- Deprecate
DoctrineProviderandDoctrineAdapterbecause these classes have been added to thedoctrine/cachepackage
- Deprecate
HelperSet::setCommand()andgetCommand()without replacement
- Deprecate
Comparator::setTarget()andComparator::setOperator() - Add a constructor to
Comparatorthat allows setting target and operator
- Deprecate calling
FormErrorIterator::children()if the current element is not iterable.
- Deprecate the
framework.translator.enabled_localesconfig option, useframework.enabled_localesinstead - Deprecate the
AdapterInterfaceautowiring alias, useCacheItemPoolInterfaceinstead - Deprecate the public
profilerservice to private - Deprecate
get(),has(),getDoctrine(), anddispatchMessage()inAbstractController, use method/constructor injection instead - Deprecate the
cache.adapter.doctrineservice: The Doctrine Cache library is deprecated. Either switch to Symfony Cache or use the PSR-6 adapters provided by Doctrine Cache.
- Deprecate
AbstractTestSessionListener::getSessioninject a session in the request instead
- Mark
Request::get()internal, use explicit input sources instead - Deprecate
upload_progress.*andurl_rewriter.tagssession options
- Deprecate not setting the
delete_after_ackconfig option (or DSN parameter) using the Redis transport, its default value will change totruein 6.0 - Deprecate not setting the
reset_on_messageconfig option, its default value will change totruein 6.0
- Deprecate
ResetLoggersWorkerSubscriberto reset buffered logs in messenger workers, use "reset_on_message" option in messenger configuration instead.
-
Deprecate
FirewallConfig::getListeners(), useFirewallConfig::getAuthenticators()instead -
Deprecate
security.authentication.basic_entry_pointandsecurity.authentication.retry_entry_pointservices, the logic is moved into theHttpBasicAuthenticatorandChannelListenerrespectively -
Deprecate not setting
$authenticatorManagerEnabledtotrueinSecurityDataCollectorandDebugFirewallCommand -
Deprecate
SecurityFactoryInterfaceandSecurityExtension::addSecurityListenerFactory()in favor ofAuthenticatorFactoryInterfaceandSecurityExtension::addAuthenticatorFactory() -
Add
AuthenticatorFactoryInterface::getPriority()which replacesSecurityFactoryInterface::getPosition(). Previous positions are mapped to the following priorities:Position Constant Priority pre_auth RemoteUserFactory::PRIORITY/X509Factory::PRIORITY-10 form FormLoginFactory::PRIORITY-30 http HttpBasicFactory::PRIORITY-50 remember_me RememberMeFactory::PRIORITY-60 anonymous n/a -70 -
Deprecate passing an array of arrays as 1st argument to
MainConfiguration, pass a sorted flat array of factories instead. -
Deprecate the
always_authenticate_before_grantingoption
-
Deprecate
AuthenticationEvents::AUTHENTICATION_FAILURE, use theLoginFailureEventinstead -
Deprecate the
$authenticationEntryPointargument ofChannelListener, and add$httpPortand$httpsPortarguments -
Deprecate
RetryAuthenticationEntryPoint, this code is now inlined in theChannelListener -
Deprecate
FormAuthenticationEntryPointandBasicAuthenticationEntryPoint, in the new system theFormLoginAuthenticatorandHttpBasicAuthenticatorshould be used instead -
Deprecate
AbstractRememberMeServices,PersistentTokenBasedRememberMeServices,RememberMeServicesInterface,TokenBasedRememberMeServices, use the remember me handler alternatives instead -
Deprecate
AnonymousToken, as the related authenticator was deprecated in 5.3 -
Deprecate
Token::getCredentials(), tokens should no longer contain credentials (as they represent authenticated sessions) -
Deprecate not returning an
UserInterfacefromToken::getUser() -
Deprecate
AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLYandAuthenticatedVoter::IS_ANONYMOUS, useAuthenticatedVoter::PUBLIC_ACCESSinstead.Before:
# config/packages/security.yaml security: # ... access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
After:
# config/packages/security.yaml security: # ... access_control: - { path: ^/login, roles: PUBLIC_ACCESS }
-
Deprecate
AuthenticationTrustResolverInterface::isAnonymous()and theis_anonymous()expression function as anonymous no longer exists in version 6, use theisFullFledged()or the newisAuthenticated()instead if you want to check if the request is (fully) authenticated. -
Deprecate the
$authManagerargument ofAccessListener, the argument will be removed -
Deprecate the
$authenticationManagerargument of theAuthorizationCheckerconstructor, the argument will be removed -
Deprecate setting the
$alwaysAuthenticateargument totrueand not setting the$exceptionOnNoToken argument tofalseofAuthorizationChecker(this is the default behavior when usingenable_authenticator_manager: true`) -
Deprecate not setting the
$exceptionOnNoTokenargument ofAccessListenertofalse(this is the default behavior when usingenable_authenticator_manager: true) -
Deprecate
TokenInterface:isAuthenticated()andsetAuthenticated()methods, returnnullfromgetUser()instead when a token is not authenticated -
Deprecate
DeauthenticatedEvent, useTokenDeauthenticatedEventinstead -
Deprecate
CookieClearingLogoutHandler,SessionLogoutHandlerandCsrfTokenClearingLogoutHandler. UseCookieClearingLogoutListener,SessionLogoutListenerandCsrfTokenClearingLogoutListenerinstead -
Deprecate
AuthenticatorInterface::createAuthenticatedToken(), useAuthenticatorInterface::createToken()instead -
Deprecate
PassportInterface,UserPassportInterfaceandPassportTrait, usePassportinstead. As such, the return type declaration ofAuthenticatorInterface::authenticate()will change toPassportin 6.0Before:
class MyAuthenticator implements AuthenticatorInterface { public function authenticate(Request $request): PassportInterface { } }
After:
class MyAuthenticator implements AuthenticatorInterface { public function authenticate(Request $request): Passport { } }