Validates empty current password

Relates to:
symfony/symfony#23341
symfony/security-core@3bc0bcf

I can change user password without typing my current password.

Author: symfonyaml

Form/Type/ChangePasswordFormType.php

@@ -15,6 +15,7 @@
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\NotNull;
 use Symfony\Component\Security\Core\Validator\Constraints\UserPassword;
 
 class ChangePasswordFormType extends AbstractType
@@ -49,7 +50,10 @@ public function buildForm(FormBuilderInterface $builder, array $options)
             'label' => 'form.current_password',
             'translation_domain' => 'FOSUserBundle',
             'mapped' => false,
-            'constraints' => new UserPassword($constraintsOptions),
+            'constraints' => [
+                new NotNull(),
+                new UserPassword($constraintsOptions),
+            ]
         ));
 
         $builder->add('plainPassword', LegacyFormHelper::getType('Symfony\Component\Form\Extension\Core\Type\RepeatedType'), array(