[Cache] Fix DSN auth not passed to clusters in RedisTrait#62852
Merged
Conversation
Member
|
Thank you @ckrack. |
This was referenced Jan 24, 2026
Merged
Merged
Merged
Merged
nicolas-grekas
added a commit
to nicolas-grekas/symfony
that referenced
this pull request
Feb 6, 2026
nicolas-grekas
added a commit
that referenced
this pull request
Feb 6, 2026
…isTrait" (nicolas-grekas) This PR was merged into the 6.4 branch. Discussion ---------- [Cache] Revert "Fix DSN auth not passed to clusters in RedisTrait" | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #63261 | License | MIT This reverts #62852 (preserving the CS improvements) /cc `@ckrack` `@Vilx2` See #63261 for why. The `auth` query parameter should be used instead. Commits ------- b68546b Revert "bug #62852 [Cache] Fix DSN auth not passed to clusters in RedisTrait (wikando-ck)"
nicolas-grekas
added a commit
that referenced
this pull request
Feb 6, 2026
* 6.4: Revert "bug #62852 [Cache] Fix DSN auth not passed to clusters in RedisTrait (wikando-ck)" [Messenger][Cache] Fix forwarding SSL settings to the redis sentinel fix compatibility with PCRE < 10.40 [Intl] Update data to ICU 78.2 [Messenger] Fix AMQP heartbeat reconnection during in-flight message handling [Messenger] Optimize serialized size of ErrorDetailsStamp
nicolas-grekas
added a commit
that referenced
this pull request
Feb 6, 2026
* 7.4: [JsonStreamer] Fix DateTime handling in union types Revert "bug #62852 [Cache] Fix DSN auth not passed to clusters in RedisTrait (wikando-ck)" [Messenger][Cache] Fix forwarding SSL settings to the redis sentinel [FrameworkBundle] Fix autoconfiguring controllers using legacy Route annotations as attributes fix compatibility with PCRE < 10.40 fix forward compatibility with JsonStreamer 8.1+ [Intl] Update data to ICU 78.2 [Messenger] Fix AMQP heartbeat reconnection during in-flight message handling [JsonStreamer] Fix composite node provider arguments in stream mode [PropertyInfo] Fix union with mixed handling [Messenger] Optimize serialized size of ErrorDetailsStamp fix compatibility with DBAL 4.4+
nicolas-grekas
added a commit
that referenced
this pull request
Feb 6, 2026
* 8.0: [JsonStreamer] Fix DateTime handling in union types Revert "bug #62852 [Cache] Fix DSN auth not passed to clusters in RedisTrait (wikando-ck)" [Messenger][Cache] Fix forwarding SSL settings to the redis sentinel [FrameworkBundle] Fix autoconfiguring controllers using legacy Route annotations as attributes fix compatibility with PCRE < 10.40 fix forward compatibility with JsonStreamer 8.1+ [Intl] Update data to ICU 78.2 [Messenger] Fix AMQP heartbeat reconnection during in-flight message handling [JsonStreamer] Fix composite node provider arguments in stream mode [PropertyInfo] Fix union with mixed handling [Messenger] Optimize serialized size of ErrorDetailsStamp fix compatibility with DBAL 4.4+
ckrack
added a commit
to ckrack/symfony-symfony
that referenced
this pull request
Feb 8, 2026
…rait Populate $params["auth"] from DSN-parsed credentials for classes that receive auth via their constructor or connect call (Redis, RedisCluster, Relay), while explicitly excluding Sentinel mode where auth is applied post-connect to the resolved master node. This re-applies the fix from symfony#62852 which was reverted in symfony#63306 due to a regression for Redis Sentinel users (symfony#63261). The original fix unconditionally set $params["auth"] from DSN credentials, which caused them to be incorrectly passed to Sentinel servers that do not require authentication. The new shouldPopulateAuthFromDsn() method centralizes this decision by checking both the client class and the absence of Sentinel configuration. As documented at https://symfony.com/doc/current/components/cache/adapters/redis_adapter.html#configure-the-connection, the DSN supports password authentication (e.g. redis://user:password@host), which should work without requiring the undocumented auth query parameter.
ckrack
added a commit
to ckrack/symfony-symfony
that referenced
this pull request
Feb 8, 2026
…rait Populate $params["auth"] from DSN-parsed credentials for classes that receive auth via their constructor or connect call (Redis, RedisCluster, Relay), while explicitly excluding Sentinel mode where auth is applied post-connect to the resolved master node. This re-applies the fix from symfony#62852 which was reverted in symfony#63306 due to a regression for Redis Sentinel users (symfony#63261). The original fix unconditionally set $params["auth"] from DSN credentials, which caused them to be incorrectly passed to Sentinel servers that do not require authentication. The new shouldPopulateAuthFromDsn() method centralizes this decision by checking both the client class and the absence of Sentinel configuration. As documented at https://symfony.com/doc/current/components/cache/adapters/redis_adapter.html#configure-the-connection, the DSN supports password authentication (e.g. redis://user:password@host), which should work without requiring the undocumented auth query parameter.
