CakePHP 4.2.1 Released

The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.1. This is a maintenance release for the 4.2 branch that fixes several community reported issues.


You can expect the following changes in 4.2.1. See the changelog for every commit.

  • Fix fixture file casing.
  • Improved API documentation for TimeHelper.
  • Added additional setup warnings for short Security.salt values. Ideally salt values are 32 bytes or longer.
  • Fix null values being passed to controller actions when resolving dependencies.
  • Fix BREACH weakness in SessionCsrfProtectionMiddleware.

Contributors to 4.2.1

Thank you to all the contributors that helped make this release happen:

  • ADmad
  • Mark Scherer
  • Mark Story
  • Remi Collet

As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.

Download a packaged release on github.