Recent Releases
4.4.1507 Jul 2023 12:44
minor feature:
4.3.0-RC417 Oct 2021 10:45
minor feature:
A new fluent builder for CASE expressions was added to QueryExpression.
QueryExpression::addCase() is now deprecated.
Associations that load records with the subquery strategy, no longer include a LIMIT clause if there is no ORDER BY on the query.
CakePHP's dependency on league/container was bumped to 4.x this may cause type errors with ServiceProvider implementations.
The new ture system was further refined, both in API and performance. These changes may cause incompatibilities with applications using previous release candidates.
the singular form of 'lenses' to 'lens'.
ADmad.
Corey Taylor.
Mark Scherer.
Mark Story.
ndm2.
4.2.1014 Oct 2021 03:16
minor feature:
a TypeError in CsrfProtectionMiddleware when invalid data was provided.
MailContains constraint from escaping patterns multiple times.
Improved API documentation.
Added workaround for breaking change in PHPUnit 9.5.10.
incorrect SQL being generated when a HasMany association has a null value, and the association has cascadeCallbacks.
DateType not clearing time values for DateTimeImmutable. This scenario can arise when using the cakephp/orm package directly.
Limit clauses are ignored if no order exists when using a subquery strategy for HasMany associations.
ADmad.
Corey Taylor.
Julian Pollmann.
Kevin Pfeifer.
Mark Scherer.
Mark Story.
Rolf Kaiser.
4.3.0-RC307 Oct 2021 03:16
minor feature:
Radio inputs trimming off leading - which could result in duplicate id attributes.
Improved API documentation.
Newline usage in MailTransport. In PHP8 mail() require headers to be separated with CRLF instead of PHP_EOL.
Ture truncation in SQLServer now only regenerates sequences that were used.
ADmad.
Corey Taylor.
Lars Willighagen.
Mark Story.
Othercorey.
Saeideng.
4.3.0-RC227 Sep 2021 06:45
minor feature:
Radio inputs trimming off leading - which could result in duplicate id attributes.
Improved API documentation.
Newline usage in MailTransport. In PHP8 mail() require headers to be separated with CRLF instead of PHP_EOL.
Ture truncation in SQLServer now only regenerates sequences that were used.
ADmad.
Corey Taylor.
Lars Willighagen.
Mark Story.
Othercorey.
Saeideng.
4.3.0-RC115 Sep 2021 03:16
minor feature:
Controller::middleware() was added which allows you to define middleware for a single controller only.
Http Client::addMockResponse() was added making integration tests easier to write without using complex to define mocks.
A JSON based logger was added.
FormHelper generates aria attributes improving out-of-the box accessibility.
A new ture subsystem leverages your migrations or SQL dumps to generate test database schema was added.
ADmad.
Breton Erwane.
Chris Nizzardini.
Erwane Breton.
J.Brabec.
Jan Brabec.
Juan Pablo Ramirez.
Mark Scherer.
Mark Story.
Rob Rikken.
andrii-pukhalevych.
captain-redbeard.
chris cnizzardini.
fabsn182.
jpramirez.
ndm2.
othercorey.
4.2.911 Sep 2021 13:45
minor feature:
Radio inputs trimming off leading - which could result in duplicate id attributes.
Improved API documentation.
Newline usage in MailTransport. In PHP8 mail() require headers to be separated with CRLF instead of PHP_EOL.
Ture truncation in SQLServer now only regenerates sequences that were used.
ADmad.
Corey Taylor.
Lars Willighagen.
Mark Story.
Othercorey.
Saeideng.
4.2.817 Jul 2021 03:15
minor feature:
Paginator scopes now generate URLs correctly when passed parameters are involved.
The searched path list in a MissingTemplateException is now correct for elements in plugins.
Improved documentation for Query::applyOptions().
ADmad.
Joel Montesinos.
Mark Story.
ndm2.
3.10.021 Jun 2021 03:15
minor feature:
3.10 will continue to receive until December 15 2021.
3.10 will continue to receive security until December 15 of 2022.
Improved API documentation.
Backported improvements to Validation::time() from 4.x.
EmailTrait::assertMailSentFrom() now accepts an array with an address alias.
bancer.
David Yell.
gregs.
Jorge.
Mark Story.
ndm2.
othercorey.
tanden.
Tobse.
4.2.717 Jun 2021 03:15
minor feature:
Improved error messages for form protection failures.
tuple comparisons dropping their parameter binding types which improves subquery generation and marshalling _ids with composite primary keys.
Improved API documentation.
I18n Number no longer emits errors in PHP8 when invalid data is formatted.
OAuth1 signature comparison failures when consumer keys contain base64 encoded data.
Reduced output from de() when objects implement __deInfo(). Now only the data from __deInfo() is exported instead of dedata and all properties which often led to duplicate output.
failing console output assertion when output contained a s placeholder.
ADmad.
Hache_raw.
Mark Scherer.
Mark Story.
Michael Hoffmann.
Rytis Slatkevičius.
fugaco.
ndm2.
othercorey.
3.9.1031 May 2021 03:16
minor feature:
'text file busy' errors that occur with file caching and virtual.
Machines.
Type information being lost when translating tuple comparisons. The surrogate queries did not inherit type map information.
Types not being used when marshalling _ids and composite keys.
Added missing encoding to OAuth1 client when the consumer_key is a base64 encoded string.
Othercorey.
Mark Story.
Ndm2.
4.2.606 May 2021 12:45
minor feature:
Updated API documentation for FrozenDate.
Improved Security.salt warning message.
Improved exception message in Collection::groupBy() when no key is used.
cake plugin assets can now handle symlinks on windows.
variadic string argument resolution in ControllerFactory.
'text file busy' errors that can occur when deleting files on virtual machines.
assertMailSentToAt(0) not working correctly.
ADmad.
Corey Taylor.
Karma Dice.
Mark Scherer.
Mark Story.
gregs.
ndm2.
3.9.925 Apr 2021 07:45
minor feature:
The assertMailSentFrom() method can now compare array emails.
Improved API documentation.
BufferedIterator not yielding full results when partially iterated.
RouteBuilder::plugin() not forwarding the namePreoption.
Corey Taylor.
Jorge.
Marc Würth.
Mark Story.
TerryKern.
Tobse.
ndm2.
4.2.504 Apr 2021 08:05
minor feature:
Improved time format in response headers. Previously leading 0s were missing.
Improved API documentation.
RouteBuilder::plugin() not forwarding the _namePreoption.
Improved accuracy of database query log timers.
BufferedIterator not returning all results after being partially iterated and then iterated a second time.
The standalone database package no longer emits a type error when App.namespace is undefined and the connection does not exist.
ADmad.
Corey Taylor.
Mark Scherer.
Mark Story.
othercorey.
Saleh Souzanchi.
Tobse.
3.10.0-RC128 Mar 2021 03:16
minor feature:
The changes made to TableLocator::get() in 3.9.7 were reverted as were opened as plugins rely on shallow initialization loops.
ADmad.
othercorey.
3.9.810 Mar 2021 03:18
minor feature:
The changes made to TableLocator::get() in 3.9.7 were reverted as were opened as plugins rely on shallow initialization loops.
ADmad.
othercorey.
3.9.707 Mar 2021 03:15
minor feature:
bin/cake routes check no longer fails when redirect routes are used.
Improved API documentation and method annotations.
The variable replacement behavior was aligned between the sprintf and icu message formatters. This change was a backport from 4.x.
Aligned Entity::isEmpty() and Entity::hasValue() to treat '0' as a non-empty value. This aligns the behavior with documentation and original intent.
path handling in FileCache to prevent deleting an empty paths.
TableLocator::get() now raises an error when a table's initialize() method would create an infinite loop.
Email::setReplyTo() now takes multiple addresses.
ADmad.
Corey Taylor.
Marc Würth.
Mark Story.
mtak3.
ndm2.
othercorey.
Waldemar Bartikowski.
4.2.428 Feb 2021 07:25
minor feature:
bin/cake routes check not handling redirect routes correctly.
Removed a connection flag from the SQLServer driver that is incompatible with new versions of SQLServer.
Improved API documentation.
Console TableHelper now accepts integers and floats as cell values.
Updated documentation for ServerRequest::is() to allow mixed.
Improved PHP8 compatibility for silenced errors.
Aligned Entity::isEmpty() and Entity::hasValue() to treat '0' as a non-empty value. This aligns the behavior with documentation and original intent.
DatabaseSession now uses the session table's entity when creating/deleting records.
path handling in FileCache to prevent deleting an empty paths.
ADmad.
AdmDevelopment.
Alexander Volle.
Mark Story.
mirko-pagliai.
mtak3.
ndm2.
othercorey.
4.2.325 Jan 2021 08:05
minor feature:
Improve saving of translations when using the shadow table strategy.
Improved flash message retention. Messages are now merged with the existing messages making it compatible with multiple requests in the same test method.
Session::read() to return the default value when a session cannot be started.
Improved API documentation.
Validation::custom() now accepts integer values.
The sprintf() translation formatter now works consistently with the intl based implementation when translating plural values. The count parameter is no longer the first placeholder value.
Mailer Message now includes the textMessage and htmlMessage in serialized data.
Arguments for stacktraces are now included by default for development error pages.
ADmad.
Cauan Cabral.
Corey Taylor.
Hache_raw.
Joseph Shanak.
Mark Scherer.
Mark Story.
o0h.
othercorey.
Thx3r.
Waldemar Bartikowski.
4.2.207 Jan 2021 09:05
minor feature:
Missing parenthesis on subqueries in SQLServer.
Incorrect bindings when ordering queries by expressions in SQLServer.
Hash::mergeDiff() not handling scalar values during merging well.
Mark Story.
Ndm2.
Othercorey.
3.9.501 Jan 2021 17:45
minor feature:
Missing parenthesis on subqueries in SQLServer.
Incorrect bindings when ordering queries by expressions in SQLServer.
Hash::mergeDiff() not handling scalar values during merging well.
Mark Story.
Ndm2.
Othercorey.
4.2.128 Dec 2020 06:45
minor feature:
ture file casing.
Improved API documentation for TimeHelper.
Added additional setup warnings for short Security.salt values. Ideally salt values are 32 bytes or longer.
null values being passed to controller actions when resolving dependencies.
BREACH weakness in SessionCsrfProtectionMiddleware.
ADmad.
Mark Scherer.
Mark Story.
Remi Collet.
4.2.021 Dec 2020 03:15
minor feature:
Incorrect URL parsing when REQUEST_URI contains a string that is the same length as the App.fullBaseUrl.
Mark Story.
2.10.2416 Dec 2020 03:25
minor feature:
Improved API documentation.
Added additional tests for flash message retention in tests.
SQL Server missing parenthesis on pagination subquery order clause.
SQL Server binding conflicts when ordering by expression objects.
Improved error messages when database queries are missing operators.
Hash::mergeDiff() not handling scalar values well.
ADmad.
Ikko Ashimine.
Mark Scherer.
Mark Story.
Markus Ramšak.
ndm2.
othercorey.
saeideng.
4.1.713 Dec 2020 03:15
minor feature:
Improved API documentation.
Added additional tests for flash message retention in tests.
SQL Server missing parenthesis on pagination subquery order clause.
SQL Server binding conflicts when ordering by expression objects.
Improved error messages when database queries are missing operators.
Hash::mergeDiff() not handling scalar values well.
ADmad.
Ikko Ashimine.
Mark Scherer.
Mark Story.
Markus Ramšak.
ndm2.
othercorey.
saeideng.
4.0.1008 Dec 2020 03:16
minor feature:
Http Client::createFromUrl() was added.
Improved errors when INSERT queries cannot be compiled.
TableHelper::output() now has a text-right tag to right align cell content.
Testture::isManaged() was added to make whether a ture manages schema more explicit.
UrlHelper now supports the assetUrlClassName option, which allows you to replace the class used to generate static asset URLs.
TableLocator::allowFallbackClass() was added. This method lets you disable automatic fallback table class in a locator.
Http FlashMessage was added. This utility class enables flash messages to be manipulated from within middleware.
Http ServerRequest::getFlash() was added to expose the new flash utility.
ing binding conflicts in SQLServer queries.
Added Application.buildContainer event. This event is triggered when the application container is built.
Integration test traits had the mockService() method added to enable straightforward mocking of services in tests.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Eugene Ritter.
Ikko Ashimine.
imo-tikuwa.
Juan Basso.
Mark Scherer.
Mark Story.
ndm2.
othercorey.
saeideng.
tikuwa.
4.2.0-RC103 Dec 2020 08:25
minor feature:
Http Client::createFromUrl() was added.
Improved errors when INSERT queries cannot be compiled.
TableHelper::output() now has a text-right tag to right align cell content.
Testture::isManaged() was added to make whether a ture manages schema more explicit.
UrlHelper now supports the assetUrlClassName option, which allows you to replace the class used to generate static asset URLs.
TableLocator::allowFallbackClass() was added. This method lets you disable automatic fallback table class in a locator.
Http FlashMessage was added. This utility class enables flash messages to be manipulated from within middleware.
Http ServerRequest::getFlash() was added to expose the new flash utility.
ing binding conflicts in SQLServer queries.
Added Application.buildContainer event. This event is triggered when the application container is built.
Integration test traits had the mockService() method added to enable straightforward mocking of services in tests.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Eugene Ritter.
Ikko Ashimine.
imo-tikuwa.
Juan Basso.
Mark Scherer.
Mark Story.
ndm2.
othercorey.
saeideng.
tikuwa.
2.10.2329 Nov 2020 07:25
minor feature:
deprecated parameter order in an implode() call.
Added the fo-fo locale alias.
the Configure value being written in SchemaShell.
event listener invocation to only use positional parameters.
Henrik Gemal.
Jeremy Ruten.
Mark Story.
Markus Podar.
Martin Stuecklschwaiger.
3.9.415 Nov 2020 07:05
minor feature:
The pj() function now supports UTF-8 data better.
warning about SameSite index when upgrading from earlier versions of 3.x.
Improved API documentation.
Added upper PHP version constraint of
4.1.608 Nov 2020 11:25
minor feature:
The Validator::setStopOnFailure() method was added. This method helps improve ease of upgrading from 3.x. It allows the require methods to stop field validation.
Mailer::setReplyTo() now accepts multiple email addresses. This change aligns Reply-To with other email fields that accept multiple recipients.
Warnings emitted by AuthComponent when using strict mode and a mocked request were.
incorrect error messages for named routes that failed to match.
string condition parsing in having and where conditions when the string condition contains functions and spaces.
Improved API documentation.
OAuth 1.0 signatures no longer include request bodies if the request is not urlencoded data.
Support for UTF8 encodings was added to pj().
Entity marshalling now loosely compares objects. Previously strict comparisons were used causing all object attributes to considered dirty and updated.
Improved error messages when INSERT queries were missing a table name.
BodyParserMiddleware now correctly handles scalar value request bodies for JSON requests.
ServerCommand now honours the PHP environment variable when starting the HTTP server.
ADmad.
chris cnizzardini.
Corey Taylor.
Daniel Opitz.
Juan Basso.
Marc Würth.
Mark Scherer.
Mark Story.
Matthias Wirtz.
othercorey.
Ricardo Turella.
Richard.Strittmatter.
4.2.0-beta103 Nov 2020 06:05
minor feature:
Reduce the usage of deprecated features in Http package.
HasMany associations not applying conditions defined within a closure during an unlink operation.
Cookies can have their SameSite attribute defined in PHP 7.3+.
Improved API documentation.
ADmad.
itosho.
Mark Story.
Mischa ter Smitten.
3.9.309 Oct 2020 10:05
minor feature:
Reduce the usage of deprecated features in Http package.
HasMany associations not applying conditions defined within a closure during an unlink operation.
Cookies can have their SameSite attribute defined in PHP 7.3+.
Improved API documentation.
ADmad.
itosho.
Mark Story.
Mischa ter Smitten.
4.1.505 Oct 2020 10:25
minor feature:
cake plugin load will now display an error when an invalid plugin name is used.
Improved compatibility with PHP8.
Test tures now truncate tables that have externally defined schema. Previously they would not be truncated or dropped and subsequent tests would fail.
MemcachedEngine will now raise an exception when persistent connections are used with different server lists.
AuthComponent no longer raises an error when the request has no action defined.
Improved cross browser compatibility of 'Copy' button in deoutput.
Updated parameter names inside Collection in preparation foro PHP8.
ADmad.
bancer.
Corey Taylor.
itosho.
Jonathan McAndrew.
Mark Scherer.
Mark Story.
othercorey.
4.1.406 Sep 2020 11:25
minor feature:
Route now normalizes HTTP method names. This prevents hard to diagnose route matching failures when a method was miscased.
The output of de() now includes whitespace in the generated HTML. This improves the text output when contents are copy and pasted.
The HTML output of de() now includes a 'copy' button to make copying the contents easier.
Parameter name mismatches between interfaces, and implementations were in preparation for PHP8's named parameters.
Invalid UUID values now emit warnings less often during marshalling.
TableRegistry::get() now generates aliases correctly when tables are fetched with their full qualified namespace name.
ADmad.
Mark Scherer.
Mark Story.
othercorey.
3.9.230 Aug 2020 19:05
minor feature:
The Http Client curl adapter now uses CURLOPT_NOBODY when making HEAD requests.
output buffers not being when view templates or blocks are being rendered. This tests being marked as risky in PHPUnit.
PaginatorHelper::first() and last() now correctly handle url options.
Marc Würth.
Mark Story.
ndm2.
Nicky Gerritsen.
4.1.316 Aug 2020 03:15
minor feature:
The changes made to not reload plugin configuration was reverted as it caused regressions in community plugins.
XML entity loading code was de-duplicated and made compatible with PHP8.
The SqlServer driver now raises an exception when more than 2100 parameters are provided as that is the maximum that SQLServer supports.
The SqlServer driver will now retry connection creation up to 4 times on certain errors such as database paused. This increases compatibility with cloud hosted SQLServer instances.
View now all open output buffers when an element or view fails during rendering. This resolves open buffer warnings in test cases.
DateType now ensures that time components are wiped for PHP provided classes as well.
ADmad.
Corey Taylor.
Mark Scherer.
Mark Story.
ndm2.
4.1.209 Aug 2020 12:25
minor feature:
usage of deprecated classes internally.
TypeError in PHP8.
Improved type checking in Validation::custom() and localizedTime().
potential collision with placeholders in Text::insert().
Enabled autoloading of models when modelClass is defined with a fully qualified namespace name.
Enable log formats to log milliseconds.
incorrect behavior when sending a HEAD request and the response contains a Content-Length header.
Whitespace inside strings output via de() is now retained in the HTML output format.
Improve database logging to handle SELECT queries that return no rows.
Update external entity loading options to work with newer versions of libxml.
Table::getAlias() now handles abstract base classes better.
ADmad.
Benjamin Gehrels.
Corey Taylor.
Edgaras Janušauskas.
Marc Würth.
Mark Scherer.
Mark Story.
mcsknp.
Nicky Gerritsen.
othercorey.
3.9.128 Jul 2020 12:45
minor feature:
Connection::transactional() will now rollback the transaction on a Throwable instance.
encoding in MO file parser.
Improved API documentation.
Added ssl_local_pk option to Http Client.
Collection::shuffle() now includes elements with duplicate keys in the collection.
Added deprecation tag to NumberHelper::defaultCurrency(). Use getDefaultCurrency() and setDefaultCurrency() instead.
Corey Taylor.
Edgaras Janušauskas.
Mark Scherer.
Mark Story.
othercorey.
Philo Hamel.
Val Bancer.
Vincent PLANCHER.
4.1.119 Jul 2020 03:16
minor feature:
Support for Common Table Expressions (CTE) in the ORM.
Support for window functions in the ORM.
Query::orderAsc() and Query::orderDesc() now accept Closure's as their field enabling you to use build complex order expressions with the provided QueryExpression object.
de() and Deger::printVar() now emit HTML in web contexts, and ANSI styled output in CLI contexts. Output of cyclic structures and repeated objects is much simpler. Cyclic objects are only dumped once and use reference ids to point back to the full value.
CsrfProtectionMiddleware can now create cookies with the samesite attribute set.
Log messages can now contain foo style placeholders. These placeholders will be replaced by values from the context parameter if available.
ADmad.
andrii-pukhalevych.
Cauan Cabral.
chinpei215.
Corey Taylor.
Diego Sardina.
diegosardina.
Edgaras Janušauskas.
Frank de Graaf.
Jad Bitar.
John Zwarthoed.
Marc Würth.
Mario Rothauer.
Mark Scherer.
Mark Story.
Matthias Wirtz.
McsKienNP.
mcsknp.
mtak3.
ndm2.
nojimag.
Oliver Nowak.
othercorey.
saeideng.
victoreassi.
Vincent PLANCHER.
Walther Lalk.
4.1.005 Jul 2020 11:45
minor feature:
Support for Common Table Expressions (CTE) in the ORM.
Support for window functions in the ORM.
Query::orderAsc() and Query::orderDesc() now accept Closure's as their field enabling you to use build complex order expressions with the provided QueryExpression object.
de() and Deger::printVar() now emit HTML in web contexts, and ANSI styled output in CLI contexts. Output of cyclic structures and repeated objects is much simpler. Cyclic objects are only dumped once and use reference ids to point back to the full value.
CsrfProtectionMiddleware can now create cookies with the samesite attribute set.
Log messages can now contain foo style placeholders. These placeholders will be replaced by values from the context parameter if available.
ADmad.
andrii-pukhalevych.
Cauan Cabral.
chinpei215.
Corey Taylor.
Diego Sardina.
diegosardina.
Edgaras Janušauskas.
Frank de Graaf.
Jad Bitar.
John Zwarthoed.
Marc Würth.
Mario Rothauer.
Mark Scherer.
Mark Story.
Matthias Wirtz.
McsKienNP.
mcsknp.
mtak3.
ndm2.
nojimag.
Oliver Nowak.
othercorey.
saeideng.
victoreassi.
Vincent PLANCHER.
Walther Lalk.
4.0.924 Jun 2020 04:25
minor feature:
Added support for AUTH PLAIN to SmtpTransport.
Improved API docblocks and type annotations.
Removed usage of ReflectionParameter::getClass() as it is deprecated in PHP 8.
Improved performance of ServerRequest::is() and isAll().
warnings in SecurityComponent, FormProtector and CsrfProtectionMiddleware when handling invalid non-scalar data.
incorrect paths in missing layout error pages.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Mark Scherer.
Mark Story.
andrii-pukhalevych.
3.8.1320 Jun 2020 06:25
minor feature:
Improve API documentation annotations.
Add AUTH PLAIN support to the SmtpTransport.
warnings emitted by SecurityComponent and CsrfProtectionMiddleware when array data was provided in specific inputs.
ADmad.
Corey Taylor.
Mark Story.
2.10.2208 Jun 2020 06:05
minor feature:
Improve API documentation.
UUID generation to not include host or IP based information. This aligns the implementation with the documented behavior of being a v4 UUID.
Improved performance of Request::is() and Request::isAll().
Mark Sch.
Mark Story.
Richard van den.
Val Bancer.
andrii-pukhalevych.
othercorey.
4.1.0-RC101 Jun 2020 14:45
minor feature:
Update API documentation and method typing.
marshalling datetime values of HH:mm.
Removed @throws annotations from IntegrationTestTrait methods.
handling of false values in FormHelper. Instead of '', 0 is used now.
Improved CSRF validation error messages.
application/www-form-urlencoded payloads in integration tests showing up as empty arrays.
XmlView no longer tries to get keys of non-array values.
ADmad.
Corey Taylor.
Frank de Graaf.
Mark Scherer.
Mark Story.
diegosardina.
3.9.0-RC228 May 2020 06:25
minor feature:
Update API documentation and method typing.
marshalling datetime values of HH:mm.
