Sourced from symfony/http-foundation's changelog.

CHANGELOG

6.2

• The HTTP cache store uses the xxh128 algorithm
• Deprecate calling JsonResponse::setCallback(), Response::setExpires/setLastModified/setEtag(), MockArraySessionStorage/NativeSessionStorage::setMetadataBag(), NativeSessionStorage::setSaveHandler() without arguments
• Add request matchers under the Symfony\Component\HttpFoundation\RequestMatcher namespace
• Deprecate RequestMatcher in favor of ChainRequestMatcher
• Deprecate Symfony\Component\HttpFoundation\ExpressionRequestMatcher in favor of Symfony\Component\HttpFoundation\RequestMatcher\ExpressionRequestMatcher

6.1

• Add stale while revalidate and stale if error cache header
• Allow dynamic session "ttl" when using a remote storage
• Deprecate Request::getContentType(), use Request::getContentTypeFormat() instead

6.0

• Remove the NamespacedAttributeBag class
• Removed Response::create(), JsonResponse::create(), RedirectResponse::create(), StreamedResponse::create() and BinaryFileResponse::create() methods (use __construct() instead)
• Not passing a Closure together with FILTER_CALLBACK to ParameterBag::filter() throws an \InvalidArgumentException; wrap your filter in a closure instead
• Not passing a Closure together with FILTER_CALLBACK to InputBag::filter() throws an \InvalidArgumentException; wrap your filter in a closure instead
• Removed the Request::HEADER_X_FORWARDED_ALL constant, use either Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO or Request::HEADER_X_FORWARDED_AWS_ELB or Request::HEADER_X_FORWARDED_TRAEFIKconstants instead
• Rename RequestStack::getMasterRequest() to getMainRequest()
• Not passing FILTER_REQUIRE_ARRAY or FILTER_FORCE_ARRAY flags to InputBag::filter() when filtering an array will throw BadRequestException
• Removed the Request::HEADER_X_FORWARDED_ALL constant
• Retrieving non-scalar values using InputBag::get() will throw BadRequestException (use InputBad::all() instead to retrieve an array)
• Passing non-scalar default value as the second argument InputBag::get() will throw \InvalidArgumentException
• Passing non-scalar, non-array value as the second argument InputBag::set() will throw \InvalidArgumentException
• Passing null as $requestIp to IpUtils::__checkIp(), IpUtils::__checkIp4() or IpUtils::__checkIp6() is not supported anymore.

5.4

• Deprecate passing null as $requestIp to IpUtils::__checkIp(), IpUtils::__checkIp4() or IpUtils::__checkIp6(), pass an empty string instead.
• Add the litespeed_finish_request method to work with Litespeed
• Deprecate upload_progress.* and url_rewriter.tags session options
• Allow setting session options via DSN

5.3

• Add the SessionFactory, NativeSessionStorageFactory, PhpBridgeSessionStorageFactory and MockFileSessionStorageFactory classes
• Calling Request::getSession() when there is no available session throws a SessionNotFoundException

... (truncated)

• b9885fc Remove branch-version (keep them for contracts only)
• aacebf2 bug #38516 [HttpFoundation] Fix Range Requests (BattleRattle)
• f445ee1 [HttpFoundation] Fix Range Requests
• d18c26c [CI] Silence errors when remove file/dir on test tearDown()
• dbe9a3f Fix branch-version
• ec0b1db Remove "version" from composer.json files, use "branch-version" instead
• 350ce8a Update versions in composer.json
• d6f03f8 Remove "branch-alias", populate "version"
• dd10d32 Change test
• 946db27 [HttpFoundation] skip tests when the IANA server is throttling the list of st...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.