Release Notes
- Support Policy
- Laravel 5.2
- Laravel 5.1.11
- Laravel 5.1.4
- Laravel 5.1
- Laravel 5.0
- Laravel 4.2
- Laravel 4.1
Support Policy
For LTS releases, such as Laravel 5.1, bug fixes are provided for 2 years and security fixes are provided for 3 years. These releases provide the longest window of support and maintenance.
For general releases, bug fixes are provided for 6 months and security fixes are provided for 1 year.
Laravel 5.2
Laravel 5.2 continues the improvements made in Laravel 5.1 by adding multiple authentication driver support, implicit model binding, simplified Eloquent global scopes, opt-in authentication scaffolding, middleware groups, rate limiting middleware, array validation improvements, and more.
Authentication Drivers / "Multi-Auth"
In previous versions of Laravel, only the default, session-based authentication driver was supported out of the box, and you could not have more than one authenticatable model instance per application.
However, in Laravel 5.2, you may define additional authentication drivers as well define multiple authenticatable models or user tables, and control their authentication process separately from each other. For example, if your application has one database table for "admin" users and one database table for "student" users, you may now use the Auth
methods to authenticate against each of these tables separately.
Authentication Scaffolding
Laravel already makes it easy to handle authentication on the back-end; however, Laravel 5.2 provides a convenient, lightning-fast way to scaffold the authentication views for your front-end. Simply execute the make:auth
command on your terminal:
php artisan make:auth
This command will generate plain, Bootstrap compatible views for user login, registration, and password reset. The command will also update your routes file with the appropriate routes.
This feature is only meant to be used on new applications, not during application upgrades.
Implicit Model Binding
Implicit model binding makes it painless to inject relevant models directly into your routes and controllers. For example, assume you have a route defined like the following:
use App\User; Route::get('/user/{user}', function (User $user) { return $user;});
In Laravel 5.1, you would typically need to use the Route::model
method to instruct Laravel to inject the App\User
instance that matches the {user}
parameter in your route definition. However, in Laravel 5.2, the framework will automatically inject this model based on the URI segment, allowing you to quickly gain access to the model instances you need.
Laravel will automatically inject the model when the route parameter segment ({user}
) matches the route Closure or controller method's corresponding variable name ($user
) and the variable is type-hinting an Eloquent model class.
Middleware Groups
Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a web
group, and perhaps the rate limiter in the api
group.
In fact, the default Laravel 5.2 application structure takes exactly this approach. For example, in the default App\Http\Kernel.php
file you will find the following:
/** * The application's route middleware groups. * * @var array */protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, ], 'api' => [ 'throttle:60,1', ],];
Then, the web
group may be assigned to routes like so:
Route::group(['middleware' => ['web']], function () { //});
However, keep in mind the web
middleware group is already applied to your routes by default since the RouteServiceProvider
includes it in the default middleware group.
Rate Limiting
A new rate limiter middleware is now included with the framework, allowing you to easily limit the number of requests that a given IP address can make to a route over a specified number of minutes. For example, to limit a route to 60 requests every minute from a single IP address, you may do the following:
Route::get('/api/users', ['middleware' => 'throttle:60,1', function () { //}]);
Array Validation
Validating array form input fields is much easier in Laravel 5.2. For example, to validate that each e-mail in a given array input field is unique, you may do the following:
$validator = Validator::make($request->all(), [ 'person.*.email' => 'email|unique:users']);
Likewise, you may use the *
character when specifying your validation messages in your language files, making it a breeze to use a single validation message for array based fields:
'custom' => [ 'person.*.email' => [ 'unique' => 'Each person must have a unique e-mail address', ]],
Bail Validation Rule
A new bail
validation rule has been added, which instructs the validator to stop validating after the first validation failure for a given rule. For example, you may now prevent the validator from running a unique
check if an attribute fails an integer
check:
$this->validate($request, [ 'user_id' => 'bail|integer|unique:users']);
Eloquent Global Scope Improvements
In previous versions of Laravel, global Eloquent scopes were complicated and error-prone to implement; however, in Laravel 5.2, global query scopes only require you to implement a single, simple method: apply
.
For more information on writing global scopes, check out the full Eloquent documentation.
Laravel 5.1.11
Laravel 5.1.11 introduces authorization support out of the box! Conveniently organize your application's authorization logic using simple callbacks or policy classes, and authorize actions using simple, expressive methods.
For more information, please refer to the authorization documentation.
Laravel 5.1.4
Laravel 5.1.4 introduces simple login throttling to the framework. Consult the authentication documentation for more information.