Removed @throws annotations from IntegrationTestTrait methods.
handling of false values in FormHelper. Instead of '', 0 is used now.
Improved CSRF validation error messages.
application/www-form-urlencoded payloads in integration tests showing up as empty arrays.
XmlView no longer tries to get keys of non-array values.
ADmad.
Corey Taylor.
Frank de Graaf.
Mark Scherer.
Mark Story.
diegosardina.
4.0.824 May 2020 03:16
minor feature:
Update API documentation and method typing.
marshalling datetime values of HH:mm.
Removed @throws annotations from IntegrationTestTrait methods.
handling of false values in FormHelper. Instead of '', 0 is used now.
Improved CSRF validation error messages.
application/www-form-urlencoded payloads in integration tests showing up as empty arrays.
XmlView no longer tries to get keys of non-array values.
ADmad.
Corey Taylor.
Frank de Graaf.
Mark Scherer.
Mark Story.
diegosardina.
2.10.2119 May 2020 09:25
minor feature:
Improve compatibility with PHP7.4 by removing usage of deprecated string offset syntax.
Added support for TLS 1.3 to CakeSocket.
argument order for implode() call that would fail in PHP8.
ADmad.
Jakub Onderka.
Mark Sch.
Mark Story.
Markus Podar.
Val Bancer.
othercorey.
4.1.0-beta116 May 2020 03:16
minor feature:
casing of stored procedures used to reflect schema in SQLServer to work on case sensitive databases.
Improved compatibility aliases for PHPUnit.
Improved API docstrings.
error when Email messagaes were force wrapped and were exactly the maximum line length.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Erwane Breton.
Mark Scherer.
Mark Story.
Nicolas.
3.9.0-RC112 May 2020 09:25
minor feature:
casing of stored procedures used to reflect schema in SQLServer to work on case sensitive databases.
Improved compatibility aliases for PHPUnit.
Improved API docstrings.
error when Email messagaes were force wrapped and were exactly the maximum line length.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Erwane Breton.
Mark Scherer.
Mark Story.
Nicolas.
3.8.1208 May 2020 11:45
minor feature:
casing of stored procedures used to reflect schema in SQLServer to work on case sensitive databases.
Improved compatibility aliases for PHPUnit.
Improved API docstrings.
error when Email messagaes were force wrapped and were exactly the maximum line length.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Erwane Breton.
Mark Scherer.
Mark Story.
Nicolas.
4.0.703 May 2020 07:05
minor feature:
Improved CSRF generation to upgrade errors introduced in 4.0.6.
MailSentWith assertions now include the contents of the messages that did not pass the assertion.
Deger::exportVar() now handles uninitialized typed properties from PHP 7.4.
Improved API docstring types.
Improved rendering of multiline exception messages and messages with inline code formatting.
Improved defining ISO8601 validation rules.
ADmad.
Edgaras Janušauskas.
Erwane Breton.
Johan Meiring.
Mark Scherer.
Mark Story.
othercorey.
4.0.619 Apr 2020 03:25
minor feature:
Nirmal Kirubakaran contacted us via the security mailing list and disa vulnerability in our CSRF token generation. If an attacker were to use an XSS vulnerabiity or physical access to ate a CSRF token they could then exploit additional CSRF attacks. In this release tokens contain an HMAC signed with Security.salt. This ensures the tokens were generated by the same application that receives them.
Improved session access in IntegrationTestTrait through the new getTestSession() method.
generation of pagination links on / URLs.
cake plugin unload and cake plugin load now handle vendor namespaced plugins.
Validation::inList() no longer emits a warning on a non-scalar values.
Schema reflection stored procedures in SQLServer now work in case sensitive configurations.
Email message wrapping no longer emits errors when lines are the same length as the wrap length.
App::path() now resolves locale files for plugins.
ADmad.
Corey Taylor.
Mark Scherer.
Mark Story.
Nicolas.
3.8.1106 Apr 2020 20:05
minor feature:
Added deprecation notice about ResponseEmitter to Response::send().
a division by 0 warning when file cache gc probability is set to 0.
Updated deprecation warning supression for test suites in PHP 7.4.
Allow usage of unassigned HTTP status codes between 100 and 599.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Mark Story.
Rachman Chavik.
4.0.529 Mar 2020 18:45
minor feature:
SMTP delivery failure exceptions now include the error text received from the destination server.
Improved API documentation.
Table::saveMany() now correctly rollbacks a transaction when an entity other than the first fails to save because of application rules or database failure.
ConsoleIntegrationTestTrait now uses mocked _out and _err objects if they have been set.
ConsoleInput::read() now handles false values from fgets() and readline.
CounterCacheBehavior now handles null association values better when custom finders are used.
Http Response now allows usage of unassigned HTTP status codes between 100 and 599.
Binary data in SQL query logs is now encoded as hexadecimal to improve readability of query logs.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Jad Bitar.
Mark Scherer.
Mark Story.
Victor Eduardo de Assis.
nook24.
4.0.422 Feb 2020 03:16
minor feature:
Http Response:: _contenType was removed as it was often wrong and out of sync with the getHeader('Content-Type') value.
Logged fatal errors now include the file and line position.
NumberHelper::precision() had the options parameter added so it can better wrap Number::precision().
Add timestamptimezone mapping to FormHelper and DateTimeWidget.
IntegrationTestCaseTrait once again raises exceptions when disableErrorHandlerMiddleware() is used.
datetime-local values are rendered with milliseconds by DateTimeWidget only when step size is less than 1.
Improved API documentation.
Improved missing template exception messages. They now list out the full path of every attempted file.
CounterCacheBehavior no longer attempts to update values when the foreign key is null.
Loading optional associations with leftJoinWith() and contain() no longer raises an exception about missing association data.
TextHelper::autoParagraph() now accepts null.
HtmlHelper::para() now accepts null.
Validation::decimal() now handles Polish formatted numbers correctly.
HasMany associations now set invalid messages and errors on the parent entity when non-atomic saves fail.
Improved missing database exception message.
Logged fatal errors now include the file and line position.
ADmad.
Corey Taylor.
Justin Slamka.
Mark Scherer.
Mark Story.
Michal.
Rachman Chavik.
Remi Collet.
Victor Eduardo de Assis.
4.0.329 Jan 2020 14:05
minor feature:
password hashing being skipped when password field was null. This prevents a potential timing sidechannel should an application store users with null passwords.
i18n extract now skips writing files if no strings have changed.
If identifier quoting is disabled, queries will no longer have column aliases quoted. This helps improve performance of the ORM. Postgres still quotes aliases to prevent alias casing.
FormProtectionComponent no longer fails validation when PSR7 file upload objects are used.
Year widgets created with FormHelper now accept DateTime instances as their value.
Improved error message copying from exception pages.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Ian den Hartog.
José Lorenzo Rodríguez.
Marc Würth.
Mark Scherer.
Mark Story.
Michael Hoffmann.
3.8.925 Jan 2020 11:45
minor feature:
Error/Notice messages now have the correct context and code snippets when DeKit is enabled.
When a joined association uses formatResults the parent entity is no longer marked dirty if the result formatter modifieds the association entity.
contain() on BelongsToMany association restricting fields with fields option.
element cache key generation when elements were in subdirectories.
Improved API documentation.
i18n extract now skips writing files if no strings have changed.
password hashing being skipped when password field was null. This prevents a potential timing sidechannel should an application store users with null passwords.
a notice error UrlHelper::assetUrl() when path is null.
Edgaras Janušauskas.
Marc Würth.
Mark Scherer.
Mark Story.
gregs.
othercorey.
2.10.2017 Jan 2020 10:25
minor feature:
The creation of ControllerTestDispatcher objects has been moved into a separate method allowing it to be overridden in application code.
Requests with empty JSON objects no longer result in request- data being null.
ShellHelpers located in plugins can now be loaded from outside the plugin by using plugin dot notation.
Headers already sent warnings related to sessions when tests are run by phpunit.phar have been.
session_set_save_handler() is no longer called when there is an active session.
CakeTestSuiteCommand::run() exit logic now matches PHPUnit's behavior, and calls doRun() with false.
Corey Taylor.
Edgaras Janušauskas.
Gareth Ellis.
Gerson Felipe Schwinn.
Mark Sch.
Mark Story.
Mark van Driel.
Milan van As.
Pascal Woerde.
Val Bancer.
4.0.212 Jan 2020 07:45
minor feature:
The upgrade tool has a smaller install footprint and should have fewer conflicts with application code now.
Removed the typehint on Event data payload, as it can be any type.
Removed the empty string default value for console options. This Argument::hasOption() always returning true for optional options.
CSRF tokens are now set on redirect and basic diactoros response objects.
URL generation no longer emits a type warning when route elements have a regex pattern and parameters are integers.
Loading joinable associations with contain() now emit errors when foreign keys are not selected. This may cause existing queries to start emitting errors, but those queries were previously silently failing to load associated data as requested.
SQLServer tures now handle the restrict foreign key action now.
The datetime abstract type once again uses the DATETIME column type in SQLServer. Using DATETIME2 created microsecond overflow for some users.
TestCase::loadRoutes() was added to ease writing unit tests for classes like mailers which often need routes loaded.
ConsoleIo::createFile() no longer returns false when the created file has 0 bytes.
When generating URLs, routes with controller and action placeholders no longer strip these these keys when they are undefined. Instead routes missing the controller and action keys will fail to match.
Optional routing placeholders now work consistently for both braced placeholders and colon placeholders.
FunctionsBuilder once again allows mixed types for the expression parameter as many expressions accept objects that implement __toString().
ErrorLogger no longer fails to log messages for errors which no file or line.
Improved API doc blocks.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Kaliel.
Mark Scherer.
Mark Story.
Matthias Wirtz.
4.0.102 Jan 2020 07:05
minor feature:
The upgrade tool has a smaller install footprint and should have fewer conflicts with application code now.
Removed the typehint on Event data payload, as it can be any type.
Removed the empty string default value for console options. This Argument::hasOption() always returning true for optional options.
CSRF tokens are now set on redirect and basic diactoros response objects.
URL generation no longer emits a type warning when route elements have a regex pattern and parameters are integers.
Loading joinable associations with contain() now emit errors when foreign keys are not selected. This may cause existing queries to start emitting errors, but those queries were previously silently failing to load associated data as requested.
SQLServer tures now handle the restrict foreign key action now.
The datetime abstract type once again uses the DATETIME column type in SQLServer. Using DATETIME2 created microsecond overflow for some users.
TestCase::loadRoutes() was added to ease writing unit tests for classes like mailers which often need routes loaded.
ConsoleIo::createFile() no longer returns false when the created file has 0 bytes.
When generating URLs, routes with controller and action placeholders no longer strip these these keys when they are undefined. Instead routes missing the controller and action keys will fail to match.
Optional routing placeholders now work consistently for both braced placeholders and colon placeholders.
FunctionsBuilder once again allows mixed types for the expression parameter as many expressions accept objects that implement __toString().
ErrorLogger no longer fails to log messages for errors which no file or line.
Improved API doc blocks.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Kaliel.
Mark Scherer.
Mark Story.
Matthias Wirtz.
3.8.829 Dec 2019 11:25
minor feature:
Improved API documentation.
Text::slug() can now preserve spaces.
FunctionsBuilder::datePart() now passes on its type parameters.
A potential session ation was. To be vulnerable your application must also have a cross-site-scripting vulnerability or have strict sessions disabled.
SQLServerSchema dialect now handles the restrict mode of foreign keys correctly.
Matching routes with integer values is now more typesound.
Shims were added to TestCase to enable getMock() and getMockBuilder() to not emit deprecations in PHP7.4.
A regression in how FormHelper::dateTime() handles empty values was.
When generating URLs, routes with controller and action placeholders no longer strip these these keys when they are undefined. Instead routes missing the controller and action keys will fail to match.
Optional routing placeholders now work consistently for both braced placeholders and colon placeholders.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Jeremy Harris.
Marc Würth.
Mark Scherer.
Mark Story.
o0h.
4.0.016 Dec 2019 13:45
minor feature:
Generated route names are now correct for routes using braced placeholders.
Email::getHeaderCharset() now uses the email charset as a fallback if the header charset is undefined.
IntegrationTestTrait::assertRedirectEquals() was added to make it simpler to assert redirect values without additional Router transformations.
Improved documenation blocks and type annotations.
Email attachments now encode the filenames in Content-Disposition headers if the filenames contain non-ascii values.
Http Client now accepts a protocolVersion option in its constructor. This option lets you control the HTTP version used. This change makes it simpler to make HTTP2 requests.
Improved error message when ConsoleIntegrationTestTrait runs out of replies to interactive questions.
Http Client can now send request bodies in GET requests.
Added PHP7.4 to our test matrix.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Mark Scherer.
Mark Story.
Martin Matthaei.
gregs.
othercorey.
3.8.708 Dec 2019 03:16
minor feature:
Microseconds are no longer dropped when creating Time and FrozenTime instances from other datetime objects.
Improved API documentation and deprecated tags.
Time::__deInfo() has been aligned with the implementation in chronos.
Http Client now reads cookies from the correct subdomain when handling cross subdomain redirects.
Dates before 1600 are now accepted by Validation::dateTime().
FormHelper::dateTime() now correctly handles empty options that are incompletely defined arrays.
Validation::compareFields() now works with null.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Iftekhar Ahmed Eather.
Mark Scherer.
Mark Story.
detinkin.
itosho.
4.0.0-RC202 Dec 2019 09:45
minor feature:
Microseconds are no longer dropped when creating Time and FrozenTime instances from other datetime objects.
Improved API documentation and deprecated tags.
Time::__deInfo() has been aligned with the implementation in chronos.
Http Client now reads cookies from the correct subdomain when handling cross subdomain redirects.
Dates before 1600 are now accepted by Validation::dateTime().
FormHelper::dateTime() now correctly handles empty options that are incompletely defined arrays.
Validation::compareFields() now works with null.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Iftekhar Ahmed Eather.
Mark Scherer.
Mark Story.
detinkin.
itosho.
4.0.0-RC116 Nov 2019 10:25
minor feature:
Microseconds are no longer dropped when creating Time and FrozenTime instances from other datetime objects.
Improved API documentation and deprecated tags.
Time::__deInfo() has been aligned with the implementation in chronos.
Http Client now reads cookies from the correct subdomain when handling cross subdomain redirects.
Dates before 1600 are now accepted by Validation::dateTime().
FormHelper::dateTime() now correctly handles empty options that are incompletely defined arrays.
Validation::compareFields() now works with null.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Iftekhar Ahmed Eather.
Mark Scherer.
Mark Story.
detinkin.
itosho.
3.8.607 Nov 2019 10:05
minor feature:
Microseconds are no longer dropped when creating Time and FrozenTime instances from other datetime objects.
Improved API documentation and deprecated tags.
Time::__deInfo() has been aligned with the implementation in chronos.
Http Client now reads cookies from the correct subdomain when handling cross subdomain redirects.
Dates before 1600 are now accepted by Validation::dateTime().
FormHelper::dateTime() now correctly handles empty options that are incompletely defined arrays.
Validation::compareFields() now works with null.
ADmad.
Corey Taylor.
Edgaras Janušauskas.
Iftekhar Ahmed Eather.
Mark Scherer.
Mark Story.
detinkin.
itosho.
4.0.0-beta411 Oct 2019 10:45
minor feature:
Router::reverse() now removes the CSRF token and isAjax from generated URLs.
Improved failure messages for header and cookie assertion methods.
Removed an additional r n from multipart HTTP client request bodies which caused them to be rejected by some servers.
Removed quotes around multipart message boundary markers. These quotes are not necessary and could cause servers with non-compliant HTTP parsers to reject the request.
Number::toPercentage() now uses the locale data when placing the marker.
MysqlSchema now generates schema correctly for decimal and float columns that have a length but no precision.
schema reflection for double unsigned type in MySQL.
schema reflection for varbinary(max) type in SqlServer.
File and line information is now included in log messages from ErrorHandlerMiddleware.
ADmad.
Edgaras Janušauskas.
Littley Lv.
Mark Scherer.
Mark Story.
Rachman Chavik.
bancer.
3.8.507 Oct 2019 06:25
minor feature:
Router::reverse() now removes the CSRF token and isAjax from generated URLs.
Improved failure messages for header and cookie assertion methods.
Removed an additional r n from multipart HTTP client request bodies which caused them to be rejected by some servers.
Removed quotes around multipart message boundary markers. These quotes are not necessary and could cause servers with non-compliant HTTP parsers to reject the request.
Number::toPercentage() now uses the locale data when placing the marker.
MysqlSchema now generates schema correctly for decimal and float columns that have a length but no precision.
schema reflection for double unsigned type in MySQL.
schema reflection for varbinary(max) type in SqlServer.
File and line information is now included in log messages from ErrorHandlerMiddleware.
ADmad.
Edgaras Janušauskas.
Littley Lv.
Mark Scherer.
Mark Story.
Rachman Chavik.
bancer.
3.8.414 Sep 2019 03:15
minor feature:
RedisEngine now uses the nx parameter to atomically set keys and expiration times.
Dependent association deletions now correctly remove alias prefrom unary and identifier expressions used in the conditions.
Improved API documentation.
SQLite schema reflection now preserves decimal column precision and length.
CakePHP is now using github-actions to manage stale.
ADmad.
Alex.
Ethan Pooley.
Mark Scherer.
Mark Story.
ndm2.
4.0.0-beta307 Sep 2019 20:05
minor feature:
Added IntegrationTestTrait::setUnlockedFields() to make working with SecurityComponent in tests simpler.
Improved forwards compatible annotation for EntityInterface::setDirty().
Made return value of TestEmailTransport::send() match the real implementations.
double escaping in pagination meta tags.
Improved API documentation.
Subqueries passed to FunctionExpression objects are now wrapped in parentheses.
Cake Network Socket can now connect to unix sockets.
Console error codes are now constrained to be between 0 and 255.
ADmad.
Edgaras Janušauskas.
Jorge González.
Mark Scherer.
Mark Story.
Mauri Kujala.
Robert Pustułka.
ndm2.
3.8.331 Aug 2019 10:05
minor feature:
Added IntegrationTestTrait::setUnlockedFields() to make working with SecurityComponent in tests simpler.
Improved forwards compatible annotation for EntityInterface::setDirty().
Made return value of TestEmailTransport::send() match the real implementations.
double escaping in pagination meta tags.
Improved API documentation.
Subqueries passed to FunctionExpression objects are now wrapped in parentheses.
Cake Network Socket can now connect to unix sockets.
Console error codes are now constrained to be between 1 and 244.
ADmad.
Edgaras Janušauskas.
Jorge González.
Mark Scherer.
Mark Story.
Mauri Kujala.
Robert Pustułka.
ndm2.
4.0.0-beta216 Aug 2019 03:16
minor feature:
Added simplexml to requirements of cakephp/utility.
i18n extract now supports the -p option like other core shells.
Improved API documentation.
incorrect association and _locale property assignment when using matching() with TranslateBehavior.
The default value for the when parameter of Validation::notEmptyDateTime() was corrected.
RedisEngine now calls setTimeout() instead of expire().
FormHelper now correctly generates Javascript snippets to clear custom HTML validation messages.
an overflow error if RequestHandlerComponent was loaded multiple times with different configuration.
ADmad.
Bogdan SOOS.
Brandon Kelly.
Edgaras Janušauskas.
Hideki Kinjyo.
Mark Scherer.
Mark Story.
andrii-pukhalevych.
ndm2.
3.8.209 Aug 2019 10:05
minor feature:
Added simplexml to requirements of cakephp/utility.
i18n extract now supports the -p option like other core shells.
Improved API documentation.
incorrect association and _locale property assignment when using matching() with TranslateBehavior.
The default value for the when parameter of Validation::notEmptyDateTime() was corrected.
RedisEngine now calls setTimeout() instead of expire().
FormHelper now correctly generates Javascript snippets to clear custom HTML validation messages.
an overflow error if RequestHandlerComponent was loaded multiple times with different configuration.
ADmad.
Bogdan SOOS.
Brandon Kelly.
Edgaras Janušauskas.
Hideki Kinjyo.
Mark Scherer.
Mark Story.
andrii-pukhalevych.
ndm2.
2.10.1925 Jul 2019 06:45
minor feature:
Added missing App::uses() call to CakeEventManager.
CakeTestRunner now passes the exit parameter to doRun(). This
improves compatibility with PHPUnit 5.2.x.
Koji Tanaka.
Mark Story.
3.8.113 Jul 2019 11:25
minor feature:
Improved error messages when ConsoleIntegrationTestTrait is missing replies for interactive questions.
how Http Client Adapter CurlAdapter selects HTTP protocol versions.
Added getVisible() to the annotations in EntityInterface.
Table::loadInto() not loading translations.
Switched to using SCAN instead of KEYS to clear redis caches.
ADmad.
Anne.
Anne van de Venis.
Marc Würth.
Mark Story.
Robert Pustułka.
Walther Lalk.
gregs.
4.0.0-beta101 Jul 2019 03:15
minor feature:
CollectionTrait now uses the newCollection method to create clones. This allows sub-classes to have collection methods create instances of themselves instead of using Collection.
Command::executeCommand() was added. This method makes it simple to call another command from the current one.
Validator::notEmptyString(), notEmptyArray(), notEmptyFile(), notEmptyDate(), notEmptyTime(), and notEmptyDateTime() were added. They act as compliments to the allowEmpty methods added in 3.7.
Validation::mimeType() now compares checks mime-types in a case insensitive manner.
Validation::dateTime() now supports the iso8601 format.
Radio buttons can now customize the generated label by using the label key inside a complex option definition. This key will be used instead of the label key defined at the top level options.
ADmad.
Andrej Griniuk.
Cedric Alfonsi.
Edgaras Janušauskas.
Jeremy Harris.
Jorge González.
Lars Ebert.
Marc Würth.
Mark Scherer.
Mark Story.
Nicolas.
Robert Pustułka.
Simone Alers.
andrii-pukhalevych.
chinpei215.
madbbb.
3.8.027 Jun 2019 08:25
minor feature:
CollectionTrait now uses the newCollection method to create clones. This allows sub-classes to have collection methods create instances of themselves instead of using Collection.
Command::executeCommand() was added. This method makes it simple to call another command from the current one.
Validator::notEmptyString(), notEmptyArray(), notEmptyFile(), notEmptyDate(), notEmptyTime(), and notEmptyDateTime() were added. They act as compliments to the allowEmpty methods added in 3.7.
Validation::mimeType() now compares checks mime-types in a case insensitive manner.
Validation::dateTime() now supports the iso8601 format.
Radio buttons can now customize the generated label by using the label key inside a complex option definition. This key will be used instead of the label key defined at the top level options.
ADmad.
Andrej Griniuk.
Cedric Alfonsi.
Edgaras Janušauskas.
Jeremy Harris.
Jorge González.
Lars Ebert.
Marc Würth.
Mark Scherer.
Mark Story.
Nicolas.
Robert Pustułka.
Simone Alers.
andrii-pukhalevych.
chinpei215.
madbbb.
3.7.920 Jun 2019 03:15
minor feature:
Type::buildAll() not returning custom type objects added with Type::set().
Improved API documentation examples.
Validation::isInteger() no longer accepts boolean values as 1/0.
Validation methods that operate on strings (minLength, maxLength, minLengthBytes, maxLengthBytes) now reject non-scalar values.
requestAction() now looks for 'return' in a type-safe way.
ADmad.
Corey Taylor.
George Constantinou.
Mark Story.
othercorey.
saeideng.
3.8.0-RC313 Jun 2019 03:15
minor feature:
The application/json content type no longer has a charset parameter. It is not valid and newer versions of Chrome emit warnings when it is present.
