Merge branch '3.4'

xabbuh · xabbuh · commit 0d603cbd7995 · 2017-07-18T09:40:50.000+02:00
* 3.4:
  added CVE 2017-11365
  added URL where to ask for a CVE identifier
  add missing choices_as_values options
  fixing bad diff syntax
  Update usage.rst
diff --git a/contributing/code/security.rst b/contributing/code/security.rst
@@ -21,7 +21,7 @@ confirmed, the core-team works on a solution following these steps:
 
 #. Send an acknowledgement to the reporter;
 #. Work on a patch;
-#. Get a CVE identifier from mitre.org;
+#. Get a CVE identifier from `mitre.org`_;
 #. Write a security announcement for the official Symfony `blog`_ about the
    vulnerability. This post should contain the following information:
 
@@ -103,6 +103,7 @@ Security Advisories
 This section indexes security vulnerabilities that were fixed in Symfony
 releases, starting from Symfony 1.0.0:
 
+* Jul 17, 2017, `CVE-2017-11365: Empty passwords validation issue <https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue>`_ (2.7.30, 2.7.31, 2.8.23, 2.8.24, 3.2.10, 3.2.11, 3.3.3, and 3.3.4)
 * May 9, 2016: `CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password <https://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password>`_ (2.8.0-2.8.5, 3.0.0-3.0.5)
 * May 9, 2016: `CVE-2016-4423: Large username storage in session <https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session>`_ (2.3.0-2.3.40, 2.7.0-2.7.12, 2.8.0-2.8.5, 3.0.0-3.0.5)
 * January 18, 2016: `CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails <https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails>`_ (2.3.0-2.3.36, 2.6.0-2.6.12, 2.7.0-2.7.8)
@@ -142,3 +143,4 @@ releases, starting from Symfony 1.0.0:
 .. _blog: https://symfony.com/blog/
 .. _Security Advisories: https://symfony.com/blog/category/security-advisories
 .. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
+.. _`mitre.org`: https://cveform.mitre.org/
diff --git a/form/create_custom_field_type.rst b/form/create_custom_field_type.rst
@@ -36,7 +36,8 @@ for form fields, which is ``<BundleName>\Form\Type``. Make sure the field extend
                     'Standard Shipping' => 'standard',
                     'Expedited Shipping' => 'expedited',
                     'Priority Shipping' => 'priority',
-                )
+                ),
+                'choices_as_values' => true,
             ));
         }
 
diff --git a/form/dynamic_form_modification.rst b/form/dynamic_form_modification.rst
@@ -409,9 +409,10 @@ sport like this::
                     $positions = null === $sport ? array() : $sport->getAvailablePositions();
 
                     $form->add('position', EntityType::class, array(
-                        'class'       => 'AppBundle:Position',
+                        'class' => 'AppBundle:Position',
                         'placeholder' => '',
-                        'choices'     => $positions,
+                        'choices' => $positions,
+                        'choices_as_values' => true,
                     ));
                 }
             );
@@ -465,9 +466,10 @@ The type would now look like::
                 $positions = null === $sport ? array() : $sport->getAvailablePositions();
 
                 $form->add('position', EntityType::class, array(
-                    'class'       => 'AppBundle:Position',
+                    'class' => 'AppBundle:Position',
                     'placeholder' => '',
-                    'choices'     => $positions,
+                    'choices' => $positions,
+                    'choices_as_values' => true,
                 ));
             };
 
diff --git a/frontend/encore/faq.rst b/frontend/encore/faq.rst
@@ -66,13 +66,13 @@ like ``/myAppSubdir``), you just need to configure that when calling ``Encore.se
 
         .setOutputPath('web/build/')
 
-        - .setPublicPath('/build')
-        + // this is your *true* public path
-        + .setPublicPath('/myAppSubdir/build')
+    -     .setPublicPath('/build')
+    +     // this is your *true* public path
+    +     .setPublicPath('/myAppSubdir/build')
 
-        + // this is now needed so that your manifest.json keys are still `build/foo.js`
-        + // i.e. you won't need to change anything in your Symfony app
-        + .setManifestKeyPrefix('build')
+    +     // this is now needed so that your manifest.json keys are still `build/foo.js`
+    +     // i.e. you won't need to change anything in your Symfony app
+    +     .setManifestKeyPrefix('build')
     ;
 
 If you're :ref:`processing your assets through manifest.json <load-manifest-files>`,
diff --git a/workflow/usage.rst b/workflow/usage.rst
@@ -229,7 +229,7 @@ order:
     * ``workflow.[workflow name].enter``
     * ``workflow.[workflow name].enter.[place name]``
 
-``work.flow.entered``
+``workflow.entered``
 
     Similar to ``workflow.enter``, except the marking store is updated before this
     event (making it a good place to flush data in Doctrine). 

Original file line number	Diff line number	Diff line change
@@ -36,7 +36,8 @@ for form fields, which is ``<BundleName>\Form\Type``. Make sure the field extend
`36`	`36`	`'Standard Shipping' => 'standard',`
`37`	`37`	`'Expedited Shipping' => 'expedited',`
`38`	`38`	`'Priority Shipping' => 'priority',`
`39`		`- )`
	`39`	`+ ),`
	`40`	`+ 'choices_as_values' => true,`
`40`	`41`	`));`
`41`	`42`	`}`
`42`	`43`