Changelog (v7.2.0-RC1...v7.2.0)

• bug #59023 [HttpClient] Fix streaming and redirecting with NoPrivateNetworkHttpClient (@nicolas-grekas)
• bug #59014 [Form] Allow integer for the calendar option of DateType (@alexandre-daubois)
• bug #59013 [HttpClient] Fix checking for private IPs before connecting (@nicolas-grekas)
• bug #58562 [HttpClient] Close gracefull when the server closes the connection abruptly (@discordier)
• bug #59007 [Dotenv] read runtime config from composer.json in debug dotenv command (@xabbuh)
• bug #58963 [PropertyInfo] Fix write visibility for Asymmetric Visibility and Virtual Properties (@xabbuh, @pan93412)
• bug #58983 [Translation] [Bridge][Lokalise] Fix empty keys array in PUT, DELETE requests causing Lokalise API error (@DominicLuidold)
• bug #58956 [DoctrineBridge] Fix Connection::createSchemaManager() for Doctrine DBAL v2 (@neodevcode)
• bug #58959 [PropertyInfo] consider write property visibility to decide whether a property is writable (@xabbuh)
• bug #58964 [TwigBridge] do not add child nodes to EmptyNode instances (@xabbuh)
• bug #58950 [FrameworkBundle] Revert " Deprecate making cache.app adapter taggable" (@keulinho)
• bug #58952 [Cache] silence warnings issued by Redis Sentinel on connection issues (@xabbuh)
• bug #58953 [HttpClient] Fix computing stats for PUSH with Amp (@nicolas-grekas)
• bug #58943 [FrameworkBundle] Revert " Don't auto-register form/csrf when the corresponding components are not installed" (@nicolas-grekas)
• bug #58937 [FrameworkBundle] Don't auto-register form/csrf when the corresponding components are not installed (@nicolas-grekas)
• bug #58859 [AssetMapper] ignore missing directory in isVendor() (@alexislefebvre)
• bug #58917 [OptionsResolver] Allow Union/Intersection Types in Resolved Closures (@zanbaldwin)
• bug #58822 [DependencyInjection] Fix checking for interfaces in ContainerBuilder::getReflectionClass() (@donquixote)
• bug #58865 Dynamically fix compatibility with doctrine/data-fixtures v2 (@greg0ire)
• bug #58921 [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception (@lyrixx)
• bug #58908 [DoctrineBridge] don't call EntityManager::initializeObject() with scalar values (@xabbuh)
• bug #58938 [Cache] make RelayProxyTrait compatible with relay extension 0.9.0 (@xabbuh)
• bug #58924 [HttpClient] Fix empty hosts in option "resolve" (@nicolas-grekas)
• bug #58915 [HttpClient] Fix option "resolve" with IPv6 addresses (@nicolas-grekas)
• bug #58919 [WebProfilerBundle] Twig deprecations (@mazodude)
• bug #58914 [HttpClient] Fix option "bindto" with IPv6 addresses (@nicolas-grekas)
• bug #58888 [Mailer][Notifier] Sweego is backing their bridges, thanks to them! (@nicolas-grekas)
• bug #58885 [PropertyInfo][Serializer][TypeInfo][Validator] TypeInfo 7.1 compatibility (@mtarld)
• bug #58870 [Serializer][Validator] prevent failures around not existing TypeInfo classes (@xabbuh)
• bug #58872 [PropertyInfo][Serializer][Validator] TypeInfo 7.2 compatibility (@mtarld)
• bug #58875 [HttpClient] Removed body size limit (Carl Julian Sauter)
• bug #58866 [Validator] fix compatibility with PHP < 8.2.4 (@xabbuh)
• bug #58862 [Notifier] Fix GoIpTransport (@nicolas-grekas)
• bug #58860 [HttpClient] Fix catching some invalid Location headers (@nicolas-grekas)
• bug #58834 [FrameworkBundle] ensure validator.translation_domain parameter is always set (@xabbuh)
• bug #58836 Work around parse_url() bug (bis) (@nicolas-grekas)
• bug #58818 [Messenger] silence PHP warnings issued by Redis::connect() (@xabbuh)
• bug #58828 [PhpUnitBridge] fix dumping tests to skip with data providers (@xabbuh)
• bug #58842 [Routing] Fix: lost priority when defining hosts in configuration (@BeBlood)
• bug #58850 [HttpClient] fix PHP 7.2 compatibility (@xabbuh)

