Slim
https://github.com/slimphp/Slim
Total issues resolved: 27
- 3180: Declare types thanks to @nbayramberdiyev
- 3181: Update laminas/laminas-diactoros requirement from ^2.8 to ^2.9 thanks to @dependabot[bot]
- 3182: Update guzzlehttp/psr7 requirement from ^2.1 to ^2.2 thanks to @dependabot[bot]
- 3183: Update phpstan/phpstan requirement from ^1.4 to ^1.5 thanks to @dependabot[bot]
- 3184: Update adriansuter/php-autoload-override requirement from ^1.2 to ^1.3 thanks to @dependabot[bot]
- 3189: Update phpstan/phpstan requirement from ^1.5 to ^1.6 thanks to @dependabot[bot]
- 3191: Adding property types to Middleware classes thanks to @ashleycoles
- 3193: Handlers types thanks to @ashleycoles
- 3194: Adding types to AbstractErrorRenderer thanks to @ashleycoles
- 3195: Adding prop types for Exception classes thanks to @ashleycoles
- 3196: Adding property type declarations for Factory classes thanks to @ashleycoles
- 3197: Remove redundant docblock types thanks to @theodorejb
- 3199: Update laminas/laminas-diactoros requirement from ^2.9 to ^2.11 thanks to @dependabot[bot]
- 3200: Update phpstan/phpstan requirement from ^1.6 to ^1.7 thanks to @dependabot[bot]
- 3205: Update guzzlehttp/psr7 requirement from ^2.2 to ^2.4 thanks to @dependabot[bot]
- 3206: Update squizlabs/php_codesniffer requirement from ^3.6 to ^3.7 thanks to @dependabot[bot]
- 3207: Update phpstan/phpstan requirement from ^1.7 to ^1.8 thanks to @dependabot[bot]
- 3211: Assign null coalescing to coalesce equal thanks to @MathiasReker
- 3213: Void return thanks to @MathiasReker
- 3214: Is null thanks to @MathiasReker
- 3216: Refactor thanks to @mehdihasanpour
- 3218: Refactor some code thanks to @mehdihasanpour
- 3221: Cleanup thanks to @mehdihasanpour
- 3225: Update laminas/laminas-diactoros requirement from ^2.11 to ^2.14 thanks to @dependabot[bot]
- 3228: Using assertSame to let assert equal be restricted thanks to @peter279k
- 3229: Update laminas/laminas-diactoros requirement from ^2.14 to ^2.17 thanks to @dependabot[bot]
- 3235: Persist routes indexed by name in RouteCollector for improved performance. thanks to @BusterNeece
Total issues resolved: 5
- 2906: Fix #2890 thanks to @t0mmy742
- 3042: Allow "none" as SameSite value in cookies thanks to @arneee
- 3092: Don't use libxml_disable_entity_loader when deprecated thanks to @iansltx
- 3117: Add tests workflow to 3.x branch thanks to @l0gicgate
- 3186: Fix PHP 8.1 incompatibilities thanks to @barasimumatik
- 3120: Add a new PSR-17 factory to Psr17FactoryProvider thanks to @solventt
- 3123: Replace deprecated setMethods() in tests thanks to @solventt
- 3126: Update guzzlehttp/psr7 requirement from ^2.0 to ^2.1 thanks to @dependabot[bot]
- 3127: PHPStan v1.0 thanks to @t0mmy742
- 3128: Update phpstan/phpstan requirement from ^1.0 to ^1.2 thanks to @dependabot[bot]
- 3129: Deprecate PHP 7.3 thanks to @l0gicgate
- 3130: Removed double defined PHP 7.4 thanks to @flangofas
- 3132: Add new
RequestResponseNamedArgs
route strategy thanks to @adoy - 3133: Improve typehinting for
RouteParserInterface
thanks to @jerowork - 3135: Update phpstan/phpstan requirement from ^1.2 to ^1.3 thanks to @dependabot[bot]
