v4.3.6

Bug fixes

080574ad3 fix(symfony): register property_info fallback when not provided by Symfony (#7969)
286a47e72 fix(jsonapi): merge flat page/itemsPerPage params with bracket filter (#8193)
412682ede fix(serializer): translate PropertyAccess type mismatches to NotNormalizableValueException (#7967)
44bb18ddd fix(state): convert BackedEnum denormalization errors into validation violations (#8195)
53d8f5615 fix(metadata): :property dedup drops repeated parameters (#8196)
84d15b1f1 fix(metadata): negotiate wildcard Accept with parameters (#8192)
91f93e013 fix(laravel): set application/ld+json content-type on /contexts/{shortName} (#7973)
ae4ea864e fix(symfony,laravel): IriConverter local cache key collision between item and collection ops (#7975)
bf3fded64 fix(symfony): include value-object transformers in JSON-LD streamer locator (#7968)
f533810f7 fix(graphql): accept FilterInterface instance in QueryParameter (#7972)

v4.3.5

Bug fixes

78c4ddf02 fix(symfony): Symfony 8.1 compatibility (#7955)
14d5e8279 fix(symfony): api_platform_iris loader misses item Gets and api_genid (#7946)
f88b9122f fix(hydra): emit hydra:next and hydra:previous on empty cursor-paginated collections (#7961)
1721a7366 fix(mcp): jsonld schema handle oneOf and anyOf (#7962)
03ca10c17 fix(mcp): add title support to Tool
30a8e9ef0 fix(laravel): inject missing dependencies into HydraSchemaFactory (#7963)
173dc6631 fix(laravel): fall back to resource class when object is null in ResourceAccessChecker (#7948)
445529519 fix(laravel): don't cache empty Eloquent attributes for missing table
67d7a3dc2 fix(laravel): use lowercase asc/desc for Eloquent orderBy
85f6269c3 fix(laravel): expose ReDoc/Scalar in docs footer

v4.3.4

Bug fixes

0160a72e1 fix(doctrine): IriFilter ignores custom ApiProperty identifier on ODM (#7937)
37f248a45 fix(state): use exception message for user-facing violation when available (#7894)
472ae3f22 fix(openapi): generate both singular and array parameter variants for filters (#7906)
88ddc3680 fix(symfony): ensure ErrorListener is fully stateless to prevent stat… (#7921)
90875fb46 fix: unnecessary nullable operator
967ff7925 fix(jsonapi): use parent-resolved class in denormalizeRelation
98112eab7 fix(symfony): api_platform_iris route loader for graphql-only setups (#7934)
98f3d0f49 fix(symfony): security regression when ResourceAccessChecker is decorated (#7896) (#7897)
ac374fcc4 fix(state): preserve Type message when expectedTypes is set (#7935)
cf80a82d5 fix(laravel): skip relation metadata for abstract Eloquent models (#7933)
d08eb7f44 fix: ResourceClassInfoTrait::isResourceClass() is always true (#7924)
e19154930 fix(validator): handle nested groups and group sequences (#7914)
fcfaf3844 fix(metadata): nested property filters fail to generate JOINs when relation target entity is not directly declared as ApiResource (#7926)

v4.3.3

Bug fixes

4ad230247 fix(openapi): default explode to true for form and cookie style param… (#7891)

v4.2.24

Bug fixes

8cb5a6044 fix(state): do not map to input class in ObjectMapperProvider (#7892)

v4.3.2

Bug fixes

2d6e47460 fix(openapi)!: oauth scopes with dashes in name (#7853)
892c1c796 fix(openapi): uri variable default description (#7884)
a0daa07f9 fix(openapi): fallback description on summary (#7874)
a7072be4a fix(metadata): nested filtering only on resource classes (#7864)
e14ae87fa fix(laravel): resolve casts defined via casts() method (#7859)

Notes

The fix for oauth scopes with dashes in name (#7853) may change the current OpenAPI description but the risk is low.

v4.2.23

Bug fixes

1bddff82f fix(doctrine): inject nameConverter into AbstractFilter via QueryParameter (#7877)
5a3a7dc4b fix(state): prioritize input class over output in ObjectMapperProvider (#7879)
7c562a51f fix(laravel): partial patch validation config to replace required with sometimes (#7882)
9c2810b08 fix(metadata): read operation tags from OpenAPI context in XML (#7865)
a1292592e fix(doctrine): skip links with no join info when fromClass differs from entityClass (#7878)
aefeca529 fix(symfony): remove json stream conflicting service (#7867)
e447ab1fc fix(serializer): disable normalizer cache to prevent wrong normalizer in worker mode (#7868) (#7873)
fff8213b2 fix(serializer): handle nullable constructor params without default value (#7883)

v4.3.1

Bug fixes

13cc3950c fix(doctrine): reset nested_properties_info for non-nested properties in FreeTextQueryFilter (#7850)
1fa8c05ca fix(validator): fallback to message when detail is uninitialized (#7844)
aff1cf2cc fix(symfony): do not exclude resources from DI (#7847)
e45b5791d fix(validator): skip ValidateProcessor when ObjectMapper is not used (#7848)

v4.2.22

Bug fixes

3e96fc679 fix(serializer): evaluate ApiProperty security on input DTOs (#7852)
c7ababf2d fix(hydra): use compact IRI for owl:onProperty and Collection @id in DocumentationNormalizer (#7849)

v4.3.0

Features

fa3b69635 feat(mcp): introduce api-platform/mcp component (#7703)
d13c24759 feat: mcp bundle tool integration (#7595)
ed0ae92ce feat: add support of collection to MCP (#7724)
6e9e88dc2 feat(laravel): mcp support (#7709)
6addc554d feat(openapi): Scalar API Reference documentation support (#7817)
05a5d4d93 feat(laravel): object mapper (#7704)
359a128cd feat(symfony): isGranted before provider (#7500)
32e94848c feat: support relations on filters (#7711)
2682fc5fc feat: defaults parameters (#7758)
d640d106b feat(doctrine): uuid filter (#7628)
c56a35469 feat(doctrine): add nested relation support to IriFilter and UuidFilter (#7759)
5a876cc92 feat(doctrine): ComparisonFilter decorator for range filtering (#7760)
19809c617 feat(doctrine): ne (not equal) operator for ComparisonFilter (#7814)
6ba9c8b4d feat(doctrine): Add caseSensitive option to PartialSearchFilter (#7675)
9f98aff46 feat(doctrine): add ODM SortFilter and nested property support for parameter-based filters (#7780)
6f5d41458 feat(doctrine): remove PUT & PATCH for readonly entity (#7453)
64b46b2d0 feat(jsonschema): support for normalization/denormalization with attributes (#7629)
c70cd449f feat(json-schema): handle union object types in iterable properties (#7726)
625438cf2 feat(jsonapi): support entity identifiers instead of IRIs as resource id
833f3fec6 feat(serializer): option to preserve key in CollectionNormalizer (#7721)
383a5fa67 feat(serializer): global defaults.normalization_context.gen_id configuration option (#7775)
516ee3a28 feat(elasticsearch): OpenSearch support (#7811)
21aa2572d feat(elasticsearch): add SSL options for Elasticsearch configuration (#4059)
fe63ddec8 feat(validator): uuid/ulid parameter validation (#7649)
1427dfa91 feat(metadata): expose default attribute on parameters (#7551)
63fba2a4e feat(metadata): cache operation metadata factory (#7516)
350390ba3 feat(state): add headers to comply with LDP specification (#6917)
8bdb2bc91 feat(symfony): allow symfony makers namespace configuration (#7497)
45831a93c feat: enable to skip autoconfiguration with new SkipAutoconfigure attribute (#7467)
26d1ac4d6 feat: allow both uppercase and lowercase order direction in OrderFilter schema (#7741)
6626549b6 feat: correctly map problem-detail fields when using ProblemExceptionInterface (#7776)
db147a52f feat(laravel): split render logic from error handler (#7790)

Bug fixes

263dbd8b2 fix: call object mapper with the expected class on 4.3 (#7796)
af7c22749 fix(jsonld): use operation shortName for @context URI with multiple ApiResources
86b97d5ea fix(mcp): propagate session via processor context
3b9ed3bd4 fix(laravel): make api-platform/mcp optional (#7824) (#7828)
27cc4dbb3 fix(laravel): improve UI selection for documentation (#7826)
e16f7ec4f fix(laravel): add init-scalar-ui.js to Laravel's assets (#7825)
5ca646111 fix(mcp): fallback to sdk handler when not found (#7818)
95ec407bf fix(jsonapi): wrong variable name during merge (#7816)
04c30b7ee fix(jsonapi): prevent double unwrapping of data.attributes with input DTOs
191a46122 fix(serializer): apply API Platform name converter to input/output DTOs (#7779)
2e0b8ffb6 fix(serializer): prevent api_platform_output context from leaking to nested non-resource objects (#7787)
c6236f313 fix(serializer): report all missing constructor arguments in instantiateObject
31289b838 fix(symfony): make enable_docs a master switch for disabling documentation (#7806)
64247b050 fix(metadata): sort parameters by priority after pattern expansion (#7788)
813e4f793 fix(validator): missing required properties when using GroupSequence (#7784)
90dfc3554 fix(validator): handle nested groups and group sequences (#7791)
28834e6d6 fix(validator): validate entities after ObjectMapper transformation (#7731)
98b8efb68 fix(laravel): exclude .blade.php files from recursive class scan (#7813)
cfdc22c1c fix(laravel): do not exclude custom primary keys matching HasMany foreign keys (#7810)
9f1109365 fix(hydra): example type - use @type prefix per JSON-LD spec (#7768)
75ffdc43f fix(hydra): hide search key when there is parameter without filter (#7773)
e0ba0068d fix(hydra): unique class @id with subClassOf for semantic types (#7771)
9fdc6c27d fix(openapi): allow Operations to override global config in getPaginationParameters (#7807)
0f025e849 fix(state): handle partial pagination with object mapper (#7769)
a2efb39e1 fix(elasticsearch): mono-repo v9 support (#7766)
332272c6f fix(jsonld): restore item_uri_template @type resolution after 4.2 merge (#7764)
390056fbb fix(jsonld): item uri template type (#7518)
f0b355984 fix(symfony): use AsCommand description parameter for console commands (#7763)
23840f9df fix(symfony): publish mercure updates for all resources of an entity (#7774)
c624daf68 fix(symfony): allow toggling GraphQL Playground to ensure BC
c741bd62e fix: add missing RPC messenger handler for Symfony 8.1 compatibility
a4715f063 fix(doctrine): enforce api-platform/serializer dependency (#7781)
149fe24a1 fix(doctrine): throw exception if property is null for the doctrine filters (#7681)
17b6ff221 fix(jsonschema): name collision when an operation name is already used by another class (#7778)
4f6c4e1b4 fix(laravel): object-mapper / mcp-bundle versions

Breaking changes

JSON-LD [@type](https://github.com/type) with output and itemUriTemplate: When using output with itemUriTemplate on a collection operation, the JSON-LD [@type](https://github.com/type) now uses the resource class name instead of the output DTO class name for semantic consistency with itemUriTemplate behavior. Update any client code that relies on the DTO class name in [@type](https://github.com/type).
Doctrine filters require explicit property (#7681): Doctrine parameter-based filters (ExactFilter, IriFilter, PartialSearchFilter, UuidFilter) now throw InvalidArgumentException if the property attribute is missing. If you have filter parameters without an explicit property, you must either add one or use the :property placeholder in your parameter name.
Readonly Doctrine entities lose PUT & PATCH (#7453): Entities marked as readonly via Doctrine metadata ($classMetadata->markReadOnly()) will no longer expose PUT and PATCH operations. Clients sending PUT/PATCH to these resources will receive a 404. If you need write operations on readonly entities, explicitly define them in your ApiResource attribute.

Behavioral changes

Hydra class [@id](https://github.com/id) now always uses #ShortName (#7771): Hydra documentation classes now consistently use #ShortName as their [@id](https://github.com/id) instead of schema.org type URIs (e.g. schema:Product). This resolves class identifier collisions when multiple resources shared the same semantic type, which previously caused api-doc-parser conflation. Semantic types configured via types are now exposed through rdfs:subClassOf. Clients should expect class [@id](https://github.com/id) and property range changes in the Hydra documentation if resources had custom types configured.
isGranted evaluated before provider (#7500): Security expressions are now evaluated before the state provider runs. Expressions that do not reference the object variable will be checked earlier (at the pre_read stage), improving security by preventing unnecessary database queries on unauthorized requests. Expressions that reference object still wait for the provider to resolve the entity. Review any security expressions that relied on provider side-effects running before authorization.
LDP-compliant response headers (#6917): API responses now include Allow and Accept-Post headers per the Linked Data Platform specification. These are informational headers that help clients discover API capabilities and should not break existing integrations.
Scalar API Reference UI (#7817): Scalar is now available as an alternative documentation UI alongside Swagger UI. It is enabled by default when TwigBundle is available. Access it via ?ui=scalar. To disable it, set enable_scalar: false in your API Platform configuration.

v4.2.21

Bug fixes

20ced5fca fix(laravel): clear SkolemIriConverter state between requests (#7838)
2b2b7bca2 fix(filter): use correct type for int-backed enums in BackedEnumFilter
42a2d7fc6 fix(symfony): register DateTimeValueObjectTransformer for JsonStreamer (#7839)
63e6b57f8 fix(openapi): correct redocly openapi errors (#7834)
6a472a2db fix(jsonapi): swap arguments in DefinitionNameFactory::create() call
bbfd4cafa fix(filter): do not nest array while generating default schema (#7832)
c20a41c20 fix(symfony): clear SkolemIriConverter state between requests via ResetInterface (#7829)
d6ecbe122 fix(serializer): Use serializer when denormalizing relation inside Input (#7830)
da6232468 fix(metadata): allow GraphQL-only resources without identifiers (#3975) (#7836)
f4002902a fix(state): on creation, give expected class to object mapper (#7795)

v4.2.20

Bug fixes

31289b838 fix(symfony): make enable_docs a master switch for disabling documentation (#7806)
64115e152 fix(odm): partial pagination limit the documents entering $facet (#7822)
98b8efb68 fix(laravel): exclude .blade.php files from recursive class scan (#7813)
9fdc6c27d fix(openapi): allow Operations to override global config in getPaginationParameters (#7807)
cfdc22c1c fix(laravel): do not exclude custom primary keys matching HasMany foreign keys (#7810)

v4.2.19

Bug fixes

04c30b7ee fix(jsonapi): prevent double unwrapping of data.attributes with input DTOs
c6236f313 fix(serializer): report all missing constructor arguments in instantiateObject

v4.2.18

Bug fixes

2e0b8ffb6 fix(serializer): prevent api_platform_output context from leaking to nested non-resource objects (#7787)
64247b050 fix(metadata): sort parameters by priority after pattern expansion (#7788)
90dfc3554 fix(validator): handle nested groups and group sequences (#7784, #7791)
9f1109365 fix(hydra): example type - use @type prefix per JSON-LD spec (#7768)
c624daf68 fix(symfony): allow toggling GraphQL Playground to ensure BC

v4.2.17

Bug fixes

0f025e849 fix(state): handle partial pagination with object mapper (#7769)
17b6ff221 fix(jsonschema): name collision when an operation name is already used by another class (#7778)
191a46122 fix(serializer): apply API Platform name converter to input/output DTOs (#7779)
75ffdc43f fix(hydra): hide search key when there is parameter without filter (#7773)
f0b355984 fix(symfony): use AsCommand description parameter for console commands (#7763)

v4.2.16

Bug fixes

07100d501 fix(hydra): use standard xsd prefix and remove duplicate context namespaces (#7740)
3d8e4fb05 fix(laravel): support numeric float types in eloquent metadata factory (#7730)
4f307d3ce fix(doctrine): skip uninitialized properties in handleLazyObjectRelations (#7738)
6f85f2aa3 fix(metadata): use entity class from stateOptions for filter property resolution (#7739)
70b17ce56 fix(doctrine): allow both uppercase and lowercase order direction in OrderFilter schema (#7741) (#7742)
d70eec574 fix(serializer): prevent context leakage with service-based entity resolution (#7756)

v4.2.15

Bug fixes

2de06db1d fix(jsonapi): output null on a to-one relationship (#7686)
5577f07bf fix(openapi): change payload type from array to free-form object (#7694)
5d860bdec fix(hydra): memory persistent cache during schema generation (#7718)
696d31597 fix(metadata): issues with extending xml/yaml resources (#5956)
773289658 fix(laravel): properly transform invokable service to route action (#7720)
881812926 fix(symfony): declare api_platform.normalizer.object fixes #7705 (#7717)
cc2f88558 fix(doctrine): post with mapped relation
f3c2b1a56 fix(symfony): prevent symfony name converter service pollution (#7691)

v4.2.14

Bug fixes

0dc7ec348 fix(doctrine): useless generateParameterName call (#7679)
1c6fae536 fix(symfony): fix for symfony/json_streamer 8.0 with enable_json_streamer (#7684)
83a3cacfb fix(laravel): use controller if declared (#7687)
9f46eef05 fix(jsonschema): call to an undefined method Symfony\Component\TypeInfo\Type::getClassName() (#7685)
f5ba97460 fix(doctrine): PartialSearchFilter on multibyte characters (#7688)
1706c3c58 fix(doctrine): throw exception if parameter property is not provided

v4.2.13

Bug fixes

1e22e4450 fix(openapi): phpdoc operation response as array<int|string, OpenApi\Response> (#7660)
2721655d7 fix(metadata): losing content on error reponse with no output (#7674)
bed668c58 fix: 🐛 pass missing arguments to ConcernsResourceMetadataCollectionFactory (#7676)

v4.2.12

Bug fixes

39c55837e fix(doctrine): Handling of parameter description (#7656)
550b7621d fix(doctrine): escape values with % or _ in search filter (#7653)
582508eee fix(doctrine): fix partial fetch with same entity included multiple time with different fields (#7647)
6a3b02465 fix(metadata): optional operation element in XML (#7632)
71578088a fix(symfony): replace getDefaultName() with AsCommand attribute (#7633)
7d4b5e9c5 fix(serializer): keep object normalization exception messages (#7644)
b5a0ae068 fix(openapi): properly document list parameters (#7658)
c136918e0 fix(laravel): deprecation in definition name factory (#7661)
d0dffea9b fix(openapi): respect schema type for non-collection parameter documentation (#7634)
d23ab4301 fix(doctrine): partial fetch when relation switches context (#7645)
d5f60e2e1 fix(test): change string to int for status in JsonApiTest::testError (#7631)
dd457fbd3 fix(serializer): enhance exception message for non-object relation (#7646)

v4.2.11

Bug fixes

0d9a44bef fix(laravel): allow custom error handler for non-api operations (#7622)
17415f789 fix(serializer): allow CsvEncoder::AS_COLLECTION_KEY in context (#7613)
2a3449818 fix(symfony): check that required package are installed before configuring services (#7607)
40ad56859 fix(jsonld): allow mapping collection output with itemUriTemplate (#7620)
9f11aed8a fix(state): delete with stateOptions and object mapper (#7615)
a2da50905 fix(symfony): enable ReDoc when Swagger UI is disabled (#7617)
c0998928e fix(symfony): enable to set default values for stale-while-revalidate and stale-if-error cache headers via config file (#7606)
d847ad629 fix(jsonapi): handle missing attributes in ErrorNormalizer (#7569)

v4.2.10

Bug fixes

01fd0b578 fix(symfony): do not redeclare object_mapper (#7602)
0ef0ba63a fix(metadata): update tests to use MappedObjectPaginator instead of ArrayPaginator (#7591)
6561eb1ec fix(symfony): do not load docs routes if docs disabled (#7448)
8f4bc086f fix(symfony): disable Swagger UI and ReDoc when Swagger is off (#7586)
9814f27ee fix(metadata): property placeholder on multiple parameters (#7598)
bc1fd4c10 fix(laravel): belongs-to-many relations dont have a get-foreign-key-name method (#7589)
d3bcded9b fix(metadata): use operation output class for mapping instead of operation class (#7601)
d7bab4bb3 fix(serializer): properly handle read link parameters when generating iris (#7520)

v4.2.9

Bug fixes

502c0e2de fix(symfony): skip argument resolver when context is not api platform (#7579)
834064fc6 fix(metadata): filter interface context php doc (#7560)
85458e0d9 fix(symfony): use app.request.query.get() directly instead of app.request.get() in swagger (#7578)
ef3127000 fix(symfony): use current route for footer links (#7580)
49d80c840 fix(serializer): render BCMath\Number (PHP 8.4+) as string instead of object (#7555)

v4.1.28

Bug fixes

dfe42b385 fix(symfony): skip argument resolver when context is not api platform

v4.2.7

Symfony 8.0 compatible.

