $request): PassportInterface { } }
After:
class MyAuthenticator implements AuthenticatorInterface { public function authenticate(Request $request): Passport { } }
-
Deprecate passing the strategy as string to
AccessDecisionManager
, pass an instance ofAccessDecisionStrategyInterface
instead -
Flag
AccessDecisionManager
as@final