Skip to content

3.0.0 RC 3

Pre-release
Pre-release
Compare
Choose a tag to compare
@akrabat akrabat released this 29 Nov 15:07
· 754 commits to 3.x since this release
3.0.0-RC3
48be9d2

This release fixes a security issue, clears up some inconsistencies and fixes a number of bugs.

Security fix in 3.0.0-RC3:

  • #1624 - XXE attacks are now prevented when parsing XML input.

BC breaks in 3.0.0-RC3:

These are the BC breaks since RC2:

  • #1631 - The route callable is now bound to the Container rather than to the App to be consistent with middleware binding. This means that if you are using $this->subRequest then you now need to use ($app) and then $app->subRequest(…). Also if you were using $this->getContainer()->get(…), you need to change this to $this->get(…). Note that using $this->foo to retrieve a service from the container continues to work.
  • #1626 - Route paths are now simply concatentated with no magic. This may affect the way route groups were previously set up, but from now on, it's very predictable.
  • #1625 - Group middleware is now executed before the route's middleware as you would expect. See issue #1622 for details.

The full list of changes is here.

Assets 2
Loading