Bug fixes

44af80c43 fix(symfony): disable Swagger UI and keep openapi.json (#7549)
4dfa8da8b fix(metadata): repeatable attribute mutators (#7542)
5e2f729ed fix(state): never map a response (#7543)
e9af8905c fix(metadata): disable pagination maximum items per page (#7553)

v4.2.5

Bug fixes

57fe3d1 fix(state): class existence check for ObjectMapperAwareInterface

v4.2.2

Bug fixes

0b8237918 fix(state): object mapper with input different (#7435)
1094a52d6 fix(metadata): allow description and other fields to be override seperately (#7442)
133028e38 fix(state): object mapper on delete operation (#7447)
1a4636200 fix(doctrine): group or filter in an AndWhere #7441 (#7445)
55fd65795 fix(validator): validation exception without constraint violation list
5b59f8914 fix(jsonschema/jsonld): make [@id](https://github.com/id) and [@type](https://github.com/type) properties required only in the JSON-LD schema for output (#7397)
654339e03 fix(openapi): Improve response override (#7428)
6c267408a fix(hydra): genId false schema (#7440)
70bdf2959 fix(symfony): ensure the kernel is booted before using KernelBrowser::loginUser() (#7446)
9c918c657 fix(symfony): align listeners context (#7449)
abe0438be fix(jsonschema): make all required properties optional in PATCH operation with 'json' format (#7398)
e1ce9456b fix(openapi): define items type for HydraCollectionBaseSchema hydra:member (#7419)
e52e825db fix(openapi): allow assertMatchesJsonSchema with custom output dto (#7438)
f3c811d0f fix(hydra): add base schema to item of a collection (#7444)

v4.2.1

Bug fixes

059e6a09e fix(symfony): remove suggest ocramius/package-versions (#7395)
3b0c44177 fix(openapi): ability to override description in response (#7412)
54bdce504 fix(symfony): openapi property path for validation
65e137fca fix: make default value of pagination_maximum_items_per_page same as Laravel version (#7396)
6916bea95 fix(serializer): require api-platform/metadata:^4.2 (#7409)
82d0dd7e0 fix(symfony): openapi property path for validation (#7411)
a5102d9a2 fix(schema): anyOf must contains an array, not an object (#7399)
dfe4fd7f2 fix: handle generic array in JsonSchema (#7414)

Also includes v4.1.25 bug fixes

Features

v4.2.6

Bug fixes

53d3f8481 fix(state): object mapper flag (#7541)
f4a1697ca Revert "fix: 🐛 make default value of pagination_maximum_items_per_page same…" (#7533)

v4.2.4

Bug fixes

20f288959 fix: multiple :property template operations on a single resource (#7461)
44f227112 fix(symfony): inject api-platform default configuration in the php resource metadata factory (#7525)
921d7c8fe fix(state): create PUT has relation with lazy mapper (#7521)
951422e15 fix(openapi): maintain json schema for non-json operations (#7528)
98fc35221 fix(symfony): object mapper compatibility (#7531)
a5c44624d fix(json-schema): pagination less schema with disabled pagination (#7506)
da2324e82 fix(jsonschema): move jsonMergePatch postfix to DefinitionNameFactory (#7510)
dc0df6110 fix(iri): json streamer iri template does not need metadata (#7511)

v4.2.3

9416083f7 fix(state): object mapper aware interface (#7486)
99718d954 fix(serializer): resilient denormalizeRelation capability (#7474)
9b2f98610 fix(metadata): eliminate duplicate keys in the constructor of Parameters (#7492)
a26c35840 fix(doctrine): properly set properties according to interface (#7487)
a2867e986 fix(laravel): serializer attributes on Eloquent methods (#7416)
aea8113e0 fix(json-schema): move member property out of HydraCollectionBaseSchema (#7456)
b59626a97 fix(symfony): add missing symfony/asset dependency (#7491)
ddf4c0b5e fix(graphql): stateOptions to get filter class (#7485)
ebe6dc9a2 fix(jsonschema): fallback the schema for mixed properties to string|null instead of null (#7489)
fa6e206cc fix(state): detect mapping on source (#7475)
fafbe5c7b fix(validator): custom message was not translated (#7424)

Features

f5c257dab feat(symfony): convert routing files to php-dsl (#7463)

v4.2.0-beta.1

Bug fixes

2c5c9e451 fix(openapi): no content schema (#7384)
4f0864c1a fix(symfony): remove deprecation about jsonopenapi
5a8d4d282 fix(jsonld): various json streamer fixes (#7374)
62a9cc821 fix(state)!: parameter default value overrides falsy value
6db55be8c fix(metadata): wrong method name in resource mutator
b80ab9a59 fix(httpcache): collection iri invalidation for mapped entities (#7353)
c9692b509 fix(state): transform uri variable using ReadLinkParameterProvider (#7375)
ce4e97fe8 fix(hal): rename package

Features

b948209b9 feat(laravel): add make:filter command to generate API Platform filters (#7364)
ebd85f502 feat(symfony): add make:filter command to generate API Platform filters (#7355)

Also includes patches from v4.1.24 and v4.2.0-alpha fixes

v4.2.0-alpha.3

Bug fixes

f010fd456 fix(serializer): deprecate SerializerAwareProviderInterface and SerializableProvider (#7348)
02a764950 fix(symfony): explicitly set the target class when mapping entities to resources (#7311)
04414e4fc fix(serializer): improve #7270 by reducing inconsistencies (#7346)
2c06a22e2 fix(validation): moving dependency from require-dev to require (#7296)
2cde06246 fix(openapi): output partial query parameter to OpenAPI when pagination_client_enabled is true (#7295)
2e6911c35 fix(openapi): sync typehints between properties and getter/canner for alllowReserved and allowEmptyValue (#7322)
385953a92 fix(jsonapi): handle type error when handling validation errors (#7330)
4f717c1e1 fix(openapi): allow null on allowReserved and allowEmptyValue properties (#7315)
6bc112193 fix(metadata): do not fail if phpstan/phpdoc-parser is missing (#7279)
871e5d3e1 fix(symfony): restore graphql_playground option (#7274)
c41a0bca4 fix(jsonld): child class @src/JsonLd/JsonStreamer/ValueTransformer/TypeValueTransformer.php shortName (#7312)
c46c57918 fix(doctrine): do not consider empty string as a current date (#7291)
d06b1a0a0 fix(state): object-mapper reuse related entity (#7300)
d1073bc67 fix(laravel): read property type before serialization (#7332)
d1abfc0fa fix(openapi): nullable default values in operation openapi definition (#7321)
d1e6772e3 fix(validation): property path on deepObject style (#7179)
d35e46b14 fix(hydra): "property" may not be defined (#7293)
e7502b65a fix(serializer): nested denormalization when allow_extra_attributes=false (#7270)
ecb3f6cef fix(httpcache): only map entites that are persisted
f3a54a239 fix: json formatted resource should not get xml errors #7287 (#7297)
0411cd9cc fix(jsonld): duplicate error fields when prefix is enabled (#7074)
073c0e282 !fix(openapi): allowReserved, allowEmtpyValue defaults to null
76c80a67c fix: command name deprecation
79edced67 !fix(json-schema): share invariable sub-schemas
cff61eab8 fix(metadata): append php file resource extractor (#7193)
f3d4afe03 fix(symfony): validator type-info

Features

092a3a4f8 feat(mongodb): partial paginator (#7352)
26d2394b7 feat(doctrine): new search filters (#7121)
1806cfae6 feat(symfony): stop watch system provider/processor
2d501b315 feat(laravel): support composite identifiers within Link (#7342)
6491bfc7a feat(doctrine): improve http cache invalidation using the info from the mapping (#7319)
77b292bfe feat(metadata): class is now class-string (#7307)
9e9cf648d feat(metadata): introduce metadata mutators for resource & operations (#7213)
a8b82172a feat(doctrine): support integer-backed enums in BackedEnumFilter (#7129)
b52187d91 feat(serializer): handle defaultType for DiscriminatorMap (#7284)
de9e7f576 feat(hal): allow to output null links for hal+json
f25d7d1a6 feat(metadata): add setter for description (#7329)
1290ebb88 feat(serializer): ability to throw access denied exception when denormalizing secured properties (#7221)
1862d03b7 feat(symfony): add error classes options to open api config (#7143)
202c60fcb feat(openapi): license identifier (#7141)
24a1cf5a2 feat(elasticsearch): add support for v9 (#7180)
2a13100f4 feat(serializer): (un)set object-to-populate through denormalization context (#7124)
3ab0b8d0f feat(metadata): use PHP file as resource format
4abf17b3c feat(symfony): CSS Color Schema Restriction for Property Validation (#7215)
4b1b94cad feat(symfony): autoconfigure classes using #[ApiResource] attribute (#6943)
bf09616cf feat(httpcache): add more cache directives to AddHeadersProcessor (#7008)

JSON Streamer:

ceeaf51e8 feat: json streamer (#7225)

Object Mapper:

a42034dc3 feat(symfony): object mapper with state options (#6801)

TypeInfo:

7c796de0d feat(serializer): type info (#7104)
350d6d707 feat(hydra): use TypeInfo's Type (#7099)
55461a83c feat: Use Type of TypeInfo instead of PropertyInfo (#6979)
827e1f725 feat(elasticsearch): use TypeInfo type (#7098)
a1952e304 feat(openapi): use TypeInfo's Type (#7096)
dd3356824 feat(laravel): use TypeInfo's Type (#7101)
143d512ef feat(jsonapi): use TypeInfo's Type (#7100)
1d579d095 feat(hal): use TypeInfo type (#7097)

v4.2.0-alpha.2

Bug fixes

02a764950 fix(symfony): explicitly set the target class when mapping entities to resources (#7311)
04414e4fc fix(serializer): improve #7270 by reducing inconsistencies (#7346)
2c06a22e2 fix(validation): moving dependency from require-dev to require (#7296)
2cde06246 fix(openapi): output partial query parameter to OpenAPI when pagination_client_enabled is true (#7295)
2e6911c35 fix(openapi): sync typehints between properties and getter/canner for alllowReserved and allowEmptyValue (#7322)
385953a92 fix(jsonapi): handle type error when handling validation errors (#7330)
4f717c1e1 fix(openapi): allow null on allowReserved and allowEmptyValue properties (#7315)
6bc112193 fix(metadata): do not fail if phpstan/phpdoc-parser is missing (#7279)
871e5d3e1 fix(symfony): restore graphql_playground option (#7274)
c41a0bca4 fix(jsonld): child class @src/JsonLd/JsonStreamer/ValueTransformer/TypeValueTransformer.php shortName (#7312)
c46c57918 fix(doctrine): do not consider empty string as a current date (#7291)
d06b1a0a0 fix(state): object-mapper reuse related entity (#7300)
d1073bc67 fix(laravel): read property type before serialization (#7332)
d1abfc0fa fix(openapi): nullable default values in operation openapi definition (#7321)
d1e6772e3 fix(validation): property path on deepObject style (#7179)
d35e46b14 fix(hydra): "property" may not be defined (#7293)
e7502b65a fix(serializer): nested denormalization when allow_extra_attributes=false (#7270)
ecb3f6cef fix(httpcache): only map entites that are persisted
f3a54a239 fix: json formatted resource should not get xml errors #7287 (#7297)
0411cd9cc fix(jsonld): duplicate error fields when prefix is enabled (#7074)
073c0e282 !fix(openapi): allowReserved, allowEmtpyValue defaults to null
76c80a67c fix: command name deprecation
79edced67 !fix(json-schema): share invariable sub-schemas
cff61eab8 fix(metadata): append php file resource extractor (#7193)
f3d4afe03 fix(symfony): validator type-info

Features

1806cfae6 feat(symfony): stop watch system provider/processor
2d501b315 feat(laravel): support composite identifiers within Link (#7342)
6491bfc7a feat(doctrine): improve http cache invalidation using the info from the mapping (#7319)
77b292bfe feat(metadata): class is now class-string (#7307)
9e9cf648d feat(metadata): introduce metadata mutators for resource & operations (#7213)
a8b82172a feat(doctrine): support integer-backed enums in BackedEnumFilter (#7129)
b52187d91 feat(serializer): handle defaultType for DiscriminatorMap (#7284)
de9e7f576 feat(hal): allow to output null links for hal+json
f25d7d1a6 feat(metadata): add setter for description (#7329)
1290ebb88 feat(serializer): ability to throw access denied exception when denormalizing secured properties (#7221)
1862d03b7 feat(symfony): add error classes options to open api config (#7143)
202c60fcb feat(openapi): license identifier (#7141)
24a1cf5a2 feat(elasticsearch): add support for v9 (#7180)
2a13100f4 feat(serializer): (un)set object-to-populate through denormalization context (#7124)
3ab0b8d0f feat(metadata): use PHP file as resource format
4abf17b3c feat(symfony): CSS Color Schema Restriction for Property Validation (#7215)
4b1b94cad feat(symfony): autoconfigure classes using #[ApiResource] attribute (#6943)
bf09616cf feat(httpcache): add more cache directives to AddHeadersProcessor (#7008)

JSON Streamer:

ceeaf51e8 feat: json streamer (#7225)

Object Mapper:

a42034dc3 feat(symfony): object mapper with state options (#6801)

TypeInfo:

7c796de0d feat(serializer): type info (#7104)
350d6d707 feat(hydra): use TypeInfo's Type (#7099)
55461a83c feat: Use Type of TypeInfo instead of PropertyInfo (#6979)
827e1f725 feat(elasticsearch): use TypeInfo type (#7098)
a1952e304 feat(openapi): use TypeInfo's Type (#7096)
dd3356824 feat(laravel): use TypeInfo's Type (#7101)
143d512ef feat(jsonapi): use TypeInfo's Type (#7100)
1d579d095 feat(hal): use TypeInfo type (#7097)

v4.2.0-alpha.1

Introducing new Symfony components!

Features

1290ebb88 feat(serializer): ability to throw access denied exception when denormalizing secured properties (#7221)
1862d03b7 feat(symfony): add error classes options to open api config (#7143)
202c60fcb feat(openapi): license identifier (#7141)
24a1cf5a2 feat(elasticsearch): add support for v9 (#7180)
2a13100f4 feat(serializer): (un)set object-to-populate through denormalization context (#7124)
3ab0b8d0f feat(metadata): use PHP file as resource format
4abf17b3c feat(symfony): CSS Color Schema Restriction for Property Validation (#7215)
4b1b94cad feat(symfony): autoconfigure classes using #[ApiResource] attribute (#6943)
bf09616cf feat(httpcache): add more cache directives to AddHeadersProcessor (#7008)

Object Mapper:

a42034dc3 feat(symfony): object mapper with state options (#6801)

TypeInfo:

7c796de0d feat(serializer): type info (#7104)
350d6d707 feat(hydra): use TypeInfo's Type (#7099)
55461a83c feat: Use Type of TypeInfo instead of PropertyInfo (#6979)
827e1f725 feat(elasticsearch): use TypeInfo type (#7098)
a1952e304 feat(openapi): use TypeInfo's Type (#7096)
dd3356824 feat(laravel): use TypeInfo's Type (#7101)
143d512ef feat(jsonapi): use TypeInfo's Type (#7100)
1d579d095 feat(hal): use TypeInfo type (#7097)

Bug fixes

0411cd9cc fix(jsonld): duplicate error fields when prefix is enabled (#7074)
073c0e282 !fix(openapi): allowReserved, allowEmtpyValue defaults to null
76c80a67c fix: command name deprecation
79edced67 !fix(json-schema): share invariable sub-schemas
cff61eab8 fix(metadata): append php file resource extractor (#7193)
f3d4afe03 fix(symfony): validator type-info

v4.2.0

Features

ceeaf51e8 feat: json streamer (#7225)
092a3a4f8 feat(mongodb): partial paginator (#7352)
1290ebb88 feat(serializer): ability to throw access denied exception when denormalizing secured properties (#7221)
1862d03b7 feat(symfony): add error classes options to open api config (#7143)
24a1cf5a2 feat(elasticsearch): add support for v9 (#7180)
26d2394b7 feat(doctrine): new search filters (#7121)
2a13100f4 feat(serializer): (un)set object-to-populate through denormalization context (#7124)
3ab0b8d0f feat(metadata): use PHP file as resource format
4abf17b3c feat(symfony): CSS Color Schema Restriction for Property Validation (#7215)
4b1b94cad feat(symfony): Autoconfigure classes using #[ApiResource] attribute (#6943)
6491bfc7a feat(doctrine): improve http cache invalidation using the info from the mapping (#7319)
9e9cf648d feat(metadata): introduce metadata mutators for resource & operations (#7213)
a42034dc3 feat(symfony): object mapper with state options (#6801)
a8b82172a feat(doctrine): support integer-backed enums in BackedEnumFilter (#7129)
b52187d91 feat(serializer): handle defaultType for DiscriminatorMap (#7284)
b948209b9 feat(laravel): add make:filter command to generate API Platform filters (#7364)
ebd85f502 feat(symfony): add make:filter command to generate API Platform filters (#7355)
bf09616cf feat(httpcache): add more cache directives to AddHeadersProcessor (#7008)
f25d7d1a6 feat(metadata): ability to set description on an Error (#7329)

Breaking changes

073c0e282 fix(openapi)!: allowReserved, allowEmtpyValue defaults to null
62a9cc821 fix(state)!: parameter default value overrides falsy value
79edced67 fix(json-schema): share invariable sub-schemas

TypeInfo

143d512ef feat(jsonapi): use TypeInfo's Type (#7100)
1d579d095 feat(hal): use TypeInfo type (#7097)
350d6d707 feat(hydra): use TypeInfo's Type (#7099)
55461a83c feat: Use Type of TypeInfo instead of PropertyInfo (#6979)
7c796de0d feat(serializer): type info (#7104)
827e1f725 feat(elasticsearch): use TypeInfo type (#7098)
a1952e304 feat(openapi): use TypeInfo's Type (#7096)
dd3356824 feat(laravel): use TypeInfo's Type (#7101)

Bug fixes

02a764950 fix(symfony): explicitly set the target class when mapping entities to resources (#7311)
0411cd9cc fix(jsonld): duplicate error fields when prefix is enabled (#7021) (#7074)
1acf8f764 fix(symfony): only set name_converter for the default serializer (#6101) (#7365)
2c5c9e451 fix(openapi): no content schema (#7384)
321c68f12 fix: pagination via cursor on ApiResource operations (#7368)
5a8d4d282 fix(jsonld): various json streamer fixes (#7374)
9389b4f46 fix(laravel): restore accidentally removed BooleanFilter (#6881)
b80ab9a59 fix(httpcache): collection iri invalidation for mapped entities (#7353)
c9692b509 fix(state): transform uri variable using ReadLinkParameterProvider (#7375)
d06b1a0a0 fix(state): object-mapper reuse related entity (#7300)
ecb3f6cef fix(httpcache): only map entites that are persisted
d921dd37a fix(mongodb): make ParameterExtension context more generic (#7389)

Miscellaneous

04f252e7f fix(symfony): missing finder dependency
1806cfae6 feat(symfony): stop watch system provider/processor
202c60fcb feat(openapi): license identifier (#7141)
4f0864c1a fix(symfony): remove deprecation about jsonopenapi
6db55be8c fix(metadata): wrong method name in resource mutator
76c80a67c fix: command name deprecation
77b292bfe feat(metadata): class is now class-string (#7307)
95451fbee feat(state): remove @internal from the CreateProvider
ce4e97fe8 fix(hal): rename package
cff61eab8 fix(metadata): append php file resource extractor (#7193)
de9e7f576 feat(hal): allow to output null links for hal+json
f010fd456 fix(serializer): deprecate SerializerAwareProviderInterface and SerializableProvider (#7348)
f3d4afe03 fix(symfony): validator type-info

v4.1.9

Bug fixes

4dd0cdfc4 fix(doctrine): support integer-backed enums in BackedEnumFilter (#7127)
70a922573 fix: error formats (#7148)
723d041c4 fix(metadata): xml PHPize HTTP cache headers (#7140)
d3d0ca21b fix(serializer): invalid uri variable 400 response (#7135)

v4.1.8

Bug fixes

0cd9b9f70 fix: backport handling of union/intersection type in item normalizer (#7106)
0fc0904b9 fix(metadata): correct class to exclude defaults (#7088)
5145a8383 fix: filtering not using strategy set in attribute when strategy not set per property (#7136)
613bb5b75 fix(doctrine): filters schema for dates and numbers (#7131)
ed1ef2594 fix(state): specify :property parameter properties (#7110)
f55606b01 fix(serializer): throw NotNormalizableValueException when resource not found or invalid IRI on denormalization
3faf5d4b4 fix(doctrine): order filter instance service
0ff950f37 fix: type info deprecations to baseline
d93d580a1 fix: command name deprecation

v4.1.7

Bug fixes

40c09d1c0 fix(metadata): yaml link security (#7066)
545eb69b8 fix(symfony): internal resources should not inherit global defaults (#7073)
615bdd6b1 fix(hydra): use correctly enable_docs (#7062)
694681f4b fix(symfony): do not ignore Test files on symfony (#7077)
6f15be5c7 fix(laravel): eloquent BelongsTo linking (#7075)
dddd3eee4 fix(metadata): parameter provider within filter (#7081)
dfca9bf60 Revert "fix(jsonld): duplicate error fields when prefix is enabled (#7021)" (#7074)
d696a8e42 fix(metadata): use template typehint in parameters (#7078)

v4.1.6

Bug fixes

44e560839 fix(laravel): undefined variable app

v4.1.5

Bug fixes

60747cc8c fix(graphql): access to unauthorized resource using node Relay CVE-2025-31481
7af65aad1 fix(graphql): property security might be cached w/ different objects CVE-2025-31485

v4.1.4

Bug fixes

eaf007536 fix(state): support filter interface on serializer filter parameter provider (#7047)
b0fa2291e fix(laravel): error handler only on api routes (#7049)
1eb9da13a fix(laravel): missing filters (#7056)
a46a76889 fix(symfony): serialization of closure inside the profiler (#7054)
c1b50e2cb fix(doctrine): joinColumn might be an array (#7060)
f4c426d71 Revert "fix(doctrine): throw an exception when a filter is not found in a par…" (#7046)

v4.1.3

Bug fixes

8a2265041 fix(laravel): defer "filters" dependent services (#7045)

v4.1.27

Bug fixes

3df65aa86 fix(symfony): allow disabling PHPStan PhpDocParser (#7507)
7c76fb8ea fix(jsonld): read identifier with itemUriTemplate (#7517)

v4.1.26

Bug fixes

4fa6d3fa2 fix(laravel): groups with input/output
99718d954 fix(serializer): resilient denormalizeRelation capability (#7474)
a26c35840 fix(doctrine): properly set properties according to interface (#7487)
a2867e986 fix(laravel): serializer attributes on Eloquent methods (#7416)
ddf4c0b5e fix(graphql): stateOptions to get filter class (#7485)
fafbe5c7b fix(validator): custom message was not translated (#7424)

v4.1.25

Bug fixes

54352d853 fix(jsonld): hydra context w3.org updates (#7410)
85f198a56 fix(laravel): filter should query correct property
91b17f1f3 fix(laravel): correct the example of swagger_ui.apiKeys config (#7392)

v4.1.24

Bug fixes

07112a27d fix(laravel): remove duplication code exception
4abec444e fix(metadata): compute isWritable during updates (#7383)
7c117d9f7 fix: phpdoc for HttpOperation paginationViaCursor parameter (#7379)

Features

Laravel compatibility with api-platform/http-cache:

fa2bc95ff fix(laravel): http cache compatibility (#7380)

v4.1.23

Bug fixes

254cbdd00 fix(symfony): only set name_converter for the default serializer (#6101) (#7365)
dcbc529a0 fix: pagination via cursor on ApiResource operations (#7368)

v4.1.22

Bug fixes

11bba62c2 fix(laravel): serialization issue with camelCase relation (#7356)

v4.1.21

Bug fixes

04414e4fc fix(serializer): improve #7270 by reducing inconsistencies (#7346)
2e6911c35 fix(openapi): sync typehints between properties and getter/canner for alllowReserved and allowEmptyValue (#7322)
385953a92 fix(jsonapi): handle type error when handling validation errors (#7330)
4f717c1e1 fix(openapi): allow null on allowReserved and allowEmptyValue properties (#7315)
c46c57918 fix(doctrine): do not consider empty string as a current date (#7291)
d1073bc67 fix(laravel): read property type before serialization (#7332)
d1abfc0fa fix(openapi): nullable default values in operation openapi definition (#7321)
e7502b65a fix(serializer): nested denormalization when allow_extra_attributes=false (#7270)

