UPGRADE FROM 2.11 to 2.12
=========================

Configuration
-------------

* Renamed `external_redirects.whitelist` option to `external_redirects.allow_list`

Before:
```yaml
nelmio_security:
    external_redirects:
        # ...
        whitelist:
            - twitter.com
            - facebook.com
```

After:
```yaml
nelmio_security:
    external_redirects:
        # ...
        allow_list:
            - twitter.com
            - facebook.com
```

* Renamed `forced_ssl.whitelist` option to `forced_ssl.allow_list`

Before:
```yaml
nelmio_security:
    forced_ssl:
        enabled: true
        whitelist:
            - ^/unsecure/
```

After:
```yaml
nelmio_security:
    forced_ssl:
        enabled: true
        allow_list:
            - ^/unsecure/
```

Events
------

* `Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Event` class is deprecated in favor of 
  `Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent`.
* `Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Events::VIOLATION_REPORT` is deprecated, use
  `Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent::class` instead.

Before (with Symfony >= 4.4):
```php
<?php

use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Events;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

final class ViolationReportListener implements EventSubscriberInterface
{
    public function onViolationReport(Event $event): void
    {
        // Some code
    }
    
    public static function getSubscribedEvents(): array
    {
        return [Events::VIOLATION_REPORT => 'onViolationReport'];
    }
}
```

After (with Symfony >= 4.4):
```php
<?php

use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

final class ViolationReportListener implements EventSubscriberInterface
{
    public function onViolationReport(ReportEvent $event): void
    {
        // Some code
    }
    
    public static function getSubscribedEvents(): array
    {
        return [ReportEvent::class => 'onViolationReport'];
    }
}
```