Skip to content

CHANGELOG_4.6.md

Latest commit

 

History

History
212 lines (176 loc) · 19.4 KB

CHANGELOG_4.6.md

File metadata and controls

212 lines (176 loc) · 19.4 KB

Changelog 4.6

v4.6.5 (2026-02-01)

Full Changelog

Fixed Bugs

  • fix: make seeder to respect database group by @michalsn in #9886
  • fix: ensure CSP nonces are Base64 encoded by @paulbalandan in #9907

Refactoring

  • refactor: debugbar time header not dependent on locale by @michalsn in #9880
  • refactor: Remove dead code from MySQLi Connection related to PHP 5 by @kamil-tekiela in #9887
  • refactor: Clean up mysqli transactions by @kamil-tekiela in #9888

v4.6.4 (2025-12-12)

Full Changelog

Fixed Bugs

  • fix: prevent non-shared DB instances from polluting shared cache by @michalsn in #9679
  • fix: Connection::getFieldData() default value convention for SQLSRV and OCI8 by @michalsn in #9680
  • fix: Forge::modifyColumn() for Postgre handler by @michalsn in #9676
  • fix: setting created_at field in Model::replace() method by @michalsn in #9693
  • fix: Casting in insertBatch and updateBatch methods. by @patel-vansh in #9698
  • fix: compileOrderBy() method by @michalsn in #9697
  • fix: SQLite3 password handling for empty string by @michalsn in #9729
  • fix: TypeError in valid_base64 rule when checking invalid base64 strings by @michalsn in #9733
  • fix: debug toolbar logs collector behavior on isEmpty() by @mjomble in #9724
  • fix: crash in toggleViewsHints - debugDiv.appendChild (toolbar.js) by @mjomble in #9735
  • fix: cannot read properties of null in toggleViewsHints (toolbar.js) by @michalsn in #9736
  • fix: type error in controlled cell by @michalsn in #9784
  • fix: handle resources and closures in JSON exception responses by @michalsn in #9788
  • fix: quote reserved keyword timestamp used as a field name for session table by @michalsn in #9805
  • fix: Add an IDs for toolbar form fields by @neznaika0 in #9823
  • fix: disable echo in the preload file by @michalsn in #9825
  • fix(cache): prevent Redis error when deleteMatching() finds no keys by @michalsn in #9829

Refactoring

  • refactor: change $request to CLIRequest|IncomingRequest in ResponseTrait by @paulbalandan in #9658
  • refactor: fix phpdoc and improve code in Language by @paulbalandan in #9656
  • refactor: remove redundant property declarations in BaseController by @paulbalandan in #9659
  • refactor: update CheckPhpIni code by @paulbalandan in #9672
  • refactor: Improve types for phpstan by @neznaika0 in #9685
  • refactor: fix phpstan issues on magic properties by @paulbalandan in #9728
  • refactor: use superglobals service in the UserAgent class by @michalsn in #9783

v4.6.3 (2025-08-02)

Full Changelog

Fixed Bugs

  • fix: CID check in Email class by @michalsn in #9645
  • fix: SMTP connection resource validation in Email class destructor by @michalsn in #9648

Refactoring

  • refactor: update preload script to exclude util_bootstrap by @ddevsr in #9649
  • refactor: phpdoc for Config\Filters::$globals by @michalsn in #9652

v4.6.2 (2025-07-26)

Full Changelog

Security

  • ImageMagickHandler: Command Injection Vulnerability in ImageMagick Handler Fixes a vulnerability relating to uses of ImageMagickHandler's resize() or text() methods where an attacker can upload malicious filenames containing shell metacharacters that get executed when the image is processed or when text is added to the image.

    See the security advisory for details. Credits to @vicevirus for reporting the issue.