- 3137: Update phpspec/prophecy requirement from ^1.14 to ^1.15 thanks to @dependabot[bot]
- 3138: Update license year thanks to @Awilum
- 3139: Fixed #1730 (reintroduced in 4.x) thanks to @adoy
- 3145: Update phpstan/phpstan requirement from ^1.3 to ^1.4 thanks to @dependabot[bot]
- 3146: Inherit HttpException from RuntimeException thanks to @nbayramberdiyev
- 3148: Upgrade to HTML5 thanks to @nbayramberdiyev
- 3172: Update nyholm/psr7 requirement from ^1.4 to ^1.5 thanks to @dependabot[bot]
Total issues resolved: 12
- 3058: Implement exception class for Gone Http error thanks to @TheKernelPanic
- 3086: Update slim/psr7 requirement from ^1.3 to ^1.4 thanks to @dependabot[bot]
- 3087: Update nyholm/psr7-server requirement from ^1.0.1 to ^1.0.2 thanks to @dependabot[bot]
- 3093: Update phpstan/phpstan requirement from ^0.12.85 to ^0.12.90 thanks to @dependabot[bot]
- 3099: Allow updated psr log thanks to @t0mmy742
- 3104: Drop php7.2 thanks to @t0mmy742
- 3106: Use PSR-17 factory from Guzzle/psr7 2.0 thanks to @t0mmy742
- 3108: Update README file thanks to @t0mmy742
- 3112: Update laminas/laminas-diactoros requirement from ^2.6 to ^2.8 thanks to @dependabot[bot]
- 3114: Update slim/psr7 requirement from ^1.4 to ^1.5 thanks to @dependabot[bot]
- 3115: Update phpstan/phpstan requirement from ^0.12.96 to ^0.12.99 thanks to @dependabot[bot]
- 3116: Remove Zend Diactoros references thanks to @l0gicgate
Total issues resolved: 15
- 3034: Fix phpunit dependency version thanks to @l0gicgate
- 3037: Replace Travis by GitHub Actions thanks to @t0mmy742
- 3043: Cover App creation from AppFactory with empty Container thanks to @t0mmy742
- 3045: Update phpstan/phpstan requirement from ^0.12.58 to ^0.12.64 thanks to @dependabot-preview[bot]
- 3047: documentation: min php 7.2 required thanks to @Rotzbua
- 3054: Update phpstan/phpstan requirement from ^0.12.64 to ^0.12.70 thanks to @dependabot-preview[bot]
- 3056: Fix docblock in ErrorMiddleware thanks to @piotr-cz
- 3060: Update phpstan/phpstan requirement from ^0.12.70 to ^0.12.80 thanks to @dependabot-preview[bot]
- 3061: Update nyholm/psr7 requirement from ^1.3 to ^1.4 thanks to @dependabot-preview[bot]
- 3063: Allow ^1.0 || ^2.0 in psr/container thanks to @Ayesh
- 3069: Classname/Method Callable Arrays thanks to @ddrv
- 3078: Update squizlabs/php_codesniffer requirement from ^3.5 to ^3.6 thanks to @dependabot[bot]
- 3079: Update phpspec/prophecy requirement from ^1.12 to ^1.13 thanks to @dependabot[bot]
- 3080: Update guzzlehttp/psr7 requirement from ^1.7 to ^1.8 thanks to @dependabot[bot]
- 3082: Update phpstan/phpstan requirement from ^0.12.80 to ^0.12.85 thanks to @dependabot[bot]
Total issues resolved: 4
- 3029: weirdan/prophecy-shim must be a dev requirement thanks to @j0k3r
- 3030: Update phpunit/phpunit requirement from ^8.5 || ^9.3 to ^8.5.13 thanks to @dependabot-preview[bot]
- 3031: Update phpstan/phpstan requirement from ^0.12.54 to ^0.12.58 thanks to @dependabot-preview[bot]
- 3032: Update nyholm/psr7-server requirement from ^1.0.0 to ^1.0.1 thanks to @dependabot-preview[bot]
Total issues resolved: 2
