CakePHP is a rapid development framework that uses well-known design patterns such as ActiveRecord, Association Data Mapping, Front Controller, and MVC. The main goal of the project is to provide PHP developers at all levels who can quickly develop robust web applications without losing flexibility.
CakePHP 4.0.6 is now released. This is the maintenance version of the 4.0 branch. It fixes some problems reported by the community and low-risk security issues in the CSRF protection middleware. The specific updates are as follows:
Bugfixes
- In this version, the generated token contains an HMAC signed with Security.salt. This ensures that the token was generated by the same application that received the token. CSRF tokens generated in earlier versions will now be rejected by 4.0.6 because they do not contain HMAC.
- Improved session access in IntegrationTestTrait with new getTestSession () method.
- Fix / Pagination link on URLs.
- Cake plugin unloading and Cake plugin loading can now handle plugins from vendor namespaces.
- Validation :: inList () no longer warns about non-scalar values.
- Now, in case-sensitive configuration, the architecture reflection stored procedure in SQLServer can work.
- When the length of the line is the same as the length of the line break, the email line break no longer issues an error.
- App :: path () can now parse the locale file of the plugin.
Release notes: https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html