Improved API documentation.
char(36) columns are now generated correctly in postgres.
plural form rules for Turkish.
Cache key generation for translators now works when changing locales mid-process.
IntegrationTestCase now handles absolute URLs correctly.
FormContext::error() now returns keys on error messages.
Controller::afterFilter() now has access to response objects returned by controller actions. Previously it would see an older version of the response.
Improved error messages when associations are missing.
Iterating PluginCollection in nested loops no longer stops iterating early.
ADmad.
Corey Taylor.
Jeremy Harris.
José Lorenzo Rodríguez.
Marc Wilhelm.
Marc Würth.
Mark Scherer.
Mark Story.
Robert Pustułka.
TekkCraft.
時流.
4.0.0-alpha204 Jun 2019 06:45
minor feature:
The application/json content type no longer has a charset parameter. It is not valid and newer versions of Chrome emit warnings when it is present.
Improved API documentation.
char(36) columns are now generated correctly in postgres.
plural form rules for Turkish.
Cache key generation for translators now works when changing locales mid-process.
IntegrationTestCase now handles absolute URLs correctly.
FormContext::error() now returns keys on error messages.
Controller::afterFilter() now has access to response objects returned by controller actions. Previously it would see an older version of the response.
Improved error messages when associations are missing.
Iterating PluginCollection in nested loops no longer stops iterating early.
ADmad.
Corey Taylor.
Jeremy Harris.
José Lorenzo Rodríguez.
Marc Wilhelm.
Marc Würth.
Mark Scherer.
Mark Story.
Robert Pustułka.
TekkCraft.
時流.
3.7.831 May 2019 09:25
minor feature:
The application/json content type no longer has a charset parameter. It is not valid and newer versions of Chrome emit warnings when it is present.
Improved API documentation.
char(36) columns are now generated correctly in postgres.
plural form rules for Turkish.
Cache key generation for translators now works when changing locales mid-process.
IntegrationTestCase now handles absolute URLs correctly.
FormContext::error() now returns keys on error messages.
Controller::afterFilter() now has access to response objects returned by controller actions. Previously it would see an older version of the response.
Improved error messages when associations are missing.
Iterating PluginCollection in nested loops no longer stops iterating early.
ADmad.
Corey Taylor.
Jeremy Harris.
José Lorenzo Rodríguez.
Marc Wilhelm.
Marc Würth.
Mark Scherer.
Mark Story.
Robert Pustułka.
TekkCraft.
時流.
3.8.0-RC220 May 2019 01:05
minor feature:
shutdown errors in PHP 7.2 during tests when file caching is used.
Skipped tests in PHP 7.3 that were previously skipped.
Improved API documentation.
Koji Tanaka.
Mark Sch.
Mark Story.
bancer.
2.10.1814 May 2019 09:45
minor feature:
indent
.
.
.
.
add unit test.
.
extra.
'order' not working with a single expressions.
.
.
.
.
Clarify migration path to 3.x.
.
.
.
CakeRequest::referer(true) returning scheme-relative URLs.
.
CS.
.
.
.
Make postConditions() less permissive.
.
Phpdoc for CakeObject::log().
.
.
.
Use a permitted list instead of a ban list.
.
Check model names for bad characters as well.
.
.
.
Update version number to 2.10.6.
.
.
.
Makes the cache key shorter by using md5().
.
replaced vsprintf to implode.
.
Buffer contents of HtmlReporter.
.
2.x can't load aliased component on ControllerTestCase.
.
code style.
.
.
.
.
.
.
.
missing field identifier quoting for COUNT(DISTINCT in SQLServer.
.
2.x Build with PHP7.2.
.
remove cannot run test matrix: PHPUnit 3.7 + PHP7.2.
.
Travis CI Allow failure: PHP7.2 + mysql + PHPUnit3.7.
.
Execute CakeSession::destroy() on a tearDown with implicit use sessio .
.
When the PHP version is 7.2 or higher `ini_set('session.save_handler' .
.
some count() Error in PHP 7.2.
.
Multibyte::strtolower().
.
Pass PaginatorComponentTest::testPaginateExtraParams().
.
exclude PHP7.2 + PHPUnit 3.7.33.
.
Uncountable null convert to array(), revert ControllerTask::bake() si .
.
: use var === null instead of is_null( var).
.
Make mcrypt optional.
.
Change Security::randomBytes() to fallback to mcrypt_create_iv().
.
Pass MCRYPT_DEV_URANDOM to mcrypt_create_iv() explicitly.
.
.
.
Update version number to 2.10.7.
.
PHP Unit version so running tests using the Console works.
.
Added a test case for the helper with no params. Relates to #11658.
.
the PHPCS warnings.
.
.
.
phpcs error.
.
Merge branch '-11661' into 2.x.
.
usage of non-existant property.
.
.
.
.
.
Constructs the default ture manager if 'tureManager' parameter .
.
.
.
Error: Class 'PHP_CodeCoverage' not found error.
.
Remove Security::engine().
.
.
.
Update version number to 2.10.8.
.
typo.
.
.
.
Don't break on removing a non-existing rule.
.
In get
3.8.0-RC130 Apr 2019 03:15
minor feature:
CollectionTrait now uses the newCollection() method to create new instances. This allows implementing classes to ensure that instances of the current class are created when new collections are required.
ModelAwareTrait::loadModel() now allows fully qualified namespaces as a parameter.
The console table helper now correctly calculates the width of formatted cells.
Improved API doc blocks.
Commands will now auto-load the model named in their modelClass property.
Bundled CA certs were updated to 2019-01-23 release from curl.
Add getName() to View. This method was suggested in a deprecation warning but did not exist.
Cake Http Response::withModified() is now compatible with DateTimeImmutable objects.
Improved API documentation.
accidental return type change in Cache::deleteMany().
FileEngine no longer emits warnings when cache files are written to during shutdown when the previous write is for the same key.
CommandRunner now gracefully handles StopException now.
side-effect in SmtpTransport destructor.
Requirements for the cache package were.
Don't emit a charset parameter on the json content type. Chrome has started emitting warnings when this parameter is present as it isn't compliant with the spec.
Add Command::executeCommand() This method enables commands to dispatch each other without needing to use the CommandRunner.
Add Response::withCookieCollection().
Generate column SQL for CHAR(36) in postgres schema correctly.
ADmad.
Edgaras Janušauskas.
Jeremy Harris.
José Lorenzo Rodríguez.
Kyle Burton.
Marc Wilhelm.
Marc Würth.
Mark Scherer.
Mark Story.
Simone Alers.
TekkCraft.
saeideng.
3.7.724 Apr 2019 10:05
minor feature:
Remove spare newlines
.
Add test for #12766.
.
use correct template name.
.
Merge branch '3.next'.
.
Update version number to 3.7.0.
.
.
.
deprecation message.
.
.
.
regression in assertCookieNotSet.
.
.
.
Moving duplicate code into a method.
.
phpcs.
Add deprecated doc strings.
.
typehint for ViewBuilder::setClassName().
.
Remove version number from composer require command.
.
array doc blocks to be more precise where applicable.
.
docblocks and better IDE and static analyzer discoverery.
.
ing style errors.
.
.
.
.
.
.
.
docblocks and better IDE and static analyzer discoverery.
.
Adjustments as per codereview.
.
allow incorrect decimal / float formatting.
.
moved comments to test.
.
check string.
.
rev logic.
.
.
.
.
.
Use annotitations for integration trait setup/teardown.
.
Enable subcommands to use spaces.
.
.
.
notice error on missing argument.
.
createFile() should create directories.
.
.
.
.
.
shells = commands in docs block.
.
Update version number to 3.7.1.
.
.
.
Disallow command names with more than 3 words.
.
Ignore composer.phar.
.
Simplify pattern and mistakes.
.
.
.
ing Typehints.
.
CS error.
.
.
.
.
.
Pass uploaded files configured with configRequest() to ServerRequest.
.
Test that uploaded files are being passed correctly.
.
CS.
.json routes not rendering error pages properly.
.
.
.
Remove redundant check in FileEngine.
.
error code check.
.
Use constant instead of integer.
.
.
.
handling of `html` and `htm` extensions.
.
.
.
nullable docblocks.
.
.
.
.
.
Try not using.bat file to run phpunit.
.
.
.
.
.
Allow assetUrl() to use cns easier.
.
ing style errors.
.
Add test case.
.
ing style errors.
.
`FileCacheEngine` removing files in parent of configured path.
.
Restore AppVeyor config that runs the PHPUnit `.bat` file.
.
.
.
Reverse order of arguments so user-specified PHP_SELF takes precedence.
.
Revert order; check specifically for phpunit.
.
.
.
Update LICENSE.
.
.
.
Requ
2.10.1714 Apr 2019 07:25
minor feature:
The generation of HABTM conditions was extracted into a protected method.
Additional test cases for FormHelper's inputDefaults were added.
Improved API docs.
Dario Savella.
Gareth Ellis.
Kazuki Higashiguchi.
Mark Sch.
Mark Story.
bancer.
3.7.610 Apr 2019 16:45
minor feature:
Improved the error message displayed when a route filter fails to apply.
Improved API documentation.
Blackhole callbacks for SecurityComponent can now return responses as they could in CakePHP 3.6.
The console TableHelper now calculates cell widths correctly when cells contain formatted content.
a persistence failure when HasMany associations had string keys.
Updated the CA bundle to curl 2019-01-23.
requirements on standalone Cache package.
ADmad.
Edgaras Janušauskas.
Kyle Burton.
Marc Wilhelm.
Marc Würth.
Mark Scherer.
Mark Story.
3.8.0-beta131 Mar 2019 03:15
minor feature:
Added FlashComponent::getSession() protected method to make application extensions easier to build.
Entity::hasErrors() now only returns true when an error array is not empty.
The date, time, and datetime allowEmpty methods on Validator now allow as an empty value.
Improved API documentation.
Database Expression Comparison now clones its children recursively.
Http ResponseEmitter now calls session_write_() in fast-cgi servers. This helps ensure that the session has been persisted.
Greatly improved performance of cake i18n extract.
ADmad.
Cauan Cabral.
David Yell.
Edgaras Janušauskas.
Mark Scherer.
Mark Story.
Michal.
Robert Pustułka.
saeideng.
3.7.514 Mar 2019 20:25
minor feature:
Added FlashComponent::getSession() protected method to make application extensions easier to build.
Entity::hasErrors() now only returns true when an error array is not empty.
The date, time, and datetime allowEmpty methods on Validator now allow as an empty value.
Improved API documentation.
Database Expression Comparison now clones its children recursively.
Http ResponseEmitter now calls session_write_() in fast-cgi servers. This helps ensure that the session has been persisted.
Greatly improved performance of cake i18n extract.
ADmad.
Cauan Cabral.
David Yell.
Edgaras Janušauskas.
Mark Scherer.
Mark Story.
Michal.
Robert Pustułka.
saeideng.
2.10.1601 Mar 2019 03:15
minor feature:
CakeTime::format(), nice() and i18nFormat() now convert timezones more correctly when both the source and destination timezone are not the default server timezone.
RedisCache no longer attempts to the connection if the connection has not been initialized.
ShellDispatcher now uses the CONFIG constant if it is defined.
Benjamin Stout.
Mark Sch.
Mark Story.
Val Bancer.
3.7.410 Feb 2019 03:45
minor feature:
Requests made in IntergrationTestCase can now overwrite PHP_SELF.
Improved API documentation and IDE typehinting.
Saving entities with non-scalar primary key values now works as expected.
Errors when persistence has failed now include more information on which validation rules caused the failure.
The optional dependencies for cakephp/core are now more clearly communicated.
ADmad.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
gregs.
mosaxiv.
2.10.1526 Jan 2019 14:05
minor feature:
Improved API documentation and typehints.
Session configuration in CLI environments for PHP7.2+.
ADmad.
Joseph Zidell.
Koji Tanaka.
Mark Story.
Andrew.keiper.
Bancer.
Kicaj.
Mark_story.
3.7.322 Jan 2019 06:05
minor feature:
Improved API documentation and typehint annotations.
Update deprecation notice version numbers.
documentation for Collection::stopWhen().
BaseErrorHandler now includes previous exception traces in log messages.
ADmad.
Adam Harley.
Ceeram.
Iacovos Constantinou.
Jonathan McAndrew.
Marc Würth.
Mark Scherer.
Mark Story.
Tamási Benjamin.
Timur Asaliev.
3.7.204 Jan 2019 06:25
minor feature:
Replace hard coded test directory paths with constants.
Add model id to all interal exists() method calls. This makes the usage compatible with the shim plugin.
Tests are all passing with PHP 7.3.
Improved API documentation.
ENUM columns will use strings for all values instead of conditionally using an integer.
errors when using cake schema with ENUM columns.
Joseph Zidell.
Koji Tanaka.
Mark Story.
Martin Stücklschwaiger.
Val Bancer.
Yaser Naderi.
bancer.
mark_story.
2.10.1422 Dec 2018 07:05
minor feature:
Replace hard coded test directory paths with constants.
Add model id to all interal exists() method calls. This makes the usage compatible with the shim plugin.
Tests are all passing with PHP 7.3.
Improved API documentation.
ENUM columns will use strings for all values instead of conditionally using an integer.
errors when using cake schema with ENUM columns.
Joseph Zidell.
Koji Tanaka.
Mark Story.
Martin Stücklschwaiger.
Val Bancer.
Yaser Naderi.
bancer.
mark_story.
3.7.118 Dec 2018 06:45
minor feature:
incorrect error messages when cells cannot find their template.
a regression in assertCookieNotSet().
Added missing @deprecated annotations on methods on Email.
Improve typehints on array properties.
Loosened type checking in integer and decimal type classes. Both these types now allow whitespace, and commas to accept more number formats.
IntegrationTestTrait now uses annotations for its setup/teardown logic. This removes the need for awkward method aliasing when using the trait.
Console Arguments::getArgument() no longer raises a notice error on missing arguments.
Console ConsoleIo::createFile() will now recursively create directories if necessary. This improves compatibility with Shell::createFile().
ADmad.
Florian Krämer.
Jeremy Harris.
Mark Scherer.
Mark Story.
Tomas Saghy.
saeideng.
3.7.012 Dec 2018 05:05
minor feature:
The ArrayEngine which can help improve test suite performance and reliability.
Cake Http Client will now use curl if it is available providing better performance and proxy features.
ErrorHandlerMiddleware will now include previous exceptions in logging.
New transport factory classes to help simplify Email.
Cake Validation Validator now provides type-safe allow-empty methods.
FormHelper can now set HTML5 custom validation messages.
New assertions on IntegrationTestCase to make working with flash messages simpler.
ADmad.
AlPri78.
Benjamin Pick.
Brian Porter.
Ceeram.
Daniel Opitz.
Daniel Platt.
David Yell.
Dmitrii Romanov.
Dustin Haggard.
Edgaras.
Edgaras Janušauskas.
Erwane Breton.
Eugene Ritter.
Fernando Herrero.
Gergely Tamás.
Henrik Gemal.
Ian den Hartog.
Iandenh.
Jeremy Harris.
Jorge González.
Jose Diaz-Gonzalez.
Joshua Lu ckers.
José Lorenzo Rodríguez.
Kazuki_Kamizuru.
Marc Würth.
Mark Scherer.
Mark Story.
Mikkel Bonde.
Mohamed Elbahja.
Philipp Nikolajev.
chinpei215.
inoas.
lganee.
mirko-pagliai.
ndm2.
saeideng.
3.6.1408 Dec 2018 03:16
minor feature:
Improved API documentation.
PaginatorHelper no longer always includes the direction query string argument when sorting by an associative array with the default direction.
LocaleSelectorMiddleware now support fallback languages allowing Accept header values of es-ES to match the generic es locale.
NullEngine::write() now conforms to the documented return type.
incorrect association properties being set when loading joined associations with a subset of fields that excludes all fields on the root entity.
ADmad.
Cauan Cabral.
Edgaras.
George Constantinou.
Hideki Kinjyo.
Ian den Hartog.
Mark Scherer.
Mark Story.
Michael Hoffmann.
Val Bancer.
gregs.
3.7.0-RC326 Nov 2018 03:16
minor feature:
Validator::allowEmpty() is now deprecated. While simple to use this method would allow incorrectly typed 'empty' data in. In its place four new methods have been added that are more explicit about the accepted empty data.
Improved API documentation.
Chained exceptions now include stack traces in log files for the inner exceptions.
ArrayCache was added as an engine for Cache. This allows you to store cache data only until the end of the current process.
Improve display paths in console environments.
NullEngine::write() method will now return true, this in effect will comply with parent abstract method's return type declaration.
ADmad.
Ceeram.
Edgaras.
George Constantinou.
Ian den Hartog.
Marc Würth.
Mark Scherer.
Mark Story.
chinpei215.
saeideng.
3.7.0-RC217 Nov 2018 03:15
minor feature:
Plugin::unload() is now deprecated. This mirrors the deprecation for Plugin::load().
New TestCase methods (removePlugin(), removePlugins() and clearPlugins()) have been added to remove plugins at runtime.
LocaleSelectorMiddleware will now automatically select a fallback locale like es if a request for es-ES is made and your application does not define an es-ES locale.
MoParser now supports messages without contexts matching the behavior of PoParser.
Backwards incompatible changes in ConsoleIntegrationTrait were reverted.
Cake ORM Query::disableHydration() was added.
Cake View ViewBuilder::disableAutoLayout() was added.
Cake View View::disableAutoLayout() was added.
Cake Database Query::disableBufferedResults() was added.
Cake Database Driver::disableAutoQuoting() was added.
Cake Database Query::disableAutoFields() was added.
Cake Datasource Connection::disableQueryLogging() was added.
Cake Datasource Connection::disableSavePoints() was added.
Pagination no longer includes the direction key in generated URLs when multiple sort columns are used.
Cake TestSuite TestCase::getMockForModel() now accepts null for its methods parameter.
ADmad.
David Yell.
Edgaras Janušauskas.
Ian den Hartog.
Jeremy Harris.
Marc Würth.
Mark Scherer.
Mark Story.
Michael Hoffmann.
Val Bancer.
gregs.
mirko-pagliai.
saeideng.
3.6.1305 Nov 2018 03:15
minor feature:
PHP 7.3 was added to the build matrix with all tests passing.
Extensions are no longer silently ignored when specific extensions are enabled. Instead a NotFoundException wll be raised.
Join table entities now have their source source property.
Improved detection of binary column lengths in SQLServer schema reflection.
Multiple checkbox input sets without inputs can now be rendered correctly.
Session handlers are not modified if the session is already active.
The i18n shell now uses the locale paths defined by the application.
The bundled CA file has been updated to 2018-10-17 build from mozilla.
ConsoleIo::createFile() now behaves correctly with UNC file paths.
MoParser now supports messages without contexts matching the behavior of PoParser.
ADmad.
David Yell.
Dmitriy Romanov.
Edgaras Janušauskas.
Ian den Hartog.
Mark Scherer.
Mark Story.
nojimage.
2.10.1329 Oct 2018 11:25
minor feature:
Updated API documentation.
Improve compatibility with PHP 7.3.
MySQL driver now handles CURRENT_TIMESTAMP as a default value better.
Better handling of default values with casts in Postgres driver.
UNC path handling in Shell::createFile().
Humberto Pereira.
Joe.
Joseph Zidell.
Mark Story.
Val Bancer.
3.7.0-RC125 Oct 2018 10:45
minor feature:
Improved binary column reflection for SqlServer.
Session handlers are no longer changed if the session is active.
Tests are passing against PHP 7.3.
The bundled CA file has been updated to 2018-10-17 from Mozilla.
ConsoleIo::createFile() now behaves correctly with UNC file paths.
Exception logging now includes each exception in a chained exception.
ADmad.
Ceeram.
Dmitriy Romanov.
Edgaras.
Edgaras Janušauskas.
Ian den Hartog.
Mark Story.
3.7.0-beta111 Oct 2018 09:45
minor feature:
Invalid encrypted cookie values no longer cause exceptions to be raised. Instead they are treated as empty values.
ServerRequestFactory uses the configured webroot directory instead of hardcoded value now.
Routing scopes that define an action now work correctly.
Improved API documentation.
EntityRoute now correctly handles _ in placeholder names, and handles brace style placeholders.
Schema generation for MySQL binary types has been improved. Arbitrary sized columns are now handled correctly.
Undefined controller properties now emit warnings when accessed. This prevents 'invalid method call on null' type errors.
Response now checks disabled_functions before trying to set request timeout to 0.
Re-rendering an email message no longer rotates the message-id.
ADmad.
Dennis Hemeier.
Dmitrii Romanov.
Edgaras Janušauskas.
Hideki Kinjyo.
Ian den Hartog.
Jeremy Harris.
Jose Diaz-Gonzalez.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
3.6.1202 Oct 2018 06:05
minor feature:
Invalid encrypted cookie values no longer cause exceptions to be raised. Instead they are treated as empty values.
ServerRequestFactory uses the configured webroot directory instead of hardcoded value now.
Routing scopes that define an action now work correctly.
Improved API documentation.
EntityRoute now correctly handles _ in placeholder names, and handles brace style placeholders.
Schema generation for MySQL binary types has been improved. Arbitrary sized columns are now handled correctly.
Undefined controller properties now emit warnings when accessed. This prevents 'invalid method call on null' type errors.
Response now checks disabled_functions before trying to set request timeout to 0.
Re-rendering an email message no longer rotates the message-id.
ADmad.
Dennis Hemeier.
Dmitrii Romanov.
Edgaras Janušauskas.
Hideki Kinjyo.
Ian den Hartog.
Jeremy Harris.
Jose Diaz-Gonzalez.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
3.6.1103 Sep 2018 03:16
minor feature:
Use ConsoleIo constants internally more consistently.
Updated the bundled cacert.pem file to the 2018-06-20 release from mozilla.
a potential timing side-channel vector in Digest Authentication that could be used to enumerate usernames. Thank you to Edgaras Janušauskas for raising this through our responsible disclosure process.
Improved API documentation.
Binary column reflection now returns column length in SQLite and MySQL for custom sized binary fields.
Scoped middleware now only applies the unique set of middleware.
ADmad.
Curtis Gibby.
Dmitriy Romanov.
Edgaras.
Edgaras Janušauskas.
Hideki Kinjyo.
Ian den Hartog.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Sohel Rana.
inoas.
itosho.
ndm2.
saeideng.
sohelrana820.
3.6.1005 Aug 2018 03:25
minor feature:
File validation methods now work with PSR7 UploadedFileInterface objects more consistently.
Improved API documentation.
ADmad.
Mark Scherer.
Mark Story.
ndm2.
3.6.929 Jul 2018 05:05
minor feature:
a regression in Entity class name inflection.
constructing a ServerRequest with / as a string parameter.
ADmad.
Mark Story.
3.6.824 Jul 2018 07:45
minor feature:
Improved entity class name inflection for multi-word table classes.
Enabled session.use_strict_mode by default.
Improved API documentation for i18n functions.
Improved deprecation docstrings.
Router::url() now ensures that App.base is applied to URLs generated in CLI contexts.
ADmad.
AlPri78.
Denys Yaroshenko.
Flavius.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Tomas Saghy.
saeideng.
3.6.709 Jul 2018 22:05
minor feature:
Improved deprecation messages.
Http Client now ignores invalid cookie expiration dates.
Http Client now drops invalid/empty Set-Cookie header values.
Data read from cakephp-plugins.php is reloaded as neccessary in test suites. ing unknown plugin errors.
Email::setAttachments() no longer emits an error when data key is used without a mimetype.
Redirect routes no longer apply the application subdirectory twice.
Multiple checkbox form widgets now use checkboxWrapper instead of radioWrapper for their wrapping template.
