5.3.1 (2019-06-14)

Overview of merged pull requests

TASK: Tweak dev dependencies

See https://github.com/neos/flow-development-collection/pull/1584

BUGFIX: Avoid error in Debugger::findProxyAndShortFilePath()

If $file points to eval’d code, the @file(…) code does not return an array, leading to count() being called on an incompatible value.

  • Packages: Flow

TASK: Fix formatting of note

Related to #1587

  • Packages: Flow

BUGFIX: Flow CLI command warns of mismatching php version

If Flow builds a PHP command for a subrequest, it uses the system default if nothing else is configured. With this change, we avoid Flow executing that request if it isn’t explicitly configured to use that same PHP version internally too. This should avoid some errors especially in shared hosting scenarios for less experienced users.

  • Packages: Flow

BUGFIX: Avoid problem loading files in SimpleXML

Workaround for https://bugs.php.net/bug.php?id=62577

Fixes #1598

BUGFIX: Fix InvalidControllerException is never thrown

IDE complained that a InvalidControllerException is never thrown in the corresponding try-catch-block and i think thats right. Instead there is a InvalidRoutePartValueException thrown in Route:resolves() that should be caught.

  • Packages: Flow

BUGFIX: Fix TypeError if subpackage is empty

Sorry, found another one…

if subpackage is empty RoutingCommandController:getControllerObjectName() should be called with an empty string for the subPackageKey argument. Otherwise an TypeError is thrown because the argument is not nullable.

  • Packages: Flow

TASK: Synchronise .travis.yml with Neos

Backport of bcab2bb4fbea62f3ba7bfddc5bd4f22ab4d96675 to fix builds on 4.3 that use wrong DB in mysql setups and fail https://travis-ci.org/neos/flow-development-collection/builds/536249389

BUGFIX: Return type hint should reflect nullable

If no controller could be found for the given arguments RoutingCommandController:getControllerObjectName() returns null. The return type hint should reflect that to avoid a TypeError.

  • Packages: Flow

TASK: Add section for configuration of trusted proxies in container

Adds a small note that mentions having to configure the trusted proxies in ddev and similar environments. Also explains that Flow therefore trusts all proxies by default in Development context.

Depends on #1586

  • Packages: Flow

TASK: Translator uses locale chain

This change makes getTranslationById and getTranslationByOriginalLabel use the configured locale chain.

This is an updated version of #327 and #328. Please see the discussions there. May be retargeted on master.

  • Packages: Flow

TASK: Restrict allowed classes in unserialize call

  • Packages: Flow

BUGFIX: Remove Doctrine from require-dev

It’s already a require, so the duplication just causes problems, when the versions don’t match any more (as they do in current master).

BUGFIX: Use source as target if target-language is empty in XLIFF

The target element in XLIFF is optional, and even though we recommend in the documentation to set it, most people omit the target for “source” XLIFF files (i.e. having english content and target-language being unset).

For these cases the XliffParser now reads the source element content into the target element. This makes the fallback rules work for individual translations and not only full XLIFF files.

In other words: when a new string is added to a source catalog, it will be used as is even when no translation is available – instead of simply the id being output.

  • Packages: Flow

BUGFIX: Avoid PHP exception in NamespaceDetectionTemplateProcessor

Add error checking when splitting on shorthand syntax.

See https://github.com/neos/neos-development-collection/pull/2484 Related to https://github.com/neos/neos-development-collection/issues/2479

  • Packages: Flow FluidAdaptor

TASK: Fix name of index on PersistentResource.sha1

The name IDX_35DC14F03332102A is different from what Doctrine does auto-generate, but needs to be used due to BC reasons with existing migrations.

See https://github.com/neos/neos-development-collection/issues/2475

  • Packages: Flow

[SECURITY] Avoid OpenSSL padding oracle attacks

This avoids OpenSSL Padding Oracle Information Disclosure by allowing to specify the padding algorithm used in the RSA wallet service.

Most probably you are not even affected, since only OpenSSL 1.0.1t and 1.0.2h are vulnerable, but better safe than sorry.

The padding algorithm default is changed to OPENSSL_PKCS1_OAEP_PADDING, but a fallback decryption is in place for all data that was encrypted with the previously unsafe padding algorithm. Therefore you should migrate all your existing encrypted data, by running it through decryptWithPrivateKey and then again through encryptWithPublicKey ONCE.

Fixes #1566

BUGFIX: Fix log environment in logging aspects

As the ‘FLOW_LOG_ENVIRONMENT’ => [] level was missing in the log data, the log environment data was not set correctly and written to the log by the file writer.

  • Packages: Flow

BUGFIX: Avoid type error when a non taggable cache backend gets flushed by tag

The typehint of the flushByTag method expected an int return type, but the method inside the AbstractFrontend returned void when a non taggable backend was flushed. This was the case for a SimpleFileBackend for example and led to an error.

  • Packages: Cache Flow

TASK: Better naming for include and exclude paths/patterns

Get rid of wording “blacklist”/”whitelist” because there’s better terms. Should have been named like this from the start. I’m to blame.

  • Packages: Flow

BUGFIX: Fix package:create and derived commands when private packagist is used

When private packagist is used the following setting isn added to the repositories section of the composer.json:

``` repositories: [


“packagist.org”: false



This caused an error because the package:create command tried to access the undefined type property of each defined repository.

This change simply checks for the existence of the type key before acessing it.

#fixes https://github.com/neos/neos-development-collection/issues/2448

  • Packages: Flow

TASK: Update release notes

  • Packages: Flow

Detailed log