[PR] #59032

Changelog (v5.4.48...v5.4.49)

• bug #59023 [HttpClient] Fix streaming and redirecting with NoPrivateNetworkHttpClient (@nicolas-grekas)

[PR] #59031
[EOM] End of maintenance release for branch 5.4

Changelog (v7.1.8...v7.1.9)

• bug #59013 [HttpClient] Fix checking for private IPs before connecting (@nicolas-grekas)
• bug #58562 [HttpClient] Close gracefull when the server closes the connection abruptly (@discordier)
• bug #59007 [Dotenv] read runtime config from composer.json in debug dotenv command (@xabbuh)
• bug #58963 [PropertyInfo] Fix write visibility for Asymmetric Visibility and Virtual Properties (@xabbuh, @pan93412)
• bug #58983 [Translation] [Bridge][Lokalise] Fix empty keys array in PUT, DELETE requests causing Lokalise API error (@DominicLuidold)
• bug #58956 [DoctrineBridge] Fix Connection::createSchemaManager() for Doctrine DBAL v2 (@neodevcode)
• bug #58959 [PropertyInfo] consider write property visibility to decide whether a property is writable (@xabbuh)
• bug #58964 [TwigBridge] do not add child nodes to EmptyNode instances (@xabbuh)
• bug #58952 [Cache] silence warnings issued by Redis Sentinel on connection issues (@xabbuh)
• bug #58859 [AssetMapper] ignore missing directory in isVendor() (@alexislefebvre)
• bug #58917 [OptionsResolver] Allow Union/Intersection Types in Resolved Closures (@zanbaldwin)
• bug #58822 [DependencyInjection] Fix checking for interfaces in ContainerBuilder::getReflectionClass() (@donquixote)
• bug #58865 Dynamically fix compatibility with doctrine/data-fixtures v2 (@greg0ire)
• bug #58921 [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception (@lyrixx)
• bug #58908 [DoctrineBridge] don't call EntityManager::initializeObject() with scalar values (@xabbuh)
• bug #58938 [Cache] make RelayProxyTrait compatible with relay extension 0.9.0 (@xabbuh)
• bug #58924 [HttpClient] Fix empty hosts in option "resolve" (@nicolas-grekas)
• bug #58915 [HttpClient] Fix option "resolve" with IPv6 addresses (@nicolas-grekas)
• bug #58919 [WebProfilerBundle] Twig deprecations (@mazodude)
• bug #58914 [HttpClient] Fix option "bindto" with IPv6 addresses (@nicolas-grekas)
• bug #58870 [Serializer][Validator] prevent failures around not existing TypeInfo classes (@xabbuh)
• bug #58872 [PropertyInfo][Serializer][Validator] TypeInfo 7.2 compatibility (@mtarld)
• bug #58875 [HttpClient] Removed body size limit (Carl Julian Sauter)
• bug #58866 [Validator] fix compatibility with PHP < 8.2.4 (@xabbuh)
• bug #58862 [Notifier] Fix GoIpTransport (@nicolas-grekas)
• bug #58860 [HttpClient] Fix catching some invalid Location headers (@nicolas-grekas)
• bug #58836 Work around parse_url() bug (bis) (@nicolas-grekas)
• bug #58818 [Messenger] silence PHP warnings issued by Redis::connect() (@xabbuh)
• bug #58828 [PhpUnitBridge] fix dumping tests to skip with data providers (@xabbuh)
• bug #58842 [Routing] Fix: lost priority when defining hosts in configuration (@BeBlood)
• bug #58850 [HttpClient] fix PHP 7.2 compatibility (@xabbuh)

[PR] #59019
[SECURITY] Security release

Changelog (v6.4.15...v6.4.16)

