The CakePHP core team is happy to announce the immediate availability of CakePHP 5.0.1. This is a maintenance release for the 5.0 branch that fixes several community reported issues and a minor security related fix..
Bugfixes
You can expect the following changes in 5.0.1. See the changelog for every commit.
- Allow
FormProtectioncomponent to have its session id source customized in subclasses. - Fixed potential email address manipulation if unvalided address data was set into
Cake\Mailer\Message. Thank you to Waldemar Bartikowski who reported the issue via our security mailing list. - Fixed errors arising from plugin helpers being loaded within other plugin helpers, when the parent helper is loaded without a plugin scope.
PaginatedResultSetis notJsonSerializable.- Replaced usage of
include_oncewhenApplicationloads plugin configuration. - Fixed broken links in API documentation links to MDN.
View::getConfig()is now public.ORM\Marshaller::one()now usesnewEmptyEntity()improving compatibility with subclass implementations.- Adding methods with
getMockForModel()is deprecated because of changes in PHPUnit. - Fixed
Cake\Http\Clientcookie parsing with invalid values that lack both a value and=delimiter. Collection\SortIteratoris now compatible withChronostypes.- Fixed source line attribution in the
dd()method. - Fixed
defaultsbeing mutated inDashedRouteandInflectedRouteaftermatch()is called.
Contributors to 5.0.1
Thank you to all the contributors that helped make this release happen:
- ADmad
- Jorge González
- Kevin Pfeifer
- Mark Scherer
- Mark Story
- andrii-pukhalevych
- breno
- othercorey
- wowDAS Ing. Markus
As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation.