Zend Framework 2.3.0dev
This is the third minor (feature) release for the version 2 series.
DD MMM YYY
This release ups the minimum required PHP version from 5.3.3 to 5.3.23. Making this change affords the following:
-
5.3.9 and up have a fix that allows a class to implement multiple interfaces that define the same method, so long as the signatures are compatible. Prior to that version, doing so raised a fatal error. This change is necessary in order to solve a problem with separated interface usage in the framework.
-
5.3.23 contains a PHP bug #62672. Adopting this version or greater will allow us to (eventually) remove polyfill support that works around the symptoms of that issue.
As always, the Zend Framework project strongly recommends using the latest version of PHP available to ensure you have the latest security fixes.
Additional updates that may affect existing applications include:
-
#5759 adds a new method to the
FlashMessenger
view helper,renderCurrent()
, which will render messages registered with theFlashMessenger
during the current request (vs. a previous request). -
#5865 removes the dependency on
Zend\Stdlib
inZend\Dom
by implementing PHP error handling directly in the component. This makes the component more easily portable. -
#5840 removes the class
Zend\Http\Client\Cookies
, as it was not used inside the framework itself, and could not be used with the HTTP client regardless. -
#5436 brings consistency to the
Zend\Filter
component, ensuring that exceptions are never thrown, and that values that a given filter cannot manipulate are returned unfiltered. -
#5666 removes the ability to translate form validation messages. This should never have been enabled in the first place, as validation message translation should be based on the message key, not the message string itself. In most cases, this should not affect existing applications, as most messages are dynamic and, as such, would result in the translator being unable to lookup a matching translation key.
-
#5664 removes the ability to translate validator message keys. This should never have been enabled in the first place, as the keys are themselves to be used by the translator to find translation strings; they were not intended to be translated themselves.
-
#5649 adds a new method to
Zend\Test\PHPUnit\Controller\AbstractHttpControllerTestCase
,assertResponseReasonPhrase()
. This allows developers to write assertions directly against the HTTP reason phrase they may have set in the response object. -
#5406 and #5689 make the i18n component optional for the MVC. 5406 does this by introducing a new interface,
Zend\I18n\Translator\TranslatorInterface
and aDummyTranslator
implementation, and altering the MvcTranslator service factory to instantiate aDummyTranslator
to inject into theZend\Mvc\I18n\Translator
instance. 5689 updates the MVC translator factory to look for one of the following:- A defined
Zend\I18n\Translator\TranslatorInterface
service; if found, this will be injected into aZend\Mvc\I18n\Translator
instance. - Defined
translator
configuration; if so, this will be passed to theZend\I18n\Translator\Translator::factory
method, and the result injected in aZend\Mvc\I18n\Translator
instance. - If no configuration is found, a
DummyTranslator
will be created and injected into aZend\Mvc\I18n\Translator
instance.
- A defined
-
#5469 adds a new abstract controller,
Zend\Mvc\Controller\AbstractConsoleController
, for simplifying the creation of console controllers. -
#5364 adds "naming strategies" to hydrators, allowing transformation of the data keys when either hydrating or extracting data sets. This is implemented via a new interface,
Zend\Stdlib\Hydrator\NamingStrategy\NamingStrategyInterface
, which is now composed by default into theAbstractHydrator
. -
#5587 changes the default cost for
Zend\Crypt\Password\Bcrypt
to 10, to keep it consistent with PHP's own default, as well as potentially mitigate DoS vectors (due to high computation cost). -
#5356 deprecates
Zend\Dom\Css2Path::transform
in favor of the newZend\Dom\Document\Query::cssToXpath
. Additionally, it properly cleans up the relations between documents, queries, and nodelists, providing a workflow similar to performing XPath queries in PHP:use Zend\Dom\Document; $document = new Document($content); $nodeList = Document\Query::execute($expression, $document, Document\Query::TYPE_CSS); foreach ($nodeList as $node) { // ... }
or, more succinctly:
use Zend\Dom\Document; foreach ( Document\Query::execute($expression, new Document($content), Document\Query::TYPE_CSS) as $node ) { // ... }
This API is intended to replace
Zend\Dom\Query
; however,Zend\Dom\Query
remains in order to retain backwards compatibility. -
#5043 introduced changes in how DocBlock tag instances are returned via the
Zend\Code\Reflection
component. These instances are rarely created manually; however, if you are doing so, please note the following API changes:Zend\Code\Generator\DocBlock\Tag\AuthorTag
: removedset/getDatatype()
andset/getParamName()
Zend\Code\Generator\DocBlock\Tag\AuthorTag
:__construct
changed from($options = array())
to($authorName = null, $authorEmail = null)
Zend\Code\Generator\DocBlock\Tag\LicenseTag
:__construct
changed from($options = array())
to($url = null, $licenseName = null)
Zend\Code\Generator\DocBlock\Tag\ReturnTag
:__construct
changed from($options = array())
to($types = array(), $description = null)
Zend\Code\Generator\DocBlock\Tag\ParamTag
:__construct
changed from($options = array())
to($variableName = null, $types = array(), $description = null)
- Using
DocBlockGenerator::fromReflection()
and afterwardsgetTags()
is now returning the newTag
classes (ReturnTag
,AuthorTag
,ParamTag
, ...) where applicable and otherwiseGenericTag
. The deprecated classTag
will not be returned anymore.
-
#5101 introduces a behavior change in the FormLabel view helper: it now escapes the label content by default. If you wish to disable escaping, you need to either pass the label option
disable_html_escape
to the form element, or call thesetEscapeHtmlHelper(false)
method on theformLabel()
view helper. -
#4962 adds a service alias from "ControllerManager" to "ControllerLoader", and updates code to reference
Please see CHANGELOG.md.
Zend Framework 2 requires PHP 5.3.23 or later; we recommend using the latest PHP version whenever possible.
Please see INSTALL.md.
If you wish to contribute to Zend Framework, please read both the CONTRIBUTING.md and README-GIT.md file.
Online documentation can be found at http://framework.zend.com/manual. Questions that are not addressed in the manual should be directed to the appropriate mailing list:
http://framework.zend.com/archives/subscribe/
If you find code in this release behaving in an unexpected manner or contrary to its documented behavior, please create an issue in our GitHub issue tracker:
https://github.com/zendframework/zf2/issues
If you would like to be notified of new releases, you can subscribe to the fw-announce mailing list by sending a blank message to [email protected].
If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [email protected]. We will work with you to verify the vulnerability and patch it.
When reporting issues, please provide the following information:
- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.
For sensitive email communications, please use our PGP key.
The files in this archive are released under the Zend Framework license. You can find a copy of this license in LICENSE.txt.
The Zend Framework team would like to thank all the contributors to the Zend Framework project, our corporate sponsor, and you, the Zend Framework user. Please visit us sometime soon at http://framework.zend.com.