Changelog History
Page 2
-
v4.1.0-RC2 Changes
June 22, 2020π The CakePHP core team is proud to announce the first release candidate of CakePHP 4.1.0. This beta introduces a handful of deprecations. It also adds window function support and common-table-expression support to the ORM. Furthermore, it features improved
debug()
output, and new ORM events for marshalling.π New Features
β¬οΈ The migration guide has a complete list of what's new in 4.1.0. We recommend you give that page a read when upgrading as it outlines the deprecations present in 4.1.
π Changes Since 4.1.0-RC1
Table::saveMany()
now triggers theModel.afterSaveCommit
event.- π Improved deprecation links.
- π Fix a regression in RC1 where associations with
dependent
but not associated records would cause deletions to fail. - π Fixed inflection of CamelCase words.
- π Deprecated
TableRegistry::get()
. Use theTableLocatorAwareTrait
instead. - π Fix query LoggingStatement prematurely fetching records.
- π The
whitelist
andsortWhitelist
options forPaginatorComponent
have been deprecated. UseallowedParameters
andsortableFields
instead. - π Fixed incorrect paths in missing layout exception pages.
- π
CsrfProtectionMiddleware::whitelistCallback()
has been deprecated. UseskipCheckCallback()
instead. - β Add support for console colors in Windows 10 and bash emulation.
How you Can Help
β You can help by trying out the RC in your application. Please open issues for any new test failures or regressions the new version creates in your application.
Contributors to 4.1.0-RC2
Thank you to all the contributors that have helped with 4.1.0:
- ADmad
- Corey Taylor
- Mark Scherer
- Mark Story
- Walther Lalk
- ndm2
π As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
-
v4.1.0-RC1 Changes
June 01, 2020π The CakePHP core team is proud to announce the first release candidate of CakePHP 4.1.0. This beta introduces a handful of deprecations. It also adds window function support and common-table-expression support to the ORM. Furthermore, it features improved
debug()
output, and new ORM events for marshalling.π New Features
β¬οΈ The migration guide has a complete list of what's new in 4.1.0. We recommend you give that page a read when upgrading as it outlines the deprecations present in 4.1.
π Changes Since 4.1.0-beta1
- β‘οΈ
Form\Form::set()
was added to help incrementally update the data in a Form object. - The interface for CommonTableExpressions and windowing functions were improved.
- π
TranslateBehavior
now supports alocale
option when finding records. This option lets you set the locale for a single find call. Query::clearResult()
was added to clear the internal result and count value.- π Deprecation annotations now contain IDE clickable links.
- β Added missing annotations in the Validation package.
- Datetime inputs created through
FormHelper
can have thestep
option unset. - Cache adapters that require extensions now raise clearer exceptions when the required extensions are missing.
Datasource\LocatorInterface
was added to help easy other locator implementations.- π
SmtpAdapter
now supportsAUTH PLAIN
. - π PHP8 nightly builds were added to the CakePHP test matrix.
- β Delete operations with cascading callbacks now abort when an associated record fails to delete because of application rule failures.
- π
Query::orderAsc()
andQuery::orderDesc()
now support closures to build the order clause. - 0οΈβ£
Session::read()
now has a default parameter. Session::readOrFail()
was added.
How you Can Help
β You can help by trying out the RC in your application. Please open issues for any new test failures or regressions the new version creates in your application.
Contributors to 4.1.0-RC1
Thank you to all the contributors that have helped with 4.1.0:
- ADmad
- Corey Taylor
- Edgaras JanuΕ‘auskas
- Frank de Graaf
- Mark Scherer
- Mark Story
- Matthias Wirtz
- andrii-pukhalevych
- ndm2
- othercorey
π As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
- β‘οΈ
-
v4.1.0-beta1 Changes
May 16, 2020π The CakePHP core team is proud to announce the first beta release of CakePHP 4.1.0. This beta introduces a handful of deprecations. It also adds window function support and common-table-expression support to the ORM. Furthermore, it features improved
debug()
output, and new ORM events for marshalling.π New Features
β¬οΈ The migration guide has a complete list of what's new in 4.1.0. We recommend you give that page a read when upgrading as it outlines the deprecations present in 4.1.
How you Can Help
β You can help by trying out the beta in your application. Please open issues for any new test failures or regressions the new version creates in your application.
