From 6e694ee249148fff06e5d68f7117d33218b8858c Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Tue, 15 Sep 2020 00:52:10 +0300 Subject: [PATCH] release version 2.0.38 --- framework/BaseYii.php | 2 +- framework/CHANGELOG.md | 29 +++++++++++++++-------------- framework/di/Container.php | 6 +++--- framework/filters/AccessRule.php | 2 +- framework/rbac/DbManager.php | 1 + 5 files changed, 21 insertions(+), 19 deletions(-) diff --git a/framework/BaseYii.php b/framework/BaseYii.php index e2c4097..9b0d830 100644 --- a/framework/BaseYii.php +++ b/framework/BaseYii.php @@ -93,7 +93,7 @@ class BaseYii */ public static function getVersion() { - return '2.0.38-dev'; + return '2.0.38'; } /** diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 3d5b30b..d51b5fe 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -1,25 +1,26 @@ Yii Framework 2 Change Log ========================== -2.0.38 under development ------------------------- +2.0.38 September 14, 2020 +------------------------- -- Bug: (CVE-2020-15148): Disable unserialization of `yii\db\BatchQueryResult` to prevent remote code execution in case application calls unserialize() on user input containing specially crafted string (samdark, russtone) -- Enh #18213: Do not load fixtures with circular dependencies twice instead of throwing an exception (JesseHines0) -- Bug #18066: Fix `yii\db\Query::create()` wasn't using all info from `withQuery()` (maximkou) -- Bug #18269: Fix integer safe attribute to work properly in `yii\base\Model` (Ladone) -- Enh #18236: Allow `yii\filters\RateLimiter` to accept a closure function for the `$user` property in order to assign values on runtime (nadar) -- Bug #18248: Render only one stack trace on a console for chained exceptions (mikehaertl) -- Bug #18233: Add PHP 8 support (samdark) -- Enh #18196: `yii\rbac\DbManager::$checkAccessAssignments` is now `protected` (alex-code) -- Bug #18239: Fix support of no-extension files for `FileValidator::validateExtension()` (darkdef) -- Bug #18229: Add a flag to specify SyBase database when used with pdo_dblib (darkdef) - Bug #13973: Correct alterColumn for MSSQL & drop constraints before dropping a column (darkdef) -- Bug #18040: Display width specification for integer data types was deprecated in MySQL 8.0.19 (terabytesoftw) - Bug #15265: PostgreSQL > 10.0 is not pass tests with default value of timestamp CURRENT_TIMESTAMP (terabytesoftw) -- Bug #18232: Fail tests pgsql v-10.14, v-11.9, v-12-latest (terabytesoftw) - Bug #16892: Validation error class was not applied to checkbox and radio when validationStateOn = self::VALIDATION_STATE_ON_INPUT (dan-szabo, samdark) +- Bug #18040: Display width specification for integer data types was deprecated in MySQL 8.0.19 (terabytesoftw) +- Bug #18066: Fix `yii\db\Query::create()` wasn't using all info from `withQuery()` (maximkou) +- Bug #18229: Add a flag to specify SyBase database when used with pdo_dblib (darkdef) +- Bug #18232: Fail tests pgsql v-10.14, v-11.9, v-12-latest (terabytesoftw) +- Bug #18233: Add PHP 8 support (samdark) +- Bug #18239: Fix support of no-extension files for `FileValidator::validateExtension()` (darkdef) - Bug #18245: Make resolving DI references inside of arrays in dependencies optional (SamMousa, samdark, hiqsol) +- Bug #18248: Render only one stack trace on a console for chained exceptions (mikehaertl) +- Bug #18269: Fix integer safe attribute to work properly in `yii\base\Model` (Ladone) +- Bug: (CVE-2020-15148): Disable unserialization of `yii\db\BatchQueryResult` to prevent remote code execution in case application calls unserialize() on user input containing specially crafted string (samdark, russtone) +- Enh #18196: `yii\rbac\DbManager::$checkAccessAssignments` is now `protected` (alex-code) +- Enh #18213: Do not load fixtures with circular dependencies twice instead of throwing an exception (JesseHines0) +- Enh #18236: Allow `yii\filters\RateLimiter` to accept a closure function for the `$user` property in order to assign values on runtime (nadar) + 2.0.37 August 07, 2020 ---------------------- diff --git a/framework/di/Container.php b/framework/di/Container.php index 2717572..d7aa6f8 100644 --- a/framework/di/Container.php +++ b/framework/di/Container.php @@ -93,8 +93,8 @@ use yii\helpers\ArrayHelper; * * @property array $definitions The list of the object definitions or the loaded shared objects (type or ID => * definition or instance). This property is read-only. - * - * @property bool $resolveArrays whether to attempt to resolve elements in array dependencies + * @property bool $resolveArrays Whether to attempt to resolve elements in array dependencies. This property + * is write-only. * * @author Qiang Xue * @since 2.0 @@ -122,12 +122,12 @@ class Container extends Component * is associated with a list of constructor parameter types or default values. */ private $_dependencies = []; - /** * @var bool whether to attempt to resolve elements in array dependencies */ private $_resolveArrays = false; + /** * Returns an instance of the requested class. * diff --git a/framework/filters/AccessRule.php b/framework/filters/AccessRule.php index a4b604e..606c170 100644 --- a/framework/filters/AccessRule.php +++ b/framework/filters/AccessRule.php @@ -114,7 +114,7 @@ class AccessRule extends Component * @var array list of user IP addresses that this rule applies to. An IP address * can contain the wildcard `*` at the end so that it matches IP addresses with the same prefix. * For example, '192.168.*' matches all IP addresses in the segment '192.168.'. - * It may also contain a pattern/mask like '172.16.0.0/12' which would match all IPs from the + * It may also contain a pattern/mask like '172.16.0.0/12' which would match all IPs from the * 20-bit private network block in RFC1918. * If not set or empty, it means this rule applies to all IP addresses. * @see Request::userIP diff --git a/framework/rbac/DbManager.php b/framework/rbac/DbManager.php index 51947bd..9aa29ae 100644 --- a/framework/rbac/DbManager.php +++ b/framework/rbac/DbManager.php @@ -106,6 +106,7 @@ class DbManager extends BaseManager */ protected $checkAccessAssignments = []; + /** * Initializes the application component. * This method overrides the parent implementation by establishing the database connection.