Laravel 6.4 Released
Published on by Paul Redmond
The Laravel team released v6.4 this week with a password reset security fix and the latest new features:
First, a security fix related to password resets was contributed. The fix throttles users to only creating one password reset record every 60 seconds. This prevents attackers from submitting many password requests that will flood users’ email. You can see the commits in 23041e9 and a934160.
Next, a missing()
method was added to the Request
class to check for the inverse of has()
:
// Beforeif (! $request->has('foo')) { //} // using missingif ($request->missing('foo')) { //}
Next, a pipes()
getter in the Pipeline
class (instead of using the $pipes
property directly) allows for more dynamic pipelines:
class BackupAction extends Pipeline{ protected function pipes(): array { return config('actions.backup.tasks', [ Tasks\SetupPassable::class, Tasks\CreateTemporaryDirectory::class, Tasks\PrepareFilesToBackup::class, Tasks\CreateZipBackupFile::class, Tasks\MoveZipArchiveToDisks::class, Tasks\SendNotification::class, ]); }}
Last, a new assertCreated()
convenience method enables you to assert for a 201
response status code:
// Instead of the following$response->assertStatus(Response::HTTP_CREATED); // A convenient 201 assertion$response->assertCreated();
You can see the full list of new features and updates below, and the whole diff between 6.3.0 and 6.4.0 on GitHub. The full release notes for Laravel 6.0 are available in the GitHub v6 changelog:
v6.4.0
Added
- Added
missing()
method toRequest
class (#30320) - Added
Pipeline::pipes()
method (#30346) - Added
TestResponse::assertCreated()
method (#30368)
Changed
- Added
connection is no longer usable
toDetectsLostConnections
(#30362) - Implemented parse ID on find method for many to many relation (#30359)
- Improvements on subqueries (#30307, 3f3b621)
- Pass mail data to theme css in
Markdown::render()
method (#30376) - Handle ajax requests in RequirePassword middleware (#30390, 331c354)
Fixed
- Fixed
retry()
with$times
value less then 1 (#30356) - Fixed
last_modified
option inSetCacheHeader
(#30335) - Fixed the Filesystem manager’s exception on unsupported driver (#30331, #30369)
- Fixed
shouldQueue()
check for bound event listeners (#30378) - Used exit code
1
when migration table not found (#30321) - Alleviate breaking change introduced by password confirm feature (#30389)