Release Notes

Versioning Scheme

Laravel's versioning scheme maintains the following convention: paradigm.major.minor. Major framework releases are released every six months (February and August), while minor releases may be released as often as every week. Minor releases should never contain breaking changes.

When referencing the Laravel framework or its components from your application or package, you should always use a version constraint such as 5.5.*, since major releases of Laravel do include breaking changes. However, we strive to always ensure you may update to a new major release in one day or less.

Paradigm shifting releases are separated by many years and represent fundamental shifts in the framework's architecture and conventions. Currently, there is no paradigm shifting release under development.

Support Policy

For LTS releases, such as Laravel 5.5, bug fixes are provided for 2 years and security fixes are provided for 3 years. These releases provide the longest window of support and maintenance. For general releases, bug fixes are provided for 6 months and security fixes are provided for 1 year.

VersionReleaseBug Fixes UntilSecurity Fixes Until
5.0February 4th, 2015August 4th, 2015February 4th, 2016
5.1 (LTS)June 9th, 2015June 9th, 2017June 9th, 2018
5.2December 21st, 2015June 21st, 2016December 21st, 2016
5.3August 23rd, 2016February 23rd, 2017August 23rd, 2017
5.4January 24th, 2017July 24th, 2017January 24th, 2018
5.5 (LTS)August 30th, 2017August 30th, 2019August 30th, 2020
5.6February 7th, 2018August 7th, 2018February 7th, 2019

Laravel 5.6

Laravel 5.6 continues the improvements made in Laravel 5.5 by adding an improved logging system, single-server task scheduling, improvements to model serialization, dynamic rate limiting, broadcast channel classes, API resource controller generation, Eloquent date formatting improvements, Blade component aliases, Argon2 password hashing support, inclusion of the Collision package, and more. In addition, all front-end scaffolding has been upgraded to Bootstrap 4.

All underlying Symfony components used by Laravel have been upgraded to the Symfony ~4.0 release series.

The release of Laravel 5.6 coincides with the release of Spark 6.0, the first major upgrade to Laravel Spark since its release. Spark 6.0 introduces per-seat pricing for Stripe and Braintree, localization, Bootstrap 4, an enhanced UI, and Stripe Elements support.

{tip} This documentation summarizes the most notable improvements to the framework; however, more thorough change logs are always available on GitHub.

Logging Improvements

Laravel 5.6 brings vast improvements to Laravel's logging system. All logging configuration is housed in the new config/logging.php configuration file. You may now easily build logging "stacks" that send log messages to multiple handlers. For example, you may send all debug level messages to the system log while sending error level messages to Slack so that your team can quickly react to errors:

  1. 'channels' => [
  2.     'stack' => [
  3.         'driver' => 'stack',
  4.         'channels' => ['syslog', 'slack'],
  5.     ],
  6. ],

In addition, it is now easier to customize existing log channels using the logging system's new "tap" functionality. For more information, check out the full documentation on logging.

Single Server Task Scheduling

{note} To utilize this feature, your application must be using the memcached or redis cache driver as your application's default cache driver. In addition, all servers must be communicating with the same central cache server.

If your application is running on multiple servers, you may now limit a scheduled job to only execute on a single server. For instance, assume you have a scheduled task that generates a new report every Friday night. If the task scheduler is running on three worker servers, the scheduled task will run on all three servers and generate the report three times. Not good!

To indicate that the task should run on only one server, you may use the onOneServer method when defining the scheduled task. The first server to obtain the task will secure an atomic lock on the job to prevent other servers from running the same task on the same Cron cycle:

  1. $schedule->command('report:generate')
  2.          ->fridays()
  3.          ->at('17:00')
  4.          ->onOneServer();

Dynamic Rate Limiting

When specifying a rate limit on a group of routes in previous releases of Laravel, you were forced to provide a hard-coded number of maximum requests:

  1. Route::middleware('auth:api', 'throttle:60,1')->group(function () {
  2.     Route::get('/user', function () {
  3.         //
  4.     });
  5. });

In Laravel 5.6, you may specify a dynamic request maximum based on an attribute of the authenticated User model. For example, if your User model contains a rate_limit attribute, you may pass the name of the attribute to the throttle middleware so that it is used to calculate the maximum request count:

  1. Route::middleware('auth:api', 'throttle:rate_limit,1')->group(function () {
  2.     Route::get('/user', function () {
  3.         //
  4.     });
  5. });

Broadcast Channel Classes

If your application is consuming many different channels, your routes/channels.php file could become bulky. So, instead of using Closures to authorize channels, you may now use channel classes. To generate a channel class, use the make:channel Artisan command. This command will place a new channel class in the App/Broadcasting directory.

