2.0.0-alpha8

This release contains several important fixes (including important security fix):

• SQL injection in limit() Criteria API. If you use this method from external input, update immediately your code base to cast the argument to int first or use 2.0.0-alpha8).
  What happened? The method \Propel\Runtime\ActiveQuery\Criteria::setLimit did not cast the $limit automatically to an int, allowing to place any arbitrary SQL into this argument. You can fix the security vulnerability by casting manually you limit to int or update to newest Propel2 version.

public function pageAction(Request $request){
    $posts = BlogPostQuery::create()
        ->filterByUser($user)
        ->offset($request->get('offset'))
        ->limit($request->get('limit')); //<-- vulnerability

    return $posts;
}

Update your call to following to fix it:

        ->limit((int) $request->get('limit'));

• PHP php7.1+ compatibility
• Symfony 4 compatibility

4c309e3e - SQL injection fix: Cast limit to integer when setting via Criteria::setLimit() (#1465) <Mike Petrovich>
cd23d738 - Coerce offset and limit values to integers for MySQL LIMIT clause (#1464) <Mike Petrovich>
c64c0d61 - Format parameter can be null (#1462) <Timo Schwarzer>
3dde1043 -  #1447. On preInsert object in TimestampableBehavior we get different dataTime. (#1457) <Eugene Kurasov>
80cda8a3 - Fix getPrimaryKeyFromRow for custom php types (#1397) <jaspervdm>
df9fefdc - Address failed tests after applying fix for issue #1425 (#1449) <Gomes>
1f6557d1 - Fix test suite and init command (#1452) <Cristiano Cinotti>
dbd225c5 - Make offsetGet compatible with the parent's offsetGet method (#1446) <Timo Schwarzer>
a2ebdfcc - Added referenceOnly attribute to external-schema (#1439) <Jonas Rudolph>
daba2c85 - address countable issue in php7.2 (#1425) <Chris Schuld>
98d584f8 - Added php 7.2 in travis (#1415) <Maxim>
79bffd5a - improved formatting speed (#1428) <Tomasz Wójcik>
3053018a - Symfony 4 compatibility (#1434) <Cristiano Cinotti>
315fd092 - Fix vendorInfo handling for foreign keys and add support for postgres deferrable FK constraints (#1418) <Nicolas FRANÇOIS>
a732a9db - Throw original exception in criteria file (#1422) <Maxim>
d24a474f - Fix issue #1406 : diff issue with CURRENT_TIMESTAMP on maria 10.2 (#1407) <wollanup>
9c3458a1 - Remove tailing hashes (#1401) <wdhwg001>
cd5d36d9 - Fix Gitter (#1402) <wdhwg001>
7b1e8325 - PHP Warning in Profiler (#1400) <Maxim>
e404ed8d - fix ObjectBuilder addFKAccessor reference to int (#1399) <ktret>
b589458e - spell DECIMAL correctly in isNumber function (#1398) <ktret>
c3e7a5c4 - Fix json equality check for json columns (#1396) <kriks57>
b4c13d64 - Fix MssqlAdapter::applyLimit from generating malformed queries when `from` is included as a non-keyword (#1395) <Chase>
6c3d6364 - Fix detection of subquery virtual columns in MssqlAdapter::applyLimit (#1382) <Chase>
efafd096 - Fix wrong string generation in PropelDateTime::getMicrotime <Marc J. Schmidt>
97314087 - Update Database.php (#1379) <Gula Andrij>
a00829fa - Fixed versionable behavior with incorrect constant (#1270) <gabor-kormany>
1b5ffef9 - Fix greedy regex incorrectly splitting query string with multiple FROM statements [Mssql] (#1375) <Chase>
6aa779ef - Check incomplete foreign-keys #675 (#1259) <atompulse>
1ab67865 - Fix broken boolean types on IniFileLoader (propelorm/Propel2#1355) (#1356) <Gregory Boddin>
9e4039d0 - Undefined method being called; issue #1352 (#1354) <AlexanderBliznuk>
fe18de34 - json type column for mysql 5.7 (#1372) <cedric lombardot>
02f085de - Allowing file loader to accept empty env vars (e.g. DB_PW) (#1373) <Avi Bueno>
5512c399 - Allows the use of Unsigned="true|false" as a MySQL vendor column parameter. (#1360) <Damien VERON>
b311676a - Support XML Inclusions in configuration, adds #1321 (#1322) <hakre>
618c1922 - Result of method Model::init*() (void) is used. (#1365) <Maxim>
4395623d - Fixed Om\Object::toArray when using DateTimeImmutable (#1359) <ricardoe>
e78bb96e - Fix remove spaces in empty line on windows (#1357) <Andrey>
ff113cdb - Test also php 7.1 (#1337) <Massimiliano Arione>
65c6515b - fix TableMapTrait.php (#1339) <CrayD>
bdca6fc2 - Validator fix (#1350) <Angel Koilov (po_taka)>
67bad146 - Revert "Update composer.json" (#1349) <Marc J. Schmidt>
0b31885e - Update composer.json (#1348) <Gula Andrij>
83a8bb97 - don't allow symfony/validator < 2.3 (#1342) <Gregor Harlan>
2a635ffd - Update PgsqlPlatform.php (#1338) <Oliwier Ptak>
b7c8ac90 - symfony/validator >= 3.2.2 is not supported anymore. <Marc J. Schmidt>
d81612c3 - fixed php7.1 implicit string to array cast <Marc J. Schmidt>
413aa52a - Changes description of filterBy function (#1334) <Maxim>
367878d0 - Fix regression in ObjectCollection of Collections. (#1330) <Peter Potrowl>
5026b534 - Fix php7.1 [] operator not supported for strings in (#1329) <cedric lombardot