CakePHP 2.3.7 & 2.4.0-beta released
The CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.7 & 2.4.0-beta. 2.3.7 is a bugfix release for the 2.3 branch, while 2.4.0-beta is the first release of the 2.4 branch. A short list of the changes you can expect in 2.3.7 are:
- Cached views now contain their Content-Type header. It is recommended that you flush your view caches when upgrading.
- Return-Path is now excluded on emails delivered via SMTP.
- The automatic created & modified times when saving records are now consistent. There used to be an edge case where they could differ by one second.
- Undocumented, untested features around the IIS_SERVER constant have been removed.
- FormHelper::dateTime() now selects the correct year when creating an input which has a maxYear earlier than the current year.
- Email views now calculate the boundary later in the rendering process fixing issues where View callbacks could append inline images or attachments, resulting in incorrect boundary markers.
- AuthComponent now correctly generates redirect URL's when the application base path matches the controller name.
- Errors generated from requests containing 'index.php' now render correctly.
- Classnames containing '..' are now rejected.
There was a security fix in this release that fixes an issue where controllers outside of the application could be loaded under certain conditions. This is an important upgrade for applications that accept uploaded PHP files where user data is used to determine the final file name. In these situations it would be possible for an attacker to upload a PHP file and remotely execute code. A big thanks to Adrian Ulrich for contacting us about the issue, and providing steps to reproduce it.
The 2.4.0-beta release contains several new features that improve CakePHP's performance, security and ease of use. When done, this new version is intended to be a replacement for the 2.3.x branch. A migration guide is provided in the book  and we encourage you to read it if you are upgrading from an older version.
The current list of the new features & changes you can expect in 2.4.0:
- Logged notice messages will now be colourized in terminals that support colours.
cake schema generatenow supports the
cake bake modelnow supports baking
parent_idfields in your table it will add the Tree behavior, for example. You can also extend the ModelTask to support your own behaviors to be recognized.
cake bake fixturenow supports a
--schemaparameter to allow baking all fixtures with noninteractive "all" while using schema import.
- AuthComponent now supports proper stateless mode when using
Digestauthenticators. Starting of session can be prevented by setting
AuthComponent::$sessionKeyto false. Also now when using only
Digestyou are no longer redirected to login page. For more info check the
AuthComponent::$authErrorcan be set to boolean
falseto suppress flash message from being displayed.
- Authenticating objects now use new password hasher objects for password hash generation and checking.
Model::saveMany()now take a new
counterCacheoption. You can set it to false to avoid updating counter cache values for the particular save operation.
- Mysql, Postgres, and SQLserver now support a 'settings' array in the connection definition. This key => value pair will be issued as
SETcommands when the connection is created.
- JSONP support has been added to :php:class:
- The API for
HtmlHelper::css()has been changed.
- New option
HtmlHelper::link()to control escaping of only link title and not attributes.
TextHelper::autoParagraph()has been added. It allows to automatically convert text into HTML paragraphs.
PaginatorHelper::param()has been added.
CakeRequest::param()has been added.
CakeRequest::is()has been modified to support an array of types and will return true if the request matches any type.
CakeRequest::isAll()has been added to check that a request matches all the given types.
- Logged email messages now have the scope of
HttpSocket::patch()has been added.
ellis now the default locale for Greek as specified by ISO 639-3 and
greits alias. The locale folders have to be adjusted accordingly (from
fasis now the default locale for Farsi as specified by ISO 639-3 and
perits alias. The locale folders have to be adjusted accordingly (from
smeis now the default locale for Sami as specified by ISO 639-3 and
smiits alias. The locale folders have to be adjusted accordingly (from
mkas default locale for Macedonian as specified by ISO 639-3. The corresponding locale folders have to be adjusted, as well.
- Catalog code
inhas been dropped in favor of
ehas been dropped in favor of
nhas been dropped in favor of
phas been dropped in favor of
szhas been dropped in favor of
- Kazakh has been added with
kazas locale and
kkas catalog code.
- Kalaallisut has been added with
kalas locale and
klas catalog code.
- Log engines do not need the suffix
Loganymore in their setup configuration. So for the FileLog engine it suffices to define
'engine' => 'File'now. This unifies the way engines are named in configuration (see Cache engines for example). Note: If you have a Log engine like
DatabaseLoggerthat does not follow the convention of using the
Logsuffix, you will have to adjust your class name to
DatabaseLog. You should also avoid class names like
SomeLogLogwhich include the suffix twice at the end.
- Two new config options
rotatehave been added for
- The new logging engine
SyslogLogwas added to stream messages to syslog.
prno longer outputs HTML when running in cli mode.
Validation::date()now supports the
- The country code of
Validation::phone()for Canada has been changed from
cato unify the country codes for validation methods according to ISO 3166 (two letter codes).
- The currencies
JPYhave been added.
- The symbols for
EURare now UTF-8. If you upgrade a non-UTF-8 application, make sure that you update the static
$_currenciesattribute with the appropriate HTML entity symbols (
&#8364;) before you use those currencies.
- New option
prettyhas been added to
Xml::fromArray()to return nicely formatted Xml.
- New configuration option
skipLoghas been added, to allow skipping certain Exception types to be logged.
Configure::write('Exception.skipLog', array('NotFoundException', 'ForbiddenException'));will skip logging these exceptions and the ones extending them when
Router::baseUrl()was added. This method replaces
FULL_BASE_URL. Which is now deprecated.
The API docs and cookbook have been updated to reflect the changes and updates for 2.4.0.
A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP. Download a packaged release .
-  http://cakephp.org/changelogs/2.4.0-beta
-  http://book.cakephp.org/2.0/en/appendices/2-4-migration-guide.html
-  http://api.cakephp.org/2.4
-  https://github.com/cakephp/cakephp/tags