CakePHP 4.2.1 Released

The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.1. This is a maintenance release for the 4.2 branch that fixes several community reported issues. We’d like to thank Xhelal Likaj for reporting the BREACH weakness, and incomplete salt length checks via our security process.


You can expect the following changes in 4.2.1. See the changelog for every commit.

  • Fix fixture file casing.
  • Improved API documentation for TimeHelper.
  • Added additional setup warnings for short Security.salt values. Ideally salt values are 32 bytes or longer.
  • Fix null values being passed to controller actions when resolving dependencies.
  • Fix BREACH weakness in SessionCsrfProtectionMiddleware.

Contributors to 4.2.1

Thank you to all the contributors that helped make this release happen:

  • ADmad
  • Mark Scherer
  • Mark Story
  • Remi Collet

As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.

Download a packaged release on github.