Laravel 5.1
Laravel 5.1 continues the improvements made in Laravel 5.0 by adopting PSR-2 and adding event broadcasting, middleware parameters, Artisan improvements, and more.
PHP 5.5.9+
Since PHP 5.4 will enter "end of life" in September and will no longer receive security updates from the PHP development team, Laravel 5.1 requires PHP 5.5.9 or greater. PHP 5.5.9 allows compatibility with the latest versions of popular PHP libraries such as Guzzle and the AWS SDK.
LTS
Laravel 5.1 is the first release of Laravel to receive long term support. Laravel 5.1 will receive bug fixes for 2 years and security fixes for 3 years. This support window is the largest ever provided for Laravel and provides stability and peace of mind for larger, enterprise clients and customers.
PSR-2
The PSR-2 coding style guide has been adopted as the default style guide for the Laravel framework. Additionally, all generators have been updated to generate PSR-2 compatible syntax.
Documentation
Every page of the Laravel documentation has been meticulously reviewed and dramatically improved. All code examples have also been reviewed and expanded to provide more relevance and context.
Event Broadcasting
In many modern web applications, web sockets are used to implement real-time, live-updating user interfaces. When some data is updated on the server, a message is typically sent over a websocket connection to be handled by the client.
To assist you in building these types of applications, Laravel makes it easy to "broadcast" your events over a websocket connection. Broadcasting your Laravel events allows you to share the same event names between your server-side code and your client-side JavaScript framework.
To learn more about event broadcasting, check out the event documentation.
Middleware Parameters
Middleware can now receive additional custom parameters. For example, if your application needs to verify that the authenticated user has a given "role" before performing a given action, you could create a RoleMiddleware
that receives a role name as an additional argument:
<?php namespace App\Http\Middleware; use Closure; class RoleMiddleware{ /** * Run the request filter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string $role * @return mixed */ public function handle($request, Closure $next, $role) { if (! $request->user()->hasRole($role)) { // Redirect... } return $next($request); } }
Middleware parameters may be specified when defining the route by separating the middleware name and parameters with a :
. Multiple parameters should be delimited by commas:
Route::put('post/{id}', ['middleware' => 'role:editor', function ($id) { //}]);
For more information on middleware, check out the middleware documentation.
Testing Overhaul
The built-in testing capabilities of Laravel have been dramatically improved. A variety of new methods provide a fluent, expressive interface for interacting with your application and examining its responses. For example, check out the following test:
public function testNewUserRegistration(){ $this->visit('/register') ->type('Taylor', 'name') ->check('terms') ->press('Register') ->seePageIs('/dashboard');}
For more information on testing, check out the testing documentation.
Model Factories
Laravel now ships with an easy way to create stub Eloquent models using model factories. Model factories allow you to easily define a set of "default" attributes for your Eloquent model, and then generate test model instances for your tests or database seeds. Model factories also take advantage of the powerful Faker PHP library for generating random attribute data:
$factory->define(App\User::class, function ($faker) { return [ 'name' => $faker->name, 'email' => $faker->email, 'password' => str_random(10), 'remember_token' => str_random(10), ];});
For more information on model factories, check out the documentation.
Artisan Improvements
Artisan commands may now be defined using a simple, route-like "signature", which provides an extremely simple interface for defining command line arguments and options. For example, you may define a simple command and its options like so:
/** * The name and signature of the console command. * * @var string */protected $signature = 'email:send {user} {--force}';
For more information on defining Artisan commands, consult the Artisan documentation.
Folder Structure
To better express intent, the app/Commands
directory has been renamed to app/Jobs
. Additionally, the app/Handlers
directory has been consolidated into a single app/Listeners
directory which simply contains event listeners. However, this is not a breaking change and you are not required to update to the new folder structure to use Laravel 5.1.
Encryption
In previous versions of Laravel, encryption was handled by the mcrypt
PHP extension. However, beginning in Laravel 5.1, encryption is handled by the openssl
extension, which is more actively maintained.
Laravel 5.0
Laravel 5.0 introduces a fresh application structure to the default Laravel project. This new structure serves as a better foundation for building a robust application in Laravel, as well as embraces new auto-loading standards (PSR-4) throughout the application. First, let's examine some of the major changes:
New Folder Structure
The old app/models
directory has been entirely removed. Instead, all of your code lives directly within the app
folder, and, by default, is organized to the App
namespace. This default namespace can be quickly changed using the new app:name
Artisan command.
Controllers, middleware, and requests (a new type of class in Laravel 5.0) are now grouped under the app/Http
directory, as they are all classes related to the HTTP transport layer of your application. Instead of a single, flat file of route filters, all middleware are now broken into their own class files.