Features

2d501b315 feat(laravel): support composite identifiers within Link (#7342)

v4.1.20

Bug fixes

c41a0bca4 fix(jsonld): child class @type shortName (#7312)
d26088ba1 chore: allow doctrine-persistence:^4.0 (#7309)

v4.1.2

Bug fixes

42f25cf04 fix: react@18 for UMD + add Laravel support in update-js.sh (#7028)
77ffc380b fix(laravel): do not require tests while autoconfiguring (#7024)
935b9b55d fix(laravel): json api default parameters (#7027)
a2824ff4b fix(laravel): defer autoconfiguration (#7040)

v4.1.19

Bug fixes

2c06a22e2 fix(validation): moving dependency from require-dev to require (#7296)
2cde06246 fix(openapi): output partial query parameter to OpenAPI when pagination_client_enabled is true (#7295)
6bc112193 fix(metadata): do not fail if phpstan/phpdoc-parser is missing (#7279)
871e5d3e1 fix(symfony): restore graphql_playground option (#7274)
d1e6772e3 fix(validation): property path on deepObject style (#7179)
d35e46b14 fix(hydra): "property" may not be defined (#7293)
f3a54a239 fix: json formatted resource should not get xml errors #7287 (#7297)

v4.1.18

Bug fixes

0e712d969 fix(symfony): catch InvalidUriVariableException in IriConverter (#7271)
221e5d97f fix(openapi): command options mode (InputOption::VALUE_REQUIRED) (#7266)
3ed6f30f5 fix(symfony): fix resolving groups in ValidationGroupsExtractorTrait when GroupSequence (#7272)
6e4e46bfe fix(json-schema): Rebuild sub-schema definition without [@id](https://github.com/id) property when genId is false (#7162) (#7251)
803165228 fix(symfony): missing GroupSequence type for validation groups
85e18a2d6 fix(metadata): support stateOptions in YAML and XML for Doctrine ORM/ODM (#7217)
88e0073bf fix(validator): error xml format output
bf271d139 fix(validator): parameter validation list|string (#7245)
d3e73f09a fix(metadata): read every OpenApiOperation attributes in Xml instead of only "deprecated" (#7189)
e40bb19a6 fix(laravel): decorate error handler (#7247)
f0604a07e fix: getcontainer return type (#7230)
f46c0a3f4 fix(jsonld): reset gen_id configuration (#7264)
f82464431 fix(state): depend only on translation contracts (#7262)
fa37c1eba fix(state): error xml format output (#7273)

Experimental Features

8885000db feat(state): cast parameter values to validate with the Type constraint (#7240)

v4.1.17

Bug fixes

34a0d54b1 fix(jsonld): genId false should work with embeded resources (#7219)
c025b8f9f fix(openapi): correct example usage for 3.0 (#7218)
cdda4146b fix(laravel): Allow LinksHandler to handle polymorphic relationships (#7231)
dba97370f fix(metadata): boolean type detection from parameter's schema (#7223)

v4.1.16

Bug fixes

4a99a5f6e fix(laravel): persist HasMany and MorphMany relationships (#7208)
9bfa5fef0 fix(metadata): call dynamic validation groups #7184 (#7184)
b2131645d fix(laravel): route where uses requirements (#7199)
b2b5f99c6 refactor(state): merge parameter and link security (#7200)

Notes:

Two providers are now available on parameters (query parameters, header and uri variables Link):

ReadLinkParameterProvider previously used for link security (renamed from Symfony\Security\State\LinkedReadProvider)
IriConverterParameterProvider this allows you to read a resource from an IRI usefull for filters (eg ?author=/authors/1)

Previous tests on link security were left untouched we removed the experimental class Symfony\Security\State\LinkAccessCheckerProvider as well as the LinkedReadProvider as they're not used anymore.

v4.1.15

There was an issue with the subtree split as we attempted to test lower dependencies on the subtree split, some components where wrongly tagged.

The proper fix is at: https://github.com/api-platform/core/pull/7196

Bug fixes

4bdfd6063 fix(symfony, laravel) skip webhooks when generates routing (#7175)
582076cb6 fix(openapi): duplicate get path for webhooks (#7174)
84b967930 fix(laravel): persist morph relations (#7170)
d51cddba2 fix(laravel): index on non-primary key (#7183)
fdb485dd2 fix(openapi): example and default with nullable value not being shown

Features

79d08db6a feat(elasticsearch): add support for v9 (#7180)

v4.1.11

Bug fixes

b14a463a9 fix(laravel): register error handler without graphql

v4.1.10

Bug fixes

329acf21e fix(metadata): infer parameter string type from schema (#7161)
5459ba375 fix(metadata): parameter cast to array flag (#7160)
fe73002bf fix(laravel): duplicated property names
b0390080e fix(laravel): name convert validation property path
730d17a30 fix(laravel): validate the model instead of body
4d66f5ef3 fix(laravel): persist embeded relations with groups
39123942a fix(laravel): register error handler without graphql
fd010ea1b fix(openapi): nullable externalDocs return type
470c2e8bd fix(httpcache): iri cache tag for collection operation with path parameter
9c0dbb653 fix(state): do not expose FQCN in DeserializeProvider on PartialDenormalizationException (#7158)
f78986000 fix(serializer): exception message to not expose resource FQCN (#7156)

Features

767fa926b feat(laravel): add name_converter option

v4.1.1

Bug fixes

1e0bc9dc8 fix(laravel): query extensions with item operations (#7001)
1e7076c65 fix(laravel): register ErrorProvider (#7018)
2771363b0 fix(validation): deprecate string message for ValidationException constructor (#7005)
500062da2 fix(symfony): add a alwaysBootKernel property for BC layer (#7007)
8697d6630 fix(openapi): boolean "true" value in HttpOperation::openapi (#7003)
b1e0c889c fix(doctrine): correct the use statement for ManagerRegistry (#7004)
fcbd804b2 fix(jsonld): duplicate error fields when prefix is enabled (#7021)

Features

129853668 feat(laravel): stateOptions modelClass for eloquent (#7020)
42991b941 feat(laravel): openapi export command (#7016)
dd1b89f9b feat(laravel): auto configure our tagged interfaces (#7014)

Also contains v4.0.20 changes.

v4.1.0-beta.2

Bug fixes

da37ca91c fix(laravel): default to file cache instead of cache.default (#6955)
e041d721e fix: errors retrieval and documentation (#6952)
e6130cbcc fix: missing filters on swagger ui entrypoint (#6950)

Features

771d9401c feat(elasticsearch): re-introduce v7 support (#6827)
b5372ddee feat(openapi): filter x-apiplatform-tags to produce different openapi specifications (#6945)

v4.1.0-beta.1

Features

2e2debb94 feat(mongodb): Replace usage of deprecated method AggregationBuilder::execute() (#6933)
4bdf042e5 feat(mongodb): Add pagination metadata to the aggregation results (#6912)
b968ccd50 feat(openapi): document error outputs using json-schemas (#6923)

v4.1.0-alpha.2

Bug fixes

01fd74268 fix(laravel): restore accidentally removed BooleanFilter
db40a63e7 fix(hydra): rdfs:label should not duplicate title (#6748)
deb2ed265 fix(laravel): fix use laravel fillable for writable props (#6898)

Features

c97db6bb2 feat: swagger ui persist authorization option (#6877)

Notes

The hydra patch changes default hydra:title and uses the resource shortname. Previously the hydra:title information was duplicating the hydra:description. The rdfs:label got removed from the hydra:Class as it was used instead of the hydra:title. On hydra:property rdfs:label got renamed to label as the rdfs namespace is available in the context. The ApiPlatform\Metadata\ErrorResource and the ConstraintViolation (ValidationException class) are now generated directly from your PHP classes, only our ConstraintViolationList is hard-written and documents the ConstraintViolation::violation property. Therefore, your own error resources are also documented. On top of that, we now set the rdfs:subClassOf to hydra:Error. #[ApiProperty(hydra: false)] allows you to skip a documented hydra:supportedProperty on a class. On write operations, we added the expectsHeader field.

v4.1.0-alpha.1

Bug fixes

67fbe51c5 fix: reintroduce the show_webby parameter in Laravel config (#6741)

Features

00787f32d feat(laravel): automatically register policies (#6623)
12c42096b feat(metadata): ability to hide an hydra class/operation (#6871)
57f15cf4f feat(state): strict query parameters (#6399)
bd0e92936 feat(openapi): HTTP Authentication Support for Swagger UI (#6665)
be98f4e01 feat(graphql): allow to configure max query depth and max query complexity (#6880)
c78ed0b78 feat(laravel): boolean filter (#6806)
d0a442786 feat(doctrine): enhance getLinksHandler with method validation and typo suggestions (#6874)
f67f6f1ac feat(doctrine): doctrine filters like laravel eloquent filters (#6775)

v4.1.0

Bug fixes

da37ca91c fix(laravel): default to file cache instead of cache.default (#6955)
e041d721e fix: errors retrieval and documentation (#6952)
e6130cbcc fix: missing filters on swagger ui entrypoint (#6950)
01fd74268 fix(laravel): restore accidentally removed BooleanFilter
db40a63e7 fix(hydra): rdfs:label should not duplicate title (#6748)
deb2ed265 fix(laravel): fix use laravel fillable for writable props (#6898)
67fbe51c5 fix: reintroduce the show_webby parameter in Laravel config (#6741)

Features

cb5ede1c5 feat: add checkMode parameter to control json schema validation (#6974)
771d9401c feat(elasticsearch): re-introduce v7 support (#6827)
b5372ddee feat(openapi): filter x-apiplatform-tags to produce different openapi specifications (#6945)
2e2debb94 feat(mongodb): Replace usage of deprecated method AggregationBuilder::execute() (#6933)
4bdf042e5 feat(mongodb): Add pagination metadata to the aggregation results (#6912)
b968ccd50 feat(openapi): document error outputs using json-schemas (#6923)
c97db6bb2 feat: swagger ui persist authorization option (#6877)
00787f32d feat(laravel): automatically register policies (#6623)
12c42096b feat(metadata): ability to hide an hydra class/operation (#6871)
57f15cf4f feat(state): strict query parameters (#6399)
bd0e92936 feat(openapi): HTTP Authentication Support for Swagger UI (#6665)
be98f4e01 feat(graphql): allow to configure max query depth and max query complexity (#6880)
c78ed0b78 feat(laravel): boolean filter (#6806)
d0a442786 feat(doctrine): enhance getLinksHandler with method validation and typo suggestions (#6874)
f67f6f1ac feat(doctrine): doctrine filters like laravel eloquent filters (#6775)

v4.0.9

Bug fixes

417fef5da fix(laravel): overlaping route format (#6782)
81099065e fix(laravel): declare normalizer list as a service (#6786)
dc8c09b1e fix(laravel) graphQl Relationship loading (#6792)

Also contains v3.4.6 changes.

v4.0.8

Bug fixes

dddb97075 fix(symfony): default formats order (#6780)

v4.0.7

Bug fixes

17c916c3a fix(symfony): BackedEnumProvider typo fix (#6769)
216d9ccaa fix(serializer): fetch type on normalization error when possible (#6761)
2f967d934 fix(doctrine): throw an exception when a filter is not found in a parameter (#6767)
6c9b508b0 fix(laravel): remove link header when jsonld is not enabled (#6768)
736ca045e fix(validator): allow to pass both a ConstraintViolationList and a previous exception (#6762)
9ac3661b6 fix(hydra): store and use hydra context in a local variable (#6765)

v4.0.6

Bug fixes

195c4e788 fix(hydra): hydra context changed (#6710)
4f65ef2d0 fix(metadata): providing parameter constraints skips automatic ones (#6756)
5a8ef115a fix(symfony): ECMA-262 pattern with RegExp validator (#6733)
67c5a2a24 fix(laravel): jsonapi error serialization (#6755)
ac6f667f3 fix(laravel): collection relations other than HasMany (#6737)
cecd77149 feat(laravel): use laravel cache setting (#6751)

v4.0.5

Bug fixes

4171d5f9c fix(graphql): register query parameter arguments with filters (#6726)
48ab53816 fix(laravel): make command writes to app instead of src (#6723)

v4.0.4

Bug fixes

2e8287dad fix(laravel): allow serializer attributes through ApiProperty (#6680)
439c188ea fix(laravel): match integer type (#6715)
4ad7a50aa fix(laravel): openapi Options binding (#6714)
ec6e64512 fix(laravel): skip resource path when not available (#6697)

Features

5aa799321 feat(laravel): command to generate state providers/processors (#6708)

v4.0.3

Bug fixes

025f63e69 fix(laravel): route registration of EntrypointController should be last (#6667)
2b4937a3e fix(laravel): eloquent accessors (#6668)
4312a1f55 fix(metadata): register parameters on graphql operations
6d4e24883 fix(laravel): hiding/showing relationships (#6679)
85306f2f5 fix(laravel): swagger ui authentication (#6661)
a6e37068e fix(laravel): use Model::qualifyColumn instead of hardcoding $table.$column (#6658)
b0d5a2ade fix(laravel): register global middleware to secure non-rest routes
f9d96e546 fix(metadata): graphql can be disabled but with an existing operation

Features

df701da05 feat(laravel): graphql policies

v4.0.22

Bug fixes

60747cc8c fix(graphql): access to unauthorized resource using node Relay CVE-2025-31481
7af65aad1 fix(graphql): property security might be cached w/ different objects CVE-2025-31485
f4c426d71 Revert "fix(doctrine): throw an exception when a filter is not found in a par…" (#7046)

v4.0.21

Bug fixes

7cb5a6db8 fix: allow parameter provider as object (#7032)
bb83e9a03 fix(symfony): allow to merge array with string in global defaults (#7037)
da2e86809 fix: header parameter should be case insensitive (#7031)

Features

v4.0.20

Bug fixes

284937039 fix(doctrine): mapping ArrayAccess deprecation (#6982)
a434173b8 fix(doctrine): Add a proper exception when a doctrine manager could not be found for a resource class (#6995)

Features

v4.0.2

Bug fixes

219199db3 fix(symfony): missing alias to serializer context builder interface (#6643)
5f943e3bb fix(graphql): wrong exception namespace (#6647)
72a0b669a fix(serializer): remove serializer context builder interface
88bd8c3e1 fix(laravel): installation command, fix config overwrites (#6649)
93314b08d fix(serializer): allow state's SerializerFilterContextBuilderInterface (#6632)
9a0afc917 fix(serializer): remove unnecessary dependency
c47e2996e fix: default format and standard_put values
e327f5f69 fix(symfony): namespace of path segment name generator services (#6642)

Notes:

standard_put=true is now the default, you can set it to false using extra_properties.defaults

v4.0.19

Bug fixes

1dfefda5e fix(laravel): add middleware granularity (#6962)

Compatibility with Laravel 12.

v4.0.18

Bug fixes

7007dcca8 fix(laravel): duplicate middleware in routes
a16147ab7 fix(laravel): handle route prefix (#6978)
d2e1963c5 fix(symfony): detach objects to prevent loop when using Doctrine middleware and Mercure (#6936) (#6965)

Features

v4.0.17

Bug fixes

5124d8c57 fix(laravel): Prevent overwriting existing routes on the router (#6941)
5c7e0d2c0 fix(symfony): error wrongly inherit normalization context (#6939)
af35d34d0 fix(laravel): mitigate property metadata read for Error (#6951)
d5b48b1cd fix(laravel): SwaggerUI custom CSS (#6937)
da796b979 fix(metadata): allow serializer attribute object in ApiProperty::$serialize (#6946)
de2d298e3 fix: ensure template files have a tpl file extension (#6826) (#6829)
b6a67a197 perf: various optimizations for Laravel/Symfony (#6954)

To save some time during cache warmup we recommend to define uri variables such as: uriVariables: ['id']. More details at #6954.

Features

v4.0.16

Bug fixes

dc4fc84ba fix(graphql): securityAfterResolver not called

Features

v4.0.15

Bug fixes

36cee399c fix(state): skip Content-Location header for GET requests (#6901)
dba9de197 fix(symfony): fix property restrictions for root resource with dynamic validation groups (#6908)

Features

421d97ecf feat(laravel): add support for backed enum normalizers (#6911)

Also contains v3.4.15 changes.

v4.0.14

Bug fixes

97cdb6b3f fix(state): remove ProcessorInterface laravel specific type
b12a0d005 fix(graphql): register types for parameter args (#6895)

Also contains v3.4.14 changes.

v4.0.13

Bug fixes

3a694624b fix(laravel): eloquent BelongsToMany relation (#6862)
c8db7aef0 fix(laravel): jsonapi query parameters (page, sort, fields and include) (#6876)
f2c998158 fix(jsonld): anonymous context hydra_prefix value (#6873)

Also contains v3.4.10 changes.

v4.0.12

Bug fixes

4db72f55f fix: filter may not use FilterInterface (#6858)
c899a3da1 fix(laravel): use tagged resolvers as graphql resolvers (#6855)
e0f8c38b9 fix(laravel): graphql currentPage (#6857)

Also contains v3.4.9 changes.

v4.0.11

Bug fixes

af66075fd fix(laravel): fix foregin keys (relations) beeing in attributes (#6843)
2d59c6369 feat(laravel): belongs to many relations (#6818)

Also contains v3.4.8 changes.

v4.0.10

Bug fixes

774590069 fix(laravel): add contact & license options to fix swagger UI issues (#6804)
7ff9790c8 fix(laravel): allow boolean cast (#6808)
f19dd9446 fix(laravel): graphQl type locator indexes (#6815)

Also contains v3.4.7 changes.

v4.0.1

Bug fixes

eb80a1a56 fix(state): precise format on content-location (#6627)

Features

4a2271670 feat: api-platform/json-hal component (#6621)

v4.0.0-alpha.5

Bug fixes

0a461d749 fix(symfony): allow schema restriction for collection like property from choice constraint (#6520)
0c66a494d fix(laravel): cache metadata, add trace on debug mode (#6555)
1b6e7c6cc fix(laravel): disable GraphQL by default and fix provider
290944103 fix(laravel): SwaggerUI title (#6527)
2df0860b5 fix(laravel): Eloquent date and datetime type detection (#6529)
2fc74f2e6 fix: remove PUT from default operations (#6570)
3b42c9ff2 fix: deserialization path for not denormalizable relations collected errors (#6537)
3c554a605 fix(laravel): docs _format and open swagger ui (#6595)
3c5aea80f fix(symfony): load isApiResource metadata (#6562)
4ee209eff fix(laravel): visible and hidden fields support (#6538)
6e15eb95f fix(laravel): register HydraPartialCollectionViewNormalizer (#6588)
86365be2a fix(laravel): Eloquent PropertyAccessor (#6536)
a1dd0b54d fix(laravel): entrypoint with doc formats (#6552)
a4a53ab48 fix(laravel): identitifer is not writable unless marked as writable (#6531)
a6f355358 fix(laravel): do not normalize exception originalTrace (#6533)
bd6a57c4c fix(laravel): snake case props (#6532)
c31566602 fix(laravel): api_doc route regex
ebc61d59d fix(laravel): entrypoint serialization (#6541)

Features

03357fb90 feat(laravel): supports more Eloquent types (#6544)
05e75be83 feat(doctrine): add new filter for filtering an entity using PHP backed enum, resolves #6506 (#6547) (#6560)
538648840 feat(laravel): enable graphQl support (#6550)
5b9767be2 feat(laravel): policy, auth and gate (#6523)
5e1233c57 feat(laravel): search filter (#6534)
9c461626f feat(laravel): provide a trait in addition to the annotation (#6543)
c9f18d4fb feat(laravel): eloquent filters (search, date, equals, or) (#6593)
e09e73efc feat: remove hydra prefix (#6418)

v4.0.0-alpha.1

Bug fixes

f7f9f5427 fix(laravel): phpstan/doc-parser is mandatory

Features

0d5f35683 feat(laravel): laravel component (#5882)

v4.0.0

Bug fixes

7c5689626 fix(laravel): call authorize on delete but not validation (#6618)
d74b2b5fa fix: swagger ui with route identifier (#6616)
de6e3f546 fix(laravel): validate enum schema within filter (#6615)
0a461d749 fix(symfony): allow schema restriction for collection like property from choice constraint (#6520)
0c66a494d fix(laravel): cache metadata, add trace on debug mode (#6555)
1b6e7c6cc fix(laravel): disable GraphQL by default and fix provider
290944103 fix(laravel): SwaggerUI title (#6527)
2df0860b5 fix(laravel): Eloquent date and datetime type detection (#6529)
2fc74f2e6 fix: remove PUT from default operations (#6570)
3b42c9ff2 fix: deserialization path for not denormalizable relations collected errors (#6537)
3c554a605 fix(laravel): docs _format and open swagger ui (#6595)
3c5aea80f fix(symfony): load isApiResource metadata (#6562)
4ee209eff fix(laravel): visible and hidden fields support (#6538)
6e15eb95f fix(laravel): register HydraPartialCollectionViewNormalizer (#6588)
86365be2a fix(laravel): Eloquent PropertyAccessor (#6536)
a1dd0b54d fix(laravel): entrypoint with doc formats (#6552)
a4a53ab48 fix(laravel): identitifer is not writable unless marked as writable (#6531)
a6f355358 fix(laravel): do not normalize exception originalTrace (#6533)
bd6a57c4c fix(laravel): snake case props (#6532)
c31566602 fix(laravel): api_doc route regex
ebc61d59d fix(laravel): entrypoint serialization (#6541)

Features

00787f32d feat(laravel): automatically register policies (#6623)
06a647a80 feat(laravel): add CSV support (#6617)
a49bde1ea feat(laravel): filter validations rules
03357fb90 feat(laravel): supports more Eloquent types (#6544)
05e75be83 feat(doctrine): add new filter for filtering an entity using PHP backed enum, resolves #6506 (#6547) (#6560)
538648840 feat(laravel): enable graphQl support (#6550)
5b9767be2 feat(laravel): policy, auth and gate (#6523)
5e1233c57 feat(laravel): search filter (#6534)
9c461626f feat(laravel): provide a trait in addition to the annotation (#6543)
c9f18d4fb feat(laravel): eloquent filters (search, date, equals, or) (#6593)
e09e73efc feat: remove hydra prefix (#6418)

v3.4.9

Bug fixes

22cbd0147 fix(metadata): various parameter improvements (#6867)
978975ef0 fix(jsonschema): hashmaps produces invalid openapi schema (#6830)
a209dd440 fix: add missing error normalizer trait and remove deprecated interface (#6853)
abbc031ee fix: test empty parameter against null (#6852)