Deger::printVar() now forces its content to be ltr, improving readability in rtl documents.
Routing key sub-pattern checks in reverser routing now use unicode regular expressions.
An exception is now raised when libicu is missing a requested timezone.
Console subcommand help now displays the subcommand description when no subcommand parser has been defined.
Missing Plugin error pages now recommend the use of addPlugin().
Albert Scherman.
Dmitriy Romanov.
Marc Würth.
Mark Scherer.
Mark Story.
chinpei215.
saeideng.
vladimir.reznichenko.
2.10.1102 Jul 2018 20:25
minor feature:
IntegrationTestCase now string casts all request data. This better emulates how HTTP POST data is handled.
Improved API documentation.
Routes using var now correctly calculate their static path segments making route parsing work correctly.
Http Client no longer lowercases cookie names when creating identifiers.
Database Query::fetchAll('obj') now returns all rows instead of just one.
Table::saveMany() now restores entity state when saving fails due to database deadlocks or other operational errors.
Improved compatibility between old and new plugin loading systems.
BaseApplication::addPlugin() now creates a dynamic plugin class instead of throwing an error.
RouteBuilder::loadPlugin() no longer results in duplicate plugin routes being loaded.
TranslateBehavior now inherits the table locator used by the parent model.
EntityTrait::setDirty() now defaults the second parameter to true.
EntityTrait::setErrors() no longer uses array_merge() internally. This when adding errors for multi-row fields.
ADmad.
Edgaras Janušauskas.
Jeremy Harris.
Mark Scherer.
Mark Story.
Martijn de Hoog.
Robert Pustułka.
Tomas Saghy.
Walther Lalk.
ndm2.
3.6.627 Jun 2018 02:05
minor feature:
IntegrationTestCase now string casts all request data. This better emulates how HTTP POST data is handled.
Improved API documentation.
Routes using var now correctly calculate their static path segments making route parsing work correctly.
Http Client no longer lowercases cookie names when creating identifiers.
Database Query::fetchAll('obj') now returns all rows instead of just one.
Table::saveMany() now restores entity state when saving fails due to database deadlocks or other operational errors.
Improved compatibility between old and new plugin loading systems.
BaseApplication::addPlugin() now creates a dynamic plugin class instead of throwing an error.
RouteBuilder::loadPlugin() no longer results in duplicate plugin routes being loaded.
TranslateBehavior now inherits the table locator used by the parent model.
EntityTrait::setDirty() now defaults the second parameter to true.
EntityTrait::setErrors() no longer uses array_merge() internally. This when adding errors for multi-row fields.
ADmad.
Edgaras Janušauskas.
Jeremy Harris.
Mark Scherer.
Mark Story.
Martijn de Hoog.
Robert Pustułka.
Tomas Saghy.
Walther Lalk.
ndm2.
3.6.510 Jun 2018 14:45
minor feature:
Improved deprecation warning text.
Plugin::load() now uses concrete plugin classes if a plugin has adopted new style plugins.
The mimetype for.bmp was added to Response.
Plugin::routes() had a deprecation warning added. This method is no longer necessary when using an Application class.
Missing deprecation warnings were added to Response.
IntegrationTestCase once again accepts array URLs when generating requests.
Email messages no correctly word-wrap multi-byte characters.
Http Client restores the error handler after a socket error.
AppShell is now included in the list of auto-discovered shells.
ConsoleIntegrationTestCase now catches StopException and sets the test case exitCode property accordingly.
Cell::__deInfo() no longer emits a notice error.
Pagination metadata now includes the start end record numbers.
The Model.afterSaveCommit event always recieves an ArrayObject for options now.
ADmad.
Edgaras.
Glen Sawyer.
Hideki Kinjyo.
Jeremy Harris.
Joep Roebroek.
Mark Scherer.
Mark Story.
Neon1024.
Walther Lalk.
saeideng.
seto.
smap9.
3.6.421 May 2018 03:25
minor feature:
Updated test to pass
.
setting timezone for DateTimeImmutable instance.
.
Don't double parse request body.
.
.
.
Store timezone as DateTimeZone instance instead of string.
.
.
.
Merge branch 'master' into 3.next.
.
.
.
Merge branch 'master' into 3.next.
.
Add explicit tests for sort and page1.
.
Slightly clearer test scenario descriptions.
.
Added methods to fetchAssoc(), fetchColumn( position), fetchObject(), .
.
Removed type-o lower case.
.
StdClass - stdClass.
.
self::FETCH_TYPE_NUM in params for defaults.
.
Change all the strings to use the constant values.
.
replaced parent:: with static:: in runtime instances.
.
Throw deprecation warning only for properties declared in Event class.
.
ing style errors.
.
typo.
.
.
.
.
.
Update docblock.
.
.
.
.
.
Update version number to 3.6.0-RC2.
.
toDatabase() to work with non-DateTimeImmutable properly.
.
Removed fetchObject() and fetchAllObjects(). Left fetchColumn(), fetc .
.
ing style errors.
.
Added 'message' and 'when' params to addNested and addNestedMany.
.
ing style errors.
.
Allow configuring grouped input types.
.
.
Using AssertSame instead of AssertEquals.
.
Merge remote-tracking branch 'origin/fetch-methods-11795' into fetch- .
.
.
.
Adding whereNotNull() and whereNull() to the query object.
.
Minor doc block and code improvement.
.
.
.
Attempt to the failing appveyor builds.
.
Updated and type-o in tests.
.
Updated and type-o in tests.
.
Statement decorator fetchColumn().
.
Using a typemap for more consistent results.
.
Tests.
.
Remove problematic field.
.
Refactoring whereNotNull() and whereNull().
.
ing style errors.
.
Dist back.
.
Add QueryTrait::getRepository().
.
Added 'obj' back to the fetch and fetchAll methods.
.
stickler wants the use statement in a different order.
.
Adding tests for Query::whereNull and Query::whereNotNull.
.
.
.
condition to work better on sqlserver.
.
.
.
.
.
Add whitespace.
.
More tweaks for sqlserver compat.
.
.
.
Merge
3.6.316 May 2018 16:45
minor feature:
Improved deprecation messages in ServerRequest, Response and ViewBuilder.
Improved API documentation.
h() no longer modifies non-string scalar values.
Passing a string as the 2nd parameter to h() is now deprecated.
The Model.afterSaveCommit event is now fired for entities created via findOrCreate().
The console environment now uses the Application class to load routes. This ensures routes are loaded for class based applications.
missing attribute emulation for ServerRequest:: here.
Security::rijndael() now emits deprecation warnings.
Automatic identifier quoting can now handle column names with spaces better.
Corrected a parsing mistake with string route targets.
Integration test cases now set _SERVER 'PHP_SELF' to / solving cryptic base path if more than one action was called per test method.
ADmad.
Brian French.
Dominik Schmelz.
Jeremy Harris.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Neon1024.
Tomas Saghy.
Vladimir Reznichenko.
saeideng.
2.10.1012 May 2018 06:45
minor feature:
Added luxembourgish language.
Added support for DboSource::expression() objects in model virtual fields.
ADmad.
Mark Story.
Philippe Gibert.
3.6.228 Apr 2018 20:45
minor feature:
Improve deprecation warning message for controller properties.
Deprecation warning messages now include how to disable them.
Redirect loops created by AuthComponent for applications in subdirectories has been.
SecurityComponent no longer rejects requests for applications in subdirectories.
Image URLs can now be data URIs.
Improved API documentation.
Added ServerRequest::getPath() as a better alternative for the deprecated url property.
Updated requirements in the sub-split packages.
ADmad.
Albert Cansado Sola .
José Lorenzo Rodríguez.
Koji Tanaka.
Mark Story.
Schlaefer.
inoas.
saeideng.
tsmsogn.
ypnos-web.
3.6.120 Apr 2018 09:45
minor feature:
Improve deprecation warning message for controller properties.
Deprecation warning messages now include how to disable them.
Redirect loops created by AuthComponent for applications in subdirectories has been.
SecurityComponent no longer rejects requests for applications in subdirectories.
Image URLs can now be data URIs.
Improved API documentation.
Added ServerRequest::getPath() as a better alternative for the deprecated url property.
Updated requirements in the sub-split packages.
ADmad.
Albert Cansado Sola .
José Lorenzo Rodríguez.
Koji Tanaka.
Mark Story.
Schlaefer.
inoas.
saeideng.
tsmsogn.
ypnos-web.
3.6.015 Apr 2018 03:16
minor feature:
Improved API documentation.
RequestHandlerComponent no longer expands recursive inline XML entities when processing request data.
PO file context messages can now be multi-line strings.
File::name() now handles unicode filenames.
Improved errors when route classes are missing.
ExistsIn rule now works as documented when used with saveMany().
Postgres schema reflection now handles null default values with casting.
Swapping the session engine now changes the handler in PHP.
ADmad.
Florian Krämer.
Ivan Vorsin.
Joep Roebroek.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Sohel Rana.
Wouter van Os.
saeideng.
sohelrana820.
3.6.0-RC202 Apr 2018 03:16
minor feature:
Improved API documentation.
CakeTestCase::getMockForModel() now correctly handles secondary connections.
Removing an undefined validation rule no longer triggers an error.
ADmad.
Kazuki Higashiguchi.
Koji Tanaka.
Mark Sch.
Mark Story.
Wouter.
3.6.0-RC126 Mar 2018 12:05
minor feature:
Improved API documentation.
CakeTestCase::getMockForModel() now correctly handles secondary connections.
Removing an undefined validation rule no longer triggers an error.
ADmad.
Kazuki Higashiguchi.
Koji Tanaka.
Mark Sch.
Mark Story.
Wouter.
3.5.1422 Mar 2018 22:45
minor feature:
Included root certificate authority was updated to march 2018 build from
Mozilla.
Improved API documentation and test coverage.
Internal usage of deprecated Cake Database Schema Table class name.
Errors when Memcached::getMulti() returns false.
Iandenh.
Mark Scherer.
Mark Story.
Matthew Brown.
Saeid.
Saeideng.
Sohelrana820.
3.6.0-beta318 Mar 2018 13:45
minor feature:
Form now allows schema classes to be customized via the _schemaClass property.
A notice error in the missing template error page was.
Tables with no primary key can no longer be updated by the ORM. Instead of a dangerous update operation an exception will be raised.
Entity virtual fields are now included in deoutput.
PaginatorComponent no longer presort fields. This makes defining sortWhitelist easier.
Improved API documentation.
Session configuration in integration test cases should not emit errors in PHP7.2 with database sessions.
FormHelper now accepts multiple = false to disable multi-select generation.
ADmad.
Bryan Crowe.
Cauan Cabral.
David Yell.
Jose Diaz-Gonzalez.
Keoma.
Mark Scherer.
Mark Story.
saeideng.
sak39.
3.6.0-beta213 Mar 2018 07:45
minor feature:
Form now allows schema classes to be customized via the _schemaClass property.
A notice error in the missing template error page was.
Tables with no primary key can no longer be updated by the ORM. Instead of a dangerous update operation an exception will be raised.
Entity virtual fields are now included in deoutput.
PaginatorComponent no longer presort fields. This makes defining sortWhitelist easier.
Improved API documentation.
Session configuration in integration test cases should not emit errors in PHP7.2 with database sessions.
FormHelper now accepts multiple = false to disable multi-select generation.
ADmad.
Bryan Crowe.
Cauan Cabral.
David Yell.
Jose Diaz-Gonzalez.
Keoma.
Mark Scherer.
Mark Story.
saeideng.
sak39.
3.6.0-beta108 Mar 2018 23:05
minor feature:
Form now allows schema classes to be customized via the _schemaClass property.
A notice error in the missing template error page was.
Tables with no primary key can no longer be updated by the ORM. Instead of a dangerous update operation an exception will be raised.
Entity virtual fields are now included in deoutput.
PaginatorComponent no longer presort fields. This makes defining sortWhitelist easier.
Improved API documentation.
Session configuration in integration test cases should not emit errors in PHP7.2 with database sessions.
FormHelper now accepts multiple = false to disable multi-select generation.
ADmad.
Bryan Crowe.
Cauan Cabral.
David Yell.
Jose Diaz-Gonzalez.
Keoma.
Mark Scherer.
Mark Story.
saeideng.
sak39.
3.5.1304 Mar 2018 17:25
minor feature:
Form now allows schema classes to be customized via the _schemaClass property.
A notice error in the missing template error page was.
Tables with no primary key can no longer be updated by the ORM. Instead of a dangerous update operation an exception will be raised.
Entity virtual fields are now included in deoutput.
PaginatorComponent no longer presort fields. This makes defining sortWhitelist easier.
Improved API documentation.
Session configuration in integration test cases should not emit errors in PHP7.2 with database sessions.
FormHelper now accepts multiple = false to disable multi-select generation.
ADmad.
Bryan Crowe.
Cauan Cabral.
David Yell.
Jose Diaz-Gonzalez.
Keoma.
Mark Scherer.
Mark Story.
saeideng.
sak39.
2.10.826 Feb 2018 17:05
minor feature:
Queries using COUNT(DISTINCT field) are now quoted correctly on SQLServer.
Mcrypt is now an optional dependency of CakePHP. You can use the Security.useOpenSsl confiugration flag to force encrypt()/decrypt() to use ext/openssl now. This improves compatibility with PHP 7.2.
Updated PHPUnit version constraint to match messaging in test shell.
When query execution returns false and doesn't raise an exception, the correct _result property is now updated.
David Yell.
Mark Sch.
Mark Story.
Val Bancer.
chinpei215.
3.5.1212 Feb 2018 11:45
minor feature:
Router::url() now works correctly when the _ssl and _full options are combined.
View no longer fails to add an extension subdirectory when the current controller's name is the same lenght as the extension name.
cake plugin symlink now offers an overwrite option.
Folder::isRegisteredStreamWrapper() now handles custom stream names.
Queries using leftJoinWith() and auto-fields no longer creates invalid SQL.
cake server now allows the ini file used by the server process to be defined via the ini_path option.
The bundled CA file was updated to the latest version from mozilla.
FormHelper::control() now passes the required attribute into the datetime widget correctly.
ObjectRegistry::normalizeArray() no longer corrupts the array structure when called multiple times on the same data.
ADmad.
Daren Sipes.
Eugene Ritter.
Jose Diaz-Gonzalez.
Mark Scherer.
Mark Story.
ericadeefox.
mtak3.
3.5.1121 Jan 2018 08:25
minor feature:
Paginator::options('url') now allows preto be disabled by setting them to false.
Route parsing results now include _name. This makes it easier to integrate named routes in pagination, and other places where you want to build a URL based on the current request's URL.
Nested namespaces are displayed correctly on development error pages.
Improved API documentation.
Cache keys used for groups are now hashed. This prevents keys overflowing Redis and Memcache key lengths. This will cause previously cached entries to be invalid as group keys have changed.
TreeBehavior no longer triggers notices after setConfig('scope', null).
The default database session configuration no longer triggers errors in PHP7.2.0+.
ADmad.
Edgaras Janušauskas.
Elias De Vos.
Hideki Kinjyo.
Jeremy Harris.
Mark Scherer.
Mark Story.
fortkle.
saeideng.
3.5.1001 Jan 2018 15:05
minor feature:
a regression in 3.5.9 where PHPUnit compatibility aliases caused errors in PHP 5.6.
Text::truncate() no longer counts the contents of and tags towards the truncated length.
Non-interactive shell commands no longer default to overwriting files if they exist.
LifeOrYou.
Mark Scherer.
Mark Story.
nojimage.
3.5.928 Dec 2017 07:25
minor feature:
Updated API documentation.
SQLServer driver allows port to be defined now.
Improved __deInfo() output of EventManager.
Improved performance of route connection.
Improved typehinting adherance in Session implementations.
ADmad.
Mark Scherer.
Mark Story.
Rachman Chavik.
chinpei215.
inoas.
2.10.619 Dec 2017 10:05
minor feature:
Added Mailer::setTransferEncoding() to allow the transfer encoding to be controlled.
Added to 203 and 204 allowed status code in Cake Http Client Response::isOk().
regression around PHP7 error handling logging.
ADmad.
Kazuki_Kamizuru.
LifeOrYou.
Mark Scherer.
Mark Story.
3.5.812 Dec 2017 11:45
minor feature:
Improved internal usage of PHPUnit assertions.
Improved API documentation.
warnings from phpstan level 3.
inconsistent hash algorithm usage in Digest Authentication.
Database Type::map() now clears built objects when types are re-mapped.
CakePHP catches Throwable in several places improving PHP7 support.
schema reflection with MariaDB's current_timestamp() default value.
Routes now match when _method is an array which could happen when named routes supported multiple HTTP methods.
FormHelper::button() now supports the confirm option.
Response::body() will no longer invoke string callables.
ServerRequest::referer(true) no longer returns protocol relative URLs that are embedded in the path.
po files that contained the same message string as both a singular and a plural form now correctly work with __().
ADmad.
Dariusz Ruminski.
David Yell.
Florian Krämer.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Raúl Arellano.
chinpei215.
mosaxiv.
saeid.
timalive.
3.5.707 Dec 2017 20:05
minor feature:
Improved internal usage of PHPUnit assertions.
Improved API documentation.
warnings from phpstan level 3.
inconsistent hash algorithm usage in Digest Authentication.
Database Type::map() now clears built objects when types are re-mapped.
CakePHP catches Throwable in several places improving PHP7 support.
schema reflection with MariaDB's current_timestamp() default value.
Routes now match when _method is an array which could happen when named routes supported multiple HTTP methods.
FormHelper::button() now supports the confirm option.
Response::body() will no longer invoke string callables.
ServerRequest::referer(true) no longer returns protocol relative URLs that are embedded in the path.
po files that contained the same message string as both a singular and a plural form now correctly work with __().
ADmad.
Dariusz Ruminski.
David Yell.
Florian Krämer.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Raúl Arellano.
chinpei215.
mosaxiv.
saeid.
timalive.
2.10.524 Nov 2017 17:25
minor feature:
fallback domain lookups not working in Validation::email().
Improved API documentation.
Joseph Zidell.
Marc Würth.
Mark Story.
Milan van As.
Yaser Naderi.
saeideng.
3.5.620 Nov 2017 18:25
minor feature:
Iterating subclasses of ArrayIterator that include CollectionTrait retains the original class ing use of methods defined on the subclass.
Response::__deInfo() includes the response body now.
Http Client creates response objects in a separate method making response creation easier to extend.
SQL expressions no longer include double parenthesis when nesting expressions.
View subdirectories are no longer doubled when RequestHandlerComponent and view classes using subDir property are used together.
Middleware can now be registered in RouteBuilder using a string classname.
Protocol relative string URLs are now properly HTML encoded by UrlHelper.
ADmad.
Dariusz Ruminski.
Dmitrii Romanov.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Michael Hoffmann.
Raúl Arellano.
Walther Lalk.
saeid.
timalive.
3.5.502 Nov 2017 11:25
minor feature:
SQLServer no longer reports double column lengths for NVARCHAR and NCHAR
columns.
IntegrationTestSuite::enableCsrfToken() no longer emits errors when the POST body is a string.
Response::getType() has been added as a replacement for Response::type().
Network Socket now supports explicit use of TLS1.1 and 1.2. Support for SSL2 is deprecated and will be removed in 4.0.0.
IntegrationTestCase::assertResponseCode() now allows custom messages to be set.
Cake Http Client FormData::addFile() now adds parts as documented.
Router:: initialized is deprecated. As we migrate to routes being loaded via middleware this property will no longer be in use.
TableSchema now provides more succinct deinformation.
ADmad.
Chris Valliere.
Dmitrii Romanov.
Edgaras Janu?auskas.
Mark Scherer.
Mark Story.
Robert Pustu?ka.
saeideng.
2.10.420 Oct 2017 09:25
minor feature:
Email pattern used in CakeEmail now accepts _ in domain names.
Improved API doc blocks.
SQLServer driver now accepts limit values that are numeric strings.
Sessions can now leverage use_trans_sid if necessary.
Hash::sort() can now sort sparse arrays.
JCB credit card pattern has been corrected.
CookieComponent::delete() can now remove deeply nested keys.
Clemens Weiß.
Ionut-Mihai Burlacu.
Koji Tanaka.
LustyRain.
Mark Story.
chinpei215.
kolorafa.
3.5.416 Oct 2017 14:05
minor feature:
3.5.327 Sep 2017 15:45
minor feature:
Http Client now supports protocol relative Location headers.
Improved API documentation for the Query Builder.
Shell help messages when commands are missing are no longer displayed in red.
Dependent deletions in HasMany/HasOne associations now preconditions with the table alias.
Directories created by FileCache are more atomic.
The default locale is now correctly set when the current locale is changed.
CommandRunner now sorts command listings alphabetically.
Cookie objects with array values is now sent JSON encoded. This restores backwards compatibility with CookieComponent.
Validation::url() now accepts URLs that have fragments containing query data.
Router::redirect() now allows the routeClass to be defined.
Email address validation now accepts domain names with _ in them.
Additional constants for join types have been added.
ADmad.
Jeremy Harris.
José Lorenzo Rodríguez.
Littley Lv.
Livia Scapin.
Mark Scherer.
Mark Story.
Patrick Conroy.
Pierre Martin.
Rachman Chavik.
Robert Pustu?ka.
Steffen Brand.
2.10.318 Sep 2017 06:25
minor feature:
Improved API documentation.
Http Client no longer fails to parse cookies with non-standard properties.
CookieComponent configuration is more backwards compatible with previous versions.
PO file parsing now handles po files that have the same message id defined as both a singular and a plural when the singular message is defined after the plural one.
Helper::addClass() no longer emits warnings when class attributes are arrays.
View setter methods now return this instead of void.
RedisEngine increment/decrement now work with infinite timeout keys again.
HtmlHelper::link() now supports the fullBase option.
Text::uuid() will now use random_int if that function is defined.
Deger::highlight() is no longer off by one line.
Cookies added via Http Client::addCookie() now require a path and domain.
ADmad.
Florian Krämer.
Huw Jones.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Robert Pustu?ka.
batopa.
inoas.
ndm2.
supermanner.
3.5.212 Sep 2017 23:05
minor feature:
Improved API documentation.
Http Client no longer fails to parse cookies with non-standard properties.
CookieComponent configuration is more backwards compatible with previous versions.
PO file parsing now handles po files that have the same message id defined as both a singular and a plural when the singular message is defined after the plural one.
Helper::addClass() no longer emits warnings when class attributes are arrays.
View setter methods now return this instead of void.
RedisEngine increment/decrement now work with infinite timeout keys again.
HtmlHelper::link() now supports the fullBase option.
Text::uuid() will now use random_int if that function is defined.
Deger::highlight() is no longer off by one line.
Cookies added via Http Client::addCookie() now require a path and domain.
ADmad.
Florian Krämer.
Huw Jones.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Robert Pustu?ka.
batopa.
inoas.
ndm2.
supermanner.
2.10.203 Sep 2017 06:25
minor feature:
Improved performance of test suites by not truncating tables that were just created.
Web test runner now works with PHPUnit 4.
The hiddenField option on radio buttons now works as documented.
SQLServer driver now emits exceptions when the persistent option is used. This option does not work properly with SQLServer.
SessionHelper now handles stacked flash messages created by FlashComponent.
Jeremy Harris.
Luis Cano.
Mark Story.
Mike Fellows.
Val Bancer.
3.5.129 Aug 2017 06:05
minor feature:
Warnings are now logged when active connections are destroyed with pending transactions.
Hash::remove() correctly handles 0 in path strings now.
Improved API documentation.
Query::notMatching() now works with BelongsToMany associations that use composite primary keys.
DSN string parsing was restored for SqlLocalDB.
compatibility between Collection and Traversable.
Response headers set in view templates using the immutable methods are now output correctly.
