From 29fc40914d3be5c553ab4159951bec6c06fbb89f Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Wed, 18 Jun 2025 16:55:38 +0200
Subject: [PATCH] [Security] Remove mentions to deprecated eraseCredentials()
 method

---
 reference/configuration/security.rst | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index ef7247e330e..80d3441e8e5 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -46,32 +46,6 @@ access_denied_url
 Defines the URL where the user is redirected after a ``403`` HTTP error (unless
 you define a custom access denial handler). Example: ``/no-permission``
 
-erase_credentials
------------------
-
-**type**: ``boolean`` **default**: ``true``
-
-If ``true``, the ``eraseCredentials()`` method of the user object is called
-after authentication::
-
-    use Symfony\Component\Security\Core\User\UserInterface;
-
-    class User implements UserInterface
-    {
-        // ...
-
-        public function eraseCredentials(): void
-        {
-            // If you store any temporary, sensitive data on the user, clear it here
-            // $this->plainPassword = null;
-        }
-    }
-
-.. deprecated:: 7.3
-
-   Since Symfony 7.3, ``eraseCredentials()`` methods are deprecated and are
-   not called if they have the ``#[\Deprecated]`` attribute.
-
 expose_security_errors
 ----------------------