Laravel 5.8.5 Released

Laravel 5.8.5 was released yesterday with a security fix for the unique validation rule, and the latest weekly changes and features.

First, a new Gate::none() method determines the denial of any of the given abilities for the current user.

Next, a new OtherDeviceLogout event gets fired when invalidating other sessions for the current user, allowing listeners to react to logout events to revoke user access tokens, etc.

Last, even and odd Boolean flags are available to the Blade loop variable that you can use for things like zebra stripes:

{{-- Before --}}
{{ $loop->iteration % 2 }}
 
{{-- After --}}
{{ $loop->even }}
{{ $loop->odd }}

Last, 5.8.5 includes a security patch for the Unique validation rule. The rule contained a possible Unique Rule SQL Injection Warning which you can read about on the Laravel blog.

The documentation outlines the unique rule usage and contains a warning about only using auto-incrementing IDs.

Check out commit da4d4a4 for details on the updates made for the security patch.

You can see the full list of fixes below, and the whole diff between 5.8.4 and 5.8.5 on GitHub. The full release notes for Laravel 5.8 are available in the GitHub 5.8 changelog:

#v5.8.5

#Added

• Added Illuminate\Database\DatabaseManager::setReconnector() (#27845)
• Added Illuminate\Auth\Access\Gate::none() (#27859)
• Added OtherDeviceLogout event (#27865, 5e87f2d)
• Added even and odd flags to the Loop variable in the blade (#27883)

#Changed

• Add replacement for lower danish æ (#27886)
• Show error message from exception, if message exist for 403.blade.php and 503.blade.php error (#27893, #27902)

#Fixed

• Fixed seeding logic in Arr::shuffle() (#27861)
• Fixed Illuminate\Database\Query\Builder::updateOrInsert() with empty $values (#27906)
• Fixed Application::getNamespace() method (#27915)
• Fixed of store previous url (#27935, 791992e)

#Security

• Changed Validation\Rules\Unique.php (da4d4a4). You can read more here