CHANGELOG ========= 5.4.21 ------ * [BC BREAK] `AccessDecisionStrategyTestCase::provideStrategyTests()` is now static 5.4 --- * Add a `CacheableVoterInterface` for voters that vote only on identified attributes and subjects * Deprecate `AuthenticationEvents::AUTHENTICATION_FAILURE`, use the `LoginFailureEvent` instead * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3 * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions) * Deprecate returning `string|\Stringable` from `Token::getUser()` (it must return a `UserInterface`) * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`, use `AuthenticatedVoter::IS_AUTHENTICATED_FULLY` or `AuthenticatedVoter::IS_AUTHENTICATED` instead. * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead if you want to check if the request is (fully) authenticated. * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the `$exceptionOnNoToken` argument to `false` of `AuthorizationChecker` * Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`, return null from "getUser()" instead when a token is not authenticated * Add `AccessDecisionStrategyInterface` to allow custom access decision strategies * Add access decision strategies `AffirmativeStrategy`, `ConsensusStrategy`, `PriorityStrategy`, `UnanimousStrategy` * Deprecate passing the strategy as string to `AccessDecisionManager`, pass an instance of `AccessDecisionStrategyInterface` instead * Flag `AccessDecisionManager` as `@final` 5.3 --- The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md