For LTS releases, such as Laravel 5.1, bug fixes are provided for 2 years and security fixes are provided for 3 years. These releases provide the longest window of support and maintenance.
For general releases, bug fixes are provided for 6 months and security fixes are provided for 1 year.
Laravel 5.1.4 introduces simple login throttling to the framework. Consult the authentication documentation for more information.
Laravel 5.1 continues the improvements made in Laravel 5.0 by adopting PSR-2 and adding event broadcasting, middleware parameters, Artisan improvements, and more.
Since PHP 5.4 will enter "end of life" in September and will no longer receive security updates from the PHP development team, Laravel 5.1 requires PHP 5.5.9 or greater. PHP 5.5.9 allows compatibility with the latest versions of popular PHP libraries such as Guzzle and the AWS SDK.
Laravel 5.1 is the first release of Laravel to receive long term support. Laravel 5.1 will receive bug fixes for 2 years and security fixes for 3 years. This support window is the largest ever provided for Laravel and provides stability and peace of mind for larger, enterprise clients and customers.
The PSR-2 coding style guide has been adopted as the default style guide for the Laravel framework. Additionally, all generators have been updated to generate PSR-2 compatible syntax.
Every page of the Laravel documentation has been meticulously reviewed and dramatically improved. All code examples have also been reviewed and expanded to provide more relevance and context.
In many modern web applications, web sockets are used to implement real-time, live-updating user interfaces. When some data is updated on the server, a message is typically sent over a websocket connection to be handled by the client.
To assist you in building these types of applications, Laravel makes it easy to "broadcast" your events over a websocket connection. Broadcasting your Laravel events allows you to share the same event names between your server-side code and your client-side JavaScript framework.
To learn more about event broadcasting, check out the event documentation.
Middleware can now receive additional custom parameters. For example, if your application needs to verify that the authenticated user has a given "role" before performing a given action, you could create a RoleMiddleware
that receives a role name as an additional argument:
<?php
namespace App\Http\Middleware;
use Closure;
class RoleMiddleware
{
/**
* Run the request filter.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $role
* @return mixed
*/
public function handle($request, Closure $next, $role)
{
if (! $request->user()->hasRole($role)) {
// Redirect...
}
return $next($request);
}
}
Middleware parameters may be specified when defining the route by separating the middleware name and parameters with a :
. Multiple parameters should be delimited by commas:
Route::put('post/{id}', ['middleware' => 'role:editor', function ($id) {
//
}]);
For more information on middleware, check out the middleware documentation.
The built-in testing capabilities of Laravel have been dramatically improved. A variety of new methods provide a fluent, expressive interface for interacting with your application and examining its responses. For example, check out the following test:
public function testNewUserRegistration()
{
$this->visit('/register')
->type('Taylor', 'name')
->check('terms')
->press('Register')
->seePageIs('/dashboard');
}
For more information on testing, check out the testing documentation.
Laravel now ships with an easy way to create stub Eloquent models using model factories. Model factories allow you to easily define a set of "default" attributes for your Eloquent model, and then generate test model instances for your tests or database seeds. Model factories also take advantage of the powerful Faker PHP library for generating random attribute data:
$factory->define(App\User::class, function ($faker) {
return [
'name' => $faker->name,
'email' => $faker->email,
'password' => str_random(10),
'remember_token' => str_random(10),
];
});
For more information on model factories, check out the documentation.
Artisan commands may now be defined using a simple, route-like "signature", which provides an extremely simple interface for defining command line arguments and options. For example, you may define a simple command and its options like so:
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'email:send {user} {--force}';
For more information on defining Artisan commands, consult the Artisan documentation.
To better express intent, the app/Commands
directory has been renamed to app/Jobs
. Additionally, the app/Handlers
directory has been consolidated into a single app/Listeners
directory which simply contains event listeners. However, this is not a breaking change and you are not required to update to the new folder structure to use Laravel 5.1.
In previous versions of Laravel, encryption was handled by the mcrypt
PHP extension. However, beginning in Laravel 5.1, encryption is handled by the openssl
extension, which is more actively maintained.
Laravel 5.0 introduces a fresh application structure to the default Laravel project. This new structure serves as a better foundation for building a robust application in Laravel, as well as embraces new auto-loading standards (PSR-4) throughout the application. First, let's examine some of the major changes:
The old app/models
directory has been entirely removed. Instead, all of your code lives directly within the app
folder, and, by default, is organized to the App
namespace. This default namespace can be quickly changed using the new app:name
Artisan command.