- 2880: Remove phpdoc inheritdoc override thanks to @adriansuter
- 2885: Replace abandoned
container-interop/container-interop
package withpsr/container
thanks to @Ayesh
Total issues resolved: 8
- 2572: Add initial MAINTAINERS document thanks to @akrabat
- 2576: make sure HEAD requests do not return a body thanks to @lordrhodos
- 2586: Fix for #2568 thanks to @l0gicgate
- 2609: Fix incorrect return type hints on NotFound handler thanks to @rbairwell
- 2619: Update copyright year to 2019 thanks to @odan
- 2625: Remove references to unused EnvironmentInterface thanks to @jdrieghe
- 2629: Remove charset=utf-8 parameter from withJson() method thanks to @l0gicgate
- 2630: Remove
; charset=utf-8
from Response::withJson() thanks to @chadicus
Total issues resolved: 7
- 2505: Add PHPStan (config) and some fixes thanks to @tersmitten
- 2519: Added getBasePath method to Router thanks to @chantron
- 2520: Put HeaderStackTestAsset into Slim\Tests\Asset namespace thanks to @akrabat
- 2528: Update route group $callable parameter type thanks to @ugokoli
- 2532: Test with PHP 7.3 thanks to @tuupola
- 2543: Ensure PSR-7 stream read() is called with an int argument per spec thanks to @soren121
- 2558: Bug fix: Ensure integer is passed to read() thanks to @farpat
Total issues resolved: 15
- 2429: Added StatusCode class thanks to @Dmitry-Kucher
- 2431: Bug fix: Reset Route arguments for each call thanks to @mathmarques
- 2434: 308 is also a redirect code thanks to @sjinks
- 2439: Update docbock for Request::getParam() second param's type thanks to @hhovakimyan
- 2441: Bug fix: Replace header when sending first one of each header thanks to @akrabat
- 2447: array_merge was re-indexing arrays with numerical index thanks to @yolcuiskender
- 2448: Fix typo for testRenderHtmlExceptionOrErrorTypeChecksParameter thanks to @minchao
- 2449: Bug Fix: Make string comparison more strict in Slim\Http\Uri class thanks to @nyamsprod
- 2457: Upgrade .editorconfig thanks to @voyula
- 2463: Update composer.json thanks to @voyula
- 2466: Bug fix: Replace incorrect sprintf placeholders with default placeholders thanks to @llvdl
- 2471: Bug fix: Replace remaining incorrect sprintf placeholders thanks to @llvdl
- 2484: Allow chaining in Route::setOutputBuffering thanks to @piotr-cz
- 2485: Add tests for the return value of Route::setArgument and Route::setArguments methods thanks to @piotr-cz
- 2487: Bug Fix: Pick port defaults depending if the host was in HTTP_HOST or SERVER thanks to @lornajane
Total issues resolved: 8
- 2357: Fix minor issue in SmallChunksStream mock - Dev
- 2360: Fix example in README
- 2361: Use assertInternalType - Dev
- 2369: Test against PHP 7.2 - Dev
- 2388: Allow SameSite flag to be used in cookies
- 2397: Remove testing of hhvm - Dev
- 2411: Bug fix: Stop Slim overwriting Host header if it's defined
- 2426: Add a redirect() route shortcut, 3.x edition
Total issues resolved: 1
Total issues resolved: 8
- 2331: Update/add links to license (3.x)
- 2332: Fixed regression, removing user info with Uri::withUserInfo('') is not clearing password anymore
- 2337: Fix output buffering issue that was creating a risky test in PHPUnit.
