My deploy of symfony stopped to work #47257

Symfony version(s) affected

5.4.11

Description

Warning: require(WEBROOT/src/config/bundles.php): failed to open stream: No such file or directory

The problem is produced by fact that I do not upload to the web server any file that is not directly required for the execution.
That means the file composer.json is not uploaded. Therefore that error pops up.

It is a risk to share the list of library versions on the web server. It is minor issue that I can workaround by emptying the content of the file. It would be important to document that fact in visible place.

How to reproduce

Create new project.
Prepare the prod build.
Copy only required files for application to run (excluding composer.json, etc.)

Possible Solution

The possible alternative would be to let developer:

• specify the method to get root dir,
• specify root dir in the configuration.

Additional Context

The expose of composer.json and composer.lock can be seen as a security risk.

As it is completely normal to have those files in dev environment of CI build environment. That exposing those or risking exposing to the public can bring damage as it will make easier to find potential vulnerabilities and exploit them.