A new app/Providers
directory replaces the app/start
files from previous versions of Laravel 4.x. These service providers provide various bootstrapping functions to your application, such as error handling, logging, route loading, and more. Of course, you are free to create additional service providers for your application.
Application language files and views have been moved to the resources
directory.
Contracts
All major Laravel components implement interfaces which are located in the illuminate/contracts
repository. This repository has no external dependencies. Having a convenient, centrally located set of interfaces you may use for decoupling and dependency injection will serve as an easy alternative option to Laravel Facades.
For more information on contracts, consult the full documentation.
Route Cache
If your application is made up entirely of controller routes, you may utilize the new route:cache
Artisan command to drastically speed up the registration of your routes. This is primarily useful on applications with 100+ routes and will drastically speed up this portion of your application.
Route Middleware
In addition to Laravel 4 style route "filters", Laravel 5 now supports HTTP middleware, and the included authentication and CSRF "filters" have been converted to middleware. Middleware provides a single, consistent interface to replace all types of filters, allowing you to easily inspect, and even reject, requests before they enter your application.
For more information on middleware, check out the documentation.
Controller Method Injection
In addition to the existing constructor injection, you may now type-hint dependencies on controller methods. The service container will automatically inject the dependencies, even if the route contains other parameters:
public function createPost(Request $request, PostRepository $posts){ //}
Authentication Scaffolding
User registration, authentication, and password reset controllers are now included out of the box, as well as simple corresponding views, which are located at resources/views/auth
. In addition, a "users" table migration has been included with the framework. Including these simple resources allows rapid development of application ideas without bogging down on authentication boilerplate. The authentication views may be accessed on the auth/login
and auth/register
routes. The App\Services\Auth\Registrar
service is responsible for user validation and creation.
Event Objects
You may now define events as objects instead of simply using strings. For example, check out the following event:
<?php class PodcastWasPurchased{ public $podcast; public function __construct(Podcast $podcast) { $this->podcast = $podcast; }}
The event may be dispatched like normal:
Event::fire(new PodcastWasPurchased($podcast));
Of course, your event handler will receive the event object instead of a list of data:
<?php class ReportPodcastPurchase{ public function handle(PodcastWasPurchased $event) { // }}
For more information on working with events, check out the full documentation.
Commands / Queueing
In addition to the queue job format supported in Laravel 4, Laravel 5 allows you to represent your queued jobs as simple command objects. These commands live in the app/Commands
directory. Here's a sample command:
<?php class PurchasePodcast extends Command implements SelfHandling, ShouldBeQueued{ use SerializesModels; protected $user, $podcast; /** * Create a new command instance. * * @return void */ public function __construct(User $user, Podcast $podcast) { $this->user = $user; $this->podcast = $podcast; } /** * Execute the command. * * @return void */ public function handle() { // Handle the logic to purchase the podcast... event(new PodcastWasPurchased($this->user, $this->podcast)); }}
The base Laravel controller utilizes the new DispatchesCommands
trait, allowing you to easily dispatch your commands for execution:
$this->dispatch(new PurchasePodcastCommand($user, $podcast));
Of course, you may also use commands for tasks that are executed synchronously (are not queued). In fact, using commands is a great way to encapsulate complex tasks your application needs to perform. For more information, check out the command bus documentation.
Database Queue
A database
queue driver is now included in Laravel, providing a simple, local queue driver that requires no extra package installation beyond your database software.
Laravel Scheduler
In the past, developers have generated a Cron entry for each console command they wished to schedule. However, this is a headache. Your console schedule is no longer in source control, and you must SSH into your server to add the Cron entries. Let's make our lives easier. The Laravel command scheduler allows you to fluently and expressively define your command schedule within Laravel itself, and only a single Cron entry is needed on your server.
It looks like this:
$schedule->command('artisan:command')->dailyAt('15:00');
Of course, check out the full documentation to learn all about the scheduler!
Tinker / Psysh
The php artisan tinker
command now utilizes Psysh by Justin Hileman, a more robust REPL for PHP. If you liked Boris in Laravel 4, you're going to love Psysh. Even better, it works on Windows! To get started, just try:
php artisan tinker
DotEnv
Instead of a variety of confusing, nested environment configuration directories, Laravel 5 now utilizes DotEnv by Vance Lucas. This library provides a super simple way to manage your environment configuration, and makes environment detection in Laravel 5 a breeze. For more details, check out the full configuration documentation.
Laravel Elixir
Laravel Elixir, by Jeffrey Way, provides a fluent, expressive interface to compiling and concatenating your assets. If you've ever been intimidated by learning Grunt or Gulp, fear no more. Elixir makes it a cinch to get started using Gulp to compile your Less, Sass, and CoffeeScript. It can even run your tests for you!
