UPGRADE-2.12.md

UPGRADE FROM 2.11 to 2.12

Configuration

• Renamed external_redirects.whitelist option to external_redirects.allow_list

Before:

nelmio_security:
    external_redirects:
        # ...
        whitelist:
            - twitter.com
            - facebook.com

After:

nelmio_security:
    external_redirects:
        # ...
        allow_list:
            - twitter.com
            - facebook.com

• Renamed forced_ssl.whitelist option to forced_ssl.allow_list

Before:

nelmio_security:
    forced_ssl:
        enabled: true
        whitelist:
            - ^/unsecure/

After:

nelmio_security:
    forced_ssl:
        enabled: true
        allow_list:
            - ^/unsecure/

Events

• Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Event class is deprecated in favor of Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent.
• Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Events::VIOLATION_REPORT is deprecated, use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent::class instead.

Before (with Symfony >= 4.4):

<?php

use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Events;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

final class ViolationReportListener implements EventSubscriberInterface
{
    public function onViolationReport(Event $event): void
    {
        // Some code
    }
    
    public static function getSubscribedEvents(): array
    {
        return [Events::VIOLATION_REPORT => 'onViolationReport'];
    }
}

After (with Symfony >= 4.4):

<?php

use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

final class ViolationReportListener implements EventSubscriberInterface
{
    public function onViolationReport(ReportEvent $event): void
    {
        // Some code
    }
    
    public static function getSubscribedEvents(): array
    {
        return [ReportEvent::class => 'onViolationReport'];
    }
}