Releases: cakephp/cakephp
CakePHP 4.4.3 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.3. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.3. See the changelog for every commit.
- Fixed a potential method call on null in file assertion methods.
- Improved compatibility with PHP 8.2.
TableLocator::get()
no longer throws an error if a table is configured with options and then mocked.- Updated CI configuration to use windows 2022 image.
- Fixed a regression in
Folder::create()
whereumask
was not correctly set. - Cache keys used with
FileEngine
are now URL encoded. This aligns the characters valid in cache keys with other engines. It could cause cache misses for applications that were previously using characters outside of the alpha-numeric ranges. - Removed redundant class type checks.
- Fixed
ResultSet
indexes being mutated by exceptions thrown within a loop while xdebug is enabled. TableLocator
now handles getting tables by namespaced class name better.- Unused properties in
Database\Query
were deprecated. - Improve casting of integer routing parameters.
Contributors to 4.4.3
Thank you to all the contributors that helped make this release happen:
- ADmad
- Apisathan
- chris cnizzardini
- Edgaras Janušauskas
- Erwane Breton
- Kevin Pfeifer
- Mark Story
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.2 released
CakePHP 4.4.2 Released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.2. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.2. See the changelog for every commit.
- Updated constraints on laminas packages.
- Improved
EntityTrait::_accessible
type annotation. - Added the
encrypt
andtrustServerCertificate
options toSqlServerDriver
. - When
viewClasses()
based extension driven content-negotiation fails aNotFoundException
will now be raised. - Fixed
ServerRequest::is('xml')
from returning true on the defaultAccept
header sent by Firefox. - Added deprecation for the
Error.errorLogger
configure option. This was missed during the development of theErrorTrap
sub-system. - Improved API documentation.
Contributors to 4.4.2
Thank you to all the contributors that helped make this release happen:
- ADmad
- Cristian Haunsen
- Mark Story
- Michael Hoffmann
- Nicos Panayides
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.1 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.1. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.1. See the changelog for every commit.
- Fixed broken links in API documentation.
- Reverted a deprecation in
implementedEvents()
as DebugKit was relying on it and we missed identifying this usage earlier. - Added
scanCount
toRedisEngine
to give more control over how keys are cleared. - Improved deprecation warning for
ResultSetInterface
proxying. - Fixed updating belongsToMany association junction records that contain composite primary keys that involve a column that is mapped to a non-scalar value
- Fixed
P1D
date interval expressions when used as cache TTL values.
Contributors to 4.4.1
Thank you to all the contributors that helped make this release happen:
- ADmad
- Alex Mayer
- Corey Taylor
- Erwane
- Mark Story
- Nicos Panayides
- ndm2
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.0 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.0. This is the first stable release of 4.4.0. 4.4.0 provides a number improvements to CakePHP.
Upgrading to 4.4.0
You can use composer to upgrade to CakePHP 4.4.0::
php composer.phar require --update-with-dependencies "cakephp/cakephp:4.4.*"
Deprecation Warnings
4.4 introduces a few deprecations. All of these features will continue for the duration of 4.x but will be removed in 5.0. See the migration guide.
What's new in 4.4.0?
The migration guide has a complete list of what's new in 4.4.0. We recommend you give that page a read when upgrading. A few highlights from 4.4.0 are:
- A new Error and Exception handling framework that is easier to extend and requires less application code to operate.
- The
RedisEngine
now supports fast deletes withdeleteAsync()
. bin/cake routes
now highlights collisions in route templates.Controller::viewClasses()
was added. This method enables controllers to take control of what content-types they can respond as.- View classes can define the static method
contentType()
to participate in content-type negotiation. Query::expr()
was added as an alternative toQuery::newExpr()
.- The
QueryExpression::case()
builder now supports inferring the type from expressions passed tothen()
andelse()
that implement\Cake\Database\TypedResultInterface
. BaseApplication::handle()
now adds the$request
into the service container all the time.HttpsEnforcerMiddleware
now has anhsts
option that allows you to configure theStrict-Transport-Security
header.TreeBehavior
now supports triggering ORM callbacks when deleting nodes.
Contributors to 4.4.0
Thank you to all the contributors that helped make 4.4 happen:
- ADmad
- Alejandro Ibarra
- Chetan Varshney
- Corey Taylor
- Gerhard Lechner
- itosho
- Jorge González
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- naveen
- saeideng
As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests. 4.4.0 is a large release and would not have been possible without the community support and feedback.
What's Next
With 4.4.0 shipped, the core team's focus will be primarily on CakePHP 5.0. So far in the 5.x
branch, the team has:
- Bumped the required version of PHP to 8.1.0
- Removed all the behavior that was deprecated in
4.x
. - Improved typehinting by using features in PHP 8.1.
- Updated interfaces with
@method
annotations.
The roadmap for 5.x is still under development, and if there is a feature you feel passionate about or a tedious behavior you'd like to see changed, please open an issue and get the discussion started.
CakePHP 4.3.10 released
The CakePHP core team is happy to announce the immediate availability of CakePHP
4.3.10. This is a maintenance release for the 4.3 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.3.10. See the changelog for every commit.
- Fixed
patchEntity()
failing when a table contains a field that matches the name and casing of the table alias. - Fixed
Collection::__debugInfo()
failing when a count could not be generated.
