Laravel 6.4 Released

The Laravel team released v6.4 this week with a password reset security fix and the latest new features:

First, a security fix related to password resets was contributed. The fix throttles users to only creating one password reset record every 60 seconds. This prevents attackers from submitting many password requests that will flood users’ email. You can see the commits in 23041e9 and a934160.

Next, a missing() method was added to the Request class to check for the inverse of has():

// Before
if (! $request->has('foo')) {
    //
}
 
// using missing
if ($request->missing('foo')) {
    //
}

Next, a pipes() getter in the Pipeline class (instead of using the $pipes property directly) allows for more dynamic pipelines:

class BackupAction extends Pipeline
{
    protected function pipes(): array
    {
        return config('actions.backup.tasks', [
            Tasks\SetupPassable::class,
            Tasks\CreateTemporaryDirectory::class,
            Tasks\PrepareFilesToBackup::class,
            Tasks\CreateZipBackupFile::class,
            Tasks\MoveZipArchiveToDisks::class,
            Tasks\SendNotification::class,
        ]);
    }
}

Last, a new assertCreated() convenience method enables you to assert for a 201 response status code:

// Instead of the following
$response->assertStatus(Response::HTTP_CREATED);
 
// A convenient 201 assertion
$response->assertCreated();

You can see the full list of new features and updates below, and the whole diff between 6.3.0 and 6.4.0 on GitHub. The full release notes for Laravel 6.0 are available in the GitHub v6 changelog:

#v6.4.0

#Added

• Added missing() method to Request class (#30320)
• Added Pipeline::pipes() method (#30346)
• Added TestResponse::assertCreated() method (#30368)

#Changed

• Added connection is no longer usable to DetectsLostConnections (#30362)
• Implemented parse ID on find method for many to many relation (#30359)
• Improvements on subqueries (#30307, 3f3b621)
• Pass mail data to theme css in Markdown::render() method (#30376)
• Handle ajax requests in RequirePassword middleware (#30390, 331c354)

#Fixed

• Fixed retry() with $times value less then 1 (#30356)
• Fixed last_modified option in SetCacheHeader (#30335)
• Fixed the Filesystem manager’s exception on unsupported driver (#30331, #30369)
• Fixed shouldQueue() check for bound event listeners (#30378)
• Used exit code 1 when migration table not found (#30321)
• Alleviate breaking change introduced by password confirm feature (#30389)

#Security:

• Password Reset Security fix (23041e9, a934160)