Request::clientIp() now reads IPs from the end of the IP chain when trustProxy is enabled.
Xml::build() now default the parseHuge option to false. Previously it was documented as defaulting to false, but was defaulted to true. Disabling this option by default prevents arbitrarily large XML documents from consuming too much memory.
Hash comparisons in Authentication classes now use constant time comparison functions.
FormAuthenticate hashes passwords even when the user is not found as documented. This helps to protect against timing attacks.
The non-PSR7 Dispatcher can send cookies once again.
AssetDispatcher no longer serves files starting with.
The bundled root certificates have been updated to the latest bundle from mozilla. This removes a few untrusted certificate authorities like StartSSL.
Form::setErrors() was added.
ConsoleIntegrationTestCase has new methods added for ensuring stdout/stderr are empty.
HtmlHelper now HTML encodes string URLs for css/javascript/images in case user data is supplied to them.
ADmad.
Ceeram.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Tadahisa MOTOOKA.
chinpei215.
inoas.
3.5.021 Aug 2017 16:05
minor feature:
Scoped Middleware - Middleware can now be conditionally applied to routes in specific URL scopes. This allows you to build specific stacks of middleware for different parts of your application without having to write URL checking code in your middleware.
New Middleware - New middleware was added to apply CSRF tokens, and encrypted cookies.
Improved Console Environment - A new console dispatcher has been added, integrating the Application class into the CLI environment. Integration testing helpers have been added making testing console commands simpler.
Helpful Console Errors - Missing options subcommands now make suggestions of valid options instead of just erroring out.
Cache Engine Fallbacks - Cache engines can now be configured with a fallback key that defines a cache configuration to fall back to if the engine is misconfigured (or unavailable).
Cookie Objects - New Cookie CookieCollection classes have been added. These classes allow you to work with cookies in an object-orientated way.
dotenv Support added to Application Skeleton - The application skeleton now features a 'dotenv' integration making it easier to use environment variables to configure your application.
3.4.1317 Aug 2017 12:25
minor feature:
Added backwards compatibility shim for getMock() on CakeTestCase. This makes upgrading to newer versions of PHPUnit easier.
Model::deleteAll() once again uses recursive=0 by default. This reverts a change done in 2.10.0 that attempted to improve performance of deleteAll().
CakeEmail once again attachs files that define the data key, but no mimetype.
Mark Story.
Val Bancer.
bclay.
3.5.0-RC212 Aug 2017 06:45
minor feature:
Added backwards compatibility shim for getMock() on CakeTestCase. This makes upgrading to newer versions of PHPUnit easier.
Model::deleteAll() once again uses recursive=0 by default. This reverts a change done in 2.10.0 that attempted to improve performance of deleteAll().
CakeEmail once again attachs files that define the data key, but no mimetype.
Mark Story.
Val Bancer.
bclay.
2.10.108 Aug 2017 03:16
minor feature:
Added backwards compatibility shim for getMock() on CakeTestCase. This makes upgrading to newer versions of PHPUnit easier.
Model::deleteAll() once again uses recursive=0 by default. This reverts a change done in 2.10.0 that attempted to improve performance of deleteAll().
CakeEmail once again attachs files that define the data key, but no mimetype.
Mark Story.
Val Bancer.
bclay.
3.4.1202 Aug 2017 05:45
minor feature:
Shell::out() and similar methods once again handle array inputs.
Cake Http Client now raises a 504 HttpException when a timeout occurs.
Improved deprecation comments in API doc blocks.
Cake Http Client response bodies can be read with the PSR7 interface once again.
Improved SQLServer 2008 pagination shims to work when results are ordered by a computed field.
DefaultPasswordHasher now includes the hashCost option as a factor into whether or not a password needs to be rehashed.
IntegrationTestCase now correctly generates form-tampering prevention tokens for requests with query string arguments in the URL string.
Empty translation messages now return the key for messages with no context.
ADmad.
Bernat Arlandis.
David Yell.
Jeremy Harris.
Joris Vaesen.
José Lorenzo Rodríguez.
Marc Würth.
Mark Scherer.
Mark Story.
Mike Fellows.
Owen Gerrard.
antograssiot.
saeid.
3.5.0-RC127 Jul 2017 11:45
minor feature:
Schema reflection now handles CURRENT_TIMESTAMP() as a default value from MariaDB.
Pagination with TranslateBehavior and NOT expressions now works as expected.
The default application includes composer scripts like the application skeleton in 3.x does.
Test stability under MySQL 5.7 has been improved.
Shell commands now display an error when unknown options are used. This feature was backported from 3.x.
Koji Tanaka.
Kurre Ståhlberg.
Mark Story.
Val Bancer.
2.10.023 Jul 2017 21:25
minor feature:
Schema reflection now handles CURRENT_TIMESTAMP() as a default value from MariaDB.
Pagination with TranslateBehavior and NOT expressions now works as expected.
The default application includes composer scripts like the application skeleton in 3.x does.
Test stability under MySQL 5.7 has been improved.
Shell commands now display an error when unknown options are used. This feature was backported from 3.x.
Koji Tanaka.
Kurre Ståhlberg.
Mark Story.
Val Bancer.
3.4.1119 Jul 2017 09:45
minor feature:
FormHelper will now use the default value for undefined indexes in entity fields with array values.
marshalling time data when locale parsing is enabled and the time format looks like a float.
a regression in ConsoleIo::overwrite() introduced in 3.4.10.
Plural messages with '' as their value now fallback to the singular message id. This makes plural messages consistent with other translations.
ADmad.
David Yell.
Ian den Hartog.
Iandenh.
José Lorenzo Rodríguez.
Mark Story.
Niklas Rother.
Robert Pustu?ka.
kicaj.
3.4.1010 Jul 2017 09:45
minor feature:
Sessions now work with trans_sid enabled.
Inspecting queries with Xdeno longer causes lastInsertId() to return the incorrect results.
Validation error messages when Email addresses are invalid are more helpful now.
FormHelper can now read values from entity properties that implement ArrayAccess.
ConsoleIo::overwrite() can now overwrite long content with shorter content correctly.
Several compatibility with PHP 7.2 were.
Digest Authentication can now compare the digest hash even when the field is hidden in the entity.
Associations contained in beforeFind events are now retained on cloned queries.
MO file parsing correctly handles Plural-Forms: nplurals=1; plural=0;.
Http Client now handles redirects instead of the Stream adapter handling them. This resolves an where cookies sent in intermediary responses were not being forwarded in subsequent requests.
The validation package no longer has a hard dependency on cakephp/i18n.
ADmad.
Cees-Jan Kiewiet.
Clemens Weiß.
Daniel Opitz.
José Lorenzo Rodríguez.
Mark Story.
Michael Hoffmann.
Mike Fellows.
Robert Pustu?ka.
nojimage.
2.10.0-RC130 Jun 2017 11:05
minor feature:
RedisEngine now uses multiple delete operations when clearing keys. This resolves a compatibility with redis cluster.
Plugin tures in sub-directories can now be used as documented.
Query::contain() on HasMany associations with a finder option now works as expected.
IntegrationTestCase now simulates the correct environment variables enabling getRequestTarget() to work as expected.
Deger::excerpt() can now be used on the last line in a file.
An incompatibility introduced in PHPUnit 5.7.21 and CakePHP's forwards compatibility shims has been resolved.
ADmad.
Bryan Crowe.
Jeremy Harris.
José Lorenzo Rodríguez.
Marc Würth.
Mark Story.
Michael Hoffmann.
h-moriya.
ndm2.
3.4.926 Jun 2017 15:25
minor feature:
RedisEngine now uses multiple delete operations when clearing keys. This resolves a compatibility with redis cluster.
Plugin tures in sub-directories can now be used as documented.
Query::contain() on HasMany associations with a finder option now works as expected.
IntegrationTestCase now simulates the correct environment variables enabling getRequestTarget() to work as expected.
Deger::excerpt() can now be used on the last line in a file.
An incompatibility introduced in PHPUnit 5.7.21 and CakePHP's forwards compatibility shims has been resolved.
ADmad.
Bryan Crowe.
Jeremy Harris.
José Lorenzo Rodríguez.
Marc Würth.
Mark Story.
Michael Hoffmann.
h-moriya.
ndm2.
3.4.820 Jun 2017 06:05
minor feature:
2.9.926 May 2017 11:05
minor feature:
Basic Authentication now reads the Authorization header if present. This improves compatibility with FastCGI.
Improved API documentation.
Marc Würth.
Mark Scherer.
Mark Story.
Nicola Beghin.
3.4.721 May 2017 03:16
minor feature:
Improved API documentation for deprecated methods.
Translations now return the key name when a message has both a context, and a blank translated value.
Nested request body parameters no longer trigger errors in the Oauth1 client authentication adapter.
IntegrationTestCase::enableRetainFlashMessages() was added. By using this method you can assert flash messages using assertSession().
Validation::hexColor() was added.
Pagination queries with nested matching() calls no longer emit invalid SQL.
ADmad.
David Yell.
Ian den Hartog.
Jeremy Harris.
Mark Scherer.
Mark Story.
Michael Hoffmann.
chinpei215.
mehdi fathi.
3.4.603 May 2017 05:45
minor feature:
The CSRF and Security token fields now have autocomplete=off. This resolves a problem with the back button in new versions of Safari.
The SQLServer driver now supports more connection options.
Improved API documentation.
tureManager always uses connection aliases now. This prevents accidentally using the live connection when the test connection has not been defined.
Translation packages can initialize from cache files created in 3.3 without errors now.
the conjugation of conditions by and*() and or*(). Previously and*() methods appended conditions, while or*() methods prepended them.
ADmad.
Joep Roebroek.
José Lorenzo Rodríguez.
Marc Würth.
Mark Scherer.
Mark Story.
Michael Hoffmann.
Sohel Rana.
Stephan Meyer.
Travis Rowland.
lilHermit.
mehdi fathi.
ndm2.
saeid.
2.9.822 Apr 2017 03:16
minor feature:
Support for TLS 1.2 was added to CakeSocket. Using newer TLS versions requires PHP5.6 or greater.
The CSRF and Security token fields now have autocomplete=off. This resolves a problem with the back button in new versions of Safari.
ControllerTestCase::testAction() now works as expected when App.base is set.
Validation::notEmpty() accepts -0.0 as it does on 3.x.
Livia Scapin.
Marc Würth.
Marcin Stramek.
Mark Story.
ndm2.
3.3.1607 Apr 2017 06:25
minor feature:
a fatal error in Http Client Request caused by Diactoros 1.4.0, which contains an incompatiblily CakePHP's use case.
2.9.702 Apr 2017 17:05
minor feature:
Router::reverseToArray() was added. This new method allows you to get the
URL parameters from a request that would let you generate the request's URL
again with Router::url().
CakeSchema no longer adds an additional id column to tables when
reflecting schema of tables with non-conventional primary keys, and not using
the defined model classes.
The error class used by FormHelper::input() can be customized with theerrorClass option.
Hash::filter() no longer removes values of 0.0.
AuthComponent::logout() now removes the active user data used by stateless
authenticators.
Latvian and Hungarian locale names were corrected.
Henrik Gemal.
Koji Tanaka.
Mark Story.
Mark van Driel.
Sébastien Barré.
Val Bancer.
3.4.429 Mar 2017 09:25
minor feature:
Hash::filter() no longer removes 0.0.
Error messages now include file and line numbers more often.
Logging now handles string scopes more consistently.
The ORM no longer emits errors when an association's alias does not match the linked table's alias. This allows you to leverage the targetTable option in associations to make association names that do not need to match the linked table.
HtmlHelper::scriptStart() not longer emits CDATA blocks by default anymore. This makes scriptStart() consistent with script().
TranslateBehavior::translationField() returns standard table alias for default locale.
Improved API documentation.
Allow getting configured datetime class for Type class.
ADmad.
José Lorenzo Rodríguez.
Koji Tanaka.
Mark Scherer.
Mark Story.
Robert Pustu?ka.
Roberto Maldonado.
Sevvlor.
chinpei215.
inoas.
saeid.
saeideng.
ypnos-web.
3.4.311 Mar 2017 16:25
minor feature:
Query::rowCountAnd() was added enabling you to get a rowcount and a statement in a single method. This is intended to be used with delete and update queries.
ServerRequest now correctly handles _FILES when the keys are out of order.
Newlines in the confirm messages created by FormHelper are now preserved.
The showHtml argument of dd() is now used.
CLI commands can now return integers to indicate errors.
Response::withStringBody() was added making it easier to create responses with simple string bodies.
The lib-ICU version requirement was removed. It was causing installation for many users on windows.
The elipsis in PaginatorHelper::numbers() always replaces more than one page now. Previously it would sometimes replace only a single page.
cake routes generate now parses boolean arguments.
Incorrect attributes in the XML help for CLI commands have been.
HtmlHelper::meta() now accepts the block option in the custom meta tag array data.
In a nested transaction when a rollback is followed by a commit, an exception is now raised as the entire transaction must be aborted when save points are not being used. The previous behavior could result in operations following the first rollback to succeed as they ran in a standalone transaction.
Error handling now always includes the file name and line number.
Entity::setVirtual() and Entity::setHidden() now merge non-associative array arguments when called multiple times with the merge parameter.
TranslateBehavior's allowEmptyTranslations option no longer creates orphaned records when translated text is empty.
Text::highlight() now has a limit option.
TableSchema::removeColumn() was added.
ADmad.
Brady Pacha.
David Yell.
Dmitrii Romanov.
Edgaras Janu?auskas.
José Lorenzo Rodríguez.
Koji Tanaka.
Manuel1948.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Michael Hoffmann.
antograssiot.
chinpei215.
inoas.
macnie.
saeid.
2.9.602 Mar 2017 10:25
minor feature:
Improved API documentation.
Added Validation::minLengthByte() and Validation::maxLengthBytes()
.
Allow false/true to be read as keys in Hash::get().
Exit early when SMTP connections are disconnected on the remote side. This prevents
the SmtpTransport from waiting until the read timeout is reached.
FormHelper to work better with numeric optgroup labels.
José Lorenzo Rodríguez.
Livia Scapin.
Mark Sch.
Mark Story.
Mischa ter Smitten.
Mponos George.
chinpei215.
kanonji.
3.4.225 Feb 2017 15:45
minor feature:
Improved API documentation.
The association option has been restored to the Model.beforeMarshal event.
missing compatibility aliases to allow compatibility with both PHPUnit 5.7 and PHPUnit 6.
a memory leak in the ORM EagerLoader.
Restored Event:: result the magic methods were not fully backwards compatible.
Improved EntityTrait::__deInfo() to show fields that are not accessible.
ServerRequest::getQuery(null) now returns the complete query data.
Sessions now have an id in CLI environments.
Controller actions with passed parameters no longer emit errors when route keys are converted into passed parameters.
ADmad.
David Yell.
José Lorenzo Rodríguez.
Marc Würth.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Michael Hoffmann.
antograssiot.
chinpei215.
saeideng.
sohelrana820.
3.4.121 Feb 2017 18:05
minor feature:
CounterCacheBehavior had an ignoreCounterCache option added, allowing you to disable counter updates on save.
Table::saveOrFail() and Table::deleteOrFail() were added. These methods allow you to perform save/delete operations that raise exceptions on failure instead of returning false.
Support for PHPUnit 6 was added. Currently only composer based installation of PHPUnit 6 is supported.
Helper::getView() was added.
Urlencoded URLs are once again matched correctly.
InflectedRoute routes using HTTP method conditions work again.
Association duplicate alias detection is more relaxed and accepts sub-classes.
Mailer Email no longer waits until the socket timeout when an SMTP server disconnects early.
BelongsToMany::foreignKey() no longer incorrectly returns this when modifying the key.
Strings that contain only whitespace are now correctly output by de().
ADmad.
Eric Büttner.
Florian Krämer.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Michael.
Michael Hoffmann.
Oxicode.
Paolo Cuffiani.
Robert Pustu?ka.
Walther Lalk.
antograssiot.
chinpei215.
inoas.
3.4.017 Feb 2017 23:45
minor feature:
The CakePHP Request Response objects now implement the complete set of PSR-7 interface methods. This allows you to use one set of methods every where in your application and leverage libraries that work on PSR-7 compliant objects.
Routes now support a _host option allowing you to match URLs on specific domains.
Collection::chunkWithKeys() allows you to split a collection into chunks and preserve the keys for those chunks.
Email messages can have their priority set.
FormHelper can now read default data out of the query string making GET forms simple to build.
3.3.1513 Feb 2017 09:25
minor feature:
Improved API documentation types.
QueryLogger no longer strips and when re-creating SQL queries.
Custom attributes can be passed down to checkboxes and radio buttons now.
Added labelOptions for multi-checkbox/radio widgets, enabling these widgets to have additional attributes defined on the label elements through the labelOptions key.
Whitespace before text inside HTML tags no longer causes assertHtml() to fail.
Bryan Crowe.
Edgaras Janu?auskas.
José Lorenzo Rodríguez.
Marc Würth.
Mark Scherer.
Mark Story.
lilHermit.
3.3.1409 Feb 2017 16:45
minor feature:
ValueBinder::placeholder() now works as documented when anonymous placeholders are used.
Caching result sets on PHP 7.1.1 works again. There was an incompatibility due to a change in how SplArray was unserialized.
Validation::notBlank() now works with float 0.
Collection::transpose() with different number of columns and rows now works as expected.
The 'toggle vendor stack frames' links on error pages now work.
Session destruction now works properly using the cache engine and memcached.
Email log headers and body are separated by a new line.
Cory Thompson.
Edgaras Janu?auskas.
Joep Roebroek.
Johan Meiring.
José Lorenzo Rodríguez.
Mark Story.
Mathew Foscarini.
Rodrigo moyle.
antograssiot.
3.4.0-RC405 Feb 2017 16:05
minor feature:
When sending a Client request through a proxy, the URI is now in an absolute form.
Query::update() now raises an error when an invalid parameter is passed.
Mailers are now reset when sending an email raises an exception.
Improved error messages when associations are missing primary keys.
Validator::multipleOptions no longer ignores the caseInsensitive option.
HasMany::link() now updates all records in a single transaction.
The nestedInput option in FormHelper::input() no longer appears as an attribute.
TestCase::assertHtml() accepts whitespace before a closing tag.
Improved API documentation.
Added support for the parseHuge option in Xml::build().
ADmad.
Bernat Arlandis.
Ceeram.
Cory Thompson.
Dmitrii Romanov.
Gareth Ellis.
Henrik Gemal.
José Lorenzo Rodríguez.
Marc Würth.
Mark Story.
Ross Chater.
Yves P.
lilHermit.
ndm2.
3.3.1331 Jan 2017 14:25
minor feature:
When sending a Client request through a proxy, the URI is now in an absolute form.
Query::update() now raises an error when an invalid parameter is passed.
Mailers are now reset when sending an email raises an exception.
Improved error messages when associations are missing primary keys.
Validator::multipleOptions no longer ignores the caseInsensitive option.
HasMany::link() now updates all records in a single transaction.
The nestedInput option in FormHelper::input() no longer appears as an attribute.
TestCase::assertHtml() accepts whitespace before a closing tag.
Improved API documentation.
Added support for the parseHuge option in Xml::build().
ADmad.
Bernat Arlandis.
Ceeram.
Cory Thompson.
Dmitrii Romanov.
Gareth Ellis.
Henrik Gemal.
José Lorenzo Rodríguez.
Marc Würth.
Mark Story.
Ross Chater.
Yves P.
lilHermit.
ndm2.
2.9.527 Jan 2017 16:25
minor feature:
query string parsing on requestAction(). This a long standing
that resulted in query strings being doubled in requestAction() URLs.
FlashHelper::render() can now render default messages created by.
SessionComponent.
Add support for the parseHuge option in Xml::build().
Error messages if PHP's mail() function fails are now accurate.
Added support for the 'ru-ru' locale.
Built-in server now accepts query string parameters for the base path.
Bernat Arlandis.
Henrik Gemal.
José Lorenzo Rodríguez.
Mark Story.
Markus Bauer.
chinpei215.
3.4.0-RC323 Jan 2017 11:25
minor feature:
Improve return types compatiblity with PHPStorm in doc blocks.
Routes with _host options now use that option when generating URLs.
Aura.Intl version was raised to 3.0.
missing uploaded files in Request objects.
strict errors raised when Cake Database Schema Table is used as a typehint.
Query::update() raises an error when an invalid parameter is passed.
Mailers are now reset when sending an email raises an exception.
Improved error messages when associations are missing primary keys.
Validator::multipleOptions no longer ignores the caseInsensitive option.
ADmad.
Bernat Arlandis.
Cory Thompson.
Henrik Gemal.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Ross Chater.
3.4.0-RC219 Jan 2017 16:25
minor feature:
HasMany Associations and a replace save strategy and conditions work more often now as table aliases are stripped from generated conditions.
TextHelper::autoLinkUrls() now links more URLs correctly.
Postgres schema reflection now extracts precision and scale from NUMERIC and DECIMAL columns.
Headers set with setHeader() now overwrite those in _SERVER when requests are transformed into CakePHP requests.
Table output in CLI tools now correctly handles empty strings when calculating widths.
Hash::maxDimensions() correctly calculates dimensions when the first element is false.
A plural message was used with __() an array would be returned which is never right.
When an unknown context is used the __x() method fails.
Datetime validation no longer emits errors when non-datetime objects are passed in.
CLI commands can now accept an argument multiple times by setting the multiple option on an argument.
The ignoreDirty option was added to CounterCacheBehavior which enables ignoring counter cache fields from being updated.
Add dd() as quick alternative for de(); die();.
ADmad.
Christian Winther.
DaVinciEngineer.
José Lorenzo Rodríguez.
Koen Brouwer.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Michael Hoffmann.
Michael Underwood.
Robert Pustu?ka.
Yves P.
ndm2.
yutmr.
3.4.0-RC116 Jan 2017 00:05
minor feature:
HasMany Associations and a replace save strategy and conditions work more often now as table aliases are stripped from generated conditions.
TextHelper::autoLinkUrls() now links more URLs correctly.
Postgres schema reflection now extracts precision and scale from NUMERIC and DECIMAL columns.
Headers set with setHeader() now overwrite those in _SERVER when requests are transformed into CakePHP requests.
Table output in CLI tools now correctly handles empty strings when calculating widths.
Hash::maxDimensions() correctly calculates dimensions when the first element is false.
A plural message was used with __() an array would be returned which is never right.
When an unknown context is used the __x() method fails.
Datetime validation no longer emits errors when non-datetime objects are passed in.
CLI commands can now accept an argument multiple times by setting the multiple option on an argument.
The ignoreDirty option was added to CounterCacheBehavior which enables ignoring counter cache fields from being updated.
Add dd() as quick alternative for de(); die();.
ADmad.
Christian Winther.
DaVinciEngineer.
José Lorenzo Rodríguez.
Koen Brouwer.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Michael Hoffmann.
Michael Underwood.
Robert Pustu?ka.
Yves P.
ndm2.
yutmr.
3.3.1215 Jan 2017 06:25
minor feature:
HasMany Associations and a replace save strategy and conditions work more often now as table aliases are stripped from generated conditions.
TextHelper::autoLinkUrls() now links more URLs correctly.
Postgres schema reflection now extracts precision and scale from NUMERIC and DECIMAL columns.
Headers set with setHeader() now overwrite those in _SERVER when requests are transformed into CakePHP requests.
Table output in CLI tools now correctly handles empty strings when calculating widths.
Hash::maxDimensions() correctly calculates dimensions when the first element is false.
A plural message was used with __() an array would be returned which is never right.
When an unknown context is used the __x() method fails.
Datetime validation no longer emits errors when non-datetime objects are passed in.
CLI commands can now accept an argument multiple times by setting the multiple option on an argument.
