Releases: cakephp/cakephp
CakePHP 4.4.11 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.11. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.11. See the changelog for every commit.
Viewcan now iterates templates paths that were defined as an associative array.- The
i18n extractcommand now checks for directory existence before trying to enumerate the files within directories provided as inputs. - Update SECURITY policy docs to include 3.x end-of-life status.
- Improve API documentation.
- Fix dynamic-property error in PHP8.2 when
PDOErrorobjects are logged. - Switch to using phive to install static analysis tools.
- Set the request into the routing context before processing middleware. This ensures that links on error pages always have access to the current request.
Contributors to 4.4.11
Thank you to all the contributors that helped make this release happen:
- ADmad
- Edgaras Janušauskas
- fabsn182
- Kevin Pfeifer
- Marc Würth
- Mark Scherer
- Mark Story
- Mikkel Bonde
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.2.12 Released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.12. This release corrects a regression introduced when backporting the recent security fix from 4.4.10 to the 4.2 branch.
Bugfixes
You can expect the following changes in 4.4.12. See the changelog for every commit.
- Fix regression in
Query::offset()andQuery::limit().
CakePHP 4.4.10 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.10. This release contain a security fix for the limit() and offset() methods of Cake\Database\Query. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
Additional Bugfixes in 4.4.10
The 4.4.10 release contains the aforementioned security fix as well as the following fixes. See the changelog for every commit.
- Update association definitions in ORM tests.
- Update build images to Ubuntu 22.04.
Contributors to 4.4.10
Thank you to all the contributors that helped make this release happen:
- ADmad
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.3.11 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.3.11. This release contain a security fix for the limit() and offset() methods of Cake\Database\Query. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
CakePHP 4.2.11 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.11. This release contain a security fix for the limit() and offset() methods of Cake\Database\Query. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
CakePHP 3.x End of Support and 3.10.5 Released
As previously communicated the time has come for CakePHP 3.x support to end. It has been 36 months since the release of 4.0.0 on Dec 15 2019, and going forward the core team will not be maintaining the 3.x branch.
Going forward the CakePHP team will continue to support 4.x and develop 5.x. Once 5.0.0 is released, 4.x will receive bugfixes for 24 months, and security fixes for 36 months.
CakePHP 3.10.5 released
The 3.10.5 release contains a single bugfix:
- Fix
IntegrationTestTraitprovidingnullas the request body.
Contributors to 3.10.5
- Marc Würth
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.9 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.9. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.9. See the changelog for every commit.
- Improve duplicate route detection in
cake routes. - Make
ShadowTranslatestrategy forTranslateBehaviorhandle missing association records with translations consistently withEavStrategy.
Contributors to 4.4.9
Thank you to all the contributors that helped make this release happen:
- ADmad
- Mark Story
- Matthias Wirtz
- othercorey
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 5.0.0-beta1 released
The CakePHP core team is proud to announce the first beta release of CakePHP 5.0.0. This initial release contains most of the new features and breaking changes that 5.0 will contain. This release contains a minimal working application skeleton. It also features a new version of Chronos with several breaking changes. A focus of 5.0 has been to remove deprecated features and improve the adoption of native type-declarations where possible.
Our focus in the near future is to finish updating all of the CakePHP maintained plugins to be compatible with 5.0. We'll also be putting more work into backporting deprecations into the next 4.x release (4.5.0) so that upgrading can be done incrementally before 5.x is released.
Finally, the scope for 5.x isn't locked down so if you'd like to see a feature or breaking change made please open an issue.
New Features
The migration guide has a complete list of what's new in 5.0.0. We recommend you give that page a read when upgrading as it notes the various breaking changes present in 5.0.
How you Can Help
You can help deliver 5.0 by contributing in one of many ways:
- Check the documentation for mistakes, outdated, unclear or broken examples. We've been trying to update everything but may have not caught everything.
- Try it out! Give CakePHP 5.0 a test drive in a non-production application. We'd love to hear how converting a small application went and what was harder than it should have been.
- File issues for regressions in existing features, or suggest new features. Even if those features don't make it into 5.0, we would appreciate community input on what should be part of 5.1 and 5.2
Contributors to 5.0.0-beta1
Thank you to all the contributors that have helped since the alpha1 release:
- ADmad
- Chris Nizzardini
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- ndm2
- othercorey
- saeideng
As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
CakePHP 4.4.8 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.8. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.8. See the changelog for every commit.
- Aligned
ServerRequest::scheme()andUri::getScheme()on how they handle proxy headers. - Improve compatibility of old
PaginatorInterfacealias. - Fixed infinite loop when a table class was created without a name or table, and
getAlias()is called on it. - Improve
assertMailSentWithcomparisons with array values. - Fixed
sortDefaultanddirectionDefaultnot working with multiple pagination. - Improved typehints and API docs.
Contributors to 4.4.8
Thank you to all the contributors that helped make this release happen:
- ADmad
- Marc Würth
- Mark Story
- Matthias Wirtz
- othercorey
- TerryKern
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
CakePHP 4.4.7 released
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.7. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
Bugfixes
You can expect the following changes in 4.4.7. See the changelog for every commit.
- Fixed errors arising from exporting objects with invalid
__debugInfo()methods. - Improved API documentation.
- Fixed missing dependency to
cakephp/database. - Fixed regression in
FormHelper::radio()andFormHelper::multiCheckbox().
Contributors to 4.4.7
Thank you to all the contributors that helped make this release happen:
- ADmad
- Felix Kempf
- Mark Scherer
- Mark Story
- ndm2
- Oliver Nowak
- othercorey
- Tyler Lendon
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.