… (ogizanagi)This PR was merged into the 3.3-dev branch.Discussion----------[Security] Handle bad request format in json auth listener| Q             | A| ------------- | ---| Branch?       | master (3.3)| Bug fix?      | yesish| New feature?  | yes| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed tickets | N/A| License       | MIT| Doc PR        | N/AIn#22034, I wondered myself if we shouldn't throw a dedicated exception to handle bad formatted requests and give more inputs to the client by returning a 400 response with an explicit message.~~Here is a suggestion, introducing a new `BadRequestFormatException` and using it in `UsernamePasswordJsonAuthenticationListener` whenever there is no custom failure handler set (but someone using its own handler should be able to treat the failure properly too).~~As discussed with@chalasr , it seems better to directly throw a `BadRequestHttpException` as it's actually out of the whole security process. PR updated.Commits-------93a8cb9 [Security] Handle bad request format in json auth listener

This PR was merged into the 3.3-dev branch.Discussion----------Fix tests| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | no| BC breaks?    | no| Deprecations? |  no| Tests pass?   | yes| Fixed tickets |#22569 (comment)| License       | MIT| Doc PR        | n/aCommits-------b6948dd Fix tests

This PR was merged into the 2.7 branch.Discussion----------[Security] Fix fatal error on non string username| Q             | A| ------------- | ---| Branch?       | 2.7| Bug fix?      | yes| New feature?  | no| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed tickets |#25612| License       | MIT| Doc PR        | n/aThat's consistent with what#22569 did for the `json_login` listener.Commits-------8f09568 [Security] Fix fatal error on non string username