Contributors to 4.0.0-beta1
Thank you to all the contributors that have helped with 4.1.0:
π As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
- ADmad
- Corey Taylor
- Diego Sardina
- Edgaras JanuΕ‘auskas
- Jad Bitar
- John Zwarthoed
- Marc WΓΌrth
- Mario Rothauer
- Mark Scherer
- Mark Story
- McsKienNP
- Oliver Nowak
- andrii-pukhalevych
- chinpei215
- mcsknp
- mtak3
- ndm2
- nojimage
- saeideng
-
v4.0.10 Changes
December 08, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.10. This release contains security fixes and is a recommended upgrade for all applications still using 4.0.x.
π The security fixes address a vulnerability in the
CsrfProtectionMiddleware
that allowed method override parameters to bypass CSRF checks for requests with no additional POST data. The fixes validate that the HTTP method override is a valid HTTP method name. We'd like to thank Xhelal Likaj for reporting this issue to us via our security mailing list.π The versions impacted by this issue are >4.0.0, <=4.0.9 and >4.1.0, <=4.1.3. Releases after 4.1.3 are not vulnerable as they already validated the HTTP method names.
π Bugfixes
π You can expect the following changes in 4.0.10. See the changelog for every commit.
- π Fixed validation of HTTP methods defined in
_method
parameters.
Contributors to 4.0.10
π Thank you to all the contributors that helped make this release happen:
- Mark Story
- Xhelal Likaj
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
- π Fixed validation of HTTP methods defined in
-
v4.0.9 Changes
June 23, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.9. This is a maintenance release for the 4.0 branch that fixes several community reported issues.
π Bugfixes
π You can expect the following changes in 4.0.9. See the changelog for every commit.
- β Added support for
AUTH PLAIN
toSmtpTransport
. - π Improved API docblocks and type annotations.
- β Removed usage of
ReflectionParameter::getClass()
as it is deprecated in PHP 8. - π Improved performance of
ServerRequest::is()
andisAll()
. - π Fixed warnings in
SecurityComponent
,FormProtector
andCsrfProtectionMiddleware
when handling invalid non-scalar data. - π Fixed incorrect paths in missing layout error pages.
Contributors to 4.0.9
π Thank you to all the contributors that helped make this release happen:
- ADmad
- Corey Taylor
- Edgaras JanuΕ‘auskas
- Mark Scherer
- Mark Story
- andrii-pukhalevych
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
- β Added support for
-
v4.0.8 Changes
May 24, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.8. This is a maintenance release for the 4.0 branch that fixes several community reported issues.
π Bugfixes
π You can expect the following changes in 4.0.8. See the changelog for every commit.
- π Update API documentation and method typing.
- π Fixed marshalling datetime values of
HH:mm
. - β Removed
@throws
annotations fromIntegrationTestTrait
methods. - π Fixed handling of
false
values inFormHelper
. Instead of''
,0
is used now. - π Improved CSRF validation error messages.
- π Fixed
application/www-form-urlencoded
payloads in integration tests showing up as empty arrays. XmlView
no longer tries to get keys of non-array values.
Contributors to 4.0.8
π Thank you to all the contributors that helped make this release happen:
- ADmad
- Corey Taylor
- Frank de Graaf
- Mark Scherer
- Mark Story
- diegosardina
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
-
v4.0.7 Changes
May 02, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.7. This is a maintenance release for the 4.0 branch that fixes several community reported issues.
π Bugfixes
π You can expect the following changes in 4.0.7. See the changelog for every commit.
- π Improved CSRF generation to fix upgrade errors introduced in 4.0.6
- MailSentWith assertions now include the contents of the messages that did not pass the assertion.
- π Fixed
Debugger::exportVar()
now handles uninitialized typed properties from PHP 7.4 - π Improved API docstring types.
- π Improved rendering of multiline exception messages and messages with inline code formatting.
- π Improved defining ISO8601 validation rules.
Contributors to 4.0.7
π Thank you to all the contributors that helped make this release happen:
- ADmad
- Edgaras JanuΕ‘auskas
- Erwane Breton
- Johan Meiring
- Mark Scherer
- Mark Story
- othercorey
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
-
v4.0.6 Changes
April 19, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.6. This is a maintenance release for the 4.0 branch that fixes several community reported issues and a low risk security issue in our CSRF protection middleware.