Fixed Bugs

  • chore: add missing EscaperInterface to the AutoloadConfig by @michalsn in #9561
  • fix: remove service dependency from sanitize_filename() helper function by @michalsn in #9560
  • fix: use native PHP truthiness for condition evaluation in when()/whenNot() by @michalsn in #9576
  • fix: add error handling for corrupted cache files in FileHandler by @michalsn in #9586
  • fix: correct getHostname() fallback logic in Email class by @michalsn in #9587
  • fix: encapsulation violation in BasePreparedQuery class by @michalsn in #9603
  • fix: URI authority generation for schemes without default ports by @michalsn in #9605
  • fix: correct path parsing in SiteURIFactory::parseRequestURI() by @michalsn in #9613
  • fix: support for multibyte folder names when the app is served from a subfolder by @michalsn in #9615
  • fix: use correct 24-hour time format in development error page. by @ping-yee in #9628
  • fix: improve CURLRequest intermediate HTTP response handling by @michalsn in #9627
  • fix: ensure make:test works on Windows by @paulbalandan in #9635
  • fix: ensure make:test generates test files ending in Test by @paulbalandan in #9636
  • fix: make:test requires 3 inputs after entering an empty class name by @paulbalandan in #9637
  • fix: add filename parameters to inline Content-Disposition headers by @michalsn in #9638

Refactoring

  • refactor: add system/util_bootstrap.php to curb overreliance to system/Test/bootstrap.php by @paulbalandan in #9562
  • refactor: update places to use system/util_bootstrap.php by @paulbalandan in #9568
  • refactor: more accurate array PHPDocs of Cookie by @paulbalandan in #9569
  • refactor: use native phpdocs wherever possible by @paulbalandan in #9571
  • refactor: fix notIdentical.alwaysTrue error by @paulbalandan in #9579
  • refactor: fix phpstan errors in Events by @paulbalandan in #9580
  • refactor: fix non-booleans in if conditions by @paulbalandan in #9578
  • refactor: fix and micro-optimize code in Format by @paulbalandan in #9583
  • refactor: fix various phpstan errors in Log component by @paulbalandan in #9581
  • refactor: partial fix errors on Email by @paulbalandan in #9582
  • refactor: fix phpstan errors in ResponseTrait by @paulbalandan in #9591
  • refactor: precise PHPDocs for Autoloader by @paulbalandan in #9593
  • refactor: fix phpstan errors in mock classes by @paulbalandan in #9594
  • refactor: fix various phpstan errors in Cache by @paulbalandan in #9610
  • fix: apply rector rule TernaryImplodeToImplodeRector by @michalsn in #9614
  • refactor: Console::showHeader() call date() only once by @paulbalandan in #9616

v4.6.1 (2025-05-02)

Full Changelog

Fixed Bugs

  • fix(CURLRequest): multiple header sections after redirects by @ducng99 in #9426
  • fix: set headers for CORS by @michalsn in #9437
  • fix: upsert with composite unique index by @michalsn in #9454
  • fix: getVersion() for OCI8 and SQLSRV drivers by @michalsn in #9471
  • fix: Toolbar when maxHistory is set to 0 by @michalsn in #9506
  • fix: Session::markAsTempdata() adding wrong TTL by @paulbalandan in #9536
  • fix: added "application/octet-stream" to the "stl" mime type in the M… by @Franky5831 in #9543

Refactoring

  • refactor: get upper first protocol only one call in Email by @ddevsr in #9449
  • refactor: PHPDocs in env() by @ddevsr in #9468
  • refactor: remove lowercase event name for logging by @ddevsr in #9483
  • refactor: OCI8 limit() method by @michalsn in #9472
  • refactor: deprecate redundant FileHandler cache methods by @paulbalandan in #9511
  • refactor: fix variable.undefined (and other) errors by @paulbalandan in #9513
  • refactor: fix return.unusedType errors by @paulbalandan in #9514
  • refactor: add CITestStreamFilter to phpstan-analysed list and fix errors by @paulbalandan in #9515
  • refactor: fix property.protected errors by @paulbalandan in #9517
  • refactor: fix function.alreadyNarrowedType errors by @paulbalandan in #9518
  • refactor: fix empty.property errors by @paulbalandan in #9519
  • refactor: import FQCNs by @paulbalandan in #9520
  • refactor: fix isset.property errors by @paulbalandan in #9522
  • refactor: fix missingType.return errors by @warcooft in #9523
  • refactor: fix nullCoalesce.variable errors by @warcooft in #9524
  • refactor: fix phpstan errors in URI and SiteURI by @paulbalandan in #9525
  • refactor: fix @readonly property errors by @paulbalandan in #9529
  • refactor: fix missingType.return errors in system files by @paulbalandan in #9530
  • refactor: fix codeigniter.modelArgumentType errors by @paulbalandan in #9533
  • refactor: fix Session and SessionInterface code by @paulbalandan in #9535

v4.6.0 (2025-01-19)

