4.0.1 (2017-12-05)

• bug #25304 [Bridge/PhpUnit] Prefer $_SERVER['argv'] over $argv (ricknox)
• bug #25272 [SecurityBundle] fix setLogoutOnUserChange calls for context listeners (dmaicher)
• bug #25282 [DI] Register singly-implemented interfaces when doing PSR-4 discovery (nicolas-grekas)
• bug #25274 [Security] Adding a GuardAuthenticatorHandler alias (weaverryan)
• bug #25308 [FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash (Simperfit)
• bug #25278 Fix for missing whitespace control modifier in form layout (kubawerlos)
• bug #25306 [Form][TwigBridge] Fix collision between view properties and form fields (yceruto)
• bug #25305 [Form][TwigBridge] Fix collision between view properties and form fields (yceruto)
• bug #25236 [Form][TwigBridge] Fix collision between view properties and form fields (yceruto)
• bug #25312 [DI] Fix deep-inlining of non-shared refs (nicolas-grekas)
• bug #25309 [Yaml] parse newlines in quoted multiline strings (xabbuh)
• bug #25313 [DI] Fix missing unset leading to false-positive circular ref (nicolas-grekas)
• bug #25268 [DI] turn $private to protected in dumped container, to make cache:clear BC (nicolas-grekas)
• bug #25285 [DI] Throw an exception if Expression Language is not installed (sroze)
• bug #25241 [Yaml] do not eagerly filter comment lines (xabbuh)
• bug #25284 [DI] Cast ids to string, as done on 3.4 (nicolas-grekas, sroze)
• bug #25297 [Validator] Fixed the @Valid(groups={"group"}) against null exception case (vudaltsov)
• bug #25255 [Console][DI] Fail gracefully (nicolas-grekas)
• bug #25264 [DI] Trigger deprecation when setting a to-be-private synthetic service (nicolas-grekas)
• bug #25258 [link] Prevent warnings when running link with 2.7 (dunglas)
• bug #25244 [DI] Add missing deprecation when fetching private services from ContainerBuilder (nicolas-grekas)
• bug #24750 [Validator] ExpressionValidator should use OBJECT_TO_STRING (Simperfit)
• bug #25247 [DI] Fix false-positive circular exception (nicolas-grekas)
• bug #25226 [HttpKernel] Fix issue when resetting DumpDataCollector (Pierstoval)
• bug #25230 Use a more specific file for detecting the bridge (greg0ire)
• bug #25232 [WebProfilerBundle] [TwigBundle] Fix Profiler breaking XHTML pages (tistre)

4.0.0 (2017-11-30)

• bug #25220 [HttpFoundation] Add Session::isEmpty(), fix MockFileSessionStorage to behave like the native one (nicolas-grekas)
• bug #25209 [VarDumper] Dont use empty(), it chokes on eg GMP objects (nicolas-grekas)
• bug #25200 [HttpKernel] Arrays with scalar values passed to ESI fragment renderer throw deprecation notice (Simperfit)
• bug #25201 [HttpKernel] Add a better error messages when passing a private or non-tagged controller (Simperfit)
• bug #25155 [DependencyInjection] Detect case mismatch in autowiring (Simperfit, sroze)
• bug #25217 [Dotenv] Changed preg_match flags from null to 0 (deekthesqueak)
• bug #25180 [DI] Fix circular reference when using setters (nicolas-grekas)
• bug #25204 [DI] Clear service reference graph (nicolas-grekas)
• bug #25203 [DI] Fix infinite loop in InlineServiceDefinitionsPass (nicolas-grekas)
• bug #25185 [Serializer] Do not cache attributes if attributes in context (sroze)
• bug #25190 [HttpKernel] Keep legacy container files for concurrent requests (nicolas-grekas)
• bug #25182 [HttpFoundation] AutExpireFlashBag should not clear new flashes (Simperfit, sroze)
• bug #25174 [Translation] modify definitions only if the do exist (xabbuh)
• bug #25179 [FrameworkBundle][Serializer] Remove YamlEncoder definition if Yaml component isn't installed (ogizanagi)
• bug #25160 [DI] Prevent a ReflectionException during cache:clear when the parent class doesn't exist (dunglas)
• bug #25163 [DI] Fix tracking of env vars in exceptions (nicolas-grekas)
• bug #25162 [HttpKernel] Read $_ENV when checking SHELL_VERBOSITY (nicolas-grekas)
• bug #25158 [DI] Remove unreachable code (GawainLynch)
• bug #25152 [Form] Don't rely on Symfony\Component\HttpFoundation\File\File if http-foundation isn't in FileType (issei-m)
• bug #24987 [Console] Fix global console flag when used in chain (Simperfit)
• bug #25137 Adding checks for the expression language (weaverryan)
• bug #25151 [FrameworkBundle] Automatically enable the CSRF protection if CSRF manager exists (sroze)
• bug #25043 [Yaml] added ability for substitute aliases when mapping is on single line (Michał Strzelecki, xabbuh)