Notes

Parameter::getValue() now takes a default value as argument getValue(mixed $default = new ParameterNotFound()): mixed
Parametes::get(string $key, string $parameterClass = QueryParameter::class) (but also has and remove) now has a default value as second argument to QueryParameter::class
Constraint violation had the wrong message when using property, fixed by using the key instead

v3.4.8

Bug fixes

4d7deeaf7 fix(jsonld): check if supportedTypes exists (#6825)
5111935d4 fix(symfony): object typed property schema collection restriction (#6823)
6bf894f6f fix(serializer): use attribute denormalization context for constructor arguments (#6821)
86c97cac3 fix(symfony): symfony 7.2 deprecations (#6835)
d312eae7e fix(doctrine): fixed orm datefilter applying inner join when no filtering values have been provided (#6849)

v3.4.7

Bug fixes

2d25e79e0 fix(symfony): unset item_uri_template when serializing an error (#6816)

v3.4.6

Bug fixes

17c916c3a fix(symfony): service typo fix BackedEnumProvider for autowiring (#6769)
216d9ccaa fix(serializer): fetch type on normalization error when possible (#6761)
2f967d934 fix(doctrine): throw an exception when a filter is not found in a parameter (#6767)
736ca045e fix(validator): allow to pass both a ConstraintViolationList and a previous exception (#6762)
a98332d99 fix(metadata): name convert parameter property (#6766)
aa1667de1 fix(state): empty result when the array paginator is out of bound (#6785)
ab88353a3 fix(hal): detecting and handling circular reference (#6752)
bba030614 fix: properly support phpstan/phpdoc-parser 2 (#6789)
bec147b91 fix(state): do not check content type if no input (#6794)

v3.4.5

Bug fixes

fc8fa00a1 fix(hydra): iri template when using query parameter (#6742)

v3.4.4

Bug fixes

550347867 fix(graphql): register query parameter arguments with filters (#6727)
99262dce7 fix(jsonschema): handle @id when genId is false (#6716)
ad5efa535 fix: multiple parameter provider #6673 (#6732)
d34cd7be8 fix: use stateOptions when retrieving a Parameter filter (#6728)
e7fb04fab fix(symfony): fetch api-platform/symfony version debug bar (#6722)
e96623ebf fix(jsonld): prefix error @type with hydra: (#6721)

v3.4.3

Bug fixes

3ca599158 fix(hydra): hydra_prefix on errors (#6704)
f7f605dc8 fix: check that api-platform/ramsey-uuid is installed before registering related services (#6696)
fbb53e5e3 fix(symfony): metadata aware name converter has 0 arguments by default (#6711)

v3.4.2

Bug fixes

0ca76fc89 fix(elasticsearch): allow elasticsearch 7 (#6689)
15d61c4b7 fix(metadata): using parameters in fromClass and toClass uriVariables' options (#6663)
2e2044636 fix(metadata): parameter provider in a long running http worker (#6683)
4c58b33e8 fix(jsonapi): fixed definition name to allow using the same class names in different namespaces (#6676)
4f5f56756 fix: remove hydra prefix on errors (#6624)
afe7d47d7 fix(metadata): passing class as parameter in XML ApiResource's definition (#6659)
b93ee467c fix(metadata): overwriting XML ApiResource definition by YAML ApiResource definition (#6660)

v3.4.16

Bug fixes

dc4fc84ba fix(graphql): securityAfterResolver not called
9eb5c4e94 fix(symfony): suggest DocumentationAction as replacement for deprecated SwaggerUiAction (#6894)

v3.4.15

Bug fixes

ab03b5544 fix(openapi): typing issue with openapiContext in #[ApiProperty] (#6910)

v3.4.14

Bug fixes

0cf752bce fix(metadata): make the schema attribute to fallback to null for parameters in YamlResourceExtractor (#6896)
2b3c55db2 fix(symfony): remove unsolvable deprecation (#6899) see also (#6655)
9493b9b6e fix(symfony): revert json schema bc break (#6903)
b82f9ac76 fix(openapi): not forbidden response on openAPI doc (#6886)

I mispublished a v3.4.13 on some repositories to fix them all I bumped 3.4.10 to 3.4.14 More details at #6888.

v3.4.10

Bug fixes

2ee5eb496 fix(symfony): mercure exception formatting by calling array_keys() (#6879)

v3.4.1

Bug fixes

219199db3 fix(symfony): missing alias to serializer context builder interface (#6643)
5f943e3bb fix(graphql): wrong exception namespace (#6647)
93314b08d fix(serializer): allow state's SerializerFilterContextBuilderInterface (#6632)
9a0afc917 fix(serializer): remove unnecessary dependency
e327f5f69 fix(symfony): namespace of path segment name generator services (#6642)

v3.4.0-alpha.5

Deprecations:

Namespaces like ApiPlatform/Api or ApiPlatform/Util are deprecated and will be removed in 4.0. You should now install api-platform/symfony instead of api-platform/core.

Bug fixes

17c6b586c fix(state): log on missing provider (#6519)
601ccfb42 fix(doctrine): move event listeners to doctrine/common (#6573)
6499e0aa5 fix: deprecate url generator interface namespace (#6575)
3c5aea80f fix(symfony): load isApiResource metadata (#6562)
61af0cc90 fix(doctrine): allow doctrine/dbal:^4
e063b80af fix: parameter context for filters (#6535)
e22392193 fix(state): security parameter with listeners (#6457)

Various fixes for components isolation.

Features

05e75be83 feat(doctrine): add new filter for filtering an entity using PHP backed enum, resolves #6506 (#6547) (#6560)
0b985ae76 feat(state): add security to parameters (#6435)
26d5cbb9b feat: deprecate query parameter validator (#6454)
63ccfd58c feat: BackedEnum resources (#6309)
65296eaf1 feat(openapi): allow optional request body content (#6374)
7399fcf7e feat(symfony): skip error handler (#6463)
74986cb55 feat: inflector as service (#6447)
b47edb2a4 feat(serializer): context IRI in HAL or JsonApi format (#6215)
db1241c66 feat(openapi): make open_api_override_responses act on default 404 response generation (#6551)
e09e73efc feat: remove hydra prefix (#6418)

v3.4.0-alpha.4

Deprecations:

Namespaces like ApiPlatform/Api or ApiPlatform/Util are deprecated and will be removed in 4.0. You should now install api-platform/symfony instead of api-platform/core.

Bug fixes

17c6b586c fix(state): log on missing provider (#6519)
601ccfb42 fix(doctrine): move event listeners to doctrine/common (#6573)
6499e0aa5 fix: deprecate url generator interface namespace (#6575)
3c5aea80f fix(symfony): load isApiResource metadata (#6562)
61af0cc90 fix(doctrine): allow doctrine/dbal:^4
e063b80af fix: parameter context for filters (#6535)
e22392193 fix(state): security parameter with listeners (#6457)

Features

05e75be83 feat(doctrine): add new filter for filtering an entity using PHP backed enum, resolves #6506 (#6547) (#6560)
0b985ae76 feat(state): add security to parameters (#6435)
26d5cbb9b feat: deprecate query parameter validator (#6454)
63ccfd58c feat: BackedEnum resources (#6309)
65296eaf1 feat(openapi): allow optional request body content (#6374)
7399fcf7e feat(symfony): skip error handler (#6463)
74986cb55 feat: inflector as service (#6447)
b47edb2a4 feat(serializer): context IRI in HAL or JsonApi format (#6215)
db1241c66 feat(openapi): make open_api_override_responses act on default 404 response generation (#6551)

v3.4.0-alpha.2

Deprecations:

Namespaces like ApiPlatform/Api or ApiPlatform/Util are deprecated and will be removed in 4.0. You should now install api-platform/symfony instead of api-platform/core.

Bug fixes

3c5aea80f fix(symfony): load isApiResource metadata (#6562)
61af0cc90 fix(doctrine): allow doctrine/dbal:^4
e063b80af fix: parameter context for filters (#6535)
e22392193 fix(state): security parameter with listeners (#6457)

Features

05e75be83 feat(doctrine): add new filter for filtering an entity using PHP backed enum, resolves #6506 (#6547) (#6560)
0b985ae76 feat(state): add security to parameters (#6435)
26d5cbb9b feat: deprecate query parameter validator (#6454)
63ccfd58c feat: BackedEnum resources (#6309)
65296eaf1 feat(openapi): allow optional request body content (#6374)
7399fcf7e feat(symfony): skip error handler (#6463)
74986cb55 feat: inflector as service (#6447)
b47edb2a4 feat(serializer): context IRI in HAL or JsonApi format (#6215)
db1241c66 feat(openapi): make open_api_override_responses act on default 404 response generation (#6551)

v3.4.0-alpha.1

Bug fixes

41deeb4e4 fix(symfony): fix debug:api-resource command for class with multiple resources with same uriTemplate (#6505)
52fd9818b fix(elasticsearch): change normalize return type to compatible with other normalizers (#6493)
61af0cc90 fix(doctrine): allow doctrine/dbal:^4
e22392193 fix(state): security parameter with listeners (#6457)

Features

0b985ae76 feat(state): add security to parameters (#6435)
26d5cbb9b feat: deprecate query parameter validator (#6454)
63ccfd58c feat: BackedEnum resources (#6309)
65296eaf1 feat(openapi): allow optional request body content (#6374)
7399fcf7e feat(symfony): skip error handler (#6463)
74986cb55 feat: inflector as service (#6447)
b47edb2a4 feat(serializer): context IRI in HAL or JsonApi format (#6215)

v3.4.0

Deprecations:

Namespaces like ApiPlatform/Api or ApiPlatform/Util are deprecated and will be removed in 4.0. You should now install api-platform/symfony instead of api-platform/core.

Read the upgrade guide for detailed steps.

Bug fixes

56153b755 fix(hydra): error hydra prefix (#6599)
7c89f66a5 fix: replace ApiPlatform\Exception use by ApiPlatform\Metadata\Exception (#6597)
a3a4a990d fix(metadata): loop on operations can be null
ef0ee6427 fix(doctrine): use parameter.property for filter value (#6572)
17c6b586c fix(state): log on missing provider (#6519)
601ccfb42 fix(doctrine): move event listeners to doctrine/common (#6573)
6499e0aa5 fix: deprecate url generator interface namespace (#6575)
3c5aea80f fix(symfony): load isApiResource metadata (#6562)
61af0cc90 fix(doctrine): allow doctrine/dbal:^4
e063b80af fix: parameter context for filters (#6535)
e22392193 fix(state): security parameter with listeners (#6457)

Various fixes for components isolation.

Features

130fb5a8c feat: better path sorting for openapi UIs (#6583)
26d700e06 feat(symfony): add error page (#6389)
48267c9b6 feat(openapi): add error resources schemes (#6332)
e91c783a2 feat(state): "deserializer_type" context (#6429)
17c6b586c feat(state): log on missing provider (#6519)
05e75be83 feat(doctrine): add new filter for filtering an entity using PHP backed enum, resolves #6506 (#6547) (#6560)
0b985ae76 feat(state): add security to parameters (#6435)
63ccfd58c feat: BackedEnum resources (#6309)
65296eaf1 feat(openapi): allow optional request body content (#6374)
7399fcf7e feat(symfony): skip error handler (#6463)
74986cb55 feat: inflector as service (#6447)
b47edb2a4 feat(serializer): context IRI in HAL or JsonApi format (#6215)
db1241c66 feat(openapi): make open_api_override_responses act on default 404 response generation (#6551)
e09e73efc feat: remove hydra prefix (#6418)

v3.3.9

Bug fixes

84df46786 fix(jsonld): remove request uri variables when denormalizing output (#6467)
ffb4ad31f fix(jsonld): mitigate #6465 (#6469)

v3.3.8

Bug fixes

0edc73806 fix(state): allow to skip parameter validator provider (#6452)
25c5f222d fix(graphql): security after resolver (#6444)
32ef3d4e2 fix(jsonld): allow @id, @context and @type on denormalization 2 (#6451)
4de43bab9 fix: swagger ui provider accept html (#6449)
65ac0d228 fix(symfony): property info with doctrine collections
7926dc68d fix: parameter not found when no value (#6458)
93e4b3d70 fix(state): store parameter value without its key (#6456)
c086dfe9d fix(openapi): optional yaml component (#6445)
c473b2efe fix(state): query and header parameter with the same name (#6453)

Features

These are enhancement to the experimental Parameter feature:

9ac50d294 feat(state): review validation for required parameters (#6441)
c2d3aeb91 feat(state): list all violations during query parameters validation (#6442)

v3.3.7

Bug fixes

0ed1b637a fix(metadata): wrong schema generated if openapicontext set on array (#6431)
57f930c65 fix(openapi): parameters can disable openapi (#6440)
69b4d35b9 fix(state): provider as ParameterProviderInterface (#6430)
842091ddf fix(jsonschema): make all required properties optional in PATCH operation with 'json' format (#6394)
af34e72ed fix(openapi): yaml openapi export should have numeric keys as string (#6436)
b42e25f2d fix(state): parameter decorates main chain (#6434)
c922ba3f5 fix(symfony): check method for readonly routes (#6437)

v3.3.6

Bug fixes

8e253d4d7 fix(graphql): validate after resolver (#6426)
d66769069 fix(symfony): load swagger_ui when enabled (#6424)
e06c88b71 fix(metadata): add some phpdoc annotations to ORM (#6387)
fb7c4658c fix(test): canonicalizing json arrays (#6386)
ff533565d fix(doctrine): use null-safe operator when retrieving parameters (#6423)

Notes:

The patch at #6426 introduces a new validateAfterResolver option to mitigate the BC-break introduced in 3.3 that does the validation before calling the resolver:

new Mutation(
    resolver: 'app.graphql.mutation_resolver.activity_log',
    name: 'create',
    validateAfterResolver: true,
    validate: false
)

v3.3.5

Bug fixes

55f27dc7a fix(symfony): documentation request _format (#6390)

v3.3.4

Bug fixes

002d8e514 fix(validation): ValidationException causes TypeError exception when called with $code=null (#6375)
77a917f2a fix(metadata): resource class php doc (#6381)
d809315fb fix(symfony): store original data without clone (#6367)
fb7c4658c fix(test): canonicalizing json arrays (#6386)

v3.3.3

Bug fixes

10f24f7a1 fix(state): no location header without output (#6356)
20c9165f2 fix(symfony): no read should not throw on wrong uri variables (#6359)
4cd359d40 fix(graphql): resolver before validation (#6363)
9d159f4fa fix(symfony): no read shouldn't throw InvalidIdentifiers (#6357)

v3.3.2

Bug fixes

6f806f4ee fix(state): read without output (#6347)
735e1509e fix(symfony): set normalization context in request attributes (#6345)
b4984126a fix(symfony): use_symfony_listeners before registering services (#6350)
f63fd8101 fix(symfony): define use_symfony_listeners (#6344)

Notes

You can remove the event_listeners_backward_compatibility_layer flag and set use_symfony_listeners instead. The use_symfony_listeners should be true if you use controllers or if you rely on Symfony event listeners. Note that now flags like read can be forced to true if you want to call a Provider even on POST operations. These are the rules we set up on runtime if no value has been set:

if (null === $operation->canValidate()) {
    $operation = $operation->withValidate(!$request->isMethodSafe() && !$request->isMethod('DELETE'));
}

if (null === $operation->canRead()) {
    $operation = $operation->withRead($operation->getUriVariables() || $request->isMethodSafe());
}

if (null === $operation->canDeserialize()) {
    $operation = $operation->withDeserialize(\in_array($operation->getMethod(), ['POST', 'PUT', 'PATCH'], true));
}

Previously listeners did the checks before reading our flags and you could not force the values.

When using GraphQl, with event_listeners_backward_compatibility_layer: true, mutation resolver gets called before validation, when using false (the future default) validation occurs on the user's input.

v3.3.15

Bug fixes

dc4fc84ba fix(graphql): securityAfterResolver not called
9eb5c4e94 fix(symfony): suggest DocumentationAction as replacement for deprecated SwaggerUiAction (#6894)

v3.3.14

Bug fixes

4c58b33e8 fix(jsonapi): fixed definition name to allow using the same class names in different namespaces (#6676)

v3.3.13

Bug fixes

1b9dfccc8 fix: count TraversablePaginator (#6611)
4c58b33e8 fix(jsonapi): fixed definition name to allow using the same class names in different namespaces (#6676)
ef0ee6427 fix(doctrine): use parameter.property for filter value (#6572)

v3.3.12

Bug fixes

0a461d749 fix(symfony): allow schema restriction for collection like property from choice constraint (#6520)
0e91b0451 fix: use correct class in FilterValidationException deprecation message (#6549)
2da8dd326 fix(symfony): replace tagged by tagged_iterator
3b42c9ff2 fix: deserialization path for not denormalizable relations collected errors (#6537)
41deeb4e4 fix(symfony): fix debug:api-resource command for class with multiple resources with same uriTemplate (#6505)
52fd9818b fix(elasticsearch): change normalize return type to compatible with other normalizers (#6493)
b3d7c0768 fix(openapi): allow null return type parameter

v3.3.11

Features

344b8b245 Revert "feat(jsonschema): make JSON-LD specific properties required (#6366)" (#6484)

v3.3.10

Bug fixes

6776231ed fix: remove useless deprecation (#6481)
71dbfb1af fix: property called default in ApiProperty has incorrect type (#6471) (#6472)
c3e2e5b82 fix(symfony): securityPostValidation when use_symfony_listeners (#6479)
e3013d40d Revert "fix(jsonschema): make all required properties optional in PATCH opera…" (#6476)
aeca0149d fix(jsonschema): make JSON-LD specific properties required in the output schema (#6366)

v3.3.1

Bug fixes

6f806f4ee fix(state): read without output (#6347)
735e1509e fix(symfony): set normalization context in request attributes (#6345)
f63fd8101 fix(symfony): define use_symfony_listeners (#6344)

v3.3.0-beta.2

Bug fixes

50f4f0eeb fix: change deprecated ValidationException (#6295)
5e908c898 fix: reorder early return QueryParameterValidateListener (#6300)
678eb4f84 fix(jsonapi): add missing "included" schema parts (#6277)
8f8121865 fix(graphql): query nullish ManyToOne-Relation
90c9fb31a fix(symfony): register api_error route (#6281)
93f8b5f39 fix(jsonapi): return empty data array for empty relation (#6270)
9ac0062a2 fix(symfony): context not serializable when session (#6302)
da324e457 fix(metadata): index operations (#6272)

v3.3.0-beta.1

Bug fixes

23a9f2a7f fix(openapi): webhook has pathItem
54638d3ca fix: fix PHPUnit 11 compatibility (#6202)
bc96751e0 fix(graphql): nested collection for mongo (#6174)
ca6be326d fix(doctrine): fix case on Mercure ExpressionLanguage (#6207)
dad8b7df3 fix(validation): move validation exception resource (#6204)

Features

0b724d93b feat(openapi): document parameter
125f2cef4 feat: add webhook - openapi (#5873)
31d24aca4 feat(hydra): read hydra:property from ApiProperty::jsonLdContext (#6240)
3ad3836d5 feat(metadata): attribute Parameter (#6246)
52322048c feat(state): provide parameter values
5523bf5df feat(openapi): disable response override (#6221)
683c34c6f feat(hydra): parameter documentation
732d4aa8c feat(symfony): parameter DI for metadata state serializer
842030d55 feat(doctrine): parameter filter extension (#6248)
b79c7ae0e feat(metadata): allow \Stringable for security parameters (#6095)
e427bba70 feat(jsonschema): JSON:API schema factory (#6250)

The v3.3.0-beta.1 introduces a new QueryParameter attribute to improve the filtering system.

v3.3.0-alpha.2

Bug fixes

bc8d57b88 fix(symfony): reduce json-problem dependencies (#6169)
bfd759b62 fix: components split dependencies (#6186)
c01e10ff3 fix(hydra): remove dependency from ApiPlatform/Api dependency (#6154)

Features

24a1a18cb feat: improve ApiProperty::security using property name (#5853)
3d1428e4d feat(symfony): add get_operation Expression Language function on Mercure topics (#5854)
6b00cea91 feat(graphql): partial pagination for page based pagination (#6120)
79fe01b97 feat(doctrine): paginators for Doctrine Collection & Selectable (#6153)
89c9229f4 feat(graphql): support nullable embedded relations in GraphQL types (#6100)

v3.3.0-alpha.1

Bug fixes

2828157f6 fix(doctrine): constants case sensitive values
bbc99cfbe fix(serializer): improve TagCollector context (JSONAPI HAL) (#6076)
e10cc5ecf fix(graphql): use normalization context to get item from IRI (#5915)

Features

4f59677d4 feat(parametervalidator): create api-platform/parameter-validator component
670e7fbea feat(serializer): collect cache tags using a TagCollector (#5758)
6b79b6f47 feat(elasticsearch): filtering on nested fields (#5835)
8e3a48810 feat: enable Swagger UI deep linking (#6051)
9083765b0 feat(graphql): support enum collection as property (#5955)
a749fe849 feat(doctrine): allow to extend link handling (#6061)
b48836690 feat(symfony): Link security (#5290)
cc9f6a518 feat(symfony): request and view kernel listeners (#6102)
ce9ab8226 feat(metadata): headers configuration (#6074)

Components:

api-platform/parametervalidator
api-platform/doctrine-common
api-platform/doctrine-orm
api-platform/doctrine-odm

A new interface ApiPlatform\Serializer\TagCollectorInterface allows to collect cache tags (IRIs) during serialization instead of using API Platform defaults. An experimental feature (#5290) gives the ability to use security on sub resource links.

If you use controllers you should use:

api_platform:
    use_symfony_listeners: true

The default is false you can get rid of the event_listeners_backward_compatibility_layer flag. You can now force an operation state, for example:

<?php

#[Delete(validate: true)]
#[Post(read: true)]
class Book {}

These namespaces are deprecated:

ApiPlatform\Api
ApiPlatform\Exception
ApiPlatform\Problem
ApiPlatform\Action
ApiPlatform\Util

Most of the classes have moved to ApiPlatform\Metadata.