- 2342: Regex simplification in CallableResolver
- 2345: Set status to 302 if Location header set
- 2351: Test for #2332
- 2353: Update CONTRIBUTING doc to drop reference to non-existent branch
- 2354: Fix nit typo
Total issues resolved: 20
- 2183: (dev) Fixed README badges on 3.x
- 2186: (dev) Fix travis for 3.x branch
- 2187: Allow all HTTP valid methods on 3.x
- 2213: ipv6 address without port generates warning
- 2216: determineAuthorization(): HTTP_AUTHORIZATION may be null or an empty string
- 2244: Adding plain not found response for OPTIONS requests
- 2250: Add
only
restriction to getParams() - 2257: Unused MethodNotAllowedException in Request Class
- 2270: Error handlers should respect
outputBuffering
setting - 2273: Add setOutputBuffering() to RouteInterface
- 2275: Added
setOutputBuffering()
toRouteInterface.php
- 2283: (dev) Fix typos in variable names
- 2286: Track only the stack tip in MiddlewareAwareTrait
- 2287: Make OPTIONS rendering clearer
- 2292: (dev) Fix typo in comment
- 2298: Support HTTP "2" as a valid protocol version (i.e no minor version)
- 2302: Pass $app to group() so invokable classes can be used
- 2309: Send correct status code regardless of location header
- 2323: Add 443 as SERVER_PORT(default) when request is https
- 2327: Encode user info
Total issues resolved: 1
Total issues resolved: 17
- 1946: Fix url mismatch when the base path contains a space
- 2066: Improve request parsing with invalid json
- 2110: Cleanup CallableResolver
- 2117: Addressing PHP 7.1 build issues
- 2119: Update docblocks for route arguments
- 2121: Support rendering Exceptions with previous Errors
- 2122: Handle invalid XML better
- 2126: Ensure Request::withUri preserves host correctly
- 2132: Added pragmatic example in code example into README.md
- 2134: As per PSR-7, type hint @return static
- 2136: updated consistent name request and response in MiddlewareAwareTrait
- 2137: updated missing phpdoc in Routable
- 2141: Call not-found/bad-method handlers on invalid HTTP method
- 2143: Fixed HTTP EOL
- 2146: Allowing use of PSR-11 containers
- 2150: Fix typo of getParams() phpdoc
- 2164: Update DocBlock
Total issues resolved: 8
Total issues resolved: 15
- 1954: Fix phpdoc for createRoute function in Router
- 1956: Add getServerParam method
- 1957: Fix getCookieParam() phpdoc error
- 1963: Related to #1962. Implementation with UnitTest
- 1975: Ensure withJson returns a new Response
- 1978: replaced deprecated getMock calls with getMockBuilder equivalents.
- 1984: Fix Issue #1983: Throwable exception uncaught in Route.php
- 1998: Update .gitattributes
- 2006: Remove unused property-reads
- 2007: Bug-fix for router
- 2011: Whitespace cleanup
- 2013: Update README with new support forum link
- 2014: Add more status codes
- 2017: Test with PHP 7.1 but allow failures
- 2034: Reuse getParsedBodyParam for determining method override in POST body.
A few useful bug fixes in this release including the ability to read the ‘Authorization’ header without tweaking .htaccess files or manually looking in getallheaders()!
We have also added getCookieParam() to the Request class. Also this release continues our efforts to improve the unit test coverage of the framework.
Total issues resolved: 17
- 1867: Fall back to getallheaders() when available
- 1872: gh-1838 added checks for pipe streams
- 1878: Added test for originalKey method in headers class
- 1879: Improved tests for Error handler
- 1882: Testing Router Methods
- 1883: Container converts not UnexpectedValueException but InvalidArgumentException
- 1884: Check if getReasonPhrase returns empty message
- 1885: Cookies tests improved
- 1889: Small fixes
- 1896: Env REQUEST_URI can contain query params.
- 1901: Move valid protocol versions to a class static var
- 1906: added a method to create Route instance
- 1907: Fix warning when failing to resolve callables of $class,$method format
- 1914: Add license docblock to DeferredCallable.php
- 1920: Added more tests for UploadedFiles
- 1925: Do not check streams with is_writable in UploadedFile::moveTo()
- 1929: Add getCookieParam method
3.4.1 had a BC break when handling errors where the acceptable media type listed in the Accept header wasn't the first one. This is now fixed.
Also, with this release, we set the App::VERSION
constant to the correct number.
