Propel v2.0.0-alpha9 Release Notes

Release Date: 2020-06-25 // over 1 year ago
  • ๐Ÿš€ With this small release, we start a series of upgrades and stabilization activities of Propel2,
    ๐Ÿš€ which aim to end with the following stable 2.0 release. New dependencies will allow us to get
    more feedback on compatibility issues and addressing them during the stabilization phase.

    General

    • โž• Added compatibility PHP 7.4
    • โž• Added support of PSQL expressions [CURRENT_TIMESTAMP, LOCALTIMESTAMP]
    • ๐Ÿ‘ Allowed Symfony 5 dependency
    • โœ‚ Removed PHP 5.x compatibility (with EOL 01.2019)

    โœ… Tests

    • โšก๏ธ Updated PHPUnit from 4.0/5.0 to 7.0

      fce5f55 Keep tests for deprecated class. d44d035 Use term primary/replica instead, deprecate in BC way. 4c45713 Small fixes for PHP 7.4 c2dbbbc Only generate calls to parent hooks, if the class being generated has a base class 3f4b70c Use stable php74 f6d20df Add Symfony 5 dependency compatibility 603d42c Rearrange implode() arguments where necessary to conform to php7.4 decc437 Dropping dead PHP EOL 5.5 d84c8e3 Update to PHP74 Travis and simplify matrix.


Previous changes from v2.0.0-alpha8

  • ๐Ÿ”’ This release contains several important fixes (including important security fix ):

    • โšก๏ธ SQL injection in limit() Criteria API. If you use this method from external input, update immediately your code base to cast the argument to int first or use 2.0.0-alpha8 ).
      โšก๏ธ What happened? The method \Propel\Runtime\ActiveQuery\Criteria::setLimit did not cast the $limit automatically to an int, allowing to place any arbitrary SQL into this argument. You can fix the security vulnerability by casting manually you limit to int or update to newest Propel2 version.

      public function pageAction(Request $request){$posts = BlogPostQuery::create()->filterByUser($user)->offset($request->get('offset'))->limit($request->get('limit')); //<-- vulnerabilityreturn $posts;}

    โšก๏ธ Update your call to following to fix it:

    -\>limit((int) $request-\>get('limit'));
    
    • PHP php7.1+ compatibility
    • Symfony 4 compatibility

      4c309e3e - SQL injection fix: Cast limit to integer when setting via Criteria::setLimit() (#1465) cd23d738 - Coerce offset and limit values to integers for MySQL LIMIT clause (#1464) c64c0d61 - Format parameter can be null (#1462) 3dde1043 - #1447. On preInsert object in TimestampableBehavior we get different dataTime. (#1457) 80cda8a3 - Fix getPrimaryKeyFromRow for custom php types (#1397) df9fefdc - Address failed tests after applying fix for issue #1425 (#1449) 1f6557d1 - Fix test suite and init command (#1452) dbd225c5 - Make offsetGet compatible with the parent's offsetGet method (#1446) a2ebdfcc - Added referenceOnly attribute to external-schema (#1439) daba2c85 - address countable issue in php7.2 (#1425) 98d584f8 - Added php 7.2 in travis (#1415) 79bffd5a - improved formatting speed (#1428) 3053018a - Symfony 4 compatibility (#1434) 315fd092 - Fix vendorInfo handling for foreign keys and add support for postgres deferrable FK constraints (#1418) a732a9db - Throw original exception in criteria file (#1422) d24a474f - Fix issue #1406 : diff issue with CURRENT_TIMESTAMP on maria 10.2 (#1407) 9c3458a1 - Remove tailing hashes (#1401) cd5d36d9 - Fix Gitter (#1402) 7b1e8325 - PHP Warning in Profiler (#1400) e404ed8d - fix ObjectBuilder addFKAccessor reference to int (#1399) b589458e - spell DECIMAL correctly in isNumber function (#1398) c3e7a5c4 - Fix json equality check for json columns (#1396) b4c13d64 - Fix MssqlAdapter::applyLimit from generating malformed queries when from is included as a non-keyword (#1395) 6c3d6364 - Fix detection of subquery virtual columns in MssqlAdapter::applyLimit (#1382) efafd096 - Fix wrong string generation in PropelDateTime::getMicrotime 97314087 - Update Database.php (#1379) a00829fa - Fixed versionable behavior with incorrect constant (#1270) 1b5ffef9 - Fix greedy regex incorrectly splitting query string with multiple FROM statements Mssql 6aa779ef - Check incomplete foreign-keys #675 (#1259) 1ab67865 - Fix broken boolean types on IniFileLoader (propelorm/Propel2#1355) (#1356) 9e4039d0 - Undefined method being called; issue #1352 (#1354) fe18de34 - json type column for mysql 5.7 (#1372) 02f085de - Allowing file loader to accept empty env vars (e.g. DB_PW) (#1373) 5512c399 - Allows the use of Unsigned="true|false" as a MySQL vendor column parameter. (#1360) b311676a - Support XML Inclusions in configuration, adds #1321 (#1322) 618c1922 - Result of method Model::init*() (void) is used. (#1365) 4395623d - Fixed Om\Object::toArray when using DateTimeImmutable (#1359) e78bb96e - Fix remove spaces in empty line on windows (#1357) ff113cdb - Test also php 7.1 (#1337) 65c6515b - fix TableMapTrait.php (#1339) bdca6fc2 - Validator fix (#1350) 67bad146 - Revert "Update composer.json" (#1349) 0b31885e - Update composer.json (#1348) 83a8bb97 - don't allow symfony/validator < 2.3 (#1342) 2a635ffd - Update PgsqlPlatform.php (#1338) b7c8ac90 - symfony/validator >= 3.2.2 is not supported anymore. d81612c3 - fixed php7.1 implicit string to array cast 413aa52a - Changes description of filterBy function (#1334) 367878d0 - Fix regression in ObjectCollection of Collections. (#1330) 5026b534 - Fix php7.1 [] operator not supported for strings in (#1329) <cedric lombardot