If a format is not specified in either the global configuration or the outputFormats of an operation, you'll get a 406 Not Acceptable error:

api_platform:
    formats:
        jsonld: ['application/ld+json']
        form: ['multipart/form-data']

v3.3.0

Bug fixes

629da787b fix(symfony): use non deprecated validator exception (#6297)
8a232a474 fix: add legacy FilterInterface as return type of getFilter function (#6311)
97c8ae26e fix(jsonapi): handle multiple relation classes, unrelated unions (#6320)
af61482c2 fix(symfony)!: context stamp not serializable because of request object (#6323)
fce42e0e7 fix(jsonapi): re-add continue once relation is determined (#6325)

Features

57fe13615 feat(serializer): update MissingConstructorArgumentsException message (#5902)
e867d07f5 feat(parametervalidator): parameter validation (#6296)

v3.2.9

ecffcde chore: remove comparator conflict wrongly introduced

v3.2.8

Bug fixes

2a43268f9 fix(jsonschema): fix invalid "int" type to "integer" (#6049)
9660a190a fix(serializer): concat context on wrong id (#6050)
a35f0da11 fix(jsonld): remove link to ApiDocumentation when doc is disabled (#6029)
a9a06897b fix(doctrine): get reference with identifier value (#6019)
aac883e93 fix(symfony): bypass symfony exception listener (#6056)
b1926f533 fix(symfony): do not use metadata when merging schema constraints in Collection constraint (#6057)
cc16a1ced fix(jsonschema): iri example (#5901)
ccf52c199 fix: item_uri_template conflict with context on relation (#6015)
dcce75121 fix(doctrine): OrderFilterTrait - properties null value causing error in foreach
dcfd3c5ca fix(jsonschema): keep format subschema generation (#6055)
c13c88e5c fix(metadata): throw exception if itemUriTemplate if used on invalid operation (xml/yaml formats) (#6053)

v3.2.7

Symfony 7 support.

Bug fixes

183b4d637 fix(symfony): named arguments dependency injection
3d32d5e12 fix(openapi): entrypoint access vnd+openapi (#6012)
58f4a3dda fix: no boolean types for exclusive minimum and exclusive maximum open api (#5993)
5e8f5eb99 fix(graphql): consider writable flag also for nested input types (#5954)
9848bd4d4 fix: missing eager joins on to-one relationships (#5992)
aa44dd726 fix(openapi): max cardinality
c2be40994 fix(symfony): error in provider without uri variables (#6005)
d2f281eed fix(jsonschema): fix recursive documentation when using a dto entity wrapper (#5973)
e7bc2ab57 fix(jsonschema): indirect resource input schema (#6001)

v3.2.6

Bug fixes

To have errors backward compatible with 3.1, use:

api_platform:
    defaults:
         extra_properties:
             rfc_7807_compliant_errors: false

New extension points are available using Errors with rfc_7807_compliant_errors: true such as Error provider and Error Resource

1b4289412 fix: errors bc with rfc_7807_compliant_errors false (#5974)
ce297e6f7 fix(jsonschema): child entity property schema generation (#5988) (#5989)

v3.2.5

Bug fixes

ba8a7e653 fix: exception message leak

v3.2.4

Bug fixes

436921f3b fix(serializer): json violation list normalizer (#5941)

v3.2.3

Bug fixes

0f015214c fix(symfony): 404 wrongly normalized (#5936)
495f75f81 fix(serializer): json non-resource intermitent class (#5937)

v3.2.26

Bug fixes

6776231ed fix: remove useless deprecation (#6481)

v3.2.25

Bug fixes

0ed1b637a fix(metadata): wrong schema generated if openapicontext set on array (#6431)

v3.2.24

Bug fixes

451d50e53 fix(symfony): deprecations 7.1
93e71eb82 fix(graphql): name converter with class (#6396)
99314bf80 fix(state): handle empty request in read provider (#6403)

v3.2.23

Bug fixes

fb7c4658c fix(test): canonicalizing json arrays (#6386)

v3.2.22

Bug fixes

50c738cf6 fix(graphql): check inheritance in ResolverProvider (#6314)
9cd597f80 fix(doctrine): remove usage of deprecated ClassUtils in PurgeHttpCacheListener for Doctrine ORM 3 (#6331)
a59fbee97 fix(serializer): uriTemplate wrong cache usage in hal format (#6313)
c083af346 fix(metadata): allow extracting routeName from XML config (#6329)

v3.2.21

Bug fixes

2a8767108 revert: fix(graphql): increment graphql normalizer priority
6c3d58c28 fix(jsonschema): don't try to define $ref if set in attributes (#6303)
9ac0062a2 fix(symfony): context not serializable when session (#6302)

v3.2.20

Bug fixes

90c9fb31a fix(symfony): register api_error route (#6281)
d061c3811 fix(graphql): increment graphql normalizer priority (#6283)

v3.2.2

Bug fixes

3d0dfc148 fix(symfony): swagger ui should use base url (#5918)
4f51b5198 fix(symfony): use http exception headers (#5932)
547c4e605 fix(graphql): item resolver inheritance error (#5910)
6b5df95ca fix(doctrine): odm order filter should use a left join on nullable fields (#5911)
ae090c7c4 fix(graphql): use normalization context to get item from IRI (#5915)
b2d9ce40c fix(serializer): pass $context to IriConverter (#5908)
c2824c1d7 fix(jsonschema): restore type factory usage (#5897)
cd6f5834b fix(serializer): use error normalizers (#5931)
d9f77402d fix(graphql): service missing in debug mode (#5930)

Note:

extra_properties.skip_deprecated_exception_normalizers is set to false so that decorating Error normalizers works. Set it to true to avoid deprecations and decorate the corresponding ItemNormalizer instead.

v3.2.19

Bug fixes

0154fbf00 fix(elasticsearch): wrong namespace for stateOptions (#6260)
4adc07524 fix: multiple error routes #6214 (#6263)
88d88ed2c fix(doctrine): wrong return type without name converter #6079 (#6254)
db50a46c1 fix(doctrine): stateOptions force resource class on collection (#6255)

v3.2.18

Bug fixes

0073a2a1b fix(serializer): json non-resource intermittent class (HAL & JSON:API) (#6231)
3689ae5f4 fix(hydra): owl:maxCardinality should be an int (#6235)
4b70b7405 fix(jsonschema): generation of non-LD+JSON distinct schema formats (#6236)
818b9cd62 fix(jsonschema): don't skip remaining multiple union types (#6223)
874e4d670 fix(serializer): collection property in an output dto (#6239)

v3.2.17

Bug fixes

2819d56c8 fix(hydra): hydra:view with absolute iris (#6208)
98f4b8fca fix(metadata): Operations priority sort (#6206)
a1309bbf2 fix(serializer): skip symfony validation exception (#6220)

v3.2.16

Bug fixes

56744dcfa fix(serializer): fix union types on collection denormalization (#6192)
d8e2d0c5e fix(doctrine): doctrine/orm:^3.0 support (#6193)
f891f16d5 fix(doctrine): isAssociationInverseSide before getMappedBy (#6197)

v3.2.15

Bug fixes

09aacf98a fix(symfony): revert breaking change on attributes extractor (#6170)
4138cb7c0 fix(openapi): resource name parameter description (#6178)
5e4b6312a fix(jsonschema): multiple type support (draft4) (#6171)
8535f9def fix(doctrine): read parent class properties on PUT (#6176)
a188c9473 fix(symfony): autoconfigure legacy alias fixes #6177 (#6181)
e7b442149 fix(validator): stop considering properties marked with NotBlank(allowNull=true) as required (#6184)

v3.2.14

Bug fixes

26295392d fix: use normalisation context when none is provided in ApiTestAssertionsTrait (#6157)
2999d9ef1 fix: return null instead of exception for GraphQL Query operation (#6118)
30f3f353e fix(openapi): skip requestBody if input is false (#6163)
507edba82 fix(symfony): autoconfiguration on UriVariableTransformerInterface (#6159)
643cff2db fix(symfony): throw metadata exception (#6164)
a987469e0 fix(openapi): method OpenApi::getComponents must always return a Components object (#6158)
c08f1e164 fix(doctrine): test array type existence before using it (#6161)

v3.2.13

Bug fixes

05713bfc8 fix(hydra): move owl:maxCardinality from JsonSchema to Hydra (#6136)

v3.2.12

Bug fixes

1c1023a71 fix: better generics support for State\ProcessorInterface (#6103)
dcab6c79e fix(jsonschema): keep integer and number properties draft 4 compliant (#6098)
ef4b261f1 fix(graphql): remove count query if paginationInfo is not requested (#6068)

v3.2.11

Bug fixes

5de077e7d fix(symfony): use Type constraint violation code instead of exception code (#6064)
804da1be7 fix(openapi): compatibility with OpenAPI 3.0 (#6065)
cd01e043a fix(symfony): handle empty content-type as set by Symfony (#6078)
d3484b0f1 fix(serializer): integrate root_resource_class to cache key (#6073)

For OpenAPI 3.0, the spec_version=3.0.0 query parameter will force OpenAPI to the 3.0 version. This option is also available through the command line.

v3.2.10

Bug fixes

6f3c6a663 fix(symfony): attribute filter names (#6062)
dc77c7949 fix(symfony): disable symfony error handling by default
f75649d49 fix(symfony): use Type constraint violation code instead of exception code

v3.2.1

Bug fixes

05363d98f fix(symfony): force json format with GraphQL
0c50d4ceb fix(state): add link header processor without links (#5888)
51b818304 fix: error traces without arguments (#5891)
b7c094aca fix(metadata): interface breaking in 3.2 (#5883)
dbd4f64de fix(graphql): docs should answer text/html

v3.2.0-beta.2

Bug fixes

2e48c7ecc fix(jsonschema): do not override nor complete ApiProperty::schema user value (#5855 #5869, #5864)
6a62a53f8 fix(hydra): hydra:search iexact strategies
adbc57865 fix(openapi): entrypoint text/html 200 (#5868, #5863)
d42f00ce1 fix(validation): normalize constraint violation list (#5866)

Features

1fccb8413 feat(doctrine): add SearchFilter case-insensitive strategies constants
2cf9d552a feat: improve 'not_normalizable_value_exception' (#5844)
c76d9b0b7 feat(serializer): allow usage of genId property for collection (#5870)

Notes:

ApiPlatform\Api got moved to ApiPlatform\Metadata

v3.2.0-beta.1

Bug fixes

1c6862dd5 fix(symfony): use static variable to store Error (#5837, #5828)
2703a4507 fix(swagger): no throw when operation is not found
2dd058a45 fix(symfony): use "main" state alias for decoration (#5806)
3dedf6d9d fix: exception to status on error resource (#5823)
4ac62b0c2 fix(jsonschema): build non-resource class schema (#5842)
660955b69 fix(symfony): show documentation as entrypoint when requesting html (#5836)
7ebff2702 fix: errors without compatibility flag (#5841)
828e42997 fix: Mercure assertions to public to allow Mercure Hub reset (#5834)

Features

2141b0118 feat: deprecate not setting formats manually (#5808)
3fa0176a3 feat(metadata): add canonical_uri_template (#5832)
b9cf49969 feat(openapi): update Swagger UI to v5.6.2 (#5807)
e65d2c35a feat(serializer): add ApiProperty::uriTemplate option (#5675)

v3.2.0-alpha.2

Bug fixes

6c9e121db fix(elasticsearch): elasticsearch 8 compatibility (#5795)
7ecfdff85 fix(symfony): graphql security/validator only when enabled

Features

0d04f28f2 feat(metadata): improve CreateProvider (#5770)
46e84ffc1 feat(symfony): add mercure asserts (#5764)
c7dcd3669 feat(doctrine): stateOptions can handleLinks for query optimization (#5732)

Notes:

Adds assertMercureUpdateMatchesJsonSchema(Update $update, array $topics, array|object|string $jsonSchema = '', bool $private = false, string $id = null, string $type = null, int $retry = null, string $message = '')
The handle links feature is experimental until 3.3

v3.2.0-alpha.1

Bug fixes

33b1658a0 fix(serializer): disable_type_enforcement with null values (#5593)
49981505a fix(metadata): convert composite uri variables w/ proper type
502234cf5 fix: allowed composite identifiers with differents types
51e4295b2 fix: missing parent construct calls with named arguments (#5387)
9116f1554 fix(symfony): provider can throw validation exception (#5586)
b58ec1207 fix(metadata): correct interface aliases (#5766)
c353e5aa4 fix(graphql): do not add id field if operation already has a dedicated input type (#5095)
ccef472ca fix(openapi): use 3.1 version (#5489)

Features

4ef0ef856 feat: error as resources, jsonld errors are now problem-compliant (#5433)
6babb3d6b feat: replace doctrine/inflector by symfony/string (#5637)
7a1d351b0 feat(tests): add a method to generate the IRI from a resource (#5582)
851aa3778 feat(graphql)!: add extra args for custom queries or mutations (#5359)
92a81f024 feat(graphql): allow to disable the introspection query (#5711)
d793ffb92 feat: union/intersect types (#5470)

v3.2.0

Bug fixes

2e48c7ecc fix(jsonschema): do not override nor complete ApiProperty::schema user value (#5855, #5864)
33b1658a0 fix(serializer): disable_type_enforcement with null values (#5593)
3953f6f0a fix(state): read provider without request (#5803)
49981505a fix(metadata): convert composite uri variables w/ proper type
4ac62b0c2 fix(jsonschema): build non-resource class schema (#5842)
51e4295b2 fix: missing parent construct calls with named arguments (#5387)
6c9e121db fix(elasticsearch): elasticsearch 8 compatibility (#5795)
7ecfdff85 fix(symfony): graphql security/validator only when enabled
b58ec1207 fix(metadata): correct interface aliases (#5766)
c353e5aa4 fix(graphql): do not add id field if operation already has a dedicated input type (#5095)
c76d9b0b7 fix(serializer): allow usage of genId property for collection (#5870)

Features

0d04f28f2 feat(metadata): improve CreateProvider (#5770)
2141b0118 feat: deprecate not setting formats manually (#5808)
2cf9d552a feat: improve 'not_normalizable_value_exception' (#5844)
3fa0176a3 feat(metadata): add canonical_uri_template (#5832)
46e84ffc1 feat(symfony): add mercure asserts (#5764)
4ef0ef856 feat: error as resources, jsonld errors are now problem-compliant (#5433)
6babb3d6b feat: replace doctrine/inflector by symfony/string (#5637)
7a1d351b0 feat(tests): add a method to generate the IRI from a resource (#5582)
851aa3778 feat(graphql)!: add extra args for custom queries or mutations (#5359)
92a81f024 feat(graphql): allow to disable the introspection query (#5711)
b9cf49969 feat(openapi): update Swagger UI to v5.6.2 (#5807)
ccef472ca feat(openapi): use OpenAPI 3.1 (#5489)
c7dcd3669 feat(doctrine): stateOptions can handleLinks for query optimization (#5732)
d793ffb92 feat: union/intersect types (#5470)
d85884d53 feat(elasticsearch): filtering on nested fields (#5820)
e65d2c35a feat(serializer): add ApiProperty::uriTemplate option (#5675)

Notes

Use composer recipes:update to update your configuration file. The default configuration file is:

api_platform:
    title: Hello API Platform
    version: 1.0.0
    formats:
        jsonld: ['application/ld+json']
    docs_formats:
        jsonld: ['application/ld+json']
        jsonopenapi: ['application/vnd.openapi+json']
        html: ['text/html']
    defaults:
        stateless: true
        cache_headers:
            vary: ['Content-Type', 'Authorization', 'Origin']
        extra_properties:
            standard_put: true
            rfc_7807_compliant_errors: true # this will be the default value in 4.x
    event_listeners_backward_compatibility_layer: false # use symfony event listeners
    keep_legacy_inflector: false # use doctrine/inflector

Listeners will not get removed in API Platform 4 but will rather use our new Providers and Processors. You can now force the request to go through a particular state for example:

#[Post(read: true)] // to force reading even though it's a POST

ApiPlatform\Api got moved to ApiPlatform\Metadata
Adds assertMercureUpdateMatchesJsonSchema(Update $update, array $topics, array|object|string $jsonSchema = '', bool $private = false, string $id = null, string $type = null, int $retry = null, string $message = '')
The handle links feature is experimental

When using GraphQl, with event_listeners_backward_compatibility_layer: true, mutation resolver gets called before validation, when using false (the future default) validation occurs on the user's input.

v3.1.9

0fc5ad580 Fixes wrong interfaces aliases (#5563)

v3.1.8

Bug fixes

1f28efc56 fix(graphql): send headers in GraphiQL (#5539)
25861348d fix(elasticsearch): add is_collection to documentation (#5497)
60082d7a5 fix(doctrine): use fromClass metadata for each link (#5508)
62510b2bb fix(jsonschema): change type to integer in json schema for int backed enums (#5553)
6d2f883d1 fix(metadata): remove identifier_metadata_factory services (#5518)
6d7aaf7de fix: class already declared with preloading (#5523)
aa7f4b8fe Revert "fix(symfony): query parameter validation after authentication (#5473)" (#5556)
e4fa5a234 fix(serializer): no forced resource class relation (#5542)
f3935749e fix: the stateOptions::entityClass should be used when present while building Links (#5550)

v3.1.7

Bug fixes

05b572234 fix(jsonschema): access related subschema on readableLink (#5515)
138c51218 fix(serializer): skip unknown property and use the name converter
23ef01aa2 fix(openapi): restore OpenApiFactory::OPENAPI_DEFINITION_NAME (#5516)
871824c44 fix(symfony): check operations parameters (#5513)
af5cd209d fix(serializer): cache class metadata factory (#5512)
f128e3b3c fix(openapi): yaml parameters extractor (#5487)

v3.1.6

Bug fixes

2be8b4f74 fix(symfony): OperationMetadataFactoryInterface service alias (#5491)
4c87a97c2 fix(openapi): deprecate api_keys names not compatible with 3.1 (#5490)
e47162227 fix(jsonschema): find the related operation instead of assuming one (#5469)
e7114b7ed fix(elasticsearch): remove old bridge service (#5488)

v3.1.5

Bug fixes

1f23344b0 fix(symfony): status at 200 when allowCreate is false (#5465)
42c5c3e64 fix(symfony): query parameter validation after security (#5473)
8a88e0cbc fix(metadata): no deprecation when elasticsearch is null (#5450)
9421ba537 fix(serializer): propertyFilter should apply to arrays as well (#5444)
a5aa52923 fix(metadata): remove ReflectionEnum usage (#5453)
bf29fb973 fix(openapi): document PropertyFilter within parameter (#5458)
cfdc9ad9b fix(metadata): add default operations config (#5459)
6e35a714f perf(symfony): cache identifier metadata factory (#5466)

Notes:

#5473 changes the priority of the ApiPlatform\Symfony\EventListener\QueryParameterValidateListener from 16 to 2 so that it occurs after the security listener.
ReflectionEnum was removed as it was causing segfaults with opcache preload and an unidentified PHP extension
#5459 fixes the defaults operation declaration such as:
```
defaults:
  - ApiPlatform\Metadata\Get
  - ApiPlatform\Metadata\GetCollection
```
very useful for read only APIs, this was possible in 2.7 but not backported correctly

v3.1.4

Bug fixes

80ac2e3d6 fix(serializer): find parent class operation
b6139234a fix(metadata): default graphql operations on ApiResource only
bd3ff68ce fix: missing PlaceholderAction service alias (#5429)

v3.1.3

Bug fixes

dcc4733d5 fix(serializer): reset cache key on collection items CVE-2023-25575
1170c3846 fix(metadata): map uriVariables to uriTemplate vars (#5410)
d1d139aa4 fix(metadata): in xml resource extractor > building request body content values (#5419)
ea71416bb fix(openapi): allow overriding of openapi responses (#5393)
ff3255c9e fix(serializer): check which instance of NameConverterInstance is used (#5398)

Features

d3783d611 feat(metadata): class IdentifiersExtractor now handles enums (#5411)

v3.1.25

Bug fixes

5de077e7d fix(symfony): use Type constraint violation code instead of exception code (#6064)
d3484b0f1 fix(serializer): integrate root_resource_class to cache key (#6073)

v3.1.24

Bug fixes

9660a190a fix(serializer): concat context on wrong id (#6050)
a9a06897b fix(doctrine): get reference with identifier value (#6019)
cc16a1ced fix(jsonschema): iri example (#5901)

v3.1.23

Bug fixes

9848bd4d4 fix: missing eager joins on to-one relationships (#5992)
d2f281eed fix(jsonschema): fix recursive documentation when using a dto entity wrapper (#5973)
dac49cb16 Revert "fix: missing eager joins on to-one relationships (#5992)"

v3.1.22

Bug fixes

157faafd5 fix(state): wrong variable name
b2d9ce40c fix(serializer): pass $context to IriConverter (#5908)

v3.1.21

Bug fixes

364732d83 fix(serializer): missing parenthesis fixes #5773

v3.1.20

Bug fixes

eebc7c5a0 fix: add itemUriTemplate to resources.xsd (#5872)

v3.1.2

Bug fixes

85209558c fix(symfony): missing http clients varnish purger (#5383)
a76ebf271 fix: missing parent construct calls with named arguments (#5385)

v3.1.19

Bug fixes

6a62a53f8 fix(hydra): add xxx[] hydra:search iexact
7f0e00cd2 fix(mercure): custom topics on newly created entities causes error #5074
1fccb8413 fix(doctrine): add SearchFilter case-insensitive strategies constants

v3.1.18

v3.1.17

Bug fixes

50999d651 fix(symfony): missing translation contracts (#5799)

v3.1.16

Bug fixes

c14b6f419 fix(graphql): add cache_key in item normalizer (#5686)
c2b3514c0 fix(serializer): no mapping cache in debug mode (#5777)
c7892a646 fix(serializer): retrieve only first uriVariable from operation (#5788)
c8b974131 fix(serializer): correct supported types for elasticsearch item normalizer decorator (#5769)

v3.1.15

Bug fixes

07c9989eb fix(metadata): notexposed no urivariables inheritance (#5765)
8d04dcf5f fix(metadata): fix POST on subresource (#5734)
a774f4c51 fix(doctrine): searchfilter with nested custom identifiers (#5760)
b7258ef38 fix: error 500 on request with 'empty' accept headers, e.g. 'accept: 0' or 'accept: ' (#5767)

v3.1.14

Bug fixes

146f55330 fix(metadata): operation NotExposed status to 404 (#5717)
4dcfc16c3 fix(symfony): perf regression with Symfony 6.3 (#5721)
4f9626f42 fix(serializer): use data if no uri_variables provided (#5743)
7bb92a52f fix(doctrine): use stateOptions only within doctrine context (#5726)
83dbfbff1 fix(metadata): generated NotExposed operation should inherit resource options (#5722)
ccad63683 Revert "fix: search on nested sub-entity that doesn't use "id" as its ORM identifier (#5623)" (#5744)
e2745855b fix(openapi): model Example, Header and Reference (#5716)
ebf03104f fix(jsonld): skolem uri template may have a _format (#5729)

v3.1.13

Bug fixes

0c1c1c36f fix(symfony): enable API Platform in LexikJWTAuthenticationBundle (#5609)

