5.3.1 (2019-06-14)

Overview of merged pull requests

If $file points to eval’d code, the @file(…) code does not return an array, leading to count() being called on an incompatible value.

Packages: Flow

TASK: Fix formatting of note 

Related to #1587

Packages: Flow

BUGFIX: Flow CLI command warns of mismatching php version 

If Flow builds a PHP command for a subrequest, it uses the system default if nothing else is configured. With this change, we avoid Flow executing that request if it isn’t explicitly configured to use that same PHP version internally too. This should avoid some errors especially in shared hosting scenarios for less experienced users.

Packages: Flow

BUGFIX: Avoid problem loading files in SimpleXML 

Workaround for https://bugs.php.net/bug.php?id=62577

Fixes #1598

BUGFIX: Fix InvalidControllerException is never thrown 

IDE complained that a InvalidControllerException is never thrown in the corresponding try-catch-block and i think thats right. Instead there is a InvalidRoutePartValueException thrown in Route:resolves() that should be caught.

Packages: Flow

BUGFIX: Fix TypeError if subpackage is empty 

Sorry, found another one…

if subpackage is empty RoutingCommandController:getControllerObjectName() should be called with an empty string for the subPackageKey argument. Otherwise an TypeError is thrown because the argument is not nullable.

Packages: Flow

TASK: Synchronise .travis.yml with Neos 

Backport of bcab2bb4fbea62f3ba7bfddc5bd4f22ab4d96675 to fix builds on 4.3 that use wrong DB in mysql setups and fail https://travis-ci.org/neos/flow-development-collection/builds/536249389

BUGFIX: Return type hint should reflect nullable 

If no controller could be found for the given arguments RoutingCommandController:getControllerObjectName() returns null. The return type hint should reflect that to avoid a TypeError.

Packages: Flow

TASK: Add section for configuration of trusted proxies in container 

Adds a small note that mentions having to configure the trusted proxies in ddev and similar environments. Also explains that Flow therefore trusts all proxies by default in Development context.

Depends on #1586

Packages: Flow

TASK: Translator uses locale chain 

This change makes getTranslationById and getTranslationByOriginalLabel use the configured locale chain.

This is an updated version of #327 and #328. Please see the discussions there. May be retargeted on master.

Packages: Flow

TASK: Restrict allowed classes in unserialize call 

Packages: Flow

BUGFIX: Remove Doctrine from require-dev 

It’s already a require, so the duplication just causes problems, when the versions don’t match any more (as they do in current master).

BUGFIX: Use source as target if target-language is empty in XLIFF 

The target element in XLIFF is optional, and even though we recommend in the documentation to set it, most people omit the target for “source” XLIFF files (i.e. having english content and target-language being unset).

For these cases the XliffParser now reads the source element content into the target element. This makes the fallback rules work for individual translations and not only full XLIFF files.

In other words: when a new string is added to a source catalog, it will be used as is even when no translation is available – instead of simply the id being output.

Packages: Flow

BUGFIX: Avoid PHP exception in NamespaceDetectionTemplateProcessor 

Add error checking when splitting on shorthand syntax.

See https://github.com/neos/neos-development-collection/pull/2484 Related to https://github.com/neos/neos-development-collection/issues/2479

Packages: Flow FluidAdaptor

TASK: Fix name of index on PersistentResource.sha1 

The name IDX_35DC14F03332102A is different from what Doctrine does auto-generate, but needs to be used due to BC reasons with existing migrations.

See https://github.com/neos/neos-development-collection/issues/2475

Packages: Flow

[SECURITY] Avoid OpenSSL padding oracle attacks 

This avoids OpenSSL Padding Oracle Information Disclosure by allowing to specify the padding algorithm used in the RSA wallet service.

Most probably you are not even affected, since only OpenSSL 1.0.1t and 1.0.2h are vulnerable, but better safe than sorry.

The padding algorithm default is changed to OPENSSL_PKCS1_OAEP_PADDING, but a fallback decryption is in place for all data that was encrypted with the previously unsafe padding algorithm. Therefore you should migrate all your existing encrypted data, by running it through decryptWithPrivateKey and then again through encryptWithPublicKey ONCE.

Fixes #1566

BUGFIX: Fix log environment in logging aspects 

As the ‘FLOW_LOG_ENVIRONMENT’ => [] level was missing in the log data, the log environment data was not set correctly and written to the log by the file writer.

Packages: Flow

BUGFIX: Avoid type error when a non taggable cache backend gets flushed by tag 

The typehint of the flushByTag method expected an int return type, but the method inside the AbstractFrontend returned void when a non taggable backend was flushed. This was the case for a SimpleFileBackend for example and led to an error.

Packages: Cache Flow

TASK: Better naming for include and exclude paths/patterns 

Get rid of wording “blacklist”/”whitelist” because there’s better terms. Should have been named like this from the start. I’m to blame.

Packages: Flow

BUGFIX: Fix package:create and derived commands when private packagist is used 

When private packagist is used the following setting isn added to the repositories section of the composer.json:

``` repositories: [

{
“packagist.org”: false

}

]

This caused an error because the package:create command tried to access the undefined type property of each defined repository.

This change simply checks for the existence of the type key before acessing it.

#fixes https://github.com/neos/neos-development-collection/issues/2448

Packages: Flow

TASK: Update release notes 

Packages: Flow