For more information on Elixir, check out the full documentation.
Laravel Socialite
Laravel Socialite is an optional, Laravel 5.0+ compatible package that provides totally painless authentication with OAuth providers. Currently, Socialite supports Facebook, Twitter, Google, and GitHub. Here's what it looks like:
public function redirectForAuth(){ return Socialize::with('twitter')->redirect();} public function getUserFromProvider(){ $user = Socialize::with('twitter')->user();}
No more spending hours writing OAuth authentication flows. Get started in minutes! The full documentation has all the details.
Flysystem Integration
Laravel now includes the powerful Flysystem filesystem abstraction library, providing pain free integration with local, Amazon S3, and Rackspace cloud storage - all with one, unified and elegant API! Storing a file in Amazon S3 is now as simple as:
Storage::put('file.txt', 'contents');
For more information on the Laravel Flysystem integration, consult the full documentation.
Form Requests
Laravel 5.0 introduces form requests, which extend the Illuminate\Foundation\Http\FormRequest
class. These request objects can be combined with controller method injection to provide a boiler-plate free method of validating user input. Let's dig in and look at a sample FormRequest
:
<?php namespace App\Http\Requests; class RegisterRequest extends FormRequest{ public function rules() { return [ 'email' => 'required|email|unique:users', 'password' => 'required|confirmed|min:8', ]; } public function authorize() { return true; }}
Once the class has been defined, we can type-hint it on our controller action:
public function register(RegisterRequest $request){ var_dump($request->input());}
When the Laravel service container identifies that the class it is injecting is a FormRequest
instance, the request will automatically be validated. This means that if your controller action is called, you can safely assume the HTTP request input has been validated according to the rules you specified in your form request class. Even more, if the request is invalid, an HTTP redirect, which you may customize, will automatically be issued, and the error messages will be either flashed to the session or converted to JSON. Form validation has never been more simple. For more information on FormRequest
validation, check out the documentation.
Simple Controller Request Validation
The Laravel 5 base controller now includes a ValidatesRequests
trait. This trait provides a simple validate
method to validate incoming requests. If FormRequests
are a little too much for your application, check this out:
public function createPost(Request $request){ $this->validate($request, [ 'title' => 'required|max:255', 'body' => 'required', ]);}
If the validation fails, an exception will be thrown and the proper HTTP response will automatically be sent back to the browser. The validation errors will even be flashed to the session! If the request was an AJAX request, Laravel even takes care of sending a JSON representation of the validation errors back to you.
For more information on this new method, check out the documentation.
New Generators
To complement the new default application structure, new Artisan generator commands have been added to the framework. See php artisan list
for more details.
Configuration Cache
You may now cache all of your configuration in a single file using the config:cache
command.
Symfony VarDumper
The popular dd
helper function, which dumps variable debug information, has been upgraded to use the amazing Symfony VarDumper. This provides color-coded output and even collapsing of arrays. Just try the following in your project:
dd([1, 2, 3]);
Laravel 4.2
The full change list for this release by running the php artisan changes
command from a 4.2 installation, or by viewing the change file on Github. These notes only cover the major enhancements and changes for the release.
During the 4.2 release cycle, many small bug fixes and enhancements were incorporated into the various Laravel 4.1 point releases. So, be sure to check the change list for Laravel 4.1 as well!
PHP 5.4 Requirement
Laravel 4.2 requires PHP 5.4 or greater. This upgraded PHP requirement allows us to use new PHP features such as traits to provide more expressive interfaces for tools like Laravel Cashier. PHP 5.4 also brings significant speed and performance improvements over PHP 5.3.
Laravel Forge
Laravel Forge, a new web based application, provides a simple way to create and manage PHP servers on the cloud of your choice, including Linode, DigitalOcean, Rackspace, and Amazon EC2. Supporting automated Nginx configuration, SSH key access, Cron job automation, server monitoring via NewRelic & Papertrail, "Push To Deploy", Laravel queue worker configuration, and more, Forge provides the simplest and most affordable way to launch all of your Laravel applications.
The default Laravel 4.2 installation's app/config/database.php
configuration file is now configured for Forge usage by default, allowing for more convenient deployment of fresh applications onto the platform.
More information about Laravel Forge can be found on the official Forge website.