Controllers, middleware, and requests (a new type of class in Laravel 5.0) are now grouped under the app/Http
directory, as they are all classes related to the HTTP transport layer of your application. Instead of a single, flat file of route filters, all middleware are now broken into their own class files.
A new app/Providers
directory replaces the app/start
files from previous versions of Laravel 4.x. These service providers provide various bootstrapping functions to your application, such as error handling, logging, route loading, and more. Of course, you are free to create additional service providers for your application.
Application language files and views have been moved to the resources
directory.
All major Laravel components implement interfaces which are located in the illuminate/contracts
repository. This repository has no external dependencies. Having a convenient, centrally located set of interfaces you may use for decoupling and dependency injection will serve as an easy alternative option to Laravel Facades.
For more information on contracts, consult the full documentation.
If your application is made up entirely of controller routes, you may utilize the new route:cache
Artisan command to drastically speed up the registration of your routes. This is primarily useful on applications with 100+ routes and will drastically speed up this portion of your application.
In addition to Laravel 4 style route "filters", Laravel 5 now supports HTTP middleware, and the included authentication and CSRF "filters" have been converted to middleware. Middleware provides a single, consistent interface to replace all types of filters, allowing you to easily inspect, and even reject, requests before they enter your application.
For more information on middleware, check out the documentation.
In addition to the existing constructor injection, you may now type-hint dependencies on controller methods. The service container will automatically inject the dependencies, even if the route contains other parameters:
public function createPost(Request $request, PostRepository $posts)
{
//
}
User registration, authentication, and password reset controllers are now included out of the box, as well as simple corresponding views, which are located at resources/views/auth
. In addition, a "users" table migration has been included with the framework. Including these simple resources allows rapid development of application ideas without bogging down on authentication boilerplate. The authentication views may be accessed on the auth/login
and auth/register
routes. The App\Services\Auth\Registrar
service is responsible for user validation and creation.
You may now define events as objects instead of simply using strings. For example, check out the following event:
<?php
class PodcastWasPurchased
{
public $podcast;
public function __construct(Podcast $podcast)
{
$this->podcast = $podcast;
}
}
The event may be dispatched like normal:
Event::fire(new PodcastWasPurchased($podcast));
Of course, your event handler will receive the event object instead of a list of data:
<?php
class ReportPodcastPurchase
{
public function handle(PodcastWasPurchased $event)
{
//
}
}
For more information on working with events, check out the full documentation.
In addition to the queue job format supported in Laravel 4, Laravel 5 allows you to represent your queued jobs as simple command objects. These commands live in the app/Commands
directory. Here's a sample command:
<?php
class PurchasePodcast extends Command implements SelfHandling, ShouldBeQueued
{
use SerializesModels;
protected $user, $podcast;
/**
* Create a new command instance.
*
* @return void
*/
public function __construct(User $user, Podcast $podcast)
{
$this->user = $user;
$this->podcast = $podcast;
}
/**
* Execute the command.
*
* @return void
*/
public function handle()
{
// Handle the logic to purchase the podcast...
event(new PodcastWasPurchased($this->user, $this->podcast));
}
}
The base Laravel controller utilizes the new DispatchesCommands
trait, allowing you to easily dispatch your commands for execution:
$this->dispatch(new PurchasePodcastCommand($user, $podcast));
Of course, you may also use commands for tasks that are executed synchronously (are not queued). In fact, using commands is a great way to encapsulate complex tasks your application needs to perform. For more information, check out the command bus documentation.
A database
queue driver is now included in Laravel, providing a simple, local queue driver that requires no extra package installation beyond your database software.
In the past, developers have generated a Cron entry for each console command they wished to schedule. However, this is a headache. Your console schedule is no longer in source control, and you must SSH into your server to add the Cron entries. Let's make our lives easier. The Laravel command scheduler allows you to fluently and expressively define your command schedule within Laravel itself, and only a single Cron entry is needed on your server.
It looks like this:
$schedule->command('artisan:command')->dailyAt('15:00');
Of course, check out the full documentation to learn all about the scheduler!
The php artisan tinker
command now utilizes Psysh by Justin Hileman, a more robust REPL for PHP. If you liked Boris in Laravel 4, you're going to love Psysh. Even better, it works on Windows! To get started, just try:
php artisan tinker
Instead of a variety of confusing, nested environment configuration directories, Laravel 5 now utilizes DotEnv by Vance Lucas. This library provides a super simple way to manage your environment configuration, and makes environment detection in Laravel 5 a breeze. For more details, check out the full configuration documentation.