The ignoreDirty option was added to CounterCacheBehavior which enables ignoring counter cache fields from being updated.
Add dd() as quick alternative for de(); die();.
ADmad.
Christian Winther.
DaVinciEngineer.
José Lorenzo Rodríguez.
Koen Brouwer.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Michael Hoffmann.
Michael Underwood.
Robert Pustu?ka.
Yves P.
ndm2.
yutmr.
3.4.0-beta411 Jan 2017 02:05
minor feature:
Xml::fromArray() now serialized '0' correctly.
Http Client Response::getStatusCode() now returns integers, instead of strings.
RequestHandler:: ajaxLayout is now deprecated. Previously undocumented, this property will be removed in 4.0.0.
Improved API documentation.
Validation::(min max)LengthBytes() were added. These methods let you check the number of bytes in a value where as (min max)Length() let you check the number of characters.
The Form library is now offered as a standalone package.
ADmad.
Bryan Crowe.
Ceeram.
Koji Tanaka.
Marc Würth.
Mark Scherer.
Mark Story.
Mirko Pagliai.
Mischa ter Smitten.
gregs.
3.4.0-beta306 Jan 2017 07:05
minor feature:
Xml::fromArray() now serialized '0' correctly.
Http Client Response::getStatusCode() now returns integers, instead of strings.
RequestHandler:: ajaxLayout is now deprecated. Previously undocumented, this property will be removed in 4.0.0.
Improved API documentation.
Validation::(min max)LengthBytes() were added. These methods let you check the number of bytes in a value where as (min max)Length() let you check the number of characters.
The Form library is now offered as a standalone package.
ADmad.
Bryan Crowe.
Ceeram.
Koji Tanaka.
Marc Würth.
Mark Scherer.
Mark Story.
Mirko Pagliai.
Mischa ter Smitten.
gregs.
3.4.0-beta202 Jan 2017 18:25
minor feature:
Xml::fromArray() now serialized '0' correctly.
Http Client Response::getStatusCode() now returns integers, instead of strings.
RequestHandler:: ajaxLayout is now deprecated. Previously undocumented, this property will be removed in 4.0.0.
Improved API documentation.
Validation::(min max)LengthBytes() were added. These methods let you check the number of bytes in a value where as (min max)Length() let you check the number of characters.
The Form library is now offered as a standalone package.
ADmad.
Bryan Crowe.
Ceeram.
Koji Tanaka.
Marc Würth.
Mark Scherer.
Mark Story.
Mirko Pagliai.
Mischa ter Smitten.
gregs.
3.3.1129 Dec 2016 10:05
minor feature:
Xml::fromArray() now serialized '0' correctly.
Http Client Response::getStatusCode() now returns integers, instead of strings.
RequestHandler:: ajaxLayout is now deprecated. Previously undocumented, this property will be removed in 4.0.0.
Improved API documentation.
Validation::(min max)LengthBytes() were added. These methods let you check the number of bytes in a value where as (min max)Length() let you check the number of characters.
The Form library is now offered as a standalone package.
ADmad.
Bryan Crowe.
Ceeram.
Koji Tanaka.
Marc Würth.
Mark Scherer.
Mark Story.
Mirko Pagliai.
Mischa ter Smitten.
gregs.
2.9.425 Dec 2016 12:25
minor feature:
The hu-HU and lv-LV locales were added.
Errors are no longer emitted when operating on corrupted cookie data.
redirectUrl when loginRedirect is empty.
missing HTML encoding when error messages contain HTML. This can happen when user data is used as an offset in an array in an unchecked way. Thanks to Teppei Fukuda for reporting this via the responsible security disclosure process.
TreeBehavior no longer invokes its own methods indirectly via the Model proxy method.
Xml::fromArray() now correctly serializes '0'.
Henrik Gemal.
Mark Story.
chinpei215.
domingues.
3.3.1013 Dec 2016 12:25
minor feature:
Literal in string template variables no longer cause errors.
Query Logging now correctly replaces placeholders for IN clauses.
BreadcrumbsHelper::render() now returns '' when there are no crumbs. This makes its return type consistent in all cases.
MissingHelper errors raised when rendering an error page, no longer cause a blank page response.
PaginatorComponent now caps the limit option to the maxLimit option if both are specified.
All SQL dialects now correctly generate default values for DATETIME and TIMESTAMP columns for values other than CURRENT_TIMESTAMP.
Deger now HTML encodes error message contents. Previously, applications running in demode could be vulnerable to reflected cross-site-scripting (XSS) in some scenarios. Thank you to Teppei Fukuda for reporting this via the security disclosure process.
FlashComponent now supports a duplicate option. When disabled, this option will prevent duplicate messages from being set.
IntegrationTestCase::assertResponseRegExp() and.
IntegrationTestCase::assertResponseNotRegExp() were added.
MissingElementException provides more context now.
ADmad.
Alex Bogdanov.
Cees-Jan Kiewiet.
JayPHP.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Mirko Pagliai.
Yasuaki Hamano.
gregs.
2.9.301 Dec 2016 21:05
minor feature:
The constructor of AclNode now lets you pass in an alias when instances are created via ClassRegistry::init().
A regression introduced in 2.9.1 where bootstrap files would not be correctly processed preventing bake from creating new applications.
PagesController no longer allows.. in paths allowing other view templates to be loaded potentially causing application errors.
Shell commands now accept the --webroot CLI parameters allowing you to customize the path to your application's webroot directory if necessary.
Cache::engine() was backported from 3.x.
DboSource now supports hook methods for customizing how the method cache works.
Marc Würth.
Mark Sch.
Mark Story.
Mischa ter Smitten.
Val Bancer.
chinpei215.
3.1.1427 Nov 2016 07:25
minor feature:
An invalid option was removed from JsonView.
ShellDispatcher now logs fewer warnings about duplicate shells when delogging is enabled.
The exception message raised when an ORM update fails due to missing primary key values has been improved.
Xml::toArray() no longer errors on tag names that match application class names.
Console errors no longer include duplicate tags when invalid options are used.
Improved API documentation for return parameter types.
Router no longer parses extensions in a greedy way.
Route key elements can now be a single character.
BreadCrumbsHelper was added. This helper offers and improved API over the existing breadcrumb features offered by HtmlHelper.
Cake Network Response now features a __deInfo() method.
ADmad.
David Yell.
Guillaume "Elektordi" Genty.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Walther Lalk.
Yves P.
chinpei215.
luke83.
3.3.922 Nov 2016 19:45
minor feature:
An invalid option was removed from JsonView.
ShellDispatcher now logs fewer warnings about duplicate shells when delogging is enabled.
The exception message raised when an ORM update fails due to missing primary key values has been improved.
Xml::toArray() no longer errors on tag names that match application class names.
Console errors no longer include duplicate tags when invalid options are used.
Improved API documentation for return parameter types.
Router no longer parses extensions in a greedy way.
Route key elements can now be a single character.
BreadCrumbsHelper was added. This helper offers and improved API over the existing breadcrumb features offered by HtmlHelper.
Cake Network Response now features a __deInfo() method.
ADmad.
David Yell.
Guillaume "Elektordi" Genty.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Mathew Foscarini.
Walther Lalk.
Yves P.
chinpei215.
luke83.
2.9.211 Nov 2016 03:45
minor feature:
You can now enable callbacks on components used by components by setting the enabled option to true.
formatResults callbacks attached to BelongsToMany Associations now fire as they should.
ResponseEmitter no longer calls a missing method on Log.
TranslateBehavior no longer creates translation records for the default locale. This was a regression introduced in 3.3.7.
column SQL generation nullable column with default values.
Options passed to Table::validateUnique() are now passed to the generated rule object.
Improved API documentation.
ADmad.
Ceeram.
Hugh Downer.
Jeremy Harris.
José Lorenzo Rodríguez.
Marc Würth.
Mark Story.
Mathew Foscarini.
dereuromark.
3.3.729 Oct 2016 07:05
minor feature:
Http Client no longer sets the Content-Type header on all requests. Instead if there is no request data, the Content-Type header is not sent.
New Entities that contain only translated records now persist correctly.
JsonView no longer hard fails on INF and NAN values. Instead these values are replaced with '0'.
'' is now an accepted key in both Session and Hash::get() operations.
Time objects can now have their JSON encode format set to Time::UNIX_TIMESTAMP_FORMAT.
FormHelper::create() now supports the 'enctype' and 'method' options.
Routing now supports multi-extensions like '.csv.gz'.
Composer scripts were added to make running tests and linting easier.
Andrew LeCody.
Johan Meiring.
Walther Lalk.
inoas.
Mark Story.
Andrej Griniuk.
lilHermit.
José Lorenzo.
thinkingmedia.
3.3.615 Oct 2016 07:25
minor feature:
The ORM will now correctly handle complex types like datetimes in where conditions for associations that are joined with joinWith(), innerJoinWith(), matching() and notMatching().
View Cells now include the template and action name when generating cache keys. This incorrect cached content from being displayed.
When autoFields are disabled 1:1 associated records will now be hydrated as an empty object.
The associations generated by BelongsToMany associations now preserve the loading strategy defined in the root association.
A double URL encoding on cookie values emitted by the PSR7 HTTP stack. This resulted in encrypted cookies not being readable.
TestCase::getMockForModel() now correctly sets plugin model aliases.
RoutingMiddleware sets the request method based on the _method request data parameter.
SqlServer handles default values with N prenow.
Improved API documentation.
The ajaxLogin of AuthComponent is now deprecated.
PaginatorHelper supports escape = false in more methods.
PaginatorHelper::generateUrl() was added.
HtmlHelper::meta() can now create canonical, next and prev tags.
ADmad.
Gareth Ellis.
Hari K T.
Johan Meiring.
Jorge Alberto Cricelli.
José Lorenzo Rodríguez.
Marc Wilhelm.
Marc Ypes.
Mark Story.
Robert Pustu?ka.
Walther Lalk.
chinpei215.
cjquinn.
dereuromark.
inoas.
phongkt.
saeid.
thinkingmedia.
2.9.111 Oct 2016 11:25
minor feature:
Regressions in FormHelper SecurityComponent token generation were.
A number of plugins and applications were relying on CakePHP to autoload Object which it now does again.
Length detection for ENUM columns was.
Schema generation now omits table names that would result in invalid property names.
The default flash template had incorrect content removed.
Model::query() now defaults the cache argument to Model:: cacheQueries.
Andrej Griniuk.
David Maicher.
José Lorenzo Rodríguez.
Mark Sch.
Mark Story.
Mischa ter Smitten.
3.3.530 Sep 2016 09:45
minor feature:
__xn, __dx and __dxn support variadic arguments now.
An incompatibility in Response::body(callable) PSR7 stack was.
Improved API docs resolving warnings in PHPStorm and other IDEs.
Checkbox inputs now support the escape option.
Translations that result in '' no longer throws an exception.
EventManager::__deInfo() is more accurate.
notMatching() without query builder callback triggering an error.
Clean primary entity after Model.afterSaveCommit is triggered. Previously primary entity was being cleaned too early and callbacks for Model.afterSaveCommit were useless if one wanted to acccess original state.
The ErrorHandlerMiddleware now logs errors as ErrorHandler would.
Requests with an invalid HTTP protocol version no longer fatally error. Instead they return a 400 HTTP status code.
Redirect Routes now work as expected for applications in subdirectories using the PSR7 HTTP stack.
DispatchFilters now receive events when exceptions are rendered again.
Session regeration now works as expected with the database adapter, and PHP7+.
Very large decimal values can now be used in database operations withouth losing precision now.
RouteBuilder::nameExists() was added. This method allows you to check the existence of named routes.
Collection:cartesianProduct() was added.
View::element() now supports plugin = false as an option to disable automatic plugin element rendering.
imageSize, imageHeight and imageWidth methods were added to Validation. These methods let you validate uploaded image file sizes without requiring additional extensions.
Improved API docs.
ADmad.
Alexandros Solanos.
Bryan Crowe.
Cees-Jan Kiewiet.
David Yell.
Florian Krämer.
Jad Bitar.
Jose Diaz-Gonzalez.
José Lorenzo Rodríguez.
Mark Story.
Mirko Pagliai.
mscherer.
Pedro Tanaka.
Thinking Media.
chinpei215.
hashmode.
ndm2.
3.3.425 Sep 2016 04:25
minor feature:
__xn, __dx and __dxn support variadic arguments now.
An incompatibility in Response::body(callable) PSR7 stack was.
Improved API docs resolving warnings in PHPStorm and other IDEs.
Checkbox inputs now support the escape option.
Translations that result in '' no longer throws an exception.
EventManager::__deInfo() is more accurate.
notMatching() without query builder callback triggering an error.
Clean primary entity after Model.afterSaveCommit is triggered. Previously primary entity was being cleaned too early and callbacks for Model.afterSaveCommit were useless if one wanted to acccess original state.
The ErrorHandlerMiddleware now logs errors as ErrorHandler would.
Requests with an invalid HTTP protocol version no longer fatally error. Instead they return a 400 HTTP status code.
Redirect Routes now work as expected for applications in subdirectories using the PSR7 HTTP stack.
DispatchFilters now receive events when exceptions are rendered again.
Session regeration now works as expected with the database adapter, and PHP7+.
Very large decimal values can now be used in database operations withouth losing precision now.
RouteBuilder::nameExists() was added. This method allows you to check the existence of named routes.
Collection:cartesianProduct() was added.
View::element() now supports plugin = false as an option to disable automatic plugin element rendering.
imageSize, imageHeight and imageWidth methods were added to Validation. These methods let you validate uploaded image file sizes without requiring additional extensions.
Improved API docs.
ADmad.
Alexandros Solanos.
Bryan Crowe.
Cees-Jan Kiewiet.
David Yell.
Florian Krämer.
Jad Bitar.
Jose Diaz-Gonzalez.
José Lorenzo Rodríguez.
Mark Story.
Mirko Pagliai.
Pedro Tanaka.
Thinking Media.
chinpei215.
hashmode.
ndm2.
2.9.020 Sep 2016 13:05
minor feature:
The Object class has been deprecated due to upcoming PHP7 collisions. It has been renamed to CakeObject to avoid collisions with new PHP reserved words.
AuthComponent::user() now makes the user data available when using stateless authentication adapters.
DboSource::flushQueryCache() was added to allow more fine-grained control of query result caching when enabled.
The log messages created by ErrorHandler can now be more easily customize in subclasses.
Additional mime-types for 'jsonapi', and 'psd' were added.
Time Datetime inputs no longer set a maxlength attribute when rendered as 'text' input types.
2.8.817 Sep 2016 02:05
minor feature:
CakeTestCase::getMockForModel() no longer fails when when models interact with their data source in the constructor.
A regression in FormHelper related to security tokens and applications in sub-directories was.
José Lorenzo Rodríguez.
Mark Story.
2.8.712 Sep 2016 06:25
minor feature:
CakeRequest::header() can now read the Authorization header when it is set by fast-cgi.
TestShell now supports the --coverage-text option.
Folder::inPath() now only accepts absolute paths. It previously had ambiguous behavior when relative paths were used.
Mysql::insertMulti() now performs better, as all rows are inserted in one query.
FormHelper now generates security tokens correctly when.
AppHelper::url() injects parameters into generated URLs.
FormHelper::submit() now supports the confirm option.
Hash::sort() now supports sorting by the current locale.
CaketureManager will only truncate tables if tables are not being dropped between test methods.
Kenya Yamaguchi.
Marc Würth.
Mark van Driel.
Sebastien Barre.
Val Bancer.
mark_story.
mscherer.
ndm2.
nojimage.
2.9.0-RC107 Sep 2016 14:45
minor feature:
The Object class has been deprecated due to upcoming PHP7 collisions. It has been renamed to CakeObject to avoid collisions with new PHP reserved words.
AuthComponent::user() now makes the user data available when using stateless authentication adapters.
DboSource::flushQueryCache() was added to allow more fine-grained control of query result caching when enabled.
The log messages created by ErrorHandler can now be more easily customized in subclasses.
Additional mime-types for 'jsonapi', and 'psd' were added.
Time Datetime inputs no longer set a maxlength attribute when rendered as 'text' input types.
Gareth Ellis.
Jorge González.
José Lorenzo Rodríguez.
Kenya Yamaguchi.
Marc Würth.
Mark Story.
Mark van Driel.
Sebastien Barre.
chinpei215.
mark_story.
mscherer.
ndm2.
nojimage.
schrolli.
3.3.303 Sep 2016 09:45
minor feature:
HasMany::unlink() no longer emits errors when an empty list is provided.
The global event manager now tracks events when the local event manager does not have tracking enabled.
Selecting SQL computed fields in contained associations no longer emits warnings in PHP7.
Redirect routes work correctly once again. Previously the beforeDispatch event was not stopped causing errors.
Folder::inPath() now only accepts absolute paths. It previously had ambiguous behavior when relative paths were used.
TestCase::getMockForModel() now ensures that generated mocks have the correct table name.
EntityTrait::clean() now resets the original value states.
Marshalling no longer marks unchanged null values as dirty.
Numeric column names are now correctly quoted when identifier quoting is enabled.
Improved API docs in the ORM and Database packages.
Cake TestSuite EmailAssertTrait was added. This trait makes it easier to to write tests for Mailer classes.
Hash::sort() now supports sorting by the current locale.
FormHelper::create() now supports the templateVars option.
ADmad.
Alexandros Solanos.
Benjamin Tamási.
Jad Bitar.
Jeremy Harris.
José Lorenzo Rodríguez.
Mark Scherer.
Mark Story.
Nick Busey.
Thinking Media.
mscherer.
ndm2.
3.3.225 Aug 2016 11:05
minor feature:
Session cookies are now only sent by the PSR7 stack when the session is active.
Content-Type headers emitted from the PSR7 stack now include the charset.
Mark Story.
3.3.120 Aug 2016 20:25
minor feature:
AssetFilter now interacts properly with PSR7 based applications.
Cookie decryption when using the PSR7 stack now works properly.
Regressions around marshalling associated data have been.
All associations now marshall correctly when TranslateBehavior is enabled.
BelongsToMany _joinData records with complex properties now hydrate correctly again when loaded with find().
Request::is() no longer caches results. This an where parameterized detectors would return cached results when parameters are different.
CakeEmail::deliver() correctly uses default as the default transport configuration instead of 'fast'.
MiddlewareStack::insertAt() behaves correctly when adding non-Closure based middleware.
Dispatcher filters are not doubly invoked when an application uses the PSR7 HTTP stack and dispatcher filters.
CrossSchemaTableExpression and automatic cross database join preing has been removed. This was a new feature in 3.3.0 that caused regressions for a number of folks. Removing the problematic feature feels like a better solution over trying to patch as they come up.
Session cookie rotation works correctly, when setting custom cookies, and using the PSR7 HTTP stack.
Cake ORM SaveOptionsBuilder was added. This class provides a builder interface for building option sets for save operations. By using a fluent interface you can reduce the number of errors made.
Exceptions are now raised when duplicate named routes are connected.
Florian Krämer.
Jad Bitar.
José Lorenzo Rodríguez.
Juan Basso.
Mark Sch.
Mark Story.
Mirko Pagliai.
Walther Lalk.
antograssiot.
saeideng.
3.3.013 Aug 2016 07:25
minor feature:
Router::mapResources() is deprecated. Use routing scopes and routes- resources() instead.
Router::redirect() is deprecated. Use routing scopes and routes- redirect() instead.
Router::parseNamedParams() is deprecated. Named parameter backwards compatibility will be removed in 4.0.0.
Cake Http Client Response has had the following methods deprecated because they overlap with PSR7 interface methods:
statusCode() use getStatusCode() instead.
encoding() use getEncoding() instead.
header() use getHeaderLine() instead.
cookie() use getCookie() instead.
version() use getProtocolVersion() instead.
.
statusCode() use getStatusCode() instead.
encoding() use getEncoding() instead.
header() use getHeaderLine() instead.
cookie() use getCookie() instead.
version() use getProtocolVersion() instead.
Dispatcher Filters are now deprecated. Use the new HTTP middleware features.
RequestActionTrait has been deprecated. Refactor your code to use view cells instead.
Cake Utility Crypto Mcrypt engine has been deprecated as the mcrypt extension is deprecated in PHP 7.1. Use the openssl driver instead.
PSR7 Middleware support has been added. This is an opt-in feature that allows you to leverage the increasing number of PSR7 middleware libraries from the broader PHP community in your CakePHP application.
A new streamlined workflow for TranslateBehavior that makes creating forms for multiple translation values easier than before.
Cake Network Http Client has been moved to Cake Http Client. Its request and response objects now implement the PSR7 interfaces __.
Additional support has been added for mapping complex data types. This makes it easier to work with geo-spatial types, and data that cannot be represented by strings in SQL queries.
A new JsonType was added. This new type lets you use the native JSON types available in MySQL and Postgres. In other database providers the json type will map to TEXT columns.
When entities are converted into JSON, the associa
3.3.0-RC106 Aug 2016 18:05
minor feature:
CakeEmail::deliver() now lets subclasses use the static method.
Welcome page now correctly displays PDO related errors.
Query timing metrics are reset on BEGIN/COMMIT/ROLLBACK statements, giving more accurate query timing data.
AuthComponent no longer stores redirect URLs for JSON requests.
Empty strings are removed from the secured field list in FormHelper.
Icelandic locale (is-is) support was added.
Stateless authentication adapters now store their user data on all requests, not just those that require authorization.
Plugin associations defined with the short name as a key now behave consistently with other declaration modes.
Shutdown events are now triggered by the default error handling controllers.
CakeResponse::header() now treats null values now works like setting '' as a value.
Model::delete() no longer performs joins when simple conditions are used.
CakeSchema can now change column lengths to the database vendor's defaults.
A memory leak in the SmtpTransport has been.
3.2.1302 Aug 2016 06:05
minor feature:
The Content-Type header works better in controller integration tests.
TreeBehavior no longer allows a node to be its own parent.
You can now write integration tests for methods that use secured forms with query string arguments in the URL.
FormHelper::error() now allows message translation by rule name, in addition to by error message string.
Table::validateUnique() no longer raises an exception when non-scalar values are received.
BelongsToMany::replaceLinks() no longer returns true when linked records fail to save because of application rules.
An exception will be raised when a Model.afterSave event handler aborts the transaction.
An optimization made to the DateTimeType has been reverted as it caused with user-land plugins.
Text::stripLinks() now recursively removes HTML. This method is now deprecated as stripping HTML with regular expressions is almost never truly safe.
Using associations that do not exist will now fail with an exception when marshalling data.
Cell::__toString() now displays more useful fatal errors in PHP7.
The console TableHelper now correctly handles double-width characters.
Text::truncateByWidth() was added. This method makes it easier to truncate text by its visual width instead of its character length.
The notExists() and exists() methods were added to QueryExpression.
A warning is now logged by Cake Network Response when headers have already been sent.
3.3.0-beta328 Jul 2016 18:45
minor feature:
The console TableHelper more gracefully handles empty data.
Junction table conditions are now reset correctly.
ExistsIn and IsUnique application rules are no longer invoked twice.
Generated junction table classes now inherit the connection of the table defining the BelongsToMany association. This makes it easier to have plugin specific connections.
URLs with uppercase protocols are now autolinked by TextHelper.
Cache groups defined in injected cache engine instances are now registered correctly.
Request::header() can now read the Content-Length and Content-Type header values.
Schema reflection will now include per-column collation data when available.
TimeHelper now supports an outputTimezone config option. This lets you set a global output timezone making it easier to localise formatted dates/times.
HtmlHelper::image() now supports CID: URLs.
Table::findOrCreate() now supports an atomic option.
Performance optimizations in find(list).
Folder::inCakePath() is now deprecated. Use Folder::inPath() instead.