You can disable this behaviour by setting the configuration key lexik_jwt_authentication.api_platform.enabled to false
146991ba4 fix(openapi): merge parameters with deprecated openApiContext (#5703)
14969aa0c fix(serializer): put replaces embed collection (#5604)
9cb0ee43c fix(metadata): missing xml/yaml properties (#5684)
a8796238d fix: filters don't have to implement the "legacy" FilterInterface (#5619)
ada115966 fix: don't implement deprecated CacheableSupportsMethodInterface with Symfony 6.3+ (#5696)
b8cbdb1cb fix(doctrine): search on nested sub-entity that doesn't use "id" as its ORM identifier (#5623)
e21e9faee fix(symfony): support for custom controller with class method (#5681)

Features

011fd4862 feat(serializer): support for getSupportedTypes (symfony 6.3) (#5671)
db2cc9567 feat(serializer): support for getSupportedTypes (symfony 6.3) (#5672)

v3.1.12

Bug fixes

1bcca0930 fix(symfony): provider can throw validation exception (#5586)
57bfefbfa 547078cf7 fix(metadata): convert composite uri variables w/ proper type
a0f12b667 fix(serializer): disable_type_enforcement with null values (#5593)

Also updates: graphiql, opensans

v3.1.11

Bug fixes

2121d15c3 fix(symfony): allow post with uri variables and no provider
ed4bca9b9 fix(serializer): Guess uri variables with the operation and the data instead of hardcoding id (#5546)

v3.1.10

Bug fixes

1281b0f49 fix(serializer): don't force resource class on relation (#5576)
810e4455b fix(serializer): fix denormalizing to non-cloneable objects (#5569)

v3.1.1

Bug fixes

186cd69d4 fix(symfony): wrong purger clients type (#5373)
4eb0ab5a9 fix(openapi): fix openapi requestbody decoration (#5377)
78ae12298 fix(metadata): allow custom http status code for put (#5375)
a5fb2aa28 fix(metadata): defaults extra properties (#5362)
f7c70b17d fix(graphql): name and key should be the same for an enum without Enum suffix in class name (#5369)

v3.1.0

Bug fixes

7f09a2640 fix(jsonschema): remove @id @type @context from input schema (#5267)
7fa9ca5a7 fix: do not use api_graphql_graphiql route when graphiQl is disabled because it won’t exist (#5266)
9f5a408a1 fix(metadata): attributes parameter order (#5317)
d0fcd70c3 fix(graphql): remove inline styles and add twig blocks to aid overriding templates in strict CSP environments (#5251)

Features

3a845f1fb fix(symfony): use swagger.api_keys with a key to handle multiple authorizations (#4691)
06185b7c9 feat: add groups filter whitelist info to swagger (#5244)
10da65f67 feat: support collect denormalization errors (#5170)
36d930eda feat(graphql): enable profiler panel when using graphql (#5072)
471185d3e feat(symfony): agnostic cache purger + souin support (#5273)
8744857a3 feat: add GraphQL enum support (#5199)
8c8a91b4a feat(jsonschema): serialization context on JsonSchema (#4860)
902b1354f feat: better separation of entity class and resource (#5275)
a558c94d0 feat: add context to XML parsing errors (#5335)
a828af0e8 feat: use phpdoc-parser instead of phpdocumentor (#5214)
bd361bbed feat(doctrine): add link factory (#5345)
bde59ba12 feat: spec-compliant PUT method (#4996)
c145ec700 feat(openapi): add ApiResource::openapi and deprecate openapiContext (#5254)
e5f1be056 feat: add @type property on mercure delete update (#2688)
f1ecc30a3 feat(openapi): add backed enum support (#5120)

Backward compatibility

only use named arguments on metadata attributes (Get, Query, Operation, ApiProperty etc.) as we don't guarantee the backward compatibility on positional arguments

v3.0.9

Bug fixes

3d8371a56 fix(graphql): use depth for nested resource class operation (#5314)
6f9289eb8 fix(serializer): use symfony's default serializer context (#5305)
af98b645f fix: compatibility with PHP 8.2 (#5292)
b5734a73e fix(graphql): pass graphql enabled flag (#5315)

Features

9632b6416 feat: serialize error title from ValidationException (#5313)

v3.0.8

Bug fixes

26040444e fix(graphql): dont add graphql operations when disabled (#5265)
3d3c2c744 fix(graphql): link relations requires the property (#5169)
ddeda9c93 fix(normalizer): normalize items in related collection with concrete class (#5261)
e73878570 fix(jsonschema): remove @id @type @context from input schema (#5267)

v3.0.7

Bug fixes

27af3216f fix(symfony): wire Symfony JsonEncoder if it exists (#5240)
31215c623 ci: fix mongod startup (#5248)
55be4ca41 fix: get back return phpdoc on ProviderInterface
6d38cd941 fix(metadata): include routePrefix in default operation name (#5203) (#5252)
b52161f perf(symfony): use default cache pool config in development environment (#5242)

v3.0.6

Bug fixes

d4173e7db fix(metadata): do not override name fixes #5235 (#5237)

v3.0.5

Bug fixes

0f891616f fix(metadata): route prefix in the operation name (#5208)
84a7e564d fix(metadata): getOperation cache matches arguments (#5215)
bd0b05abc fix(serializer): dynamic groups should not be cached (#5207)
ebaad51b2 fix(serializer): read groups off the root operation (#5196)

v3.0.4

Bug fixes

148442c49 fix(metadata): item uri template with another resource (#5176)
2a582764a fix(graphql): add filters from the nested resource metadata (#5171)
45b552673 fix(metadata): _format broken bc promise on #5080 (#5187)
5bc84ce36 fix(graphql): use default nested query operations (#5174)
6e2f920ec fix(serializer): empty object as array with supports cache (#5100)
706f66f6b fix(metadata): allow input/output configuration values to be bool in yaml config (#5186)
b3bc4d6ac fix: use legacy iri converter for legacy resources (#5172)
d18813597 fix: securityPostDenormalize not working because clone is made after denormalization (#5182)
dbf44470a fix(metadata): check if elasticsearch is set to false by user through ApiResource (#5115) (#5177)
a52750496 fix(metadata): allow custom Attribute to extend ApiResource (#5076) (#5175)
62af87485 fix(openapi): use "openapi" key to validate filter parameters (#5114)

v3.0.3

Bug fixes

176fff2cb fix(metadata): upgrade script keep operation name (#5109)
1b64ebf6a fix: upgrade command remove ApiSubresource attribute (#5049)
27fcdc6b2 fix(metadata): deprecate when user decorates in legacy mode (#5091)
310363d56 fix: remove @internal annotation for Operations (#5089)
41bbad94e fix: update yaml extractor test file coding standard (#5068)
44337ddb3 fix(graphql): use right nested operation (#5102)
541b738e9 fix(graphql): add clearer error message when TwigBundle is disabled but graphQL clients are enabled (#5064)
59826bbe9 fix: only alias if exists for opcache preload
7044c5a1b fix(doctrine): use abitrary index instead of value (#5079)
8250d41a3 fix(metadata): define a name on a single operation (#5090)
9c19fa171 fix(metadata): add class key in payload argument resolver (#5067)
a4cd12b2a fix: uri template should respect rfc 6570 (#5080)
bbeaf7082 fix(graphql): always allow to query nested resources (#5112)
c1cb3cd2f Revert "fix(graphql): use right nested operation (#5102)" (#5111)

v3.0.12

Bug fixes

5723d6836 fix(serializer): reset cache key on collection items CVE-2023-25575
1983089d9 fix(metadata): reader should be nullable (#5378)
80aeb3158 fix(symfony): autoconfigure elasticsearch extension (#5379)

v3.0.11

Bug fixes

0154bf13c fix(metadata): homogenize operations constructor (#5344) Note: we made clear that we are supporting only named arguments on our Attributes. We do not support backward compatibility on positional arguments.
53cb25fab fix(symfony): annotation reader argument optional (#5358)
722802c13 fix(graphql): usable YAML/XML configuration (#5333) Note: paginationViaCursor was removed from GraphQl operations as it had no behavior
937786efe fix(metadata): extract identifier using Link::toProperty (#5352)

v3.0.10

Bug fixes

ec67b3f47 fix: fix argument resolver error (#5342)

v2.7.9

Bug fixes

1983089d9 fix(metadata): reader should be nullable (#5378)
80aeb3158 fix(symfony): autoconfigure elasticsearch extension (#5379)

v2.7.8

Bug fixes

b15a97d7f fix(symfony): autoconfigure elasticsearch extension (#5376)
cbe7355d1 fix(metadata): annotation reader should be nullable

v2.7.7

Bug fixes

53cb25fab fix(symfony): annotation reader argument optional (#5358)

v2.7.6

Bug fixes

31215c623 ci: fix mongod startup (#5248)
444f339ae fix: avoid unneeded use of covariance to keep compatibility with PHP < 7.4 (#5327)
5baea781c fix(metadata): fix extra properties method (#5294)
a6f0d9aac fix(symfony): http cache wrong metadata argument
ab6822f77 fix: Set twig.exception_listener as service parent (#5059)
f22fa73f4 fix(elasticsearch): elasticsearch BC

v2.7.5

Bug fixes

096ac119a fix(metadata): keep configured uri variables (#5217)
2b2d468f0 fix(metadata): operations must inherit from resource and defaults
2cb3b4272 fix(serializer): use iri from $context if defined (#5201)
39398579e fix(symfony): definition when mercure is not installed (#5206)
e9c7e4abb fix(serializer): avoid call to legacy iri converter with non-resource class (#5219)
ebaad51b2 fix(serializer): read groups off the root operation (#5196)

v2.7.4

Bug fixes

706f66f6b fix(metadata): allow input/output configuration values to be bool in yaml config (#5186)
b3bc4d6ac fix: use legacy iri converter for legacy resources (#5172)

v2.7.3

Bug fixes

176fff2cb fix(metadata): upgrade script keep operation name (#5109)
1b64ebf6a fix: upgrade command remove ApiSubresource attribute (#5049)
27fcdc6b2 fix(metadata): deprecate when user decorates in legacy mode (#5091)
310363d56 fix: remove @internal annotation for Operations (#5089)
41bbad94e fix: update yaml extractor test file coding standard (#5068)
59826bbe9 fix: only alias if exists for opcache preload
8250d41a3 fix(metadata): define a name on a single operation (#5090)
9c19fa171 fix(metadata): add class key in payload argument resolver (#5067)

v2.7.14

Bug fixes

deed442e0 fix: handle item iri with identifiers in LegacyIriConverter (#5670)

v2.7.13

Bug fixes

20371ccad fix: IriConverterInterface injection and deprecation (#5630)
c5f709d17 fix: api:upgrade-resource output formatting (#5624)

v2.7.12

Bug fixes

810e4455b fix(serializer): fix denormalizing to non-cloneable objects (#5569)
b6dc7728b fix(symfony): update for PHPUnit 10 (#5551)

v2.7.11

Bug fixes

01ce3f811 fix(serializer): find parent class operation (#5449)

v2.7.10

Bug fixes

5723d6836 fix(serializer): reset cache key on collection items CVE-2023-25575

Notes

This version as the 4.0.19 is compatible with Laravel 12. The hydra patch changes default hydra:title and uses the resource shortname. Previously the hydra:title information was duplicating the hydra:description. The rdfs:label got removed from the hydra:Class as it was used instead of the hydra:title. On hydra:property rdfs:label got renamed to label as the rdfs namespace is available in the context. The ApiPlatform\Metadata\ErrorResource and the ConstraintViolation (ValidationException class) are now generated directly from your PHP classes, only our ConstraintViolationList is hard-written and documents the ConstraintViolation::violation property. Therefore, your own error resources are also documented. On top of that, we now set the rdfs:subClassOf to hydra:Error. #[ApiProperty(hydra: false)] allows you to skip a documented hydra:supportedProperty on a class. On write operations, we added the expectsHeader field.

3.0.2

Metadata: generate skolem IRI by default, use genId: false to disable BC

3.0.1

Symfony: don't use ArrayAdapter cache in production #5027
Symfony: remove _api_exception_to_status leftovers (#4992)
Serializer: support empty array as object (#4999)
Chore: compatibility with PHP 8.2 (#5024)
Symfony: resource class directories bc break (#4982)
Symfony: exception_status bad merge (#4981)
Graphql: remove unused service for ItemResolverFactory (#4976)
Chore: document missing breaking changes on the 3.0.0-beta.1

3.0.0-rc.2

JsonLd: correct the api_jsonld_context route format (#4844)
Metadata: remove metadata_backward_compatibility_layer option (#4843)
OpenApi: fixed required fields (in and name) within ApiPlatform\OpenApi\Model\Parameter BC

Various cleanup, removed Core namespace leftovers and todos.

3.0.0-beta.2

ExpressionLanguage: deprecated class ApiPlatform\Symfony\Security\ExpressionLanguage has been removed in favor of Symfony\Component\Security\Core\Authorization\ExpressionLanguage.

3.0.0-beta.1

Breaking changes:

Identifiers: Allow plain identifiers is removed, use a custom normalizer if needed (#4811)
Symfony: deprecated configuration was removed (#4811)
DataTransformers: concept got removed, input and output classes are handled as anonymous resources (#4805)
Doctrine: some interfaces have changed (extensions and filters), string $operationName got removed in favor of ApiPlatform\Metadata\Operation $operation. (#4779)
Doctrine: ContextAware interfaces were merged with their child interfaces you can safely remove them (#4779)
Metadata: the Core namespace got removed (#4805)
Mercure: deprecation removed (#4805)
Identifiers: using an object as identifier is supported only when this object is Stringable
Serializer: skip_null_values now defaults to true
Metadata: Patch is added to the automatic CRUD
Symfony: generated route names and operation names changed, route naming can be changed directly within metadata
Doctrine: remove [@final](https://github.com/final) annotation from filters and mark them as final

3.0.0

Metadata: CRUD on subresource with experimental write support (#4932)
Symfony: 6.1 compatibility and remove 4.4 and 5.4 support (#4851)
Symfony: removed the $exceptionOnNoToken parameter in ResourceAccessChecker::__construct() (#4905)
Symfony: use conventional service names for Doctrine state providers and processors (#4859)
Symfony: adjust mapping paths to the SF best practices for Bundles BC Resources/config/api_resources to config/api_resources (#4853)
Symfony: src/ApiResource/ is the recommended place for API models (#4874)
Cache: remove guzzle from the Varnish purger (#4872)

Various cleanup in services and removal of backward compatibility layer.

2.7.2

Metadata: no skolem IRI by default
Symfony: use service id as tag for lower symfony versions (processor/provider service locator)
Symfony: fix command constants not available on lower symfony versions

2.7.1

Chore: update swagger ui and javascript libraries (#5028)
Symfony: don't use ArrayAdapter cache in production #4975 (#5025)
Doctrine: check fetch joined queries based on all aliases (#4974)
Metadata: fix missing array cast for RDF types in ApiResource & ApiProperty constructors (#5000)
Symfony: replace FQCN service names by snake ones (#5019)
Symfony: add missing dependency on symfony/deprecation-contracts (#5015)
Chore: add conflict on elasticsearch >= 8.0 (#5018)
Symfony: bc layer broken for symfony/console lower than 5.3 (#4990)
Symfony: missing deprecations related to Ulid and Uuid normalize… (#4963)
Metadata: do not auto-generate NotExposed operation when using custom operation classes
Symfony: upgrade command requires phpunit (#4968)
Symfony: upgrade command removes filters (#4970)
Symfony: missing Elasticsearch DocumentMetadataFactoryInterface alias definition (#4962)
Chore: drop dependency on fig/link-util (#4945)
Metadata: resource name collection missing deprecation (#4953)
Doctrine: ability to use ORM and ODM (#5032)

2.7.0-rc.2

Symfony: the upgrade command now updates ApiFilter as well (#4845)
Symfony: maker command to create a state Processor (#4423)

2.7.0-beta.5

Serializer: ignore no-operation on SerializeListener (#4828)
Schema: schema generation with default operation (#4818)

2.7.0-beta.4

Metadata: reduce coalescing operator call (#4810)
Api: remove dump (#4809)

2.7.0-beta.3

Metadata: use the HTTP method instead of an interface for writability (#4785)
Cache: IriConverter gets called only for resources (#4796)
JsonApi: Use skolem IRIs (#4796)
Metadata: Merge defaults instead of overriding (#4796)
ApiTestCase: Fix JSON Schema assertions (#4796)
Metadata: Cast YAML/XML values properly (#4800)
Symfony: fix deprecations (#4795 #4801 #4802)
Input/Output: backport serializer changes to make input/output work as resource classes without data transformers (#4804)
GraphQl: the SerializerContextBuilder interface changes to reflect operation instead of the operation name BC (#4804)

2.7.0-beta.2

Processor: adds previous_data to the context (#4776)
Doctrine: fix filter binding (#4789)
Cache: fix headers not being read from metadata (#4777)

2.7.0-beta

Json-Ld: property metadata types and iris (#4769)
Symfony: write listener uri variables converter (#4774)
Metadata: extra properties operation inheritance (#4773)

BC

Doctrine: new interfaces for Filters and Extensions ready, switch to the ApiPlatform\Doctrine namespace after fixing your deprecations: (#4779)

ApiPlatform\Core\Bridge\Doctrine\Orm\Extension interfaces have an Operation instead of the $operationName, the new namespace is ApiPlatform\Doctrine\Orm\Extension
ApiPlatform\Core\Bridge\Doctrine\MongoDbOdm\Extension interfaces have an Operation instead of the $operationName, the new namespace is ApiPlatform\Doctrine\Odm\Extension

2.7.0-alpha.7

Metadata: defaults deprecation (#4772)

2.7.0-alpha.6

GraphQl: output creates its own type in TypeBuilder (#4766)
Metadata: clear missing metadata cache pools (#4770)
Metadata: property override when value is set (#4767)
Metadata: add read and write to extractor (#4760)
JsonSchema: factory backward compatibility layer (#4758)
Metadata: defaults properly overrides metadata (#4759)
Metadata: Add missing processor and provider to extractor (#4754)

2.7.0-alpha.5

Backward compatibility: fix upgrade script for subresources (#4747)
Backward compatibility: fix dependency injection (#4748)

2.7.0-alpha.4

Backward compatibility: fix dependency injection (#4744)
Metadata: allow extra keys within defaults (#4743)

2.7.0-alpha.3

Implements Skolem IRIs instead of blank nodes, can be disabled using iri: false (#4731)
IRI Converter: new interface declaring getIriFromResource and getResourceFromIri (#4734)

2.7.0-alpha.2

Review interfaces (ProcessorInterface, ProviderInterface, TypeConverterInterface, ResolverFactoryInterface etc.) to use ApiPlatform\Metadata\Operation instead of operationName (#4712)
Introduce CollectionOperationInterface instead of the collection flag (#4712)
Introduce DeleteOperationInterface instead of the delete flag (#4712)
The compositeIdentifier flag only lives under the uriVariables property (#4712)
The provider or processor property is specified within the Operation and we removed the chain pattern (#4712)
JSON Schema: fix nullable types validation using assertMatchesResourceItemJsonSchema (#4725)
Elasticsearch: verify whether mapping type is supported (#4726)
Deprecate Data Transformers (#4722)
Fix missing service declaration and BC breaks (#4721 #4716 #4717 #4718)
Hydra: add hydra view example values (#4681)

2.7.0-alpha.1

Swagger UI: Add usePkceWithAuthorizationCodeGrant to Swagger UI initOAuth (#4649)
BC: mapping.paths in configuration should override bundles configuration (#4465)
GraphQL: Add the ability to use different pagination types for the queries of a resource (#4453)
Security: BC Fix ApiProperty security attribute expression being passed a class string for the object variable on updates/creates - null is now passed instead if the object is not available (#4184)
Security: ApiProperty now supports a security_post_denormalize attribute, which provides access to the object variable for the object being updated/created and previous_object for the object before it was updated (#4184)
Maker: Add make:data-provider and make :data-persister commands to generate a data provider / persister (#3850)
JSON Schema: Add support for generating property schema with numeric constraint restrictions (#4225)
JSON Schema: Add support for generating property schema with Collection restriction (#4182)
JSON Schema: Add support for generating property schema format for Url and Hostname (#4185)
JSON Schema: Add support for generating property schema with Count restriction (#4186)
JSON Schema: Manage Compound constraint when generating property metadata (#4180)
Validator: Add an option to disable query parameter validation (#4165)
JSON Schema: Add support for generating property schema with Choice restriction (#4162)
JSON Schema: Add support for generating property schema with Range restriction (#4158)
JSON Schema: Add support for generating property schema with Unique restriction (#4159)
BC: Change api_platform.listener.request.add_format priority from 7 to 28 to execute it before firewall (priority 8) (#3599)
BC: Use [@final](https://github.com/final) annotation in ORM filters (#4109)
Allow defining exception_to_status per operation (#3519)
Doctrine: Better exception to find which resource is linked to an exception (#3965)
Doctrine: Allow mixed type value for date filter (notice if invalid) (#3870)
Doctrine: Add nulls_always_first and nulls_always_last to nulls_comparison in order filter (#4103)
Doctrine: Add a global order_nulls_comparison configuration (#3117)
MongoDB: date_immutable support (#3940)
DataProvider: Add TraversablePaginator (#3783)
JSON:API: Support inclusion of resources from path (#3288)
Swagger UI: Add swagger_ui_extra_configuration to Swagger / OpenAPI configuration (#3731)
Allow controller argument with a name different from $data thanks to an argument resolver (#3263)
GraphQL: Support ApiProperty security (#4143)
GraphQL: BC Fix security on association collection properties. The collection resource item_query security is no longer used. ApiProperty security can now be used to secure collection (or any other) properties. (#4143)
Deprecate allow_plain_identifiers option (#4167)
Exception: Add the ability to customize multiple status codes based on the validation exception (#4017)
ApiLoader: Support _format resolving (#4292)
Metadata: new namespace ApiPlatform\Metadata instead of ApiPlatform\Core\Metadata, for example ApiPlatform\Metadata\ApiResource (#4351)
Metadata: deprecation of ApiPlatform\Core\Annotation (#4351)
Metadata: ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface is deprecated in favor of ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface (#4351)
Metadata: item and collection prefixes for operations are deprecated, as well as the ApiPlatform\Core\Api\OperationType class (#4351)
Graphql: ApiPlatform\Metadata\GraphQl follow the same metadata conventions (a Subscription operation is available and isn't hidden behind an update Mutation anymore), interfaces got simplified (being @experimental) (#4351)
IriConverter: new interface for ApiPlatform\Bridge\Symfony\Routing\IriConverter that adds an operationName, same for ApiPlatform\Api\IdentifiersExtractor (#4351)
DataProvider: new ApiPlatform\State\ProviderInterface that replaces DataProviders (#4351)
DataPersister: new ApiPlatform\State\ProcessorInterface that replaces DataPersisters (#4351)
A new configuration is available to keep old services (IriConverter, IdentifiersExtractor and OpenApiFactory) metadata_backward_compatibility_layer (defaults to false) (#4351)
Add support for security_post_validation attribute
Mark the GraphQL subsystem as stable (#4500)
feat(test): add Client::loginUser() (#4588)
feat(http_cache): use symfony/http-client instead of guzzlehttp/guzzle, ApiPlatform\Core\HttpCache\PurgerInterface is deprecated in favor of ApiPlatform\HttpCache\PurgerInterface, new purger that uses PURGE (#4695)

2.7.0

chore: remove @experimental phpdoc (#4933)
Metadata: do not set id when identifier is false (#4880)
Metadata: automatic GET operation when none is declared (#4881)
Metadata: exception to status on operations (#4861)
Serializer: adds the JSON_INVALID_UTF8_IGNORE flag to JsonEncode (#4741)
Symfony: autoconfigure legacy Doctrine extensions (#4909)
Elasticsearch: skip metadata without ES nodes (#4913)
Symfony: deprecated the $exceptionOnNoToken parameter in ResourceAccessChecker::__construct() (#4900)

Various cs fixes and PHPDoc to help upgrading to 3.0.

