- [BUGFIX]: Also respect original asset paths in protected env
- [FEATURE]: PIMCORE 10.5 support only
- [ENHANCEMENT]: Add public asset path protection, read more about it here
- [ENHANCEMENT]: Respect flysystem stream in asset/zip download, read more about it here | #174|@aarongerig
- [ENHANCEMENT]: Do not throw any exception if confirmation token couldn't be found. Please check
views/registration/confirmed.html.twigfor changes to adopt #175 - [NEW FEATURE]: Provide new authentication workflow (
security.enable_authenticator_manager = true). If you want to switch, read more about it here | #160
- [BUGFIX]: assert non list array after filtering user roles @dasraab
- [BUGFIX]: Fix join behaviour, query-building and
$queryIdentifieron RestrictionQuery @scrummer - [BUGFIX]: Remove scheme and host from
_target_pathin ForbiddenRouteListener @lukas-schnieper - [DEPRECATION]: Constants
RestrictionUri::PROTECTED_ASSET_FOLDERandRestrictionUri::MEMBERS_REQUEST_URLhave been marked as deprecated and will be removed in 5.0
- [BUGFIX]: [MembersLogin] Inject correct Translator service @aarongerig
- [BUGFIX]: fix inherited group check #162
- [ENHANCEMENT]: return proper HTTP response codes on form submit @aarongerig
- It is no longer possible to merge security configurations from multiple locations, including bundles. Instead, you have to move
them to one single config file, e.g. config/packages/security.yaml. Please
adopt
MembersBundle/Resources/config/packages/security.yamland merge your own firewall configuration into one single file. LuceneSearchBundlesupport removed- All Folders in
viewsare lowercase/dashed now (views/areas,views/auth,views/backend, ...) - PHP8 return type declarations added: you may have to adjust your extensions accordingly
- Twig Helper
members_build_nav()legacy navigation building support removed UserTrait::hasGrouphas been removed, use eitherUserTrait::hasGroupIdorUserTrait::hasGroupNameinstead- PIMCORE removed the
Placeholderfeature, so we need to pass all the variables to the twig template:- If you're using a custom email controller, make sure to pass all email variables to the view template and also check your
email templates and replace all the deprecated variables (e.g.
%DataObject(user,{\"method\" : \"getUsername\"});with{{ user.username }})` - Area Snippets: If any snippet contains placeholder elements, you need to pass the values from your snippet controller to the
view template:
return $this->render('default/snippet.html.twig', array_filter($request->attributes->all(), static function ($parameterKey) { return !str_starts_with($parameterKey, '_'); }, ARRAY_FILTER_USE_KEY));and also replace the deprecated variables like described in email templates above
- If you're using a custom email controller, make sure to pass all email variables to the view template and also check your
email templates and replace all the deprecated variables (e.g.
- [SSO]
⚠️ You need to setframework.session.cookie_samesitetolax, otherwise the oAUthConnect won't work properly - [SSO] Make sure you have a valid key for
pimcore.encryption.secret, defined via env variablePIMCORE_ENCRYPTION_SECRET(You can generate a defuse key by executing thevendor/bin/generate-defuse-keycommand) - [SECURITY]
setSaltmethod removed fromUserTrait.php(deprecated in symfony 5.3) - [SECURITY]
MembersBundle\Security\EmailUserProviderhas been removed. Useauth_identifier: 'email'instead. MembersBundle\Security\RestrictionUri::getAssetUrlInformation()=>restrictionGroupsalways returns array type
- Check your email templates (controller and template definition)
- You're able to switch the auth_identifier (Use
emailinstead ofusernamefor authentication) addRestrictionInjection()comes with an optional$aliasFromargument- Your able to pass an instance of
\MembersBundle\Validation\ValidationGroupResolverInterfaceto eachvalidation_groupsproperty instead of array
Members 3.x Upgrade Notes: https://github.com/dachcom-digital/pimcore-members/blob/3.x/UPGRADE.md