  1. php artisan make:channel OrderChannel

Next, register your channel in your routes/channels.php file:

  1. use App\Broadcasting\OrderChannel;
  3. Broadcast::channel('order.{order}', OrderChannel::class);

Finally, you may place the authorization logic for your channel in the channel class' join method. This join method will house the same logic you would have typically placed in your channel authorization Closure. Of course, you may also take advantage of channel model binding:

  1. <?php
  3. namespace App\Broadcasting;
  5. use App\User;
  6. use App\Order;
  8. class OrderChannel
  9. {
  10.     /**
  11.      * Create a new channel instance.
  12.      *
  13.      * @return void
  14.      */
  15.     public function __construct()
  16.     {
  17.         //
  18.     }
  20.     /**
  21.      * Authenticate the user's access to the channel.
  22.      *
  23.      * @param  \App\User  $user
  24.      * @param  \App\Order  $order
  25.      * @return array|bool
  26.      */
  27.     public function join(User $user, Order $order)
  28.     {
  29.         return $user->id === $order->user_id;
  30.     }
  31. }

API Controller Generation

When declaring resource routes that will be consumed by APIs, you will commonly want to exclude routes that present HTML templates such as create and edit. To generate a resource controller that does not include these methods, you may now use the —api switch when executing the make:controller command:

  1. php artisan make:controller API/PhotoController --api

Model Serialization Improvements

In previous releases of Laravel, queued models would not be restored with their loaded relationships intact. In Laravel 5.6, relationships that were loaded on the model when it was queued are automatically re-loaded when the job is processed by the queue.

Eloquent Date Casting

You may now individually customize the format of Eloquent date cast columns. To get started, specify the desired date format within the cast declaration. Once specified, this format will be used when serializing the model to an array / JSON:

  1. protected $casts = [
  2.     'birthday' => 'date:Y-m-d',
  3.     'joined_at' => 'datetime:Y-m-d H:00',
  4. ];

Blade Component Aliases

If your Blade components are stored in a sub-directory, you may now alias them for easier access. For example, imagine a Blade component that is stored at resources/views/components/alert.blade.php. You may use the component method to alias the component from components.alert to alert:

  1. Blade::component('components.alert', 'alert');

Once the component has been aliased, you may render it using a directive:

  1. @alert('alert', ['type' => 'danger'])
  2.     You are not allowed to access this resource!
  3. @endalert

You may omit the component parameters if it has no additional slots:

  1. @alert
  2.     You are not allowed to access this resource!
  3. @endalert

Argon2 Password Hashing

If you are building an application on PHP 7.2.0 or greater, Laravel now supports password hashing via the Argon2 algorithm. The default hash driver for your application is controlled by a new config/hashing.php configuration file.

UUID Methods

Laravel 5.6 introduces two new methods for generating UUIDs: Str::uuid and Str::orderedUuid. The orderedUuid method will generate a timestamp first UUID that is more easily and efficiently indexed by databases such as MySQL. Each of these methods returns a Ramsey\Uuid\Uuid object:

  1. use Illuminate\Support\Str;
  3. return (string) Str::uuid();
  5. return (string) Str::orderedUuid();

Collision

The default laravel/laravel application now contains a dev Composer dependency for the Collision package maintained by Nuno Maduro. This packages provides beautiful error reporting when interacting with your Laravel application on the command line:Release Notes - 图1

Bootstrap 4

All front-end scaffolding such as the authentication boilerplate and example Vue component have been upgraded to Bootstrap 4. By default, pagination link generation also now defaults to Bootstrap 4.