nicolas-grekas
pushed a commit
to ckrack/symfony-symfony
that referenced
this pull request
Feb 9, 2026
…rait Populate $params["auth"] from DSN-parsed credentials for classes that receive auth via their constructor or connect call (Redis, RedisCluster, Relay), while explicitly excluding Sentinel mode where auth is applied post-connect to the resolved master node. This re-applies the fix from symfony#62852 which was reverted in symfony#63306 due to a regression for Redis Sentinel users (symfony#63261). The original fix unconditionally set $params["auth"] from DSN credentials, which caused them to be incorrectly passed to Sentinel servers that do not require authentication. As documented at https://symfony.com/doc/current/components/cache/adapters/redis_adapter.html#configure-the-connection, the DSN supports password authentication (e.g. redis://user:password@host), which should work without requiring the undocumented auth query parameter.
nicolas-grekas
pushed a commit
to ckrack/symfony-symfony
that referenced
this pull request
Feb 9, 2026
…rait Populate $params["auth"] from DSN-parsed credentials for classes that receive auth via their constructor or connect call (Redis, RedisCluster, Relay), while explicitly excluding Sentinel mode where auth is applied post-connect to the resolved master node. This re-applies the fix from symfony#62852 which was reverted in symfony#63306 due to a regression for Redis Sentinel users (symfony#63261). The original fix unconditionally set $params["auth"] from DSN credentials, which caused them to be incorrectly passed to Sentinel servers that do not require authentication. As documented at https://symfony.com/doc/current/components/cache/adapters/redis_adapter.html#configure-the-connection, the DSN supports password authentication (e.g. redis://user:password@host), which should work without requiring the undocumented auth query parameter.
nicolas-grekas
added a commit
that referenced
this pull request
Feb 9, 2026
…y in RedisTrait (ckrack) This PR was merged into the 6.4 branch. Discussion ---------- [Cache] Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #62765 #63261 | License | MIT Populate $params["auth"] from DSN-parsed credentials for classes that receive auth via their constructor or connect call (Redis, RedisCluster, Relay), while explicitly excluding Sentinel mode where auth is applied post-connect to the resolved master node (also using `Redis` or `Relay` classes). This re-applies the fix from #62852 which was reverted in #63306 due to a regression for Redis Sentinel users (#63261). The original fix unconditionally set $params["auth"] from DSN credentials, which caused them to be incorrectly passed to Sentinel servers that do not require authentication. As documented at https://symfony.com/doc/current/components/cache/adapters/redis_adapter.html#configure-the-connection, the DSN supports password authentication (e.g. redis://user:password@host), which should work without requiring the undocumented auth query parameter. Commits ------- 62e4a4e [Cache] Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait
nicolas-grekas
added a commit
that referenced
this pull request
Feb 9, 2026
…y in RedisTrait (ckrack) This PR was merged into the 6.4 branch. Discussion ---------- [Cache] Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #62765 #63261 | License | MIT Populate $params["auth"] from DSN-parsed credentials for classes that receive auth via their constructor or connect call (Redis, RedisCluster, Relay), while explicitly excluding Sentinel mode where auth is applied post-connect to the resolved master node (also using `Redis` or `Relay` classes). This re-applies the fix from #62852 which was reverted in #63306 due to a regression for Redis Sentinel users (#63261). The original fix unconditionally set $params["auth"] from DSN credentials, which caused them to be incorrectly passed to Sentinel servers that do not require authentication. As documented at https://symfony.com/doc/current/components/cache/adapters/redis_adapter.html#configure-the-connection, the DSN supports password authentication (e.g. redis://user:password@host), which should work without requiring the undocumented auth query parameter. Commits ------- 467de8b [Cache] Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait
|
Would this be fixed on the symfony/cache too? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fix enables
symfony/cacheRedis-type cluster connections to use authentication from DSN.The cluster connections use
$params['auth']instead of$authinRedisTrait::createConnection().The values that are extracted from the DSN in
$authare never merged into the$params.As this is a trait that is used in a connection factory, it's impossible to unit-test this.
It can be reproduced with a redis-cluster that has no default-user or that has a password protected default user and then connecting to it using a DSN like
rediss://user:pass@redis-cluster:6379.I've just tested it on an aws memoryDb cluster.
Here's my research thread using deepwiki:
https://deepwiki.com/search/in-redistraitphp-why-is-params_8008d228-37f0-42cb-8e6c-74a2c419d33a?mode=fast
(note how it fails telling me which branch to target 🔢)