Total issues resolved: 1
This releases fixes a infinite loop bug discovered in version 3.4.0 and also adds additional unit tests.
Total issues resolved: 5
Added
- 1749: Configurable FastRoute Caching
- 1781: Support structured suffix body parsers (+json/+xml)
- 1782: Support +json & +xml accept headers when creating error responses
- 1837: Add removeNamedRoute to Router and unit test
- 1844: #1669 added Routable::setPattern method
- 1848: Add
psr/http-message-implementation
to composer - 1856: Add option to remove content-length
Improved
- 1663: ContainerInterop compliance improvement
- 1830: Abstract handlers
- 1855: Update fast-route to stable version
Fixed
- 1846: #1836 count amount of bytes read instead of chunks
- 1859: Don't set http status code on withRedirect implicitly
- 1862: Do not clone response body while cloning response
The full list of changes is here
Added
- #1736 - Support the
hostOnly
cookie flag - #1764 - Write to the PHP error log if displayErrorDetails is false to make it easier to find out what's gone wrong!
- #1770 - Support PHP 7+ errors in the same way that Exceptions are handled.
Improved
- #1716 - Middleware is now only resolved when required.
- #1745 - Separate service registration from the container to make it easier to use your own Pimple container and then register the default Slim services.
Fixed
- #1733 & #1734 - Allow setting an empty array into the Request's query params and parsed body.
- #1737 - Do not explicitly set the HTTP status code in
withJson
. - #1738 - Named routes added after a call to
pathFor
can now be resolved in subsequent calls topathFor
. - #1739 - Responses with a body of indeterminate length can now have their content sent.
The full list of changes is here
This version makes a number of minor issues and improvements since the release of 3.0.0. The key changes are:
Added
- #1620 - Add
getParsedBodyParam()
andgetQueryParam()
toSlim\Http\Request
. - #1688 - Add
App::process()
to allow running a Slim application when you already have a request and response object. This allows a Slim application to be used within the middleware of another middleware pipeline. - #1697 - Add HTTP 451 status code to
Slim\Http\Response
.
Improved
- #1670 - Removed
final
fromSlim\Container
to allow extension. - #1684 -
withJson()
will now thrown an Exception if it fails to encode. - #1706 - Calling a non-existent method on
App
will now through an exception.
Fixed
- #1682 - Parse
REQUEST_URL
correctly inSlim\Http\Uri
. - #1698 -
Slim\Http\Request
now correctly determines the HTTP protocol version.
The full list of changes is here
This is the first stable release of Slim 3!
Changes since RC2
- #1643 - Revert detection of
Uri
's baseUrl so that routing of URLs of the form/foo/index.php/bar/baz
work again. - #1655 - Ensure that calling
$request->withMethod()
turns off detection of_METHOD
detection.
The full list of changes is here.
This release fixes a security issue, clears up some inconsistencies and fixes a number of bugs.
Security fix in 3.0.0-RC3:
- #1624 - XXE attacks are now prevented when parsing XML input.
BC breaks in 3.0.0-RC3:
These are the BC breaks since RC2:
- #1631 - The route callable is now bound to the Container rather than to the App to be consistent with middleware binding. This means that if you are using
$this->subRequest
then you now need touse ($app)
and then$app->subRequest(…)
. Also if you were using$this->getContainer()->get(…)
, you need to change this to$this->get(…)
. Note that using$this->foo
to retrieve a service from the container continues to work. - #1626 - Route paths are now simply concatentated with no magic. This may affect the way route groups were previously set up, but from now on, it's very predictable.
- #1625 - Group middleware is now executed before the route's middleware as you would expect. See issue #1622 for details.
The full list of changes is here.
BC breaks in 3.0.0-RC2:
- #1550 - The
MiddlewareTrait
'saddMiddleware()
method is now protected. Please use theadd()
method. - #1559 -
Request::getIp()
has been removed. Please use middleware such as rka-ip-address-middleware instead. - #1570 - Inspection of
X-Forwarded-Proto
andX-Forwarded-Host
headers inUri
have been removed. Please use middleware such as rka-scheme-and-host-detection-middleware instead.