Contributors to 4.3.10
Thank you to all the contributors that helped make this release happen:
- Kevin Pfeifer
- Mark Story
- naveen
- othercorey
- Robert Gasch
- Sheldon Reiff
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 3.10.4 Released
The CakePHP core team is happy to announce the immediate availability of CakePHP 3.10.4. This is a maintenance and security release for the 3.10 branch that fixes a community reported issue, and patches a security vulnerability.
Security Fixes
The 3.10.4 release fixes an encoding issue with the verified tokens feature of CsrfProtectionMiddleware
released in 3.10.3. In 3.10.3 verfied tokens were generated using random bytes and would often fail to match as the bytes would be incorrectly encoded when rendered in HTML.
Bugfixes
You can expect the following changes in 3.10.4. See the changelog for every commit.
- Fixed incorrectly encoded CSRF tokens when using the
verifyTokenSource
option.
Contributors to 3.10.4
Thank you to all the contributors that helped make this release happen:
- Marc Würth
- Mark Story
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.0-RC2 released
The CakePHP core team is proud to announce the second release candidate of CakePHP 4.4.0. The 4.4.0 release will introduce several new features and a handful of deprecations.
New Features
The migration guide has a complete list of what's new in 4.4.0. We recommend you give that page a read when upgrading as it outlines the deprecations present in 4.4.
Changes Since 4.4.0-RC1
- The current request is now automatically added to your application's dependency injection container making it easier to have services that depend on the current request.
- Fixture schema reflection now clears the table registry to prevent errors with applications that initialize tables in
initialize()
hooks. PaginatorHelper::limitControl()
now works with multiple pagination.- Additional features on
Debugger
were deprecated in favour of usingErrorTrap
instead. - Pagination classes were moved under
Cake\Datasources\Paging
. - Renamed
DefaultPaginator
toNumericPaginator
. - The experimental flag was removed from the dependency injection container. It is now considered a stable API.
- Improved the logging configuration in
ErrorTrap
andExceptionTrap
. - Fixed missing use of
bindingKey
inBelongsToMany
associations. - Improved handling of invalid cookie names.
- Improved content-negotiation with file types that have multiple content-type options.
- The
FormContext
adapter forFormHelper
now supports non-default validation rule sets. - Added a 'match all' type to
View
so that fallback view classes can be implemented in the new content-negotiation feature. - Added
deleteAsync()
andclearBlocking()
methods to the redis cache engine. - Added new methods to
ErrorLoggerInterface
with annotations. The newlogError()
andlogException()
methods will replace thelogMessage()
andlog()
methods respectively in 5.x. Before using the new error handling subsystem you should update any custom error loggers. - Improved API documentation.
- Removed usage of string interpolation that is deprecated in PHP 8.2
How you Can Help
You can help by trying out the RC in your application. Please open issues for any new test failures or regressions the new version creates in your application.
Contributors to 4.4.0-RC2
Thank you to all the contributors that have helped with 4.4.0:
- ADmad
- Andrii Pukhalevych
- Corey Taylor
- Danial Khoshkhou
- dependabot[bot]
- Gerasimos
- itosho
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- OJMichael
- othercorey
- Remy Bos
We would also like to thank Guarang Maheta for notifying us of a security issue in bakery.cakephp.org
and helping us resolve it.
As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
CakePHP 4.3.9 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.3.9. This is a maintenance release for the 4.3 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.3.9. See the changelog for every commit.
- Improved API documentation.
- Removed redundant function calls in session handling.
- Updated to phpstan 1.6
Contributors to 4.3.9
Thank you to all the contributors that helped make this release happen:
- Mark Scherer
- Mark Story
- othercorey
- Remy Bos
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 3.10.3 Released
The CakePHP core team is happy to announce the immediate availability of CakePHP 3.10.2. This is a maintenance and security release for the 3.10 branch that fixes a couple community reported issues, and patches a security vulnerability.
Security Fixes
The 3.10.3 release contains an opt in security fix for CsrfProtectionMiddleware
. Prior to this release, if an application has a cross-site-scripting vulnerability, or an attacker has access to a victim's browser CSRF tokens could be manipulated allowing CSRF bypass. This weakness stems from CSRF middleware accepting any matching pair of tokens. With the fix applied, only tokens generated by the host application will be accepted. This fix requires opt-in because it breaks compatibility with existing CSRF tokens that may be in user's browsers/sessions. To enable the new style tokens add the following:
// in src/Application.php
$middlewareQueue->add(new CsrfProtectionMiddleware([
'verifyTokenSource' => true
]));
Bugfixes
You can expect the following changes in 3.10.3. See the changelog for every commit.
- Fixed a memory leak in
TranslatorRegistry
when loading translations from cache.
Contributors to 3.10.3
Thank you to all the contributors that helped make this release happen:
- Mark Story
- Val Bancer
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.3.8 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.3.8. This is a maintenance release for the 4.3 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.3.8. See the changelog for every commit.
- Improved examples in documentation blocks.
- Fixed missing usage of
bindingKey
in associations generated byBelongsToMany
. - Fixed a
TypeError
coming fromCsrfProtectionMiddleware
when cookie data contained invalid base64 encoded data. - Improved handling of numeric keys in cookie parsing.
Contributors to 4.3.8
Thank you to all the contributors that helped make this release happen:
- ADmad
- Andrii Pukhalevych
- Corey Taylor
- Danial Khoshkhou
- Gerasimos
- Kevin Pfeifer
- Mark Scherer
- Mark Story
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.