π Bugfixes
π You can expect the following changes in 4.0.6. See the changelog for every commit.
- π Nirmal Kirubakaran contacted us via the security mailing list and disclosed a vulnerability in our CSRF token generation. If an attacker were to use an XSS vulnerabiity or physical access to fixate a CSRF token they could then exploit additional CSRF attacks. In this release tokens contain an HMAC signed with
Security.salt
. This ensures the tokens were generated by the same application that receives them. - π Improved session access in
IntegrationTestTrait
through the newgetTestSession()
method. - π Fixed generation of pagination links on
/
URLs. - π
cake plugin unload
andcake plugin load
now handle vendor namespaced plugins. - β
Validation::inList()
no longer emits a warning on a non-scalar values. - π§ Schema reflection stored procedures in SQLServer now work in case sensitive configurations.
- Email message wrapping no longer emits errors when lines are the same length as the wrap length.
- π
App::path()
now resolves locale files for plugins.
Contributors to 4.0.6
π Thank you to all the contributors that helped make this release happen:
- ADmad
- Corey Taylor
- Mark Scherer
- Mark Story
- Nicolas
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
- π Nirmal Kirubakaran contacted us via the security mailing list and disclosed a vulnerability in our CSRF token generation. If an attacker were to use an XSS vulnerabiity or physical access to fixate a CSRF token they could then exploit additional CSRF attacks. In this release tokens contain an HMAC signed with
-
v4.0.5 Changes
March 29, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.5. This is a maintenance release for the 4.0 branch that fixes several community reported issues.
π Bugfixes
π You can expect the following changes in 4.0.5. See the changelog for every commit.
- SMTP delivery failure exceptions now include the error text received from the destination server.
- π Improved API documentation.
- βͺ
Table::saveMany()
now correctly rollbacks a transaction when an entity other than the first fails to save because of application rules or database failure. ConsoleIntegrationTestTrait
now uses mocked_out
and_err
objects if they have been set.ConsoleInput::read()
now handlesfalse
values fromfgets()
and readline.- π
CounterCacheBehavior
now handles null association values better when custom finders are used. Http\Response
now allows usage of unassigned HTTP status codes between 100 and 599.- π Binary data in SQL query logs is now encoded as hexadecimal to improve readability of query logs.
Contributors to 4.0.5
π Thank you to all the contributors that helped make this release happen:
- ADmad
- Corey Taylor
- Edgaras JanuΕ‘auskas
- Jad Bitar
- Mark Scherer
- Mark Story
- Victor Eduardo de Assis
- nook24
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
-
v4.0.4 Changes
February 22, 2020π The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.4. This is a maintenance release for the 4.0 branch that fixes several community reported issues.
π Bugfixes
π You can expect the following changes in 4.0.4. See the changelog for every commit.
- π
Http\Response::$_contenType
was removed as it was often wrong and out of sync with thegetHeader('Content-Type')
value. - π
NumberHelper::precision()
had the$options
parameter added so it can better wrapNumber::precision()
. - β Add
timestamptimezone
mapping toFormHelper
andDateTimeWidget
. - β
IntegrationTestCaseTrait
once again raises exceptions whendisableErrorHandlerMiddleware()
is used. datetime-local
values are rendered with milliseconds byDateTimeWidget
only when step size is less than 1.- π Improved API documentation.
- π Improved missing template exception messages. They now list out the full path of every attempted file.
- β‘οΈ
CounterCacheBehavior
no longer attempts to update values when the foreign key is null. - π» Loading optional associations with
leftJoinWith()
andcontain()
no longer raises an exception about missing association data. TextHelper::autoParagraph()
now acceptsnull
.HtmlHelper::para()
now acceptsnull
.- π
Validation::decimal()
now handles Polish formatted numbers correctly. HasMany
associations now set invalid messages and errors on the parent entity when non-atomic saves fail.- π Improved missing database exception message.
- Logged fatal errors now include the file and line position.
Contributors to 4.0.4
π Thank you to all the contributors that helped make this release happen:
- ADmad
- Corey Taylor
- Justin Slamka
- Mark Scherer
- Mark Story
- Michal
- Rachman Chavik
- Remi Collet
- Victor Eduardo de Assis
π As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
- π