Laravel Elixir, by Jeffrey Way, provides a fluent, expressive interface to compiling and concatenating your assets. If you've ever been intimidated by learning Grunt or Gulp, fear no more. Elixir makes it a cinch to get started using Gulp to compile your Less, Sass, and CoffeeScript. It can even run your tests for you!
For more information on Elixir, check out the full documentation.
Laravel Socialite is an optional, Laravel 5.0+ compatible package that provides totally painless authentication with OAuth providers. Currently, Socialite supports Facebook, Twitter, Google, and GitHub. Here's what it looks like:
public function redirectForAuth()
{
return Socialize::with('twitter')->redirect();
}
public function getUserFromProvider()
{
$user = Socialize::with('twitter')->user();
}
No more spending hours writing OAuth authentication flows. Get started in minutes! The full documentation has all the details.
Laravel now includes the powerful Flysystem filesystem abstraction library, providing pain free integration with local, Amazon S3, and Rackspace cloud storage - all with one, unified and elegant API! Storing a file in Amazon S3 is now as simple as:
Storage::put('file.txt', 'contents');
For more information on the Laravel Flysystem integration, consult the full documentation.
Laravel 5.0 introduces form requests, which extend the Illuminate\Foundation\Http\FormRequest
class. These request objects can be combined with controller method injection to provide a boiler-plate free method of validating user input. Let's dig in and look at a sample FormRequest
:
<?php
namespace App\Http\Requests;
class RegisterRequest extends FormRequest
{
public function rules()
{
return [
'email' => 'required|email|unique:users',
'password' => 'required|confirmed|min:8',
];
}
public function authorize()
{
return true;
}
}
Once the class has been defined, we can type-hint it on our controller action:
public function register(RegisterRequest $request)
{
var_dump($request->input());
}
When the Laravel service container identifies that the class it is injecting is a FormRequest
instance, the request will automatically be validated. This means that if your controller action is called, you can safely assume the HTTP request input has been validated according to the rules you specified in your form request class. Even more, if the request is invalid, an HTTP redirect, which you may customize, will automatically be issued, and the error messages will be either flashed to the session or converted to JSON. Form validation has never been more simple. For more information on FormRequest
validation, check out the documentation.
The Laravel 5 base controller now includes a ValidatesRequests
trait. This trait provides a simple validate
method to validate incoming requests. If FormRequests
are a little too much for your application, check this out:
public function createPost(Request $request)
{
$this->validate($request, [
'title' => 'required|max:255',
'body' => 'required',
]);
}
If the validation fails, an exception will be thrown and the proper HTTP response will automatically be sent back to the browser. The validation errors will even be flashed to the session! If the request was an AJAX request, Laravel even takes care of sending a JSON representation of the validation errors back to you.
For more information on this new method, check out the documentation.
To complement the new default application structure, new Artisan generator commands have been added to the framework. See php artisan list
for more details.
You may now cache all of your configuration in a single file using the config:cache
command.
The popular dd
helper function, which dumps variable debug information, has been upgraded to use the amazing Symfony VarDumper. This provides color-coded output and even collapsing of arrays. Just try the following in your project:
dd([1, 2, 3]);
The full change list for this release by running the php artisan changes
command from a 4.2 installation, or by viewing the change file on Github. These notes only cover the major enhancements and changes for the release.
Note: During the 4.2 release cycle, many small bug fixes and enhancements were incorporated into the various Laravel 4.1 point releases. So, be sure to check the change list for Laravel 4.1 as well!
Laravel 4.2 requires PHP 5.4 or greater. This upgraded PHP requirement allows us to use new PHP features such as traits to provide more expressive interfaces for tools like Laravel Cashier. PHP 5.4 also brings significant speed and performance improvements over PHP 5.3.
Laravel Forge, a new web based application, provides a simple way to create and manage PHP servers on the cloud of your choice, including Linode, DigitalOcean, Rackspace, and Amazon EC2. Supporting automated Nginx configuration, SSH key access, Cron job automation, server monitoring via NewRelic & Papertrail, "Push To Deploy", Laravel queue worker configuration, and more, Forge provides the simplest and most affordable way to launch all of your Laravel applications.
The default Laravel 4.2 installation's app/config/database.php
configuration file is now configured for Forge usage by default, allowing for more convenient deployment of fresh applications onto the platform.
