CakePHP: The Rapid Development Framework for PHP - Official Repository
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.15. This is a maintenance release for the 4.4 branch that fixes several community reported issues including a low risk security fix.
You can expect the following changes in 4.4.15. See the changelog for every commit.
unserialize
in debug output of SecurityComponent
failure messages. Thanks to Andreas Kellas for reporting this issue via our security disclosure policy.Thank you to all the contributors that helped make this release happen:
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
The CakePHP core team is happy to announce the first release candidate for CakePHP 5.0.0. Since the beta2 release the core team has continued to refine, simplify, and prepare 5.0 for the upcoming future. Some of the highlights of this work include:
Time
extensions with translation integrations.Time
support to the ORM. Going forward time
type columns will be mapped to this type. Additionally, date
type columns will be mapped to immutable Date
objects.Finally, the scope for 5.x isn't locked down so if you'd like to see a feature added please open an issue.
The migration guide has a complete list of what's new in 5.0.0. We recommend you give that page a read when upgrading as it notes the various breaking changes present in 5.0.
You can help deliver 5.0 by contributing in one of many ways:
Thank you to all the contributors that have helped since the beta2 release:
As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.14. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
You can expect the following changes in 4.4.14. See the changelog for every commit.
SSL XOAUTH2
support in SmtpTransport
. This improves compatibility with Microsoft based servers.public
in Fixture schema generation.Validation::utf8()
and by extension the Validator::utf8()
method as well now fail on invalid UTF8 bytes even when the extended range is enabled.ROOT
in deprecationWarning()
. This was causing failures in standalone package usage.Thank you to all the contributors that helped make this release happen:
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.13. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
You can expect the following changes in 4.4.13. See the changelog for every commit.
Thank you to all the contributors that helped make this release happen:
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
The CakePHP core team is happy to announce the second beta release of CakePHP5.0.0. Since the beta1 release the core team has continued to refine andsimplify the framework. Some of the highlights of this work include:
Finally, the scope for 5.x isn't locked down so if you'd like to see a feature or breaking change made please open an issue.
The migration guide has a complete list of what's new in 5.0.0. We recommend you give that page a read when upgrading as it notes the various breaking changes present in 5.0.
You can help deliver 5.0 by contributing in one of many ways:
Thank you to all the contributors that have helped since the beta1 release:
As always, a huge thanks to all the community members that helped make this release happen by reporting issues and sending pull requests.
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.12. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
You can expect the following changes in 4.4.12. See the changelog for every commit.
missing_controller
template where class
was undefined.PDOError
that preserves the queryString
attribute used in error templates. This is a workaround for dynamic properties being deprecated in PHP 8.2.TestEmailTransport
caused by Mailer
instances being delivered within a loop. These mutations would result in test assertions having access to incorrect information.TypeError
would be raised when attempting to write to a session that failed to start.cake plugin load
now detects and prevents duplicates.Thank you to all the contributors that helped make this release happen:
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.4.11. This is a maintenance release for the 4.4 branch that fixes several community reported issues.
You can expect the following changes in 4.4.11. See the changelog for every commit.
View
can now iterates templates paths that were defined as an associative array.i18n extract
command now checks for directory existence before trying to enumerate the files within directories provided as inputs.PDOError
objects are logged.Thank you to all the contributors that helped make this release happen:
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.12. This release corrects a regression introduced when backporting the recent security fix from 4.4.10 to the 4.2 branch.
You can expect the following changes in 4.4.12. See the changelog for every commit.
Query::offset()
and Query::limit()
.The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.11. This release contain a security fix for the limit()
and offset()
methods of Cake\Database\Query
. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.
The CakePHP core team is happy to announce the immediate availability of CakePHP 4.3.11. This release contain a security fix for the limit()
and offset()
methods of Cake\Database\Query
. If passed unfiltered request data, these methods would allow for SQL injection. If your application does not use CakePHP's Pagination wrappers and directly passes request data into one of these methods your application is vulnerable. We'd like to thank 'Tanaka' for reporting this issue.