3.3.0-beta218 Jul 2016 07:25
minor feature:
The console TableHelper more gracefully handles empty data.
Junction table conditions are now reset correctly.
ExistsIn and IsUnique application rules are no longer invoked twice.
Generated junction table classes now inherit the connection of the table defining the BelongsToMany association. This makes it easier to have plugin specific connections.
URLs with uppercase protocols are now autolinked by TextHelper.
Cache groups defined in injected cache engine instances are now registered correctly.
Request::header() can now read the Content-Length and Content-Type header values.
Schema reflection will now include per-column collation data when available.
TimeHelper now supports an outputTimezone config option. This lets you set a global output timezone making it easier to localise formatted dates/times.
HtmlHelper::image() now supports CID: URLs.
Table::findOrCreate() now supports an atomic option.
Performance optimizations in find(list).
Folder::inCakePath() is now deprecated. Use Folder::inPath() instead.
3.3.0-beta14 Jul 2016 08:25
minor feature:
The console TableHelper more gracefully handles empty data.
Junction table conditions are now reset correctly.
ExistsIn and IsUnique application rules are no longer invoked twice.
Generated junction table classes now inherit the connection of the table defining the BelongsToMany association. This makes it easier to have plugin specific connections.
URLs with uppercase protocols are now autolinked by TextHelper.
Cache groups defined in injected cache engine instances are now registered correctly.
Request::header() can now read the Content-Length and Content-Type header values.
Schema reflection will now include per-column collation data when available.
TimeHelper now supports an outputTimezone config option. This lets you set a global output timezone making it easier to localise formatted dates/times.
HtmlHelper::image() now supports CID: URLs.
Table::findOrCreate() now supports an atomic option.
Performance optimizations in find(list).
Folder::inCakePath() is now deprecated. Use Folder::inPath() instead.
3.2.1209 Jul 2016 13:45
minor feature:
The console TableHelper more gracefully handles empty data.
Junction table conditions are now reset correctly.
ExistsIn and IsUnique application rules are no longer invoked twice.
Generated junction table classes now inherit the connection of the table defining the BelongsToMany association. This makes it easier to have plugin specific connections.
URLs with uppercase protocols are now autolinked by TextHelper.
Cache groups defined in injected cache engine instances are now registered correctly.
Request::header() can now read the Content-Length and Content-Type header values.
Schema reflection will now include per-column collation data when available.
TimeHelper now supports an outputTimezone config option. This lets you set a global output timezone making it easier to localise formatted dates/times.
HtmlHelper::image() now supports CID: URLs.
Table::findOrCreate() now supports an atomic option.
Performance optimizations in find(list).
Folder::inCakePath() is now deprecated. Use Folder::inPath() instead.
3.2.1123 Jun 2016 01:25
minor feature:
SQLServer schema correctly handles default values of 'NULL'.
Model predata is now merged with un-preby the Marshaller instead of being used instead of un-predata.
Http Client will now correctly timeout connections from servers that never the connection.
The Marshaller now correctly uses custom primary keys consistently.
Invalid maxLimit values no longer result in a division by zero error.
SQLServer driver can now reflect views.
A more clear exception is raised when associations define invalid primary keys.
A clearer exception is raised when validator methods don't return a Validator instance.
Sessions are now garbage collected when they expire, not after a long delay.
RouteBuilder::redirect() now lets you use custom route classes.
API documentation improvements.
Http Client OAuth 1 adaptor now supports RSA-SHA1.
bin/cake --version now outputs the installed version of CakePHP.
EventManager instances can now track the events they dispatch.
Route matching results now include a _matchedRoute parameter. This provides access to the template of the matched route.
Response::mapType() is now more efficient for common media types.
DateTimeType objects only create instances as needed now.
FormHelper::postButton() lets you customize the form element.
TestCase::assertEventFired() and TestCase::assertEventFiredWith() were added. These methods make it easier to assert that events were triggered.
2.8.513 Jun 2016 03:15
minor feature:
Bake now recommends using the FlashComponent instead of the deprecated SessionComponent.
RequestHandlerComponent will now automatically parse request data for PATCH requests as it does for POST.
Sqlite now correctly handles DEFAULT CURRENT_TIMESTAMP.
FormHelper now resets the unlocked fields when a form is.
ApcEngine now supports APCu on PHP7.
Folder::read() can now sort by modified time.
FormHelper::radio() now supports the fieldset option for customizing the generated fieldset element.
3.2.1027 May 2016 06:05
minor feature:
Query::insert() now resets columns when called multiple times.
The ExistsIn rule no longer enforces constraints on new entities that have no dirty fields. This reverts a problematic change introduced in 3.2.9.
Exceptions for missing mailer transports have been improved.
Request URLs that contain another embedded URL are now handled correctly.
FormHelper now resets the unlocked fields each time end() is called. This prevents fields unlocked in one form from being unlocked in subsequent forms.
Multi-part mime message boundaries are now generated with Security::randomBytes(). This removes the possibility of timing attacks on mime-message boundary markers.
RequestHandler no longer overwrites response content-types when no extension has been parsed.
The insecure fallback for Security::randomBytes() behaves more consistently with the secure modes now.
The IsUnique rule once again enforces unique-ness as a SQL constraint would. This means that NULL values will never be equivalent for unique checks. This reverts a problematic change introduced in 3.2.9.
The BelongsToMany::find() uses the correct foreign key columns when creating queries that involve junction table join conditions.
Folder::subdirectories() was added.
MissingAction and MissingTemplate error pages are now compatible with errors coming out of Mailers.
3.2.917 May 2016 06:45
minor feature:
'chef' is now pluralized correctly.
Valiation::notBlank() now accepts '0'.
CookieComponent now correctly uses the encryption key configured on specific top-level keys.
SQLite schema generation now handles DEFAULT 'NULL' correctly.
Cache Engine FileEngine uses less memory when writing cache data.
EntityContext no longer modifies query objects.
Session::renew() no longer triggers errors when object destruction fails.
The ExistsIn rule now correctly applies on new entities that don't have the required columns set.
View classes set with viewBuilder() now take precedence over those defined with the deprecated viewClass property.
CompletionShell now correctly lists all subcommand names.
Bound parameters in eagerly loaded associations via the subquery strategy now work correctly.
The IsUnique rule no longer emits field = NULL when properties are null. Instead it emits IS NULL.
Hash::merge() no longer emits an error when merging more than 2 arrays, containing mixed string/array values.
FormHelper::input() now forwards additional options to error() allowing you to turn of HTML escaping if you so wish.
Cache::clearAll() was added. This method lets you clear all data from all configured cache engines.
The ValidCount rule was added. This rule lets you ensure associations have the required number of associated values more easily.
BaseAuth now passes the 'username' to custom finders.
Validator::hasAtLeast() and Validator::hasAtMost() were added.
Folder::read() now supports ordering files by modified time, or name.
New mastercard numbers are now accepted by Validation::luhn.
Date::setDefaultLocale() and Time::setDefaultLocale() were added. These methods replace direct access to the defaultLocale property.
Named route mismatches now have better error messages.
2.8.403 May 2016 10:25
minor feature:
FormHelper::postLink() now correctly generates SecurityComponent field hashes when used within another form.
Validation::phone() now accepts 'N11' exchanges for North American phone numbers.
The Equifax Secure Certificate Authority root certificate was re-added. This several with the certificate bundle update in 2.8.3.
BlowfishPasswordHasher now generates a random salt when comparing to a hashed password of ''. This prevents incorrect password matching on empty values.
tureTask honours the --records and --schema options when creating a ture in a non-interactive fashion.
Several missing European locales were added.
HTTP Range header parsing is more resilient.
A regression introduced in 2.8.0 in FormHelper when handling the deprecated action option has been.
Improved API docs.
Added example configuration for using letsencrypt with CakePHP.
You can now set the Response class used in ControllerTestCase.
3.2.825 Apr 2016 16:58
minor feature:
The Equifax Secure Certificate Authority root certificate was re-added. This several with the certificate bundle update in 3.2.7.
Collection::every() now returns false on an empty collection.
Security::randomBytes() emits a warning when openssl is used and there was not a strong source of entropy available.
Text::truncate() better handles short words within HTML tags when the html and exact options are used.
Dependencies for cakephp/orm were updated.
Improved API documentation.
ConsoleOptionParser now sorts options an arguments when displaying help.
Table::saveMany() was added. This method allows you to save multiple entities in a single method call.
3.2.712 Apr 2016 07:25
minor feature:
Connection drivers now support short classname references.
Exception types raised by SecurityComponent have been updated to match the documented values.
FormHelper postLink elements generated inside an open form now work as expected.
Schema reflection in MySQL now preserves TEXT BLOB column lengths.
The bundled Certificate Authority file was updated using the latest Mozilla Certificate bundle.
Empty JSON values can be read by Http Client.
Text::slug() was added. This method leverages the intl extension, and will replace Inflector::slug() which is now deprecated.
Text::transliterate() was added. This method allows unicode strings to be transliterated into ASCII using the intl extension.
Support for TINYTEXT, MEDIUMTEXT and LONGTEXT was added. These types are compatible with all core drivers.
Support for TINYBLOB, MEDIUMBLOG and LONGBLOB was added. These types are compatible with all core drivers.
3.2.629 Mar 2016 03:45
minor feature:
Improved API documentation.
Queries generated by the marshaller now correctly alias primary key columns.
Complex conditions in BelongsToMany associations now work correctly.
Select box widgets for boolean values now generate correctly. false is now treated as equivalent to 0.
Http Client now supports ssl_verify_peer_name option correctly now.
CakePHP can now be used from within a phar file.
Bound parameters in sub-queries now propagate to their parent query.
A regression in the Postgres schema reflection code has been corrected.
Accessing TitleCase properties from entities now works as expected.
Cells in sub-namespaces now work as one would expect.
'' is now a valid value for time inputs.
Cake ORM Marshaller::one() now supports a forceNew option that can be used to create 'new' belongsToMany association records when the primary key is not defined.
SecurityComponent now emits helpful error messages when secure field comparisons fail and an application is in demode.
Validation::localizedTime() was added.
Error logs contain request URL and referrer URLs.
3.2.517 Mar 2016 09:25
minor feature:
Postgres schema reflection performs better on large databases.
Xcache cache engine can now store objects.
Malformed HTTP Range headers no longer emit warnings.
Improved API documentation.
The __xn and __dxn functions now correctly use plural forms.
assertCookieNotSet was added to IntegrationTestCase.
The 'obj' fetch type was added to PDOStatement.
3.1.1214 Mar 2016 03:16
minor feature:
Return XML instead of DOMDocument object when using _serialize viewVar.
Small improvement to doc block.
Removing dead code.
Update version number to 3.1.6.
Add the possibility to use additional template vars for submitContainer.
Add useful error message when invalid associations are used.
Extract a method.
mistakes.
doc block.
Implemented Collection::chunk().
Clarify doc blocks.
More doc block clarifications.
Turning the code within Datasource RulesChecker cleaner avoiding unec?.
trailing whitespace.
Using map() instead of unfold() in Collection::chunk() as it is faster.
Adding a test for chunking collections with nested elements.
Some tests fail if db timezone is not set to UTC.
doc block example.
PHPCS error.
Don't use magic number for default error code. Also up last wrong?.
Use this instead.
Avoiding forced all fields in a contained belongsToMany.
typos in RulesChecker docblocks.
Removing test to satisfy travis for now.
Speeding up travis a bit.
Qoutes in yaml file were actually important.
Adding composer cache for travis.
Documentation - String is string, not integer.
Moving test case to another file.
Trying to speed up builds a bit more by disabling xde.
Trying to some tests in appveyor.
Repeating previous for HasMany associations.
Added Conflict (409), Gone (410), Not Acceptable (406) and Service Un?.
updated copyright file docblock to correct @since information.
added Configure::get().
docblock, code formatting.
docblock.
Caching composer packages in appveyor.
Trying to figure out what sql server is doing.
Skipping test in SQLServer while we find an appropriate.
Restoring appveyor.yml.
Still trying to figure out the right composer cache folder for appveyor.
ing appveyor.yaml.
Update license year.
some reported by scrutinizer.
ing a couple other.
a couple other small.
get = readOrFail, separated tests, added @link (docs still need to b?.
Run coveralls on PHP 5.6.
utilize phpunit test docblock conventions.
Clarified exception messa
3.2.407 Mar 2016 03:16
minor feature:
Table names are now quoted in SQLserver schema reflection when reflecting indexes. This allows table names in different schemas to be used.
Validation::date(), Validation::dateTime() and Validation::time() now accept DateTimeImmutable.
Warning related to PO file parsing when a message exists as both a context inclusive and context free message have been. In this situation, the first message encountered will be used and the other will not be accessible.
Serialization errors when reading negative numbers from Redis have been.
The ORM will now emit warnings when association properties shadow properties in a table.
Default string values now work correctly in Postgres.
RelativeTimeFormatter now correctly formats 'about a month ago'/'in about a month'.
XML and JSON responses no longer contain stack traces. Including stack traces could cause fatal errors when unserializable objects were in the stack trace.
Routes don't recompile each time they are used within a single request.
Unlinking HasMany associations correctly preconditions, which when an association finder includes additional associations by default.
Unlinking empty HasMany associations no longer emits warnings on null.
UnaryExpression now correctly calls traverse on child expressions.
Time formatting no longer emits errors when using Russian or other languages that have more than 2 plural forms.
Response::file() no longer attempts to clear the output buffering. This allows test cases involving files to not be marked as 'risky' by PHPUnit.
Improved API docs.
Response::getFile() was added. This gives you a way to read the file out of a response, which is helpful in testing.
Association::className() was added. This lets you read the className option out of an association.
JsonConfig now pretty prints dumped files.
Routes can now use the multibytePattern option to enable multi-byte sub patterns in routes.
UrlHelper::css(), UrlHelper::script() and UrlHelper::image() were added.
MultipleCheckboxWidget now
2.8.129 Feb 2016 06:45
minor feature:
API documentation improvements.
Validation::uploadedFile() no longer cares about key order.
CakeRequest now reads the request content-type in a way that is compatible with the built-in PHP webserver.
DbAcl inherited permissions for '*' now take into account explicit allow/inherit in leaf nodes.
HttpSocket now correctly parses empty headers.
Negative numbers can now be read from RedisCacheEngine.
Postgres now supports a uuid type. This uses the native uuid type in Postgres.
SecurityComponent::requireAuth() is now deprecated. It was already removed from 3.x. This makes the deprecation in 2.x official.
Security::randomBytes() was added. This method replaces Text::uuid() as the seed value for CSRF token generation. The new method emits a warning if an insecure source of random data is used. This warning indicates that your CSRF tokens could be susceptible to timing attacks.
3.2.322 Feb 2016 06:45
minor feature:
Camel-backed virtual properties can be accessed once again. This was a regression in 3.2.0.
Long paths in the error pages are now wrapped.
_joinData is no longer lost when marshalling existing BelongsToMany records using the id attributes.
Date::parseDate() now correctly handles timezones.
Setting a Cell's templatePath inside the action now works.
FormHelper now consistently uses formatTemplate() internally.
Hash::sort() now correctly sorts DateTimeImmutable objects.
Security::randomBytes() was added. This method wraps the various ways to get secure random data. If secure data cannot be found, insecure data will be used and a warning will be emitted.
CSRF tokens are now generated with Security::randomBytes().
Custom template paths are now factored into view path generation.
Improved API documentation.
EventManager::matchingListeners() was added, allowing the caller to find listeners bound to the named event.
Table::find('list') will automatically use the selected fields if there are 2 of them. This makes find(list) behave more consistently with 2.x easing migration.
TableRegistry::get() now accepts a connectionName parameter. This lets you define the connection by name instead of requiring the object.
QueryExpression::identifierEquals() was added to increase compatiblity across the supported database vendors.
App::shortName() was added.
AuthComponent finder option now permits finder options to be defined.
3.2.213 Feb 2016 07:05
minor feature:
TimeHelper now interacts with immutable time objects correctly.
Query::matching() now correctly type-casts hydrated results in the _matchingData property.
When results are iterated in a result formatter, the _translations property is now always present.
Hydrating records containing date time fields in non-english locales no longer fatally errors.
Cell actions can once again set the template name.
Cell template names can now be set with the viewBuilder().
SecurityComponent now correctly handles field names ending in .
Symlinked configuration files now load correctly.
The ProgressShellHelper now renders correctly on putty.
The test suite no longer fails to rebuild tures after fatal errors.
Hash::sort() better handles sorting on sparse data.
API documentation improvements.
cake plugin loaded was added. This CLI tool lets you list the loaded plugins your application uses.
Exception messages from ture creation are now clearer.
tures now allow schema to be predefined and not managed by the tures.
cake i18n extract now runs faster.
CakeTestCase::assertSameAsFile() now allows expected results to be updated by setting an environment variable.
SecurityComponent::requireAuth() is now deprecated and will be removed in 4.x.
IntegrationTestCase::assertHeaderContains() was added.
FormHelper::text() and related functions now accept 'id' = true. This option enables the same automatic ID generation used in FormHelper::input().
Sub-split repositories now contain license files and status badges.
FormHelper will now automatically load application widget classes that overload the core ones.
HTTP status 422 was added to Response.
2.8.009 Feb 2016 06:45
minor feature:
The action option in FormHelper::create() has been deprecated, as it was in 3.x. Note that this now makes the action key of an array URL consistently respected for the generation of the DOM ID. If you used the deprecated key you will want to compare the generated ID for forms before and after your upgrade.
When handling fatal errors, CakePHP will now adjust the memory limit by 4MB to ensure that the error can be logged correctly. You can disable this behavior by setting Error.extraFatalErrorMemory to 0 in your Config/core.php.
Cache::add() has been added. This method lets you add data to a cache if the key did not already exist. This method will work atomically in Memcached, Memcache, APC and Redis. Other cache backends will do non-atomic operations.
CakeTime::listTimezones() has been changed to accept array in the last argument. Valid values for the options argument are: group, abbr, before, and after.
A new option no-locations has been added to Console/cake i18n. When enabled, this option will disable the generation of location references in your POT files.
Hash::sort() now supports case-insensitive sorting via the ignoreCase option.
Magic finders now support custom finder types. For example if your model implements a find('published') finder, you can now use findPublishedBy and findPublishedByAuthorId functions through the magic method interface.
The Session.cacheLimiter configuration option was added. This option lets you define the cache control headers used for the session cookie. The default is must-revalidate.
Shell Helpers have been backported from 3.x.
Validation::uploadedFile() was backported from 3.x.
'url' = false is now supported for FormHelper::create() to allow form tags to be created without HTML action attribute.
2.7.928 Jan 2016 12:25
minor feature:
file:// paths are now handled correctly by File on windows.
PaginatorHelper::numbers() now treats string integers as strings in the first/last option. This allows the use of page numbers in the first/last buttons.
XmlView now works when return = domdocument is used.
Memcached can now connect to unix domain sockets.
Simulated GET requests (via method overriding) no longer POST data populated. This prevents GET requests from looking like they are POST requests that may cause unintentional side-effects.
SecurityComponent now validates data whenever request- data is populated. This allows SecurityComponent to apply to PATCH and DELETE requests.
Shell::CODE_ERROR was backported from 3.x. This constant serves as a default value for the exit code in shell tasks.
3.1.824 Jan 2016 15:05
minor feature:
Using matching() on a BelongsToMany association with conditions no longer emits invalid SQL.
Generated reciprocal BelongsToMany associations have the original conditions applied to them.
Inflector::camelize() now caches results.
ConnectionManager::config() no longer clones objects passed in.
Postgres schema reflection now only reads constraints in the connection's schema.
Memcached can now connect to unix domain sockets.
TreeBehavior now uses expression objects for field updates. This makes it compatible with datasources requiring identifier quoting.
incorrect behavior of TextHelper::autoLink() when CRLFs are present.
The fullDeargument of TestCase::assertHtml() now works as documented.
Helpers now allow newlines in javascript confirm messages.
The cakephp-plugins.php file can now be located when cakephp/core is used as a standalone component.
Simulated GET requests (via method overriding) no longer POST data populated. This prevents GET requests from looking like they are POST requests that may cause unintentional side-effects.
SecurityComponent now validates data whenever request- data is populated. This allows SecurityComponent to apply to PATCH and DELETE requests.
Controller:: name is correctly inflected when using the base route class.
tures can now use public import = 'model' = 'Articles' to import schema and records from a defined model.
Improved API docs.
ConnectionManager::config() now accepts a callable. This makes it consistent with Log::config().
Query::set() now accepts a builder callable.
Database Type now allows objects to be injected via set().
SQL Query logs now include execution time and rows returned.
Error logs now include Referring URL if it is available.
2.8.0-RC114 Jan 2016 10:25
minor feature:
Paginator::numbers() now treats numeric string values in first and last as strings.
Using invalid associations in ExistsIn rules now raises a helpful error.
BelongsToMany associations can have their fields limited through queryBuilder closures.
The query- func()- now() query function works as expected in where conditions now.
XmlView no longer fails when attempting to output XML documents built with DOMDocument.
BelongsToMany _joinData is now marshalled consistently by Table::patchEntity().
Missing Controller error pages display the correct class name and path for precontrollers.
IntegrationTestCase::cookieEncrypted() was added. This helper lets you set the value of encrypted cookies.
IntegrationTestCase::assertCookieEncrypted() was added. This assertion lets you compare encrypted cookie values.
FormHelper now forwards templateVars to the templates for submitContainer and inputSubmit.
Collection::chunk() was added. This method lets you split a collection into equal sized chunks.
Exception classes were added for Conflict (409), Gone (410), Not Acceptable (406) and Service Unavailable (506).
Configure::readOrFail() was added. This method will read a value from Configure and raise an exception if it does not exist.
3.1.710 Jan 2016 03:17
minor feature:
Paginator::numbers() now treats numeric string values in first and last as strings.
Using invalid associations in ExistsIn rules now raises a helpful error.
BelongsToMany associations can have their fields limited through queryBuilder closures.
The query- func()- now() query function works as expected in where conditions now.
XmlView no longer fails when attempting to output XML documents built with DOMDocument.
BelongsToMany _joinData is now marshalled consistently by Table::patchEntity().
Missing Controller error pages display the correct class name and path for precontrollers.
IntegrationTestCase::cookieEncrypted() was added. This helper lets you set the value of encrypted cookies.
IntegrationTestCase::assertCookieEncrypted() was added. This assertion lets you compare encrypted cookie values.
FormHelper now forwards templateVars to the templates for submitContainer and inputSubmit.
Collection::chunk() was added. This method lets you split a collection into equal sized chunks.
Exception classes were added for Conflict (409), Gone (410), Not Acceptable (406) and Service Unavailable (506).
Configure::readOrFail() was added. This method will read a value from Configure and raise an exception if it does not exist.
3.2.0-RC104 Jan 2016 12:05
minor feature:
Containing the same association multiple times now works as expected, and the query builder functions are now stacked.
Function expressions now correctly cast their results. This means that expressions like query- func()- current_date() will return datetime instances.
Shell::info(), Shell::warn() and Shell::success() were added. These helper methods make using commonly used styling simpler.
Cake Console Exception StopException was added.
Shell::abort() was added to replace error().
Shell::error() is deprecated because its name does not clearly indicate that it both outputs a message and stops execution. Use Shell::abort() instead.
Cake Database Expression QueryExpression::type() is deprecated. Use tieWith() instead.
Cake Database Type DateTimeType:: dateTimeClass is deprecated. Use DateTimeType::useMutable() or DateTimeType::useImmutable() instead.
Cake Database Type DateType:: dateTimeClass is deprecated. Use DateTimeType::useMutable() or DateType::useImmutable() instead.