2.6.9

fix(serializer): remove 'iri' from context cache (#4925)

2.6.8

fix: serializing embedded non resource objects
chore(openapi): upgrade Swagger UI to version 4.1.3
chore(openapi): upgrade ReDoc to version 2.0.0-rc.59
chore(graphql): upgrade GraphiQL to version 1.5.16

2.6.7

feat: compatibility with Symfony 6 (#4503, #4582, #4604, #4564)
feat: compatibility with PHP 8.1 (#4503, #4582, #4604)
fix: pass the child context when normalizing nested non-resource objects (#4521)

2.6.6

fix(json-schema): consider SplFileInfo class as a binary type (#4332)
fix(json-schema): use collectionKeyType for building JSON Schema (#4385)
fix(openapi): failing recursion on api resources with "paths" key (#4325)
fix(graphql): make sure form content type is recognized as a multipart request (#4461)
fix(doctrine): handle inverse side of OneToOne association in Doctrine search filter (#4366)
fix(doctrine): usage of deprecated DBAL type constants (#4399)
fix(test): fix REMOTE_ADDR support in ApiTestCase (#4446)
fix(docs): use asset_package for all assets (#4470)
fix(docs): upgrade Swagger UI to version 3.52.3 (#4477)
fix(docs): upgrade ReDoc to version 2.0.0-rc.56 (#4477)
fix(docs): upgrade Swagger UI to version 2.0.0-rc.56 (#4477)

2.6.5

Fix various usage of various deprecated methods
JsonSchema: Update Hydra [@context](https://github.com/context) property possible types (#4223)
JsonSchema: Add hydra:previousto thehydra:view` schema properties (#4310)
Filter validation: Fix issue in Required filter validator with dot notation (#4221)
OpenAPI: Fix notice/warning for response without content in the openapi_context (#4210)
OpenAPI: Do not use output for request body (#4213)
OpenAPI: Do not use JSON-lD schema for all media types (#4247) (BC note: SchemaFactory::buildSchema() is now immutable as it no longer modifies the passed $schema)
OpenAPI: Allow setting extensionProperties with YAML schema definition (#4228)
OpenAPI: do not throw error with non-standard HTTP verb (#4304)
Serializer: Convert internal error to HTTP 400 in Ramsey uuid denormalization from invalid body string (#4200)
GraphQL: Fix FieldsBuilder not fully unwrapping nested types before deciding if a resolver is needed (#4251)
GraphQL: Do not use a resolver for the nested payload of a mutation or subscription (#4289)
GraphQL: Allow search filter to use an int for its value (#4295)
Varnish: Improve BAN regex performance (#4231)
MongoDB: Fix denormalization of properties with embeds many that omit target document directive (#4315)
MongoDB: Fix resolving proxy class in class metadata factory (#4322)
Test: Add withOptions() to our HttpClient implementation (#4282)
Metadata: Fix allow using constants in XML configuration (resource attribute) (#4321)

2.6.4

OpenAPI: Using an implicit flow is now valid, changes oauth configuration default values (#4115)
OpenAPI: Fix response support via the openapi_context (#4116)
OpenAPI: Fix Link->requestBody default value (#4116)
OpenAPI: Make sure we do not override defined parameters (#4138)
Swagger UI: Remove Google fonts (#4112)
Serializer: Fix denormalization of basic property-types in XML and CSV (#4145)
Serializer: Fix denormalization of collection with one element in XML (#4154)
JSON Schema: Manage Sequentially and AtLeastOneOf constraints when generating property metadata (#4139 and #4147)
JSON Schema: properties regex pattern is now correctly anchored (#4176 and #4198)
JSON Schema: Fix PropertySchemaLengthRestriction string-only (#4177)
Doctrine: Fix purging HTTP cache for unreadable relations (#3441)
Doctrine: Revert #3774 support for binary UUID in search filter (#4134)
Doctrine: Fix order filter when using embedded and nulls comparison (#4151)
Doctrine: Fix duplicated eager loading joins (#3525)
Doctrine: Fix joinRelations with multiple associations. (#2791)
Doctrine: Revert using defaults.order as collection.order (#4178)
GraphQL: Partial pagination support (#3223)
GraphQL: Manage pagination_use_output_walkers and pagination_fetch_join_collection for operations (#3311)
GraphQL: Make sure the order of order filters is preserved if nested resources are used (#4171)
Metadata: Sort mapping resources (#3256)
UUID: manage Ulid in format property schema restriction (#4148)
Symfony: Do not override Vary headers already set in the Response (#4146)
Symfony: Make Twig dependency lazy (#4187)
Compatibility with psr/cache version 2 and 3 (#4117)
Docs: Upgrade Swagger UI to version 3.46.0
Docs: Upgrade ReDoc to version 2.0.0-rc.51
Docs: Upgrade GraphiQL to version 1.4.1

2.6.3

Identifiers: Re-allow POST operations even if no identifier is defined (#4052)
Hydra: Fix partial pagination which no longer returns the hydra:next property (#4015)
Security: Use a NullToken when using the new authenticator manager in the resource access checker (#4067)
Mercure: Do not use data in options when deleting (#4056)
Doctrine: Support for foreign identifiers (#4042)
Doctrine: Support for binary UUID in search filter (#3774, reverted in 2.6.4)
Doctrine: Do not add join or lookup for search filter with empty value (#3703)
Doctrine: Reduce code duplication in search filter (#3541)
JSON Schema: Allow generating documentation when property and method start from "is" (property isActive and method isActive) (#4064)
OpenAPI: Fix missing 422 responses in the documentation (#4086)
OpenAPI: Fix error when schema is empty (#4051)
OpenAPI: Do not set scheme to oauth2 when generating securitySchemes (#4073)
OpenAPI: Fix missing $ref when no type is used in context (#4076)
GraphQL: Fix "Resource class cannot be determined." error when a null iterable field is returned (#4092)
Metadata: Check the output class when calculating serializer groups (#3696)

2.6.2

Validation: properties regex pattern is now compliant with ECMA 262 (#4027)
OpenApi: normalizer is now backward compatible (#4016), fix the name converter issue changing OpenApi properties (#4019)
Identifiers: Break after transforming the identifier (#3985), use the identifiers context to transform with multiple classes (#4029)
JsonSchema: Revert ALLOW_EXTRA_ATTRIBUTE=false as it is a BC break and will be done in 3.0 instead see #3881 (#4007)
Subresource: fix ApiSubresource maxDepth option (#3986), recursive issue in the profiler (#4023)
OpenApi: Allow requestBody and parameters via the openapi_context (#4001), make openapi_context work on subresources (#4004), sort paths (#4013)
Config: Allow disabling OpenAPI and Swagger UI without loosing the schema (#3968 and #4018), fix pagination defaults (#4011)
DataPersister: context propagation fix (#3983)

2.6.1

Fix defaults when using attributes (#3978)

2.6.0

Cache: adds a max_header_length configuration (#2865)
Cache: support stale-while-revalidate and stale-if-error cache control headers (#3439)
Config: Add an option to set global default values (#3151)
DTO: Add ApiPlatform\Core\DataTransformer\DataTransformerInitializerInterface to pre-hydrate inputs (#3701)
DTO: Improve Input/Output support (#3231)
Data Persisters: Add previous_data to the context passed to persisters when available (#3752)
Data Persister: Add a ResumableDataPersisterInterface that allows to call multiple persisters (#3912)
Debug: Display API Platform's version in the debug bar (#3235)
Docs: Make asset_package configurable (#3764)
Doctrine: Allow searching on multiple values on every strategies (#3786)
Elasticsearch: The Paginator class constructor now receives the denormalization context to support denormalizing documents using serialization groups. This change may cause potential BC breaks for existing applications as denormalization was previously done without serialization groups.
GraphQL: BC New syntax for the filters' arguments to preserve the order: order: [{foo: 'asc'}, {bar: 'desc'}] (#3468)
GraphQL: BC operation is now operationName to follow the standard (#3568)
GraphQL: BC paginationType is now pagination_type (#3614)
GraphQL: Add page-based pagination (#3175, #3517)
GraphQL: Allow formatting GraphQL errors based on exceptions (#3063)
GraphQL: Errors thrown from the GraphQL library can now be handled (#3632, #3643)
GraphQL: Possibility to add a custom description for queries, mutations and subscriptions (#3477, #3514)
GraphQL: Subscription support with Mercure (#3321)
GraphQL: Support for field name conversion (serialized name) (#3455, #3516)
Hydra: Sort entries in the API entrypoint (#3091)
Identifiers: Add Symfony Uid support (#3715)
IriConverter: BC Fix double encoding in IRIs - may cause breaking change as some characters no longer encoded in output (#3552)
JSON-LD: Add an iri_only attribute to simplify documents structure (useful when using Vulcain) (#3275)
Exception: Response error codes can be specified via the ApiPlatform\Core\Exception\ErrorCodeSerializableInterface (#2922)
Mercure: Add a normalization_context option in mercure attribute (#3772)
Messenger: Add a context stamp containing contextual data (#3157)
Metadata: Deprecate InheritedPropertyMetadataFactory (#3273)
Metadata: Improve and simplify identifiers management (#3825)
Metadata: Support the Symfony Serializer's [@Ignore](https://github.com/Ignore) annotation (#3820)
Metadata: Support using annotations as PHP 8 attributes (#3869, #3868, #3851)
Metadata: Throw an error when no identifier is defined (#3871)
Metadata: Use id as default identifier if none provided (#3874)
MongoDB: Mercure support (#3290)
MongoDB: Possibility to add execute options (aggregate command fields) for a resource, like allowDiskUse (#3144)
OpenAPI: Add default values of PHP properties to the documentation (#2386)
OpenAPI: BC Replace all characters other than [a-zA-Z0-9\.\-_] to . in definition names to be compliant with OpenAPI 3.0 (#3669)
OpenAPI: Refactor OpenAPI v3 support, OpenAPI v2 (aka Swagger) is deprecated (#3407)
Order: Support default order for a specific custom operation (#3784)
PATCH: BC Support patching deep objects, previously new objects were created instead of updating current objects (#3847)
Router: UrlGenerator strategy configuration via url_generation_strategy (#3198)
Routing: Add stateless ApiResource attribute (#3436)
Security: Add support for access control rule on attributes (#3503)
Subresources: resourceClass can now be defined as a container parameter in XML and YAML definitions
Symfony: improved 5.x support with fewer deprecations (#3589)
Symfony: Allow using ItemNormalizer without Symfony SecurityBundle (#3801)
Symfony: Lazy load all commands (#3798)
Tests: adds a method to retrieve the CookieJar in the test Client getCookieJar
Tests: Fix the registration of the test.api_platform.client service when the FrameworkBundle bundle is registered after the ApiPlatformBundle bundle (#3928)
Validator: Add the violation code to the violation properties (#3857)
Validator: Allow customizing the validation error status code. BC Status code for validation errors is now 422, use exception_to_status to fallback to 400 if needed (#3808)
Validator: Autoconfiguration of validation groups generator via ApiPlatform\Core\Validator\ValidationGroupsGeneratorInterface
Validator: Deprecate using a validation groups generator service not implementing ApiPlatform\Core\Bridge\Symfony\Validator\ValidationGroupsGeneratorInterface (#3346)
Validator: Property validation through OpenAPI (#33329)
Validator: Query filters and parameters are validated (#1723)
ExceptionInterface now extends \Throwable (#3217)

2.5.9

Fix a warning when preloading the AbstractPaginator class (#3827)
OpenAPI: prevent additionalProp1 from showing in example values (#3888)
Varnish: fix a bug when passing an empty list of tags to the purger (#3827)
JSON Schema: mark hydra:mapping properties as nullable (#3877)

2.5.8

PHP 8 support (#3791, #3745, #3855)
Metadata: Fix merging null values from annotations (#3711)
JSON-LD: Add missing [@type](https://github.com/type) from collection using output DTOs (#3699)
Cache: Improve PurgeHttpCacheListener performances (#3743)
Cache: Fix VarnishPurger max header length (#3843)
Identifiers: Do not denormalize the same identifier twice (#3762)
OpenAPI: Lazy load SwaggerCommand (#3802)
OpenAPI: Use Output class name instead of the Resource short name when available (#3741)
OpenAPI: Allow unset PathItem method (#4107)
Router: Replace baseurl only once (#3776)
Mercure: Publisher bug fixes (#3790, #3739)
Serializer: Catch NotNormalizableValueException to UnexpectedValueEception with inputs (#3697)
Doctrine: Do not add JOINs for filters without a value (#3703)
MongoDB: Escape search terms in RegexFilter (#3755)
Tests: Improve JSON Schema assertions (#3807, #3803, #3804, #3806, #3817, #3829, #3830)
Tests: Allow passing extra options in ApiTestClient (#3486)
Docs: Upgrade Swagger UI to version 3.37.2 (#3867)
Docs: Upgrade ReDoc to version 2.0.0-rc.45 (#3867)
Docs: Upgrade GraphiQL to version 15.3.0 (#3867)
Docs: Upgrade GraphQL Playground to version 1.7.26 (#3867)

For compatibility reasons with Symfony 5.2 and PHP 8, we do not test anymore the integration with these legacy packages:

FOSUserBundle
NelmioApiDoc 2

2.5.7

Compatibility with Symfony 5.1 (#3589 and #3688)
Resource Cache-Control HTTP header can be private (#3543)
Doctrine: Fix missing ManagerRegistry class (#3684)
Doctrine: Order filter doesn't throw anymore with numeric key (#3673 and #3687)
Doctrine: Fix ODM check change tracking deferred (#3629)
Doctrine: Allow 2inflector version 2.0 (#3607)
OpenAPI: Allow subresources context to be added (#3685)
OpenAPI: Fix pagination documentation on subresources (#3678)
Subresource: Fix query when using a custom identifier (#3529 and #3671)
GraphQL: Fix relation types without Doctrine (#3591)
GraphQL: Fix DTO relations (#3594)
GraphQL: Compatibility with graphql-php version 14 (#3621 and #3654)
Docs: Upgrade Swagger UI to version 3.32.5 (#3693)
Docs: Upgrade ReDoc to version 2.0.0-rc.40 (#3693)
Docs: Upgrade GraphiQL to version 1.0.3 (#3693)
Docs: Upgrade GraphQL Playground to version 1.7.23 (#3693)

2.5.6

Add support for Mercure 0.10 (#3584)
Allow objects without properties (#3544)
Fix Ramsey uuid denormalization (#3473)
Revert #3331 as it breaks backwards compatibility
Handle deprecations from Doctrine Inflector (#3564)
JSON Schema: Missing JSON-LD context from Data Transformers (#3479)
GraphQL: Resource with no operations should be available through relations (#3532)

2.5.5

Filter: Improve the RangeFilter query in case the values are equals using the between operator (#3488)
Pagination: Fix bug with large values (#3451)
Doctrine: use the correct type within setParameter of the SearchFilter (#3331)
Allow \Traversable resources (#3463)
Hydra: hydra:writable => hydra:writeable (#3481)
Hydra: Show hydra:next only when it's available (#3457)
Swagger UI: Missing default context argument (#3443)
Swagger UI: Fix API docs path in swagger ui (#3475)
OpenAPI: Export with unescaped slashes (#3368)
OpenAPI: OAuth flows fix (#3333)
JSON Schema: Fix metadata options (#3425)
JSON Schema: Allow decoration (#3417)
JSON Schema: Add DateInterval type (#3351)
JSON Schema: Correct schema generation for many types (#3402)
Validation: Use API Platform's ValidationException instead of Symfony's (#3414)
Validation: Fix a bug preventing to serialize validator's payload (#3375)
Subresources: Improve queries when there's only one level (#3396)
HTTP: Location header is only set on POST with a 201 or between 300 and 400 (#3497)
GraphQL: Do not allow empty cursor values on before or after (#3360)
Bump versions of Swagger UI, GraphiQL and GraphQL Playground (#3510)

2.5.4

Add a local cache in ResourceClassResolver::getResourceClass()
JSON Schema: Fix generation for non-resource class
Doctrine: Get class metadata only when it's needed in SearchFilter
GraphQL: Better detection of collection type

2.5.3

Compatibility with Symfony 5
GraphQL: Fix hasNextPage when offset > itemsPerPage

2.5.2

Compatibility with Symfony 5 RC
Compatibility with NelmioCorsBundle 2
Fix the type of ApiResource::$paginationPartial
Ensure correct return type from AbstractItemNormalizer::normalizeRelation

2.5.10

Hydra: only display hydra:next when the item total is strictly greater than the number of items per page (#3967)

2.5.1

Compatibility with Symfony 5 beta
Fix a notice in SerializerContextBuilder
Fix dashed path segment generation
Fix support for custom filters without constructors in the [@ApiFilter](https://github.com/ApiFilter) annotation
Fix a bug that was preventing to disable Swagger/OpenAPI
Return a 404 HTTP status code instead of 500 whe the identifier is invalid (e.g.: invalid UUID)
Add links to the documentation in [@ApiResource](https://github.com/ApiResource) annotation's attributes to improve DX
JSON:API: fix pagination being ignored when using the filter query parameter
Elasticsearch: Allow multiple queries to be set
OpenAPI: Do not append body parameter if it already exists
OpenAPI: Fix removal of illegal characters in schema name for Amazon API Gateway
Swagger UI: Add missing oauth2-redirect configuration
Swagger UI: Allow changing the location of Swagger UI
GraphQL: Fix an error that was occurring when SecurityBundle was not installed
HTTP/2 Server Push: Push relations as fetch

2.5.0

Add an HTTP client dedicated to functional API testing (#2608)
Add PATCH support (#2895) Note: with JSON Merge Patch, responses will skip null values. As this may break on some endpoints, you need to manually add the merge-patch+json format to enable PATCH support. This will be the default behavior in API Platform 3.
Add a command to generate json schemas api:json-schema:generate (#2996)
Add infrastructure to generate a JSON Schema from a Resource ApiPlatform\Core\JsonSchema\SchemaFactoryInterface (#2983)
Replaces access_control by security and adds a security_post_denormalize attribute (#2992)
Add basic infrastructure for cursor-based pagination (#2532)
Change ExistsFilter syntax to exists[property], old syntax still supported see #2243, fixes its behavior on GraphQL (also related #2640).
Pagination with subresources (#2698)
Improve search filter id's management (#1844)
Add support of name converter in filters (#2751, #2897), filter signature in abstract methods has changed see b42dfd198b1644904fd6a684ab2cedaf530254e3
Ability to change the Vary header via cacheHeaders attributes of a resource (#2758)
Ability to use the Query object in a paginator (#2493)
Compatibility with Symfony 4.3 (#2784)
Better handling of JsonSerializable classes (#2921)
Elasticsearch: Add pagination (#2919)
Add default, min, max specification in pagination parameter API docs (#3002)
Add a swagger version configuration option swagger.versions and deprecates the enable_swagger configuration option (#2998)
Order filter now documents asc/desc as enum (#2971)
GraphQL: BC Break Separate query resource operation attribute into item_query and collection_query operations so user can use different security and serialization groups for them (#2944, #3015)
GraphQL: Add support for custom queries and mutations (#2447)
GraphQL: Add support for custom types (#2492)
GraphQL: Better pagination support (backwards pagination) (#2142)
GraphQL: Support the pagination per resource (#3035)
GraphQL: Add the concept of stages in the workflow of the resolvers and add the possibility to disable them with operation attributes (#2959)
GraphQL: Add GraphQL Playground besides GraphiQL and add the possibility to change the default IDE (or to disable it) for the GraphQL endpoint (#2956, #2961)
GraphQL: Add a command to print the schema in SDL api:graphql:export > schema.graphql (#2600)
GraphQL: Improve serialization performance by avoiding calls to the serialize PHP function (#2576)
GraphQL: Allow to use a search and an exist filter on the same resource (#2243)
GraphQL: Refactor the architecture of the whole system to allow the decoration of useful services (TypeConverter to manage custom types, SerializerContextBuilder to modify the (de)serialization context dynamically, etc.) (#2772)

Notes:

Please read #2825 if you have issues with the behavior of Readable/Writable Link

2.4.7

Fix passing context to data persisters' remove method
Ensure OpenAPI normalizers properly expose the date format
Add source maps for Swagger UI
Improve error message when filter class is not imported
Add missing autowiring alias for Pagination
Doctrine: ensure that EntityManagerInterface is used in data providers

2.4.6

GraphQL: Use correct resource configuration for filter arguments of nested collection
Swagger UI: compatibility with Internet Explorer 11
Varnish: Prevent cache miss by generating IRI for child related resources
Messenger: Unwrap exception thrown in handler for Symfony Messenger 4.3
Fix remaining Symfony 4.3 deprecation notices
Prevent cloning non cloneable objects in previous_data
Return a 415 HTTP status code instead of a 406 one when a faulty Content-Type is sent
Fix WriteListener trying to generate IRI for non-resources
Allow extracting blank values from composite identifier

2.4.5

Fix denormalization of a constructor argument which is a collection of non-resources
Allow custom operations to return a different class than the expected resource class

2.4.4

Store the original data in the previous_data request attribute, and allow to access it in security expressions using the previous_object variable (useful for PUT and PATCH requests)
Fix resource inheritance handling
Fix BC break in AbstractItemNormalizer introduced in 2.4
Fix serialization when using interface as resource
Basic compatibility with Symfony 4.3

2.4.3

Doctrine: allow autowiring of filter classes
Doctrine: don't use fetchJoinCollection on Paginator when not needed
Doctrine: fix a BC break in OrderFilter
GraphQL: input objects aren't nullable anymore (compliance with the Relay spec)
Cache: Remove some useless purges
Mercure: publish to Mercure using the default response format
Mercure: use the Serializer context
OpenAPI: fix documentation of the PropertyFilter
OpenAPI: fix generation of the servers block (also fixes the compatibility with Postman)
OpenAPI: skip not readable and not writable properties from the spec
OpenAPI: add the id path parameter for POST item operation
Serializer: add support for Symfony Serializer's [@SerializedName](https://github.com/SerializedName) metadata
Metadata: ApiResource's attributes property now defaults to null, as expected
Metadata: Fix identifier support when using an interface as resource class
Metadata: the HTTP method is now always uppercased
Allow to disable listeners per operation (fix handling of empty request content)

Previously, empty request content was allowed for any POST and PUT operations. This was an unsafe assumption which caused other problems.