• bug #59013 [HttpClient] Fix checking for private IPs before connecting (@nicolas-grekas)
• bug #58562 [HttpClient] Close gracefull when the server closes the connection abruptly (@discordier)
• bug #59007 [Dotenv] read runtime config from composer.json in debug dotenv command (@xabbuh)
• bug #58963 [PropertyInfo] Fix write visibility for Asymmetric Visibility and Virtual Properties (@xabbuh, @pan93412)
• bug #58983 [Translation] [Bridge][Lokalise] Fix empty keys array in PUT, DELETE requests causing Lokalise API error (@DominicLuidold)
• bug #58956 [DoctrineBridge] Fix Connection::createSchemaManager() for Doctrine DBAL v2 (@neodevcode)
• bug #58959 [PropertyInfo] consider write property visibility to decide whether a property is writable (@xabbuh)
• bug #58964 [TwigBridge] do not add child nodes to EmptyNode instances (@xabbuh)
• bug #58952 [Cache] silence warnings issued by Redis Sentinel on connection issues (@xabbuh)
• bug #58859 [AssetMapper] ignore missing directory in isVendor() (@alexislefebvre)
• bug #58917 [OptionsResolver] Allow Union/Intersection Types in Resolved Closures (@zanbaldwin)
• bug #58822 [DependencyInjection] Fix checking for interfaces in ContainerBuilder::getReflectionClass() (@donquixote)
• bug #58865 Dynamically fix compatibility with doctrine/data-fixtures v2 (@greg0ire)
• bug #58921 [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception (@lyrixx)
• bug #58908 [DoctrineBridge] don't call EntityManager::initializeObject() with scalar values (@xabbuh)
• bug #58938 [Cache] make RelayProxyTrait compatible with relay extension 0.9.0 (@xabbuh)
• bug #58924 [HttpClient] Fix empty hosts in option "resolve" (@nicolas-grekas)
• bug #58915 [HttpClient] Fix option "resolve" with IPv6 addresses (@nicolas-grekas)
• bug #58919 [WebProfilerBundle] Twig deprecations (@mazodude)
• bug #58914 [HttpClient] Fix option "bindto" with IPv6 addresses (@nicolas-grekas)
• bug #58875 [HttpClient] Removed body size limit (Carl Julian Sauter)
• bug #58862 [Notifier] Fix GoIpTransport (@nicolas-grekas)
• bug #58860 [HttpClient] Fix catching some invalid Location headers (@nicolas-grekas)
• bug #58836 Work around parse_url() bug (bis) (@nicolas-grekas)
• bug #58818 [Messenger] silence PHP warnings issued by Redis::connect() (@xabbuh)
• bug #58828 [PhpUnitBridge] fix dumping tests to skip with data providers (@xabbuh)
• bug #58842 [Routing] Fix: lost priority when defining hosts in configuration (@BeBlood)
• bug #58850 [HttpClient] fix PHP 7.2 compatibility (@xabbuh)

[PR] #59017
[SECURITY] Security release

Changelog (v5.4.47...v5.4.48)

• bug #59013 [HttpClient] Fix checking for private IPs before connecting (@nicolas-grekas)
• bug #58562 [HttpClient] Close gracefull when the server closes the connection abruptly (@discordier)
• bug #59007 [Dotenv] read runtime config from composer.json in debug dotenv command (@xabbuh)
• bug #58963 [PropertyInfo] Fix write visibility for Asymmetric Visibility and Virtual Properties (@xabbuh, @pan93412)
• bug #58983 [Translation] [Bridge][Lokalise] Fix empty keys array in PUT, DELETE requests causing Lokalise API error (@DominicLuidold)
• bug #58959 [PropertyInfo] consider write property visibility to decide whether a property is writable (@xabbuh)
• bug #58964 [TwigBridge] do not add child nodes to EmptyNode instances (@xabbuh)
• bug #58822 [DependencyInjection] Fix checking for interfaces in ContainerBuilder::getReflectionClass() (@donquixote)
• bug #58865 Dynamically fix compatibility with doctrine/data-fixtures v2 (@greg0ire)
• bug #58921 [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception (@lyrixx)
• bug #58908 [DoctrineBridge] don't call EntityManager::initializeObject() with scalar values (@xabbuh)
• bug #58924 [HttpClient] Fix empty hosts in option "resolve" (@nicolas-grekas)
• bug #58915 [HttpClient] Fix option "resolve" with IPv6 addresses (@nicolas-grekas)
• bug #58919 [WebProfilerBundle] Twig deprecations (@mazodude)
• bug #58914 [HttpClient] Fix option "bindto" with IPv6 addresses (@nicolas-grekas)
• bug #58875 [HttpClient] Removed body size limit (Carl Julian Sauter)
• bug #58860 [HttpClient] Fix catching some invalid Location headers (@nicolas-grekas)
• bug #58836 Work around parse_url() bug (bis) (@nicolas-grekas)
• bug #58818 [Messenger] silence PHP warnings issued by Redis::connect() (@xabbuh)
• bug #58828 [PhpUnitBridge] fix dumping tests to skip with data providers (@xabbuh)
• bug #58842 [Routing] Fix: lost priority when defining hosts in configuration (@BeBlood)
• bug #58850 [HttpClient] fix PHP 7.2 compatibility (@xabbuh)