Cake ORM ResultSet::_calculateTypeMap() is now unused and deprecated.
Cake ORM ResultSet::_castValues() is now unused and deprecated.
3.1.626 Dec 2015 08:05
minor feature:
The Auth.afterIdentify event is now triggered for stateless
authentication.
Query::offset() now marks a query as modified.
Calling find() on a BelongsToMany association now joins the junction
table. This allows association conditions to be applied to queries.
Redis DSN parsing was.
FormContext::errors() now handles nested validation errors.
The existsIn() rule now uses an association's bindingKey option.
requestAction() now passes cookies to the sub-request as documented.
FormHelper now treats string integer values as UTC timestamps. This mirrors how.
it handles integer values.
FormHelper now correctly generates name attributes for dot pathed field.
names that end in .
A memory leak in ORM ResultSet has been.
DashedRoute now correctly handles vendor preplugin names.
CORS domain handling is more robust and less permissive.
Postgres index reflection is more robust and can handle complex index
definitions.
Postgres schema reflection more accurately defines SERIAL columns.
Pagination of complex queries using expressions in their ORDER clause no
longer fail.
File can now open file:// paths on windows.
bin/cake i18n init now preserves the locale case.
Session configuration now better handles environments where runtime
modification of session configuration is not allowed.
The phpdbg SAPI is treated the same as CLI.
CompletionShell suggests task and shell names based on short forms. It can
also suggest option names for subcommands and tasks now.
Compatibility with PHPUnit 5 was improved.
Query::removeJoin() was added. This method can be used to remove joins.
from a query by join alias.
View::reset() was added. This method lets you reset the contents of a view.
block.
2.7.822 Dec 2015 10:25
minor feature:
An extract() call was removed from Validation::comparison(). There was some concern that it could be used to circumvent validation.
around incorrect SNI validation when host name contains protocol for SmtpTransport.
Proxy Authentication with SSL no longer forwards proxy credentials in HttpSocket.
SchemaSchell clears the ClassRegistry after applying schema.
Context is reset when parsing MO files. Previously context could bleed between message identifiers.
3.1.501 Dec 2015 20:45
minor feature:
Collection::toArray() now drops the keys when dealing with RecursiveIterator. This makes the collection features easier to reason about as they generally do what people have been expecting.
Improved API documentation.
ResultSet::isEmpty() no longer consumes records on buffered iterators that had not already been iterated.
The ORM no longer emits invalid queries when eager loading associations using the subquery strategy, and using an ORDER BY clause. Fields used in ORDER BY clauses are also included in the selected fields.
Error handling is now compatible with PHP7. This removes the last known compatibility error with PHP7.
BelongsToMany associations use bindingKey correctly now.
Integer marshalling correctly accepts negative values now.
When executing Shell 'main' method the current command name is set to 'main'.
spellcheck is now a standard attribute. Unlike most HTML5 attributes, spellcheck requires 'true' and 'false' values, which means it cannot be a minimized attribute.
CSRF validation is applied to all HTTP methods that are not 'GET', 'OPTIONS' or 'HEAD'. This prevents invalid HTTP methods from bypassing CSRF validation.
RouterBuilder::resources() correctly inflects the object id when using 'inflect' = 'dasherize' and nested resources.
TimeHelper::format() no longer shifts string datetimes to the supplied timezone before formatting.
Shell::createFile() no longer converts n to r n silently when running on windows.
RouteBuilder::addExtension() was added. This method lets you incrementally add extensions instead of replacing the connected extensions.
The options passed to Table::save(), and HasMany/BelongsToMany link/unlink/replace methods are being passed through to the internal Table::save/delete() calls.
The CsrfComponent now supports an httpOnly option. Enabling this option makes the CSRF cookie inaccessible to client side scripting.
3.1.407 Nov 2015 17:45
minor feature:
PaginatorHelper always lowercases direction to be consistent.
Using the --deflag in PHPUnit will also enable ture schema SQL to be logged.
CounterCacheBehavior now uses bindingKey() resolving for associations that use custom binding keys.
The afterSaveCommit and afterDeleteCommit callbacks were added to behaviours.
The ability to set the default model type for classes using the ModelAwareTrait was added.
Default type inference in ORM Query is now faster.
BelongsToMany link replacement no longer fails when the association conditions include columns from the junction table.
HasMany replace() now checks the return value of delete operations.
Nested validators are now aware of the create/update context.
Query::where() now throws an exception when empty conditions are added. This prevents the addition of 1 != 1 clauses.
1.3.2102 Nov 2015 05:45
minor feature:
TimeHelper no longer returns 1969 on invalid dates. Instead '' is returned.
crc32 hash keys used in DboSource have been replaced with md5 sums. This reduces the chance of hash collision significantly.
MIME-Version is set on emails.
The node_modules directory is ignored when looking for PHP files.
View templates can no longer be located outside of the configured view paths.
3.1.328 Oct 2015 03:17
minor feature:
in the SMTP email transport when connecting to gmail.
regression in the BooleanType converted in database when using NULL.
Solved a couple problems when matching routes containing multibyte characters.
Improving Query::count() so that it does not execute the query twice when
calling the method multiple times.
Avoided some errors when using XDein classes having __deInfo
.
HasMany associations now have the link, unlink and replace methods
implemented, like BelongsToMany associations do. This improves the usability
of append-only associations.
Made it easier to use the IntegrationTestCase with controllers having the
SecurityComponent enabled.
3.1.220 Oct 2015 06:05
minor feature:
Contained associations now add column typ data into queries. This means that you can use complex datatypes like DateTime objects in conditions for association columns.
XHR requests with query strings that are converted into requestAction calls by RequestHandlerComponent now work as expected.
Hash::extract() compatibility with ArrayAccess objects was improved.
Case expressions in queries no longer mishandle '0'.
de() no longer elides 'schema' and 'pre'.
Validation::datetime() now accepts ',' between the date and time components. This makes validating en_US formatted dates easier.
Rendering in the ProgressHelper have been.
clone on Query objects now creates a deep clone as one would expect.
Corrected API documentation.
HasMany associations now support a 'replace' save mode. In this mode, existing associations not in the entity's current property will be removed. New records will also be inserted.
IntegrationTestCase now provides enableCsrfToken() and enableSecurityToken() methods to make testing with CsrfComponent and SecurityComponent much simpler.
The CSRF token post field is now removed from request data after being validated. This makes 'Post Redirect Get' workflows simpler as the CSRF token doesn't need to be manually removed.
Network Socket now supports all standard SSL context options via preing. e.g ssl_verify_peer. These options can also be configured in the SmtpTransport.
Test ture constraint management has been greatly improved. You no longer need to carefully order tures to ensure constraints are applied correctly. Instead constraints are created after all tables and records have been created.
When preparing datatypes for SQL statements, exceptions will now be raised on invalid values instead of silent failures.
3.1.109 Oct 2015 08:25
minor feature:
Query::contain() now correctly overwrites existing containments when override is true.
Integration tests no longer swallow database errors stemming from missing tables or other low level. Instead these errors are bubbled up making the test failure obvious.
RequestHandlerComponent no longer overwrites explict viewClass usage.
dependencies for database package.
Email construction with a profile name works as expected now.
Plural form of 'virus' is now 'viruses'.
Deprecation warnings related to ViewBuilder have been improved.
Validation::datetime() now correctly handles 12:xx PM with 12 hour formats.
JsonView serializes single variables more consistently now. Now if a single view var is set it's inferred as '_serialize' = 'var' instead of '_serialize' = 'var'.
IntegrationTestCase accepts POST bodies that are strings.
env() has an additional parameter for supplying default values.
Request::env() has an additional parameter for supplying default values.
Improved API documentation.
Console logging now abides the --verbose and --quiet flags.
Validator::requirePresence() accepts a callable to determine whether or not a field is required.
Validation::containsNonAlphaNumeric() was added.
Hash::extract() works with ArrayAccess objects now.
2.7.430 Sep 2015 06:25
minor feature:
When saving, models will always correctly set the 'updated' and 'created' fields. Even when a 'fieldList' is used, and those fields are not in the fieldList.
SessionHelper and FlashHelper are now more compatible with messages set through either the SessionComponent or FlashComponent.
Bake generates tures with only 1 record by default now.
The default value of CURRENT_TIMESTAMP is now supported for MySQL datetime columns.
Datasources no longer fatally error if isConnected() is called after disconnect().
Improved API documentation.
Email configuration defaults are now correctly loaded even when the configuration class has not been loaded.
Virus is now pluralized to viruses.
3.0.1424 Sep 2015 16:25
minor feature:
I18n shell no longer outputs both merged and separate domain pot files when --merge is used.
StringTemplates convert 1 dimensional array values into strings. This 'array to string conversion' errors when arrays are formatted into templates.
Option groups created by FormHelper can now have integer values.
Json view selection now reliably works with the Accept header when the json extension has not been enabled.
Postgres adapter correctly reflects schema for TIME WITHOUT TIMEZONE now.
FormHelper now correctly sets the required attribute for boolean columns in associations.
The BetweenExpression now accepts expression objects in each of its conditions.
Query::__deInfo() and Table::__deInfo() no longer raise fatal errors if they are invoked before object construction is complete.
Cache::registry() was added. This method is useful for replacing the cache backend registry in testing.
Improved API documentation.
UUID fields now marshal '' as null.
TreeBehavior::recover() now supports a recoverSort option for defining how a tree should be sorted before recovery.
The jsonapi type had its mime type added to Response.
MySQL adapter supports CURRENT_TIMESTAMP default value in datetime columns.
3.1.020 Sep 2015 05:06
minor feature:
FlashComponent now stacks Flash messages created with the set() or __call() methods. This means that the structure in the Session for stored Flash messages has changed.
New configuration option storage has been added. It contains the storage class name that AuthComponent uses to store user record. By default SessionStorage is used. If using a stateless authenticator you should configure AuthComponent to use MemoryStorage instead.
You can now also configure AuthComponent to do the auth check before controller's beforeFilter() callback is run using the checkAuthIn configuration. This is particularly useful when using stateless authenticators.
RequestHandlerComponent now switches the layout and template based on the parsed extension or Accept-Type header in the beforeRender() callback instead of startup() callback.
The default mime-type used when sending requests has changed in Http Client. Previously multipart/form-data would always be used. In 3.1, multipart/form-data is only used when file uploads are present. When there are no file uploads, application/x-www-form-urlencoded is used.
The default route class has been changed to DashedRoute in the cakephp/app repository. Your current code base is not affected by this, but it is recommended to use this route class from now on.
The breakpoint() helper function has been added. This function provides a snippet of code that can be put into eval() to trigger an interactive console.
Shell::dispatchShell() no longer outputs the welcome message from the dispatched shell.
You can now set _serialized to true for JsonView and XmlView to serialize all view variables instead of explicitly specifying them.
Time::fromNow() has been added. This method makes it easier to calculate differences from 'now'.
Time::i18nFormat() now supports non-gregorian calendars when formatting dates.
Validation::latitude(), and Validation::longitude() were added.
Validation::ascii(), Validation::utf8(), and.
Validation::isInteger() were adde
3.0.1308 Sep 2015 01:05
minor feature:
Query::count() no longer fails when there are fields with complex expressions in the select.
If FormHelper is used to create a visible input after a hidden input was created, the form is no longer blackholed by SecurityComponent.
Typehints in the API documentation have been corrected in a number of places.
When a new entity is saved with a specific UUID, the entity returned from save() retains the original id value.
Http Client now correctly sets the proxy context options, allowing proxy connections to work.
Compatibility with PHP 5.x improved.
Shell::quiet() and Shell::verbose() were added. These helper methods provide shortcuts to this- _io- quiet() and this- _io- verbose() respectively.
I18n Number has an ordinal() method for formatting the ordinal text for a given number. The ordinal() method is also available on NumberHelper.
3.1.0-RC131 Aug 2015 10:05
minor feature:
DboSource::isConnected() now emits a SELECT 1 query to ensure the connection is still active. This is helpful in long running processes like CLI tools.
Missing Flash templates were added. These templates were accidentally omitted from earlier 2.7 releases.
Model::exists() now always returns false, when a model uses useTable = false.
MediaView now correctly supports the documented extension option.
Forms secured with SecurityComponent no longer blackhole when a hidden input is followed by a visible input of the same name.
2.7.327 Aug 2015 05:45
minor feature:
DboSource::isConnected() now emits a SELECT 1 query to ensure the connection is still active. This is helpful in long running processes like CLI tools.
Missing Flash templates were added. These templates were accidentally omitted from earlier 2.7 releases.
Model::exists() now always returns false, when a model uses useTable = false.
MediaView now correctly supports the documented extension option.
Forms secured with SecurityComponent no longer blackhole when a hidden input is followed by a visible input of the same name.
3.0.1222 Aug 2015 07:25
minor feature:
RuleChecker::existsIn() handles nullable fields better.
Entities created by plugin associations have the correct return value for source()
.
Case statements accept literal values now.
Methods defined on Controller can never be used as actions. Before, methods redefined on AppController, or a subclass could be invoked as actions.
Plugin dot syntax can no longer be used to reference controllers in URLs.
LocaleSelectorFilter no longer sets the default locale. Instead it sets the active locale.
AuthComponent correctly redirects when an application is in a subdirectory.
Query::orderAsc() and Query::orderDesc() were added. These methods make it possible to order on complex expressions.
PaginatorHelper::next() and prev() accept a templates option now.
The serialization format for Time objects can now be set with Time::setJsonEncodeFormat().
2.7.211 Aug 2015 05:25
minor bugfix:
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.
Validation::compare() and Validation::range() would allow specifically crafted data past certain criteria.
3.1.0-beta206 Aug 2015 14:05
minor feature:
Cake ORM Query::where() would allow static methods to be invoked. This could create unintentional side effects, or undesired query manipulation.
Validation::compare() and Validation::range() would allow specifically crafted data past certain criteria.
3.1.0-beta03 Aug 2015 03:05
minor feature:
FlashComponent now stacks Flash messages when set with the set() or __call() method. This means that the structure in the Session for stored Flash messages has changed.
New config storage has been added. It contains the storage class name that AuthComponent uses to store user record. By default SessionStorage is used. If using a stateless authenticator you should configure AuthComponent to use MemoryStorage instead.
RequestHandlerComponent now switches the layout and template based on the parsed extension or Accept-Type header in the beforeRender().
callback instead of startup().
The default mime type used when sending requests has changed in Http Client. Previously multipart/form-data would always be used. In 3.1, multipart/form-data is only used when file uploads are present. When there are no file uploads, application/x-www-form-urlencoded is used instead.
The following Controller properties are now deprecated:
layout.
view
theme
autoLayout
viewPath
layoutPath
Instead of setting these properties on your controllers, you should set them
on the view using methods with the same names.
.
layout.
view.
theme.
autoLayout.
viewPath.
layoutPath.
2.7.124 Jul 2015 17:25
minor feature:
CakeText::tokenize() now works with multibyte separator values.
AJAX requests that failed authentication when AuthComponent did not have a loginElement configured, are no longer trapped in a redirect loop.
Hash::maxDimensions() now correctly calculates the depth when nested elements are not in the 0th element of the parent.
Model::saveMany() and Model::saveAssociated() behave correctly when saving with atomic = false and boolean fields set to false.
FormHelper::input() now correctly uses the value option with date/time/datetime input types.
Terminal colours are enabled in windows when using ConEmu.
3.0.920 Jul 2015 13:45
minor feature:
Index and constraint reflection in MySQL now scopes to the current database.
is now allowed in ObjectRegistry keys. This allows cache configurations to have. in their names.
Datetime validation now correctly handles meridian values.
Improved API documentation.
Pagination link generation is correct with custom routes.
Entity::extractOriginalChanged() now returns properties that were initially null.
Marshalling _joinData in belongsToMany associations with existing entities is now handled correctly.
Text::tokenize() now works as expected when the separator is a multi-byte character.
Folders generated by i18n extract have the correct permissions assigned.
Entities are now marked as 'clean' after the afterSave event.
The ORM does not emit UPDATE statements for hasMany and belongsToMany associations that have not actually changed.
Response::file() now accepts files with.. in the basename.
2.6.916 Jul 2015 20:45
minor feature:
Deep saving hasMany associations now handles validation errors correctly.
Improved API documentation.
DboSource::rawQuery() behaves correctly now when there are bound parameters.
2.7.012 Jul 2015 11:45
minor feature:
The class String has been renamed to CakeText. This resolves some conflicts around HHVM compatibility as well as PHP7. The String class is still provided for compatibility reasons.
Validation::notEmpty() has been renamed to Validation::notBlank(). This aims to avoid confusion around the PHP notEmpty() function and that the validation rule accepts 0 as valid input.
SessionComponent::setFlash() has been deprecated. You should use FlashComponent instead.
SessionHelper::flash() has been deprecated. You should use FlashHelper instead.
2.6.804 Jul 2015 07:25
minor bugfix:
Fix issue with overlapping irregular inflections. When irregular inflections overlap we should choose the longest match, not the shortest.
Fix regression in Inflector::camelize(). The input should not be lowercased before camelizing, as this can cause inputs that were previously camelized to create incorrect results.
Fix Validation::multiple() regarding 0 value. Previously 0 could not be a valid option.
FormHelper::radio() now supports complex option definition. This makes it easier to define custom attributes on each radio button.
Element tags had trailing whitespace removed. If you have custom element tags with HtmlHelper you might need to update your templates.
Shells will now never print HTML errors. Previously if you used custom the console error handlers you could end up with HTML in your terminal.
SQL operators in Postgres are now less greedy when fields are quoted.
3.0.829 Jun 2015 17:25
minor feature:
EntityTrait::toArray() now handles mixed arrays better. Previously if the first element was an entity, it assumed that all elements were entities.
Pagination now preserves query string arguments with 0 as their value.
Validation::multiple() now correctly handles '0'.
Previously it was impossible to use dot notation on two different calls to matching/contain when part of the string was shared (for example Articles.SpecialTags.Tags and Articles.SpecialTags.Authors).
TableRegistry::get() now correctly merges pre-configured options.
Table names in UPDATE queries are correctly quoted now.
Fixtures now correctly reflect composite primary keys when generated.
Both and '' are now treated the same when saving belongsToMany associations. This fixes silent failures when '' was used.
Numeric fields are cast to their string values when creating form security tokens. This resolves issues where integer values would cause validation failures.
CsrfComponent now correctly sets the cookie expiry date.
The list of available shell commands is now correct if there is an app Shell with the same name as a core one.
Multicheckboxes generated with complex input types are now checked/disabled correctly.
When updating belongsToMany links, association conditions are used. This fixes issues with polymorphic joint tables.
Pagination with SQLServer 2008 now works better.
AuthComponent no longer causes infinite redirects when an ajax request fails and / requires authentication. This was a regression in 3.0.7.
2.7.0-RC16 Jun 2015 02:45
minor feature:
The class String has been renamed to CakeText. This resolves some conflicts around HHVM compatibility as well as possibly PHP7+. There is a String class provided as well for compatibility reasons.
Validation::notEmpty() has been renamed to Validation::notBlank(). This aims to avoid confusion around the PHP notEmpty() function and that the validation rule accepts 0 as valid input.
SessionComponent::setFlash() has been deprecated. You should use FlashComponent instead.
SessionHelper::flash() has been deprecated. You should use FlashHelper instead.
3.0.523 May 2015 04:45
minor feature:
Filesystem libraries are now available as a standalone package through composer.
QueryLogger correctly interpolates parameters when there are more than 10 placeholders.
Datetime inputs correctly render seconds picker elements. Previously they did not include 00.
Marshalling belongsToMany _joinData was improved. The marshaller now correctly handles a mix of new and existing entities.
InstanceConfigTrait deletes nested data correctly now.
SQLite fixtures now generate primary key columns correctly in all situations.
Property caching in Entities was made less aggressive. The mutator caches are now completely invalided when any property is changed.
Association conditions are no longer used when marshalling existing belongsToMany records.
i18n shell creates separate po file entries for messages with differing contexts.
The @ syntax for file uploads in Http Client was deprecated. Instead you should use resource handles. The @ syntax is unsafe with user supplied data and will be removed in a future version of CakePHP.
Blob fields in SQLServer are now hexdecoded before being converted into resource handles.
FormHelper will not default datetime pickers to 'now' unless the input also has the default = true option supplied. This was done to make it easier to work with nullable datetime fields.
QueryExpressions containing subqueries now correctly wrapped in parenthesis.
3.0.221 Apr 2015 06:05
minor feature:
SessionHelper is deprecated. You should use the FlashHelper, or
this- request- session() instead.
Saving BelongsToMany associations that contain a mixture of new and existing
records has been improved.
Validation::notEmpty() has been renamed to Validation::notBlank().
Validation::userDefined() is now deprecated, you can set callables.
Directly in the Validator objects instead.
SQLite schema reflection now works with older versions of SQLite. Foreign key
update/delete clauses will not be reflected with older versions of SQLite.
Hash::get() no longer raises an exception on a path of '' or null.
Fatal errors when saving belongsToMany relationships that were not marshaled
into entities have been fixed.
Collection now implements __debugInfo().
Magic finder methods now correctly alias fields in the where clause.
Cascading deletes now prioritize associations with cascading callbacks, and
then apply to associations without callbacks.
Shells dispatched with dispatchShell() no longer output the welcome
message.
MySQL driver now uses SET NAMES to fix encoding errors in some
installations.
IntegrationTestCase now recursively merges request data into the stubbed
request.
Responses in IntegrationTestCase now allow better content-type assertions.
0000-00-00 is now converted into null by the database type system. This
prevents issues in how PHP's DateTime handles year 0.
FormHelper fields that use integers as their name no longer trigger black hole
errors.
3.0.105 Apr 2015 16:25
minor feature:
Reduced chances for timing attacks in HMAC comparisons in Security::decrypt() by using more constant time string comparisons.
FormHelper now supports an idPrefix option. This option allows you to specify the prefix you want prepended to id attribute of all inputs FormHelper generates.
FormHelper now supports group templates for each input type. For example, the radioFormGroup template will be used for radio button sets.
Elements included in a prefixed request context now look in prefixed paths. When a controller runs in a prefixed route/namespace it will automatically append the current prefix to the view paths used to locate elements.
Schema reflection for Postgres no longer fails when foreign keys rely on stored procedures.
Schema reflection now treats money columns as strings. Due to leading currency codes the ORM cannot easily map this type into float values.
Selectboxes disable and select active options correctly now when complex option data is used.
Selectboxes can now have an empty name attribute.
URL filters are applied before the existing request context is applied now.
Cake I18n Time now supports short timezone offset formats.
Query logging now works when the duplicate named parameters are used.
existsIn rules now correctly set an error message when used with a list of fields.
RulesChecker methods can now return strings to indicate failure. The returned strings will be used as the error message if a field was also defined for the rule.
Primary key values can now be defined when creating entities. This improves compatibility with UUID's where ID's are generated outside of your application.
When saving/updating entities, existing HasMany associations can be re-linked using a _ids input similar to BelongsToMany associations.
Greatly improved performance around hydrating ORM results.
Improved PHP7 HHVM compatibility.
Improved API documentation.
3.0.022 Mar 2015 23:55
major feature:
This new major 3.0.x release is backwards incompatible with previous CakePHP
versions, and minimum requirements are now PHP 5.4.16, mbstring and intl
extensions.
A new ORM was introduced, using the DataMapper pattern, eager loading
strategies, better query bulding and post-processing, composite primary
keys and custom data types.
Routing is faster and more flexible.
Migrations are now plugin-based and more powerful.
I18N with feature-rich message translation, and locale-aware time and
number library.
More debugging tools were added.
Composer is used now for skeleton setup.
Some libraries have been split out into standalone plugins.
New "view cells" add orchestration controllers within templates.
Homepage
Download