New features in 3.0.0-RC2:
- #1509 - Slim 3's error handlers now only show exception information if you enable the
displayErrorDetails
setting. - #1552 - The router now has a new method called
internalPathFor()
for use withsubRequest()
. - We have adopted Glenn Eggleton's' PHP-View component for rendering using PHP view scripts.
The full list of changes is here
BC breaks in 3.0.0-RC1:
- #1489 -
getParsedBody()
will now return an array in all situations when JSON or form-urlencoded data is sent by the client. Previously, it returned an object when the content type was JSON. - #1457 - The Container can now be configured via an array passed into the
App
's constructor. Note that this means that your settings must now live in a sub-array called 'settings
'. - #1443 -
pathFor
now prepends the base path, making URLs easier to generate when you are running Slim within a subdirectory and removes the need to prepend withgetBaseUrl()
.
New features in 3.0.0-RC1:
- #1490 - Slim 3's error handlers now return JSON, XML or HTML as determined by the request's Accept header.
- #1488 - You can now disable Slim 3's error handler completely.
The full list of changes is here
Key changes since 3.0-beta1:
- #1425 - Slim 3 now requires PHP 5.5 or higher
- #1393, #1369 & #1354 - Various updates to our PSR-7 implementation, including a fix to allow the request body to be read more than once.
- #1345 - New
foundHandler
to change the signature of the route callable. By default the handler isRequestResponse
which creates callables with a signature offunction($request, $response, $args)
, but we also supply aRequestResponseArgs
handler with a callable signature offunction($request, $response, $routeParam1, $routeParam2)
. - #1343 - Ability to set default attributes on a route which can then be accessed within the route callable.
- #1362 - None of the factories in the container need to return a new instance to make it compatible with container-interop.
The full list of changes is here
- Update unit tests for JSON decoding session cookie data
- Update build status indicator in README file
- Escape HTML in PrettyExceptions message and stack trace
- Fixes object injection vulnerability in SessionCookie.php
- Added new HTTP status codes
- Added default HTTP request port for Google App Engine
- Improved URI parsing
- Miscellaneous improvements
You can review commits at https://github.com/slimphp/Slim/commits/master
redirectTo
You can now use redirectTo
when you want to redirect to a named route. redirectTo
is a shortcut for redirect(urlfor(..))
$app->get('/', function () {})->name('home');
$app->get('/home', function () use ($app) {
$app->redirectTo('home');
});
Route::via() and Route::appendHttpMethods()
Allow passing array of methods to via()
and appendHttpMethods()
$app->get('/', function () {
echo "This route only available on GET and POST requests";
})->via(array('GET', 'POST'));
Other Changes
- Fix failed test because of hardcoded directory separator on Windows
- Add PHP 5.6 to Travis CI tests
- Added how to run Slim on Google App Engine/Cloud Platform to the README.markdown
- Lazy-initialize callables in
\Slim\Route::setCallable()
- Fix
\Slim\Http\Util::parseCookie()
for cookie values that contain "=" - Improved debug stack trace output
- Allow default values for
\Slim\Http\Request::params()
- Fix
X-Forwarded-For
header detection - Require
phpunit
as Composer dev dependency - Improve controller method name detection in
\Slim\Route::setCallable()
- Re-merge commits from a mistakenly-deleted earlier branch
- Add (string) cast in encodeSecureCookie call to
hash_hmac
- Routes can be case-insensitive based on a config setting.
- Try running unit tests on HHVM
Class controllers
You may now use a controller class instance as a callback for your Slim app routes.
$app->get('/hello/:name', '\Greeting:sayHello');
In this example, when the app receives a request for "/hello/Josh", it will instantiate class \Greeting
and pass the value "Josh" into its sayHello
method.
Note that we separate the class name and the class method with a single ":" colon. This is a unique syntax used by Slim to implement this functionality. Do not confuse this with the "::" syntax used for static method calls.
Request parameter defaults
When fetching request data with the \Slim\Http\Request
object's get()
, post()
, put()
, patch()
, or delete()
methods, you can define the default value you want if the requested data is not available. For example:
$app->get('/books', function () use ($app) {
$value = $app->request->get('genre', 'fiction');
});
In this example, we expect the HTTP request to have a URL query parameter genre
. If this query parameter does not exist, we will use "fiction" as the default value.
View Template Data
You may now pass data into a view template with \Slim\View::display()
and \Slim\View::fetch()
.
// Fetch a rendered template into a variable
$renderedTemplate = $app->view->fetch('my-template.php', ['foo' => 'bar']);
// Echo a rendered template to the output buffer
$app->view->display('my-template.php', ['foo' => 'bar']);
Other Changes
- Remove mcrypt dependency
- Add PHP 5.5 to Travis CI tests
- Improve typehinting with popular PHP IDEs
- Ensure application view template directory is defined on view construction
- Add HTTP 418 status code to
\Slim\Http\Response
Fix a regression with \Slim\Environment
path parsing. This regression affected developers relying on Apache Aliases or filesystem symlinks.
HipHop VM users must now explicitly define the SCRIPT_NAME
server variable in their HHVM configuration file, at least until HipHop VM sets this server variable correctly on its own.
This is a maintenance release and remains backward-compatible with Slim 2.* applications.
- Let
\Slim\Flash
implementCountable
- Fix
\Slim\Middleware\PrettyExceptions
error when custom Log defined - Omit response body for HEAD requests
- Add HHVM compatibility
This is a maintenance release with several bug fixes and improvements. All changes are backwards compatible with existing Slim 2.x applications.
- Remove encryption concerns from
\Slim\Middleware\SessionCookie
middleware - Fix HTTP method override detection via
X-HTTP-Method-Override
header - Fix padding removal in
\Slim\Http\Util::decrypt
- Prevent XEE attack vector in
\Slim\Middleware\ContentTypes::parseXml
- Fix
\Slim\Slim::urlFor
when used with escaped regular expression characters
- Add
\Slim\Slim::_isset
and\Slim\Slim::__unset
methods - Add
CONTRIBUTING
file - Add
\Slim\Helper\Set::protect
method to store Closure values that should not be invoked - Fix encrypted cookie expiration time during serialization into HTTP header
- Fix Last-Modified and Expires header date format
- Fix
\Slim\View::setData
so that it protects Closures used as template variables
- Added route groups
- Added resource locator
- Added HTTP PATCH method support
- Added new
\Slim\Helper\Set
interface - Fixed XSS exploit in
\Slim\Slim::urlFor
method - Simplified default error handler
\Slim\Slim::handleErrors
- Removed
\Slim\Middleware\PrettyExceptions
when not in debug mode - Let HTTP headers retain
HTTP_
prefix if present - Added
\Slim\Helper\Set
interface to\Slim\Http\Headers
and\Slim\Http\Cookies
- Updated
\Slim\Slim
so thatenvironment
,request
,response
,router
,log
, andview
are public properties. - Updated
\Slim\Http\Request
and\Slim\Http\Response
so thatheaders
andcookies
are public properties that implement\Slim\Helper\Set
. - Added
\Slim\Http\Response
methodssetStatus()
,getStatus()
,setBody()
,getBody()
, andgetLength()
- Updated
\Slim\Http\Response
object so that its cookies and headers are not serialized and encrypted until the very end of the app lifecycle. - Updated
\Slim\Log
with PSR-3 interface - Deprecated
\Slim\Log::warn()
, replaced with\Slim\Log::warning()
- Deprecated
\Slim\Log::fatal()
, replaced with\Slim\Log::critical()
- Deprecated
\Slim\Http\Request
methodscookies()
andheaders()
- Deprecated
\Slim\Http\Response
methodsheaders()
,header()
,length()
,body()
,status()
- Deprecated
\Slim\Http\Response
interfacesArrayAccess
,Countable
, andIteratorAggregate