Laravel Homestead
Laravel Homestead is an official Vagrant environment for developing robust Laravel and PHP applications. The vast majority of the boxes' provisioning needs are handled before the box is packaged for distribution, allowing the box to boot extremely quickly. Homestead includes Nginx 1.6, PHP 5.6, MySQL, Postgres, Redis, Memcached, Beanstalk, Node, Gulp, Grunt, & Bower. Homestead includes a simple Homestead.yaml
configuration file for managing multiple Laravel applications on a single box.
The default Laravel 4.2 installation now includes an app/config/local/database.php
configuration file that is configured to use the Homestead database out of the box, making Laravel initial installation and configuration more convenient.
The official documentation has also been updated to include Homestead documentation.
Laravel Cashier
Laravel Cashier is a simple, expressive library for managing subscription billing with Stripe. With the introduction of Laravel 4.2, we are including Cashier documentation along with the main Laravel documentation, though installation of the component itself is still optional. This release of Cashier brings numerous bug fixes, multi-currency support, and compatibility with the latest Stripe API.
Daemon Queue Workers
The Artisan queue:work
command now supports a --daemon
option to start a worker in "daemon mode", meaning the worker will continue to process jobs without ever re-booting the framework. This results in a significant reduction in CPU usage at the cost of a slightly more complex application deployment process.
More information about daemon queue workers can be found in the queue documentation.
Mail API Drivers
Laravel 4.2 introduces new Mailgun and Mandrill API drivers for the Mail
functions. For many applications, this provides a faster and more reliable method of sending e-mails than the SMTP options. The new drivers utilize the Guzzle 4 HTTP library.
Soft Deleting Traits
A much cleaner architecture for "soft deletes" and other "global scopes" has been introduced via PHP 5.4 traits. This new architecture allows for the easier construction of similar global traits, and a cleaner separation of concerns within the framework itself.
More information on the new SoftDeletingTrait
may be found in the Eloquent documentation.
Convenient Auth & Remindable Traits
The default Laravel 4.2 installation now uses simple traits for including the needed properties for the authentication and password reminder user interfaces. This provides a much cleaner default User
model file out of the box.
"Simple Paginate"
A new simplePaginate
method was added to the query and Eloquent builder which allows for more efficient queries when using simple "Next" and "Previous" links in your pagination view.
Migration Confirmation
In production, destructive migration operations will now ask for confirmation. Commands may be forced to run without any prompts using the --force
command.
Laravel 4.1
Full Change List
The full change list for this release by running the php artisan changes
command from a 4.1 installation, or by viewing the change file on Github. These notes only cover the major enhancements and changes for the release.
New SSH Component
An entirely new SSH
component has been introduced with this release. This feature allows you to easily SSH into remote servers and run commands. To learn more, consult the SSH component documentation.
The new php artisan tail
command utilizes the new SSH component. For more information, consult the tail
command documentation.
Boris In Tinker
The php artisan tinker
command now utilizes the Boris REPL if your system supports it. The readline
and pcntl
PHP extensions must be installed to use this feature. If you do not have these extensions, the shell from 4.0 will be used.
Eloquent Improvements
A new hasManyThrough
relationship has been added to Eloquent. To learn how to use it, consult the Eloquent documentation.
A new whereHas
method has also been introduced to allow retrieving models based on relationship constraints.
Database Read / Write Connections
Automatic handling of separate read / write connections is now available throughout the database layer, including the query builder and Eloquent. For more information, consult the documentation.
Queue Priority
Queue priorities are now supported by passing a comma-delimited list to the queue:listen
command.
Failed Queue Job Handling
The queue facilities now include automatic handling of failed jobs when using the new --tries
switch on queue:listen
. More information on handling failed jobs can be found in the queue documentation.
Cache Tags
Cache "sections" have been superseded by "tags". Cache tags allow you to assign multiple "tags" to a cache item, and flush all items assigned to a single tag. More information on using cache tags may be found in the cache documentation.
Flexible Password Reminders
The password reminder engine has been changed to provide greater developer flexibility when validating passwords, flashing status messages to the session, etc. For more information on using the enhanced password reminder engine, consult the documentation.
Improved Routing Engine
Laravel 4.1 features a totally re-written routing layer. The API is the same; however, registering routes is a full 100% faster compared to 4.0. The entire engine has been greatly simplified, and the dependency on Symfony Routing has been minimized to the compiling of route expressions.
Improved Session Engine
With this release, we're also introducing an entirely new session engine. Similar to the routing improvements, the new session layer is leaner and faster. We are no longer using Symfony's (and therefore PHP's) session handling facilities, and are using a custom solution that is simpler and easier to maintain.
Doctrine DBAL
If you are using the renameColumn
function in your migrations, you will need to add the doctrine/dbal
dependency to your composer.json
file. This package is no longer included in Laravel by default.