4.0.0-RC2 (2017-11-24)

• bug #25146 [DI] Dont resolve envs in service ids (nicolas-grekas)
• bug #25113 [Routing] Fix "config-file-relative" annotation loader resources (nicolas-grekas, sroze)
• bug #25065 [FrameworkBundle] Update translation commands to work with default paths (yceruto)
• bug #25109 Make debug:container search command case-insensitive (jzawadzki)
• bug #25121 [FrameworkBundle] Fix AssetsInstallCommand (nicolas-grekas)
• bug #25102 [Form] Fixed ContextErrorException in FileType (chihiro-adachi)
• bug #25130 [DI] Fix handling of inlined definitions by ContainerBuilder (nicolas-grekas)
• bug #25119 [DI] Fix infinite loop when analyzing references (nicolas-grekas)
• bug #25094 [FrameworkBundle][DX] Display a nice error message if an enabled component is missing (derrabus)
• bug #25100 [SecurityBundle] providerIds is undefined error when firewall provider is not specified (karser)
• bug #25100 [SecurityBundle] providerIds is undefined error when firewall provider is not specified (karser)
• bug #25100 [SecurityBundle] providerIds is undefined error when firewall provider is not specified (karser)
• bug #25097 [Bridge\PhpUnit] Turn "preserveGlobalState" to false by default, revert "Blacklist" removal (nicolas-grekas)

4.0.0-RC1 (2017-11-21)

• bug #25077 [Bridge/Twig] Let getFlashes starts the session (MatTheCat)
• bug #25082 [HttpKernel] Disable container inlining when legacy inlining has been used (nicolas-grekas)
• bug #25022 [Filesystem] Updated Filesystem::makePathRelative (inso)
• bug #25072 [Bridge/PhpUnit] Remove trailing "\n" from ClockMock::microtime(false) (joky)
• bug #25069 [Debug] Fix undefined variable $lightTrace (nicolas-grekas)
• bug #25053 [Serializer] Fixing PropertyNormalizer supports parent properties (Christopher Hertel)
• bug #25055 [DI] Analyze setter-circular deps more precisely (nicolas-grekas)
• feature #25056 [Bridge/PhpUnit] Sync the bridge version installed in vendor/ and in phpunit clone (nicolas-grekas)
• bug #25048 Allow EnumNode name to be null (MatTheCat)
• bug #25045 [SecurityBundle] Don't trigger auto-picking notice if provider is set per listener (chalasr)
• bug #25033 [FrameworkBundle] Dont create empty bundles directory by default (ro0NL)
• bug #25037 [DI] Skip hot_path tag for deprecated services as their class might also be (nicolas-grekas)
• bug #25038 [Cache] Memcached options should ignore "lazy" (nicolas-grekas)
• bug #25014 Move deprecation under use statements (greg0ire)
• bug #25030 [Console] Fix ability to disable lazy commands (chalasr)
• bug #25032 [Bridge\PhpUnit] Disable broken auto-require mechanism of phpunit (nicolas-grekas)
• bug #25016 [HttpKernel] add type-hint for the requestType (Simperfit)
• bug #25027 [FrameworkBundle] Hide server:log command based on deps (sroze)
• bug #24991 [DependencyInjection] Single typed argument can be applied on multiple parameters (nicolas-grekas, sroze)
• bug #24983 [Validator] enter the context in which to validate (xabbuh)
• bug #24956 Fix ambiguous pattern (weltling)
• bug #24732 [DependencyInjection] Prevent service:method factory notation in PHP config (vudaltsov)
• bug #24979 [HttpKernel] remove services resetter even when it's an alias (xabbuh)
• bug #24972 [HttpKernel] Fix service arg resolver for controllers as array callables (sroze, nicolas-grekas)
• bug #24971 [FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand (nicolas-grekas)
• security #24995 Validate redirect targets using the session cookie domain (nicolas-grekas)
• security #24994 Prevent bundle readers from breaking out of paths (xabbuh)
• security #24993 Ensure that submitted data are uploaded files (xabbuh)
• security #24992 Namespace generated CSRF tokens depending of the current scheme (dunglas)
• bug #24975 [DomCrawler] Type fix Crawler:: discoverNamespace() (VolCh)
• bug #24954 [DI] Fix dumping with custom base class (nicolas-grekas)
• bug #24952 [HttpFoundation] Fix session-related BC break (nicolas-grekas, sroze)
• bug #24943 [FrameworkBundle] Wire the translation.reader service instead of deprecated translation.loader in commands (ogizanagi)