More information about Laravel Forge can be found on the official Forge website.
Laravel Homestead is an official Vagrant environment for developing robust Laravel and PHP applications. The vast majority of the boxes' provisioning needs are handled before the box is packaged for distribution, allowing the box to boot extremely quickly. Homestead includes Nginx 1.6, PHP 5.6, MySQL, Postgres, Redis, Memcached, Beanstalk, Node, Gulp, Grunt, & Bower. Homestead includes a simple Homestead.yaml
configuration file for managing multiple Laravel applications on a single box.
The default Laravel 4.2 installation now includes an app/config/local/database.php
configuration file that is configured to use the Homestead database out of the box, making Laravel initial installation and configuration more convenient.
The official documentation has also been updated to include Homestead documentation.
Laravel Cashier is a simple, expressive library for managing subscription billing with Stripe. With the introduction of Laravel 4.2, we are including Cashier documentation along with the main Laravel documentation, though installation of the component itself is still optional. This release of Cashier brings numerous bug fixes, multi-currency support, and compatibility with the latest Stripe API.
The Artisan queue:work
command now supports a --daemon
option to start a worker in "daemon mode", meaning the worker will continue to process jobs without ever re-booting the framework. This results in a significant reduction in CPU usage at the cost of a slightly more complex application deployment process.
More information about daemon queue workers can be found in the queue documentation.
Laravel 4.2 introduces new Mailgun and Mandrill API drivers for the Mail
functions. For many applications, this provides a faster and more reliable method of sending e-mails than the SMTP options. The new drivers utilize the Guzzle 4 HTTP library.
A much cleaner architecture for "soft deletes" and other "global scopes" has been introduced via PHP 5.4 traits. This new architecture allows for the easier construction of similar global traits, and a cleaner separation of concerns within the framework itself.
More information on the new SoftDeletingTrait
may be found in the Eloquent documentation.
The default Laravel 4.2 installation now uses simple traits for including the needed properties for the authentication and password reminder user interfaces. This provides a much cleaner default User
model file out of the box.
A new simplePaginate
method was added to the query and Eloquent builder which allows for more efficient queries when using simple "Next" and "Previous" links in your pagination view.
In production, destructive migration operations will now ask for confirmation. Commands may be forced to run without any prompts using the --force
command.
The full change list for this release by running the php artisan changes
command from a 4.1 installation, or by viewing the change file on Github. These notes only cover the major enhancements and changes for the release.
An entirely new SSH
component has been introduced with this release. This feature allows you to easily SSH into remote servers and run commands. To learn more, consult the SSH component documentation.
The new php artisan tail
command utilizes the new SSH component. For more information, consult the tail
command documentation.
The php artisan tinker
command now utilizes the Boris REPL if your system supports it. The readline
and pcntl
PHP extensions must be installed to use this feature. If you do not have these extensions, the shell from 4.0 will be used.
A new hasManyThrough
relationship has been added to Eloquent. To learn how to use it, consult the Eloquent documentation.
A new whereHas
method has also been introduced to allow retrieving models based on relationship constraints.
Automatic handling of separate read / write connections is now available throughout the database layer, including the query builder and Eloquent. For more information, consult the documentation.
Queue priorities are now supported by passing a comma-delimited list to the queue:listen
command.
The queue facilities now include automatic handling of failed jobs when using the new --tries
switch on queue:listen
. More information on handling failed jobs can be found in the queue documentation.
Cache "sections" have been superseded by "tags". Cache tags allow you to assign multiple "tags" to a cache item, and flush all items assigned to a single tag. More information on using cache tags may be found in the cache documentation.
The password reminder engine has been changed to provide greater developer flexibility when validating passwords, flashing status messages to the session, etc. For more information on using the enhanced password reminder engine, consult the documentation.
Laravel 4.1 features a totally re-written routing layer. The API is the same; however, registering routes is a full 100% faster compared to 4.0. The entire engine has been greatly simplified, and the dependency on Symfony Routing has been minimized to the compiling of route expressions.
With this release, we're also introducing an entirely new session engine. Similar to the routing improvements, the new session layer is leaner and faster. We are no longer using Symfony's (and therefore PHP's) session handling facilities, and are using a custom solution that is simpler and easier to maintain.
If you are using the renameColumn
function in your migrations, you will need to add the doctrine/dbal
dependency to your composer.json
file. This package is no longer included in Laravel by default.