Full Changelog

Breaking Changes

  • refactor: remove deprecated failValidationError() in API\ResponseTrait by @kenjis in #8793
  • refactor: remove depreacted ResponseInterface::getReason() by @kenjis in #8841
  • refactor: remove deprecated Logger::cleanFilenames() and TestLogger::cleanup() by @kenjis in #8843
  • fix: Exception rework by @kenjis in #8728
  • fix: DefinedRouteCollector to use RouteCollectionInterface by @kenjis in #8911
  • fix: View::renderSection() return type by @kenjis in #8965
  • feat: [Filters] enables a filter to run more than once with different arguments by @kenjis in #8977
  • fix: add check for duplicate Registrar Auto-Discovery runs by @kenjis in #9073
  • fix: Time loses microseconds by @kenjis in #9081
  • feat: fix spark db:table causes errors with table name including special chars by @kenjis in #8748
  • [4.6] fix: Time::createFromTimestamp() change for PHP 8.4 by @kenjis in #9105
  • fix: Time::setTimestamp()'s different behavior than DateTime by @kenjis in #9106
  • [4.6] fix: inconsistency in detailed error reporting by @kenjis in #9144
  • [4.6] feat: force PHP default 32 chars length at 4 bits to Session ID by @kenjis in #9139
  • fix: prioritize headers set by the Response class by @michalsn in #9235

Fixed Bugs

  • [4.6] fix: add validation message for min_dims by @christianberkman in #8988
  • fix: [Filters] normalize $filters arguments by @kenjis in #8994

Enhancements

  • feat: [FileCollection] add function to reatain multiple patterns by @christianberkman in #8960
  • feat: [Validation] add min_dims rule in FileRules by @christianberkman in #8966
  • feat: add foundRows option for MySQLi config by @ducng99 in #8979
  • feat: spark filter:check shows filter classnames by @kenjis in #8985
  • feat: add BaseConnection::resetTransStatus() by @kenjis in #8767
  • feat: add Services::resetServicesCache() to reset services cache by @kenjis in #9012
  • feat: add "400 Bad Request" page for end users by @kenjis in #9044
  • feat: add directives to phpini:check command by @kenjis in #9117
  • feat: multiple hostname routing by @ddevsr in #9150
  • [4.6] feat: workaround for implicit nullable deprecations in PHP 8.4 by @kenjis in #9140
  • feat: support CURL HTTP3 by @ddevsr in #9145
  • feat: design info environment top in error_exception by @ddevsr in #9241
  • feat: [Validation] add support for $dbGroup as parameter in is_unique and is_not_unique by @maniaba in #9216
  • feat: added the namespace option to the publish command by @dimtrovich in #9278
  • chore: update Kint to v6.0 by @ddevsr in #9289
  • feat: CURL option force_ip_resolve by @ddevsr in #9194
  • feat: add SQLite3 config synchronous by @michalsn in #9202
  • feat: Differentiate between kilobyte/kibibyte and megabyte/mebibyte by @ThomasMeschke in #9277
  • feat: Strict locale negotiation by @neznaika0 in #9360
  • fix: Add support for multibyte strings by @neznaika0 in #9372
  • feat: add page start end total to PagerRenderer by @murilohpucci in #9371
  • feat: New command lang:sync by @neznaika0 in #9023
  • feat: additional opcache setting in check php.ini by @ddevsr in #9032

Refactoring

  • [4.6] refactor: Validation rules and tests by @kenjis in #8975
  • [4.6] refactor: add : void by @kenjis in #9013
  • refactor: remove dependency on BaseConnection in TableName by @kenjis in #9104
  • refactor: add return type to closuer in FilterCheck by @neznaika0 in #9190
  • refactor: Remove deprecated RedirectException by @neznaika0 in #9399
  • refactor: Remove deprecated EVENT_PRIORITY_* by @neznaika0 in #9401
  • refactor: Remove deprecated View::$currentSection by @neznaika0 in #9403
  • refactor: Remove deprecated Cache::$storePath by @neznaika0 in #9404
  • refactor: Remove deprecated Config\Format::getFormatter() by @neznaika0 in #9405
  • refactor: Remove deprecation related to cookies by @neznaika0 in #9406

For the changelog of v4.5, see CHANGELOG_4.5.md.