Merge branch '4.1'

* 4.1: (22 commits)
  [HttpKernel] Fix restoring trusted proxies in tests
  Update UPGRADE-4.0.md
  [Messenger] Fix suggested enqueue adapter package
  bumped Symfony version to 4.1.1
  updated VERSION for 4.1.0
  updated CHANGELOG for 4.1.0
  Insert correct parameter_bag service in AbstractController
  Revert "feature symfony#26702 Mark ExceptionInterfaces throwable (ostrolucky)"
  CODEOWNERS: some more rules
  removed unneeded comments in tests
  removed unneeded comments in tests
  Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
  [HttpKernel] fix registering IDE links
  update UPGRADE-4.1 for feature symfony#26332 Form field help option
  [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
  [Process] Consider \"executable\" suffixes first on Windows
  Triggering RememberMe's loginFail() when token cannot be created
  bumped Symfony version to 4.1.0
  updated VERSION for 4.1.0-BETA3
  updated CHANGELOG for 4.1.0-BETA3
  ...

Author: nicolas-grekas

.github/CODEOWNERS

@@ -1,10 +1,23 @@
+# Console
+/src/Symfony/Component/Console/Logger/ConsoleLogger.php @dunglas
+# DependencyInjection
+/src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php @dunglas
+# HttpKernel
+/src/Symfony/Component/HttpKernel/Log/Logger.php @dunglas
 # LDAP
 /src/Symfony/Component/Ldap/* @csarrazi
 # Lock
 /src/Symfony/Component/Lock/* @jderusse
 # Messenger
 /src/Symfony/Bridge/Doctrine/Messenger/* @sroze
 /src/Symfony/Component/Messenger/* @sroze
+# PropertyInfo
+/src/Symfony/Component/PropertyInfo/* @dunglas
+/src/Symfony/Bridge/Doctrine/PropertyInfo/* @dunglas
+# Serializer
+/src/Symfony/Component/Serializer/* @dunglas
+# WebLink
+/src/Symfony/Component/WebLink/* @dunglas
 # Workflow
 /src/Symfony/Bridge/Twig/Extension/WorkflowExtension.php @lyrixx
 /src/Symfony/Bridge/Twig/Tests/Extension/WorkflowExtensionTest.php @lyrixx

CHANGELOG-4.1.md

@@ -7,6 +7,35 @@ in 4.1 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.1.0...v4.1.1
 
+* 4.1.0 (2018-05-30)
+
+ * bug #27420 Revert "feature #26702 Mark ExceptionInterfaces throwable (ostrolucky)" (nicolas-grekas)
+ * bug #27415 Insert correct parameter_bag service in AbstractController (curry684)
+
+* 4.1.0-BETA3 (2018-05-26)
+
+ * bug #27388 [Routing] Account for greediness when merging route patterns (nicolas-grekas)
+ * bug #27344 [HttpKernel] reset kernel start time on reboot (kiler129)
+ * bug #27365 [Serializer] Check the value of enable_max_depth if defined (dunglas)
+ * bug #27358 [PhpUnitBridge] silence some stderr outputs (ostrolucky)
+ * bug #27366 [DI] never inline lazy services (nicolas-grekas)
+ * bug #27352 Remove reference to the test container after kernel shutdown (stof)
+ * bug #27350 [HttpKernel] fix deprecation in AbstractTestSessionListener (alekitto)
+ * bug #27367 [FrameworkBundle] cleanup generated test container (nicolas-grekas)
+ * bug #27379 [FrameworkBundle] Fix using test.service_container when Client is rebooted (nicolas-grekas)
+ * bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (nicolas-grekas)
+ * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas)
+ * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured
+ * security #cve-2018-11406 clear CSRF tokens when the user is logged out
+ * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener
+ * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener
+ * security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation
+ * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation
+ * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
+ * bug #27341 [WebProfilerBundle] Fixed validator/dump trace CSS (yceruto)
+ * bug #27337  [FrameworkBundle] fix typo in CacheClearCommand (emilielorenzo)
+ * bug #27292 [Serializer] Fix and improve constraintViolationListNormalizer's RFC7807 compliance (dunglas)
+
 * 4.1.0-BETA2 (2018-05-21)
 
  * bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)

UPGRADE-4.0.md

@@ -759,6 +759,9 @@ Security
  * The `GuardAuthenticatorInterface` interface has been removed.
    Use `AuthenticatorInterface` instead.
 