If you wish to allow empty request content, please add "deserialize"=false to the operation's attributes. For example:
```
<?php
// api/src/Entity/Book.php

use ApiPlatform\Core\Annotation\ApiResource;
use App\Controller\PublishBookAction;

/**
 * [@ApiResource](https://github.com/ApiResource)(
 *     itemOperations={
 *         "put_publish"={
 *             "method"="PUT",
 *             "path"="/books/{id}/publish",
 *             "controller"=PublishBookAction::class,
 *             "deserialize"=false,
 *         },
 *     },
 * )
 */
class Book
{
```
You may also need to add "validate"=false if the controller result is null (possibly because you don't need to persist the resource).
Return the 204 HTTP status code when the output class is set to null
Be more resilient when normalizing non-resource objects
Replace the data request attribute by the return of the data persister
Fix error message in identifiers extractor
Improve the bundle's default configuration when using symfony/symfony is required
Fix the use of MetadataAwareNameConverter when available (configuring name_converter: serializer.name_converter.metadata_aware will now result in a circular reference error)

2.4.2

Fix a dependency injection problem in FilterEagerLoadingExtension
Improve performance by adding a NoOpScalarNormalizer handling scalar values

2.4.1

Improve performance of the dev environment and deprecate the api_platform.metadata_cache parameter
Fix a BC break in SearchFilter
Don't send HTTP cache headers for unsuccessful responses
GraphQL: parse input and messenger metadata on the GraphQl operation
GraphQL: do not enable graphql when webonyx/graphql-php is not installed

2.4.0

MongoDB: full support
Elasticsearch: add reading support (including pagination, sort filter and term filter)
Mercure: automatically push updates to clients using the Mercure protocol
CQRS support and async message handling using the Symfony Messenger Component
OpenAPI: add support for OpenAPI v3 in addition to OpenAPI v2
OpenAPI: support generating documentation using ReDoc
OpenAPI: basic hypermedia hints using OpenAPI v3 links
OpenAPI: expose the pagination controls
Allow using custom classes for input and output (DTO) with the input_class and output_class attributes
Allow disabling the input or the output by setting input_class and output_class to false
Guess and automatically set the appropriate Schema.org IRIs for common validation constraints
Allow setting custom cache HTTP headers using the cache_headers attribute
Allow setting the HTTP status code to send to the client through the status attribute
Add support for the Sunset HTTP header using the sunset attribute
Set the Content-Location and Location headers when appropriate for better RFC7231 conformance
Display the matching data provider and data persister in the debug panel
GraphQL: improve performance by lazy loading types
Add the api_persist request attribute to enable or disable the WriteListener
Allow setting a default context in all normalizers
Permit using a string instead of an array when there is only one serialization group
Add support for setting relations using the constructor of the resource classes
Automatically set a 409 Conflict HTTP status code when an OptimisticLockException is thrown
Resolve Dependency Injection Container parameters in the XML and YAML files for the resource class configuration
RequestAttributesExtractor is not internal anymore and can be used in userland code
Always use the user-defined metadata when set
OpenAPI: add a description explaining how to use the property filter
GraphQL: the look'n'feel of GraphiQL now match the API Platform one
PHPStan level 6 compliance
Add a show_webby configuration option to hide the spider in API docs
Add an easter egg (find it!)

2.3.6

/!\ Security: a vulnerability impacting the GraphQL subsystem was allowing users authorized to run mutations for a specific resource type, to execute it on any resource, of any type (CVE-2019-1000011)
Fix normalization of raw collections (not API resources)
Fix content negotiation format matching

2.3.5

GraphQL: compatibility with webonyx/graphql-php 0.13
OpenAPI/Swagger: expose properties[] as a collection parameter
OpenAPI/Swagger: add a description for the properties[] filter
OpenAPI/Swagger: Leverage advanced name converters
JSON-LD: Prevent an error in ItemNormalizer when $context['resource_class'] is not defined
Allow to pass the serialization group to use a string instead of as an array of one element
Modernize the code base to use PHP 7.1 features when possible
Bump minimal dependencies of the used Symfony components
Improve the Packagist description

2.3.4

Open API/Swagger: fix YAML export
Open API/Swagger: Correctly expose overridden formats
GraphQL: display the stack trace when in debug mode
GraphQL: prevent a crash when the class name isn't provided
Fix handling of one-to-one relations in subresources
Fix max depth handling when eager fetching is disabled
Compatibility with Symfony 4.2
Prevent calling the remove method from all data persisters
Persist Doctrine entities with the DEFERRED_EXPLICIT change tracking policy
Throw an InvalidArgumentException when trying to get an item from a collection route
Improve the debug bar panel visibility
Take into account the route_prefix attribute in subresources
Allow using multiple values with NumericFilter
Improve exception handling in ReadListener by adding the previous exception

2.3.3

Doctrine: revert "prevent data duplication in Eager loaded relations"

2.3.2

Open API/Swagger: detect correctly collection parameters
Open API/Swagger: fix serialization of nested objects when exporting as YAML
GraphQL: fix support of properties also mapped as subresources
GraphQL: fix retrieving the internal _id when id is not part of the requested fields
GraphQL: only exposes the mutations if any
Doctrine: prevent data duplication in Eager loaded relations
Preserve the host in the internal router

2.3.1

Data persisters: call only the 1st matching data persister, this fix may break existing code, see https://github.com/api-platform/docs/issues/540#issuecomment-405945358
Subresources: fix inverse side population
Subresources: add subresources collections to cache tags
Subresources: fix Doctrine identifier parameter type detection
Subresources: fix max depth handling
GraphQL: send a 200 HTTP status code when a GraphQL response contain some errors
GraphQL: fix filters to allow dealing with multiple values
GraphQL: remove invalid and useless parameters from the GraphQL schema
GraphQL: use the collection resolver in mutations
JSON API: remove duplicate data from includes
Filters: fix composite keys support
Filters: fix the OrderFilter when applied on nested entities
List Doctrine Inflector as a hard dependency
Various quality and usability improvements

2.3.0

Add support for deprecating resources, operations and fields in GraphQL, Hydra and Swagger
Add API Platform panels in the Symfony profiler and in the web debug toolbar
Make resource class's constructor parameters writable
Add support for interfaces as resources
Add a shortcut syntax to define attributes at the root of [@ApiResource](https://github.com/ApiResource) and [@ApiProperty](https://github.com/ApiProperty) annotations
Throw an exception if a required filter isn't set
Allow to specify the message when access is denied using the access_control_message attribute
Add a new option to include null results when using the date filter
Allow data persisters to return a new instance instead of mutating the existing one
Add a new attribute to configure specific formats per resources or operations
Add an --output option to the api:swagger:export command
Implement the CacheableSupportsMethodInterface introduced in Symfony 4.1 in all (de)normalizers (improves the performance dramatically)
Drop support for PHP 7.0
Upgrade Swagger UI and GraphiQL
GraphQL: Add a totalCount field in GraphQL paginated collections
JSONAPI: Allow inclusion of related resources

2.2.9

Fix ExistsFilter for inverse side of OneToOne association
Fix to not populate subresource inverse side
Improve the overall code quality (PHPStan analysis)

2.2.8

Fix support for max depth when using subresources
Fix a fatal error when a subresource type is not defined
Add support for group sequences in the validator configuration
Add a local class metadata cache in the HAL normalizer
FilterEagerLoadingExtension now accepts joins with class name as join value

2.2.7

Compatibility with Symfony 4.1
Compatibility with webonyx/graphql-php 0.12
Add missing ApiPlatform\Core\EventListener\EventPriorities's PRE_SERIALIZE and POST_SERIALIZE constants
Disable eager loading when no groups are specified to avoid recursive joins
Fix embeddable entities eager loading with groups
Don't join the same association twice when eager loading
Fix max depth handling when using HAL
Check the value of enable_max_depth if defined
Minor performance and quality improvements

2.2.6

Fix identifiers creation and update when using GraphQL
Fix nested properties support when using filters with GraphQL
Fix a bug preventing the ExistFilter to work properly with GraphQL
Fix a bug preventing to use a custom denormalization context when using GraphQL
Enforce the compliance with the JSONAPI spec by throwing a 400 error when using the "inclusion of related resources" feature
Update ChainSubresourceDataProvider to take into account RestrictedDataProviderInterface
Fix the cached identifiers extractor support for stringable identifiers
Allow a POST request to have an empty body
Fix a crash when the ExpressionLanguage component isn't installed
Enable item route on collection's subresources
Fix an issue with subresource filters, was incorrectly adding filters for the parent instead of the subresource
Throw when a subresources identifier is not found
Allow subresource items in the IriConverter
Don't send the Link HTTP header pointing to the Hydra documentation if docs are disabled
Fix relations denormalization with plain identifiers
Prevent the OrderFilter to trigger faulty deprecation notices
Respect the fetchEager=false directive on an association in the EagerLoadingExtension
Use the configured name converter (if any) for relations in the HAL's ItemNormalizer
Use the configured name converter (if any) in the ConstraintViolationListNormalizer
Dramatically improve the overall performance by fixing the normalizer's cache key generation
Improve the performance CachedRouteNameResolver and CachedSubresourceOperationFactory by adding a local memory cache layer
Improve the performance of access control checking when using GraphQL
Improve the performance by using isResourceClass when possible
Remove a useless try/catch in the CachedTrait
Forward the operation name to the IriConverter
Fix some more code quality issues

2.2.5

Fix various issues preventing the metadata cache to work properly (performance fix)
Fix a cache corruption issue when using subresources
Fix non-standard outputs when using the HAL format
Persist data in Doctrine DataPersister only if needed
Fix identifiers handling in GraphQL mutations
Fix client-side ID creation or update when using GraphQL mutations
Fix an error that was occurring when the Expression Language component wasn't installed
Update the ChainSubresourceDataProvider class to take into account RestrictedDataProviderInterface

2.2.4

Fix a BC break preventing to pass non-arrays to the builtin Symfony normalizers when using custom normalizers
Fix a bug when using FilterEagerLoadingExtension with manual joins
Fix some bugs in the AWS API Gateway compatibility mode for Open API/Swagger

2.2.3

Fix object state inconsistency after persistence
Allow using multiple [@ApiFilter](https://github.com/ApiFilter) annotations on the same class
Fix a BC break when the serialization context builder depends of the retrieved data
Fix a bug regarding collections handling in the GraphQL endpoint

2.2.2

Autoregister classes implementing SubresourceDataProviderInterface
Fix the DateTimeImmutable support in the date filter
Fix a BC break in DocumentationAction impacting NelmioApiDoc
Fix the context passed to data providers (improve the eager loading)
Fix fix a subresource's metadata cache bug
Fix the configuration detection when using a custom directory structure

2.2.10

/!\ Security: a vulnerability impacting the GraphQL subsystem was allowing users authorized to run mutations for a specific resource type, to execute it on any resource, of any type (CVE-2019-1000011)

2.2.1

Merge bug fixes from older branches

2.2.0

Add GraphQL support (including mutations, pagination, filters, access control rules and automatic SQL joins)
Fully implement the GraphQL Relay Server specification
Add JSONAPI support
Add a new [@ApiFilter](https://github.com/ApiFilter) annotation to directly configure filters from resource classes
Add a partial paginator that prevents COUNT() SQL queries
Add a new simplified way to configure operations
Add an option to serialize Validator's payloads (e.g. error levels)
Add support for generators in data providers
Add a new allow_plain_identifiers option to allow using plain IDs as identifier instead of IRIs
Add support for resource names without namespace
Automatically enable FOSUser support if the bundle is installed
Add an AbstractCollectionNormalizer to help supporting custom formats
Deprecate NelmioApiDocBundle 2 support (upgrade to v3, it has native API Platform support)
Deprecate the ApiPlatform\Core\Bridge\Doctrine\EventListener\WriteListener class in favor of the new ApiPlatform\Core\EventListener\WriteListener class.
Remove the api_platform.doctrine.listener.view.write event listener service.
Add a data persistence layer with a new ApiPlatform\Core\DataPersister\DataPersisterInterface interface.
Add a new configuration to disable the API entrypoint and the documentation
Allow setting maximum items per page at operation/resource level
Add the ability to customize the message when configuring an access control rule trough the access_control_message attribute
Allow empty operations in XML configs

2.1.6

Add a new config option to specify the directories containing resource classes
Fix a bug regarding the ordering filter when dealing with embedded fields
Allow to autowire the router
Fix the base path handling the Swagger/Open API documentation normalizer

2.1.5

Add support for filters autoconfiguration with Symfony 3.4+
Add service aliases required to use the autowiring with Symfony 3.4+
Allow updating nested resource when issuing a POST HTTP request
Add support for the immutable date and time types introduced in Doctrine
Fix the Doctrine query generated to retrieve nested subresources
Fix several bugs in the automatic eager loading support
Fix a bug occurring when passing neither an IRI, nor an array in an embedded relation
Allow requesting 0 items per page in collections
Copy the Host from the Symfony Router
Paginator::getLastPage() now always returns a float
Minor performance improvements
Minor quality fixes

2.1.4

Symfony 3.4 and 4.0 compatibility
Autowiring strict mode compatibility
Fix a bug preventing to create resource classes in the global namespace
Fix Doctrine type conversion in filters WHERE clauses
Fix filters when using eager loading and non-association composite identifier
Fix Doctrine type resolution for identifiers (for custom DBALType)
Add missing Symfony Routing options to operations configuration
Add SubresourceOperations to metadata
Fix disabling of cache pools with the dev environment

2.1.3

Don't use dynamic values in Varnish-related service keys (improves Symfony 3.3 compatibility)
Hydra: Fix the value of owl:allValuesFrom in the API documentation
Swagger: Include the context even when the type is null
Minor code and PHPDoc cleanups

2.1.2

PHP 7.2 compatibility
Symfony 4 compatibility
Fix the Swagger UI documentation for specific routes (the API request wasn't executed automatically anymore)
Add a missing cache tag on empty collections
Fix a missing service when no Varnish URL is defined
Fix the whitelist comparison in the property filer
Fix some bugs regarding subresources in the Swagger and Hydra normalizers
Make route requirements configurable
Make possible to configure the Swagger context for properties
Better exception messages when there is a content negotiation error
Use the PriorityTaggedServiceTrait provided by Symfony instead of a custom implementation
Test upstream libs deprecations
Various quality fixes and tests cleanup

2.1.1

Fix path generators
Fix some method signatures related to subresources
Improve performance of the deserialization mechanism

2.1.0

Add a builtin HTTP cache invalidation system able to store all requests in Varnish (or any other proxy supporting cache tags) and purge it instantly when needed
Add an authorization system configurable directly from the resource class
Add support for subresources (like /posts/1/comments or /posts/1/comments/2
Revamp the automatic documentation UI (upgraded to the React-based version of Swagger UI, added a custom stylesheet)
Add a new filter to select explicitly which properties to serialize
Add a new filter to choose which serialization group to apply
Add a new filter to test if a property value exists or not
Add support for OAuth 2 in the UI
Add support for embedded fields
Add support for customizable API resources folder's name
Filters's ids now defaults to the Symfony's service name
Add configuration option to define custom metadata loader paths
Make Swagger UI compatible with a strict CSP environment
Add nulls comparison to OrderFilter
Add a flag to disable all request listeners
Add a default order option in the configuration
Allow to disable all operations using the XML configuration format and deprecate the previous format
Allow upper-cased property names
Improve the overall performance by optimizing RequestAttributesExtractor
Improve the performance of the filter subsystem by using a PSR-11 service locator and deprecate the FilterCollection class
Add compatibility with Symfony Flex and Symfony 4
Allow the Symfony Dependency Injection component to autoconfigure data providers and query extensions
Allow to use service for dynamic validation groups
Allow using PHP constants in YAML resources files
Upgrade to the latest version of the Hydra spec
Add pagination and itemPerPage parameters in the Swagger/Open API documentation
Add support for API key authentication in Swagger UI
Allow to specify a whitelist of serialization groups
Allow to use the new immutable date and time types of Doctrine in filters
Update swagger definition keys to more verbose ones (ie Resource-md5($groups) => Resource-groupa_groupb) - see https://github.com/api-platform/core/pull/1207

2.0.9

Add support for Symfony 3.3
Disable the partial eager loading by default
Fix support for ignored attributes in normalizers
Specify the LEFT JOIN clause for filter associations
Move the metadata from validator factory to the validator.xml file
Throw an exception when the number of items per page is 0
Improve the Continuous Integration process

2.0.8

Leverage serialization groups to eager load data
Fix the Swagger Normalizer to correctly support nested serialization groups
Use strict types
Get rid of the dependency to the Templating component
Explicitly add missing dependency to PropertyAccess component
Allow the operation name to be null in ResourceMetadata
Fix an undefined index error occurring in some cases when using sub types
Make the bundle working even when soft dependencies aren't installed
Fix serialization of multiple inheritance child types
Fix the priority of the FOSUSer's event listener
Fix the resource class resolver with using \Traversable values
Fix inheritance of property metadata for the Doctrine ORM property metadata factory
EagerLoadingExtension: Disable partial fetching if entity has subclasses
Refactoring and cleanup of the eager loading mechanism
Fix the handling of composite identifiers
Fix HAL normalizer when the context isn't serializable
Fix some quality problems found by PHPStan

2.0.7

[security] Hide error's message in prod mode when a 500 error occurs (Api Problem format)
Fix sorting when eager loading is used
Allow eager loading when using composite identifiers
Don't use automatic eager loading when disabled in the config
Use declare(strict_types=1) and improve coding standards
Automatically refresh routes in dev mode when a resource is created or deleted

2.0.6

Correct the XML Schema type generated for floats in the Hydra documentation

2.0.5

Fix a bug when multiple filters are applied

2.0.4

[security] Hide error's message in prod mode when a 500 error occurs
Prevent duplicate data validation
Fix filter Eager Loading
Fix the Hydra documentation for ConstraintViolationList
Fix some edge cases with the automatic configuration of Symfony
Remove calls to each() (deprecated since PHP 7.2)
Add a missing property in EagerLoadingExtension

2.0.3

Fix a bug when handling invalid IRIs
Allow to have a property called id even in JSON-LD
Exclude static methods from AnnotationPropertyNameCollectionFactory
Improve compatibility with Symfony 2.8

2.0.2

Fix the support of the Symfony's serializer @MaxDepth annotation
Fix property range of relations in the Hydra doc when an IRI is used
Fix an error "api:swagger:export" command when decorating the Swagger normalizer
Fix an error in the Swagger documentation generator when a property has several serialization groups

2.0.11

Ensure PHP 7.2 compatibility
Fix some bug regarding Doctrine joins
Let the hydra_context option take precedence over operation metadata
Fix relations handling by the non-hypermedia ItemNormalizer (raw JSON, XML)
Fix a bug in the JSON-LD context: should not be prefixed by #
Fix a bug regarding serialization groups in Hydra docs

2.0.10

Performance improvement
Swagger: Allow non-numeric IDs (such as UUIDs) in URLs
Fix a bug when a composite identifier is missing
ApiPlatform\Core\Bridge\Doctrine\Orm\Filter\OrderFilter::extractProperties now always return an array
Fix NelmioApiDocParser recursive relations

2.0.1

Various fixes related to automatic eager loading
Symfony 3.2 compatibility

2.0.0

Full refactoring
Use PHP 7
Add support for content negotiation
Add Swagger/OpenAPI support
Integrate Swagger UI
Add HAL support
Add API Problem support
Update the Hydra support to be in sync with the last version of the spec
Full rewrite of the metadata system (annotations, YAML and XML formats support)
Remove the event system in favor of the builtin Symfony kernel's events
Use the ADR pattern
Fix a ton of issues
ItemDataproviderInterface: fetchData is now in the context parameterer. getItemFromIri is now context aware 7f82fd7
Constants for event's priorities 2e7b73e
Properties mapping with XML/YAML is now possible ef5d037
Ability to configure and match exceptions with an HTTP status code e9c1863
Various fixes and improvements (SwaggerUI, filters, stricter property metadata)

1.1.1

Fix a case typo in a namespace alias in the Hydra documentation

1.1.0

Support Symfony 3.0
Support nested properties in Doctrine filters
Add new start and word_start strategies to the Doctrine Search filter
Add support for abstract resources
Add a new option to totally disable Doctrine
Remove the ID attribute from the Hydra documentation when it is read only
Add method to avoid naming collision of DQL join alias and bound parameter name
Make exception available in the Symfony Debug Toolbar
Improve the Doctrine Paginator performance in some cases
Enhance HTTPS support and fix some bugs in the router
Fix some edge cases in the date and time normalizer
Propagate denormalization groups through relations
Run tests against all supported Symfony versions
Add a contribution documentation
Refactor tests
Check CS with StyleCI

1.0.1

Avoid an error if the attribute isn't an array

1.0.0

Preserve indexes when normalizing and denormalizing associative arrays
Allow setting default order for property when registering a Doctrine\Orm\Filter\OrderFilter instance

Core Laravel Package

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Notes

Bug fixes

Bug fixes

Bug fixes

Features

Bug fixes

Breaking changes

Behavioral changes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Features

Bug fixes

Bug fixes

Features

Bug fixes

Features

Bug fixes

Features

Bug fixes

Features

Features

Bug fixes

Features

Breaking changes

TypeInfo

Bug fixes

Miscellaneous

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Features

Bug fixes

Bug fixes

Bug fixes

Features

Bug fixes

Bug fixes

Bug fixes

Bug fixes

Experimental Features

Bug fixes

Bug fixes

Bug fixes

Features

Bug fixes

Bug fixes

Features

Bug fixes

Features