Releases: cakephp/cakephp
CakePHP 4.4.13 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.13. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.13. See the changelog for every commit.
- Fix DateTimeType::manyToPHP with int.
- Handle numeric keys in cookies being parsed from the server request.
- Catch all exceptions when generating sql for Query::__debugInfo().
- Fix loading of vendor namespaced plugins.
Contributors to 4.4.13
Thank you to all the contributors that helped make this release happen:
- ADmad
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 5.0.0-beta2 released
The CakePHP core team is happy to announce the second beta release of CakePHP5.0.0. Since the beta1 release the core team has continued to refine andsimplify the framework. Some of the highlights of this work include:
- Removing more code that was deprecated in 4.x.
- Adding namespaces to all the global functions that CakePHP provides. This enables application code to define their own global function names or use the global function shims provided by CakePHP.
- Added support for PSR-17 HTTP factories interfaces.
- Improved the runtime deprecation coverage to include all documentation only deprecations.
- Begun work on the rector rules for 4.5 and 5.0
- Added a Time only object to Chronos (will be added to CakePHP soon).
Finally, the scope for 5.x isn't locked down so if you'd like to see a feature
or breaking change made please open an issue.
New Features
The migration guide has a complete list of what's new in 5.0.0. We recommend you give that page a read when upgrading as it notes the various breaking changes present in 5.0.
How you Can Help
You can help deliver 5.0 by contributing in one of many ways:
- Check the documentation for mistakes, outdated, unclear or broken examples. We've been trying to update the documentation as we go, but there are likely examples or sections we've missed.
- Try it out! Give CakePHP 5.0 a test drive in a non-production application. We'd love to hear how converting a small application went and what was harder than it should have been.
- File issues for regressions in existing features, or suggest new features. Even if those features don't make it into 5.0, we would appreciate community input on what should be part of 5.1 and 5.2
Contributors to 5.0.0-beta1
Thank you to all the contributors that have helped since the beta1 release:
- ADmad
- Alejandro Ibarra
- Andrii Pukhalevych
- andrii-pukhalevych
- Brad McNaughton
- Brian French
- Chris Hallgren
- Edgaras Janušauskas
- Erwane Breton
- fabsn182
- Jamison Bryant
- Jaro Varga
- J.Brabec
- Jose Daian
- Kevin Pfeifer
- Marc Würth
- Mark Scherer
- Mark Story
- Matthias Wirtz
- Mikkel Bonde
- Nicos Panayides
- othercorey
- saeideng
As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
CakePHP 4.4.12 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.12. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.12. See the changelog for every commit.
- Fix regression in
missing_controllertemplate whereclasswas undefined. - Add opt-in exception wrapping for
PDOErrorthat preserves thequeryStringattribute used in error templates. This is a workaround for dynamic properties being deprecated in PHP 8.2. - Improve how validation rules work on array elements with numeric keys.
- Fix mutation side-effects in
TestEmailTransportcaused byMailerinstances being delivered within a loop. These mutations would result in test assertions having access to incorrect information. - Fixed cookie expiration when the default server timezone was ahead of UTC.
- Added additional composer package metadata for PSR interface implementations.
- An exception will now be thrown if the session cannot be started due to headers being sent. Previously a hard to understand
TypeErrorwould be raised when attempting to write to a session that failed to start. cake plugin loadnow detects and prevents duplicates.
Contributors to 4.4.12
Thank you to all the contributors that helped make this release happen:
- ADmad
- Andrii Pukhalevych
- Brad McNaughton
- Brian French
- Chris Hallgren
- Erwane Breton
- Jamison Bryant
- Kevin Pfeifer
- Marc Würth
- Mark Scherer
- Mark Story
- mscherer
- Nicos Panayides
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.11 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.11. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.11. See the changelog for every commit.
Viewcan now iterates templates paths that were defined as an associative array.- The
i18n extractcommand now checks for directory existence before trying to enumerate the files within directories provided as inputs. - Update SECURITY policy docs to include 3.x end-of-life status.
- Improve API documentation.
- Fix dynamic-property error in PHP8.2 when
PDOErrorobjects are logged. - Switch to using phive to install static analysis tools.
- Set the request into the routing context before processing middleware. This ensures that links on error pages always have access to the current request.
Contributors to 4.4.11
Thank you to all the contributors that helped make this release happen:
- ADmad
- Edgaras Janušauskas
- fabsn182
- Kevin Pfeifer
- Marc Würth
- Mark Scherer
- Mark Story
- Mikkel Bonde
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.2.12 Released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.12. This release corrects a regression introduced when backporting the recent security fix from 4.4.10 to the 4.2 branch.
Bugfixes
You can expect the following changes in 4.4.12. See the changelog for every commit.
- Fix regression in
Query::offset()andQuery::limit().
CakePHP 4.4.10 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.10. This release contain a security fix for the limit() and offset() methods of Cake\Database\Query. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
Additional Bugfixes in 4.4.10
The 4.4.10 release contains the aforementioned security fix as well as the following fixes. See the changelog for every commit.
- Update association definitions in ORM tests.
- Update build images to Ubuntu 22.04.
Contributors to 4.4.10
Thank you to all the contributors that helped make this release happen:
- ADmad
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.3.11 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.3.11. This release contain a security fix for the limit() and offset() methods of Cake\Database\Query. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
CakePHP 4.2.11 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.11. This release contain a security fix for the limit() and offset() methods of Cake\Database\Query. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
CakePHP 3.x End of Support and 3.10.5 Released
As previously communicated the time has come for CakePHP 3.x support to end. It has been 36 months since the release of 4.0.0 on Dec 15 2019, and going forward the core team will not be maintaining the 3.x branch.
Going forward the CakePHP team will continue to support 4.x and develop 5.x. Once 5.0.0 is released, 4.x will receive bugfixes for 24 months, and security fixes for 36 months.
CakePHP 3.10.5 released
The 3.10.5 release contains a single bugfix:
- Fix
IntegrationTestTraitprovidingnullas the request body.
Contributors to 3.10.5
- Marc Würth
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.9 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.9. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.9. See the changelog for every commit.
- Improve duplicate route detection in
cake routes. - Make
ShadowTranslatestrategy forTranslateBehaviorhandle missing association records with translations consistently withEavStrategy.
Contributors to 4.4.9
Thank you to all the contributors that helped make this release happen:
- ADmad
- Mark Story
- Matthias Wirtz
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.