+ * When extending `AbstractGuardAuthenticator` getCredentials() cannot return
+   `null` anymore, return false from `supports()` if no credentials available instead.
+
 SecurityBundle
 --------------
 

UPGRADE-4.1.md

@@ -64,6 +64,9 @@ Form
    }
    ```
 
+ * Added `help` option to the form field. If you have custom Form extension for it, you should remove it.
+   Also remove it from the custom form theme.
+
 FrameworkBundle
 ---------------
 

src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php

@@ -49,6 +49,8 @@ public function testUseRequestClientIp()
         $this->assertEquals($server['REQUEST_METHOD'], $record['extra']['http_method']);
         $this->assertEquals($server['SERVER_NAME'], $record['extra']['server']);
         $this->assertEquals($server['HTTP_REFERER'], $record['extra']['referrer']);
+
+        Request::setTrustedProxies(array(), -1);
     }
 
     public function testCanBeConstructedWithExtraFields()

src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php

@@ -13,6 +13,7 @@
 
 use Psr\Container\ContainerInterface;
 use Doctrine\Common\Persistence\ManagerRegistry;
+use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
 use Symfony\Component\DependencyInjection\ServiceSubscriberInterface;
 use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -84,7 +85,7 @@ public static function getSubscribedServices()
             'form.factory' => '?'.FormFactoryInterface::class,
             'security.token_storage' => '?'.TokenStorageInterface::class,
             'security.csrf.token_manager' => '?'.CsrfTokenManagerInterface::class,
-            'parameter_bag' => '?'.ContainerInterface::class,
+            'parameter_bag' => '?'.ContainerBagInterface::class,
             'message_bus' => '?'.MessageBusInterface::class,
         );
     }

src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php

@@ -64,9 +64,6 @@ class FrameworkBundle extends Bundle
 {
     public function boot()
     {
-        if (!ini_get('xdebug.file_link_format') && !get_cfg_var('xdebug.file_link_format')) {
-            ini_set('xdebug.file_link_format', $this->container->getParameter('debug.file_link_format'));
-        }
         ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);
 
         if ($this->container->getParameter('kernel.http_method_override')) {
@@ -102,7 +99,7 @@ public function build(ContainerBuilder $container)
         $this->addCompilerPassIfExists($container, AddConstraintValidatorsPass::class, PassConfig::TYPE_BEFORE_REMOVING);
         $container->addCompilerPass(new AddAnnotationsCachedReaderPass(), PassConfig::TYPE_AFTER_REMOVING, -255);
         $this->addCompilerPassIfExists($container, AddValidatorInitializersPass::class);
-        $this->addCompilerPassIfExists($container, AddConsoleCommandPass::class);
+        $this->addCompilerPassIfExists($container, AddConsoleCommandPass::class, PassConfig::TYPE_BEFORE_REMOVING);
         $this->addCompilerPassIfExists($container, TranslatorPass::class);
         $container->addCompilerPass(new LoggingTranslatorPass());
         $container->addCompilerPass(new AddExpressionLanguageProvidersPass());

src/Symfony/Bundle/FrameworkBundle/Resources/config/web.xml

@@ -74,6 +74,7 @@
             <argument type="service" id="logger" on-invalid="null" />
             <argument>%kernel.debug%</argument>
             <argument>%kernel.charset%</argument>
+            <argument>%debug.file_link_format%</argument>
         </service>
 
         <service id="validate_request_listener" class="Symfony\Component\HttpKernel\EventListener\ValidateRequestListener">

src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php

@@ -24,6 +24,32 @@ protected function createController()
         return new TestAbstractController();
     }
 
+    /**
+     * This test protects the default subscribed core services against accidental modification.
+     */
+    public function testSubscribedServices()
+    {
+        $subscribed = AbstractController::getSubscribedServices();
+        $expectedServices = array(
+            'router' => '?Symfony\\Component\\Routing\\RouterInterface',
+            'request_stack' => '?Symfony\\Component\\HttpFoundation\\RequestStack',
+            'http_kernel' => '?Symfony\\Component\\HttpKernel\\HttpKernelInterface',
+            'serializer' => '?Symfony\\Component\\Serializer\\SerializerInterface',
+            'session' => '?Symfony\\Component\\HttpFoundation\\Session\\SessionInterface',
+            'security.authorization_checker' => '?Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationCheckerInterface',
+            'templating' => '?Symfony\\Component\\Templating\\EngineInterface',
+            'twig' => '?Twig\\Environment',
+            'doctrine' => '?Doctrine\\Common\\Persistence\\ManagerRegistry',
+            'form.factory' => '?Symfony\\Component\\Form\\FormFactoryInterface',
+            'parameter_bag' => '?Symfony\\Component\\DependencyInjection\\ParameterBag\\ContainerBagInterface',
+            'message_bus' => '?Symfony\\Component\\Messenger\\MessageBusInterface',
+            'security.token_storage' => '?Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorageInterface',
+            'security.csrf.token_manager' => '?Symfony\\Component\\Security\\Csrf\\CsrfTokenManagerInterface',
+        );
+
+        $this->assertEquals($expectedServices, $subscribed, 'Subscribed core services in AbstractController have changed');
+    }
+
     public function testGetParameter()
     {
         $container = new Container(new FrozenParameterBag(array('foo' => 'bar')));

src/Symfony/Bundle/WebProfilerBundle/Controller/ExceptionController.php

@@ -30,6 +30,7 @@ class ExceptionController
     protected $twig;
     protected $debug;
     protected $profiler;
+    private $fileLinkFormat;
 
     public function __construct(Profiler $profiler = null, Environment $twig, bool $debug, FileLinkFormatter $fileLinkFormat = null)
     {