CHANGELOG.md

CHANGELOG

7.0

• Remove the Security class, use Symfony\Bundle\SecurityBundle\Security instead
• Require explicit argument when calling TokenStorage::setToken()
• Change argument $lastUsed of TokenProviderInterface::updateToken() to accept DateTimeInterface

6.4

• Make PersistentToken immutable
• Deprecate accepting only DateTime for TokenProviderInterface::updateToken(), use DateTimeInterface instead

6.3

• Add AttributesBasedUserProviderInterface to allow $attributes optional argument on loadUserByIdentifier
• Add OidcUser with OIDC support for OidcUserInfoTokenHandler

6.2

• Deprecate the Security class, use Symfony\Bundle\SecurityBundle\Security instead
• Change the signature of TokenStorageInterface::setToken() to setToken(?TokenInterface $token)
• Deprecate calling TokenStorage::setToken() without arguments
• Add a ChainUserChecker to allow calling multiple user checkers for a firewall

6.0

• TokenInterface does not extend Serializable anymore
• Remove all classes in the Core\Encoder\ sub-namespace, use the PasswordHasher component instead
• Remove methods getPassword() and getSalt() from UserInterface, use PasswordAuthenticatedUserInterface or LegacyPasswordAuthenticatedUserInterface instead
• AccessDecisionManager requires the strategy to be passed as in instance of AccessDecisionStrategyInterface

5.4.21

• [BC BREAK] AccessDecisionStrategyTestCase::provideStrategyTests() is now static

5.4

• Add a CacheableVoterInterface for voters that vote only on identified attributes and subjects
• Deprecate AuthenticationEvents::AUTHENTICATION_FAILURE, use the LoginFailureEvent instead
• Deprecate AnonymousToken, as the related authenticator was deprecated in 5.3
• Deprecate Token::getCredentials(), tokens should no longer contain credentials (as they represent authenticated sessions)
• Deprecate returning string|\Stringable from Token::getUser() (it must return a UserInterface)
• Deprecate AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY and AuthenticatedVoter::IS_ANONYMOUS, use AuthenticatedVoter::IS_AUTHENTICATED_FULLY or AuthenticatedVoter::IS_AUTHENTICATED instead.
• Deprecate AuthenticationTrustResolverInterface::isAnonymous() and the is_anonymous() expression function as anonymous no longer exists in version 6, use the isFullFledged() or the new isAuthenticated() instead if you want to check if the request is (fully) authenticated.
• Deprecate the $authenticationManager argument of the AuthorizationChecker constructor
• Deprecate setting the $alwaysAuthenticate argument to true and not setting the $exceptionOnNoToken argument to false of AuthorizationChecker
• Deprecate methods TokenInterface::isAuthenticated() and setAuthenticated, return null from "getUser()" instead when a token is not authenticated
• Add AccessDecisionStrategyInterface to allow custom access decision strategies
• Add access decision strategies AffirmativeStrategy, ConsensusStrategy, PriorityStrategy, UnanimousStrategy
• Deprecate passing the strategy as string to AccessDecisionManager, pass an instance of AccessDecisionStrategyInterface instead
• Flag AccessDecisionManager as @final

5.3

The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md