Love Fuel?    Donate

Thoughts, ideas, random notes, ramblings...

Anything about PHP in general, and FuelPHP in particular. Sometimes serious, sometimes with a big wink. But always with a message. Do you have an opinion about an article? Don't forget to comment!

Long overdue, we have just released a new release, v1.8.

Looking back

It has been what can only be described as another hectic and difficult year. We've lost contact with new team member Mark for quite a while, and continuing work and health related issues for the remaining team members played havok with any plans we had. I has all meant that again, things haven't moved as fast as they should have.

Good news is that everything seems to slowly pick up a little, we're trying to spend every minute of spare time we have on a redesign of the v2 core code. We have made the descision that Fuel v2 will require PHP 7+. We hope that we can pick up the pace soon, so there is something you can work with, and give your comments on.

Security fixes

This release fixes one potential security issue, SEC-CORE-005.

Under specific circumstances it is possible to craft a custom URL that allows access to arbitrary files through the session. Exploiting the issue requires file based sessions to be configured, and session payload encryption to be disabled. See the security advisories page for more information.

We have upgraded both the HtmLawed library the framework uses, and we have removed the embedded and customized version of PHPSecLib in favour of the composer package. If you are upgrading an existing application, make sure you replace the complete core folder to avoid having duplicate classes.

Composer

This releases moves us futher towards composer. We've increased the number packages installed by composer, we've rewritten the composer.json to allow installation of both stable and development versions of the framework. The ZIP file you can download from this site now contains everything you need to start building your Fuel application, while you still can use composer to update the framework, or to install additional composer packages.

Fixes and improvements

As usual, there is a long list of fixes and improvements, too long to discuss here. Please check the changelog to see what has been changed or improved since the last release.

What about version 2?

No worries, we haven't forgotten that.

But things have been moving slow the last 12 to 18 months. Recently, we've slowly picked it up again. We have decided to start from scratch, with a complete rewrite, and targetting PHP 7. As soon as we have a new workable core, we will let you know, so you can have a lot, start testing, and provide us with comments and suggestions.