[PR] #59016
[SECURITY] Security release

Changelog (v7.2.0-BETA2...v7.2.0-RC1)

• feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)
• feature #57630 [TypeInfo] Redesign Type methods and nullability (@mtarld)
• security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)
• security #cve-2024-51996 [Security] Check owner of persisted remember-me cookie (@jderusse)
• bug #58799 [String] Fix some spellings in EnglishInflector (@alexandre-daubois)
• bug #58823 [TwigBridge] Fix emojify as function in Undefined Handler (@smnandre)
• bug #56868 [Serializer] fixed object normalizer for a class with cancel method (@er1z)
• feature #58483 [Messenger] Extend SQS visibility timeout for messages that are still being processed (@valtzu)
• bug #58601 [RateLimiter] Fix bucket size reduced when previously created with bigger size (@Orkin)
• bug #58659 [AssetMapper] Fix JavaScriptImportPathCompiler regex for non-latin characters (@GregRbs92)
• bug #58658 [Twitter][Notifier] Fix post INIT upload (@matyo91)
• bug #58705 [Serializer] Revert Default groups (@mtarld)
• bug #58763 [Messenger][RateLimiter] fix additional message handled when using a rate limiter (@Jean-Beru)
• bug #58791 [RateLimiter] handle error results of DateTime::modify() (@xabbuh)
• bug #58804 [Serializer][TypeInfo] fix support for phpstan/phpdoc-parser 2 (@xabbuh)
• bug #58800 [PropertyInfo] fix support for phpstan/phpdoc-parser 2 (@xabbuh)

[PR] #58853

Changelog (v7.1.7...v7.1.8)

• security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)
• security #cve-2024-51996 [Security] Check owner of persisted remember-me cookie (@jderusse)
• bug #58799 [String] Fix some spellings in EnglishInflector (@alexandre-daubois)
• bug #58823 [TwigBridge] Fix emojify as function in Undefined Handler (@smnandre)
• bug #56868 [Serializer] fixed object normalizer for a class with cancel method (@er1z)
• bug #58601 [RateLimiter] Fix bucket size reduced when previously created with bigger size (@Orkin)
• bug #58659 [AssetMapper] Fix JavaScriptImportPathCompiler regex for non-latin characters (@GregRbs92)
• bug #58658 [Twitter][Notifier] Fix post INIT upload (@matyo91)
• bug #58705 [Serializer] Revert Default groups (@mtarld)
• bug #58763 [Messenger][RateLimiter] fix additional message handled when using a rate limiter (@Jean-Beru)
• bug #58791 [RateLimiter] handle error results of DateTime::modify() (@xabbuh)
• bug #58804 [Serializer][TypeInfo] fix support for phpstan/phpdoc-parser 2 (@xabbuh)
• bug #58800 [PropertyInfo] fix support for phpstan/phpdoc-parser 2 (@xabbuh)

[PR] #58851
[SECURITY] Security release

Changelog (v6.4.14...v6.4.15)

• security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)
• security #cve-2024-51996 [Security] Check owner of persisted remember-me cookie (@jderusse)
• bug #58799 [String] Fix some spellings in EnglishInflector (@alexandre-daubois)
• bug #56868 [Serializer] fixed object normalizer for a class with cancel method (@er1z)
• bug #58601 [RateLimiter] Fix bucket size reduced when previously created with bigger size (@Orkin)
• bug #58659 [AssetMapper] Fix JavaScriptImportPathCompiler regex for non-latin characters (@GregRbs92)
• bug #58658 [Twitter][Notifier] Fix post INIT upload (@matyo91)
• bug #58763 [Messenger][RateLimiter] fix additional message handled when using a rate limiter (@Jean-Beru)
• bug #58791 [RateLimiter] handle error results of DateTime::modify() (@xabbuh)
• bug #58800 [PropertyInfo] fix support for phpstan/phpdoc-parser 2 (@xabbuh)

[PR] #58849
[SECURITY] Security release

Changelog (v5.4.46...v5.4.47)

• security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-grekas)
• security #cve-2024-51996 [Security] Check owner of persisted remember-me cookie (@jderusse)
• bug #58799 [String] Fix some spellings in EnglishInflector (@alexandre-daubois)
• bug #58791 [RateLimiter] handle error results of DateTime::modify() (@xabbuh)
• bug #58800 [PropertyInfo] fix support for phpstan/phpdoc-parser 2 (@xabbuh)

[PR] #58848
[SECURITY] Security release

Changelog (v7.2.0-BETA1...v7.2.0-BETA2)

• bug #58776 [DependencyInjection][HttpClient][Routing] Reject URIs that contain invalid characters (@nicolas-grekas)
• bug #58772 [DoctrineBridge] Backport detection fix of Xml/Yaml driver in DoctrineExtension (@MatTheCat)
• bug #58706 [TwigBridge] use reproducible variable names in the default domain node visitor (@xabbuh)
• security #cve-2024-51736 [Process] Use PATH before CD to load the shell on Windows (@nicolas-grekas)
• security #cve-2024-50342 [HttpClient] Filter private IPs before connecting when Host == IP (@nicolas-grekas)
• security #cve-2024-50345 [HttpFoundation] Reject URIs that contain invalid characters (@nicolas-grekas)
• security #cve-2024-50340 [Runtime] Do not read from argv on non-CLI SAPIs (@wouterj)
• bug #58765 [VarDumper] fix detecting anonymous exception classes on Windows and PHP 7 (@xabbuh)
• bug #58757 [RateLimiter] Fix DateInterval normalization (@danydev)
• bug #58764 [Mime] Don't require passing the encoder name to TextPart (@javiereguiluz)
• bug #58712 [HttpFoundation] Fix support for \SplTempFileObject in BinaryFileResponse (@elementaire)
• bug #58762 [WebProfilerBundle] re-add missing profiler shortcuts on profiler homepage (@xabbuh)
• bug #58754 [Security] Store original token in token storage when implicitly exiting impersonation (@wouterj)
• bug #58753 [Cache] Fix clear() when using Predis (@nicolas-grekas)
• bug #58713 [Config] Handle Phar absolute path in FileLocator (@alexandre-daubois)
• bug #58728 [WebProfilerBundle] Re-add missing Profiler shortcuts on Profiler homepage (@welcoMattic)
• bug #58739 [WebProfilerBoundle] form data collector check passed and resolved options are defined (@vltrof)
• bug #58752 [Process] Fix escaping /X arguments on Windows (@nicolas-grekas)
• bug #58735 [Process] Return built-in cmd.exe commands directly in ExecutableFinder (@Seldaek)
• bug #58723 [Process] Properly deal with not-found executables on Windows (@nicolas-grekas)
• bug #58711 [Process] Fix handling empty path found in the PATH env var with ExecutableFinder (@nicolas-grekas)
• bug #58704 [HttpClient] fix for HttpClientDataCollector fails if proc_open is disabled via php.ini (@ZaneCEO)
• bug #58703 [TwigBridge] Use INTERNAL_VAR_NAME instead of getVarName (@pan93412)

[PR] #58780