Symfony version(s) affected: 5.0.7

Description
Using multiple roles per path yields the error message

Passing more than one Security attribute to "Symfony\Component\Security\Core\Authorization\AccessDecisionManager::decide()" is not supported.

when accessing a matching page.

In the Symfony\Component\Security\Http\Firewall\AccessListener class, the decide method of the decision manager is called with the fourth parameter ($allowMultipleAttributes) set to true.

But the $allowMultipleAttributes parameter is not passed from Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager::decide() method.

This means that $allowMultipleAttributes isn't passed to Symfony\Component\Security\Core\Authorization\AccessDecisionManager which is the only access decision manager class that knows how to handle $allowMultipleAttributes.

How to reproduce
I'm not sure when TraceableAccessDecisionManager is called instead of AccessDecisionManager, but it may be as simple as adding multiple roles per path in the security.yml file.

Possible Solution
Update the AccessDecisionManagerInterface with the fourth parameter for the decide() method and add it to the TraceableAccessDecisionManager class and (fully) to the AccessDecisionManager class.

Additional context