Merge branch '3.4' into 4.2

* 3.4:
  [#11328] Restructured into a definition list
  Fix a typo for the range of allowed attack complexity score values
  Addressed issues raised in (#10798)
  Add Doctrine ORM installation instructions.
  Adds documentation for monolog processors.

Author: wouterj

best_practices/business-logic.rst

@@ -122,6 +122,15 @@ library or strategy you want for this.
 
 In practice, many Symfony applications rely on the independent
 `Doctrine project`_ to define their model using entities and repositories.
+
+Doctrine support is not enabled by default in Symfony. So to use Doctrine
+as shown in the examples below you will need to install :doc:`Doctrine ORM support </doctrine>`
+by executing the following command:
+
+.. code-block:: terminal
+
+    $ composer require symfony/orm-pack
+
 Just like with business logic, we recommend storing Doctrine entities in the
 ``src/Entity/`` directory.
 
@@ -226,7 +235,7 @@ the following command to install the Doctrine fixtures bundle:
 
 .. code-block:: terminal
 
-    $ composer require "doctrine/doctrine-fixtures-bundle"
+    $ composer require doctrine/doctrine-fixtures-bundle
 
 Then, this bundle is enabled automatically, but only for the ``dev`` and
 ``test`` environments::
@@ -267,6 +276,7 @@ Next: :doc:`/best_practices/controllers`
 
 .. _`full definition`: https://en.wikipedia.org/wiki/Business_logic
 .. _`Doctrine project`: http://www.doctrine-project.org/
+.. _`Doctrine ORM support`: https://symfony.com/doc/current/doctrine.html
 .. _`fixture class`: https://symfony.com/doc/current/bundles/DoctrineFixturesBundle/index.html#writing-simple-fixtures
 .. _`PSR-1`: https://www.php-fig.org/psr/psr-1/
 .. _`PSR-2`: https://www.php-fig.org/psr/psr-2/

contributing/code/security.rst

@@ -150,7 +150,7 @@ score for Affected Projects is capped at 4.*
 Score Totals
 ~~~~~~~~~~~~
 
-* Attack Complexity: 1 - 4
+* Attack Complexity: 1 - 5
 * Impact: 1 - 6
 * Affected Projects: 1 - 4
 

logging/processors.rst

@@ -159,6 +159,24 @@ If you use several handlers, you can also register a processor at the
 handler level or at the channel level instead of registering it globally
 (see the following sections).
 
+Symfony's MonologBridge provides processors that can be registered inside your application.
+
+:class:`Symfony\\Bridge\\Monolog\\Processor\\DebugProcessor`
+    Adds additional information useful for debugging like a timestamp or an
+    error message to the record.
+
+:class:`Symfony\\Bridge\\Monolog\\Processor\\TokenProcessor`
+    Adds information from the current user's token to the record namely
+    username, roles and whether the user is authenticated.
+
+:class:`Symfony\\Bridge\\Monolog\\Processor\\WebProcessor`
+    Overrides data from the request using the data inside Symfony's request
+    object.
+
+.. versionadded:: 3.4
+
+    The ``TokenProcessor`` class was introduced in Symfony 3.4.
+
 Registering Processors per Handler
 ----------------------------------