Skip to content

Milestones

List view

  • 3.6.0

    Feature release (minor)

    No due date
    5/5 issues closed
    100% complete0 open5 closed

  • 3.5.0

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 3.4.0

    Feature release (minor)

    No due date
    9/9 issues closed
    100% complete0 open9 closed

  • 3.3.1

    3.3.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 3.3.0

    Feature release (minor)

    No due date
    2/2 issues closed
    100% complete0 open2 closed

  • 3.2.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 3.1.0

    No due date
    3/3 issues closed
    100% complete0 open3 closed

  • 2.26.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.25.1

    2.25.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.25.0

    ### Added Adds support for the PSR-7 v1.1 release.

    No due date
    2/2 issues closed
    100% complete0 open2 closed

  • 2.24.1

    2.24.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.24.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.23.0

    Feature release (minor)

    No due date
    4/4 issues closed
    100% complete0 open4 closed

  • 2.22.0

    Feature release (minor)

    No due date
    2/2 issues closed
    100% complete0 open2 closed

  • 2.21.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.20.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.19.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.18.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.17.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.16.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.15.0

    Feature release (minor)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.14.0

    Feature release (minor)

    No due date
    3/3 issues closed
    100% complete0 open3 closed

  • 2.13.0

    Feature release (minor)

    No due date
    4/4 issues closed
    100% complete0 open4 closed

  • 2.11.3

    2.11.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.11.2

    2.11.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.12.0

    Feature release (minor)

    No due date
    5/5 issues closed
    100% complete0 open5 closed

  • 2.11.1

    **This is a SECURITY release. All users are encouraged to upgrade immediately.** ### Added This release adds features to allow filtering a `ServerRequest` as generated by `Laminas\Diactoros\ServerRequestFactory::fromGlobals()` for the purposes of initialization. Examples include: - Adding a request identifier. - Using `X-Forwarded-*` headers to modify the URL to represent the original client request. The features are based on a new interface, `Laminas\Diactorors\ServerRequestFilter\FilterServerRequestInterface`, which defines a single method: ```php public function __invoke( \Psr\Http\Message\ServerRequestInterface $request ): \Psr\Http\Message\ServerRequestInterface ``` We provide two implementations, as follows: - `Laminas\Diactoros\ServerRequestFilter\DoNotFilter` will return the provided request verbatim. - `Laminas\Diactoros\ServerRequestFilter\FilterUsingXForwardedHeaders` has named constructors that allow you to define how and when `X-Forwarded-*` headers are used to modify the URI instance associated with the request. These methods are: - `trustAny()`: this method generates a filter instance that will trust all `X-Forwarded-*` headers from any source. - `trustReservedSubnets(array $trustedHeaders = ?)`: this method generates a filter instance that only modifies the URL if the IP address of the requesting server is from a reserved, private subnet (localhost; classes A, B, and C subnets; and IPv6 private and local-link subnets). By default, it will trust all `X-Forwarded-*` headers from these sources, but you may specify a list to allow via the `$trustedHeaders` argument. - `trustProxies(array $proxyCIDRList, array $trustedHeaders = ?)`: this method will generate a filter instance that only modifies the URL if the requesting server matches an entry in the `$proxyCIDRList`. These entries may be IP addresses, or any IPv4 or IPv6 CIDR subnets. By default, it will trust all `X-Forwarded-*` headers from these sources, but you may specify a list to allow via the `$trustedHeaders` argument. `ServerRequestFactory::fromGlobals()` now accepts a `FilterServerRequestInterface` instance as the optional argument `$requestFilter`. If none is provided, it uses one as produced by `FilterUsingXForwardedHeaders::trustReservedSubnets()`. ### Deprecated - The function `Laminas\Diactoros\marshalUriFromSapi()` is deprecated, and no longer used internally. ### Changed `Laminas\Diactoros\ServerRequestFactory::fromGlobals()` no longer consumes `marshalUriFromSapi()`, and instead inlines an alternate implementation. The new implementation does not consider `X-Forwarded-*` headers by default when generating the associated URI instance. Internally, if no `FilterServerRequestInterface` implementation is provided, it defaults to using an instance returned by `FilterUsingXForwardeHeaders::trustReservedSubnets()`. If you previously relied on `X-Forwarded-*` headers, you MAY need to update your code to use either the `FilterUsingXForwardedHeaders::trustAny()` or `FilterUsingXForwardedHeaders::trustProxies()` methods to generate a filter to use with `ServerRequestFactory::fromGlobals()`. ### Fixed - Fixes CVE-2022-31109

    No due date
    0% complete0 open0 closed

  • 2.11.0

    Feature release (minor)

    No due date
    2/2 issues closed
    100% complete0 open2 closed

  • 2.9.2

    2.9.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.10.0

    ### Changed This release adds minor normalization of header values with line continuations; the line continuations are now normalized to a single space. This is done to conform to RFC 7230#3.2.4, which is an important security guideline.

    No due date
    5/5 issues closed
    100% complete0 open5 closed

  • 2.9.1

    2.9.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.9.0

    No due date
    5/5 issues closed
    100% complete0 open5 closed

  • 2.8.0

    Feature release (minor)

    No due date
    4/4 issues closed
    100% complete0 open4 closed

  • 2.7.0

    Feature release (minor)

    No due date
    2/2 issues closed
    100% complete0 open2 closed

  • 2.6.0

    ### Added - The default behavior when marshalling request headers from the `$_SERVER` superglobal is to map all entries starting with `HTTP_` or `CONTENT_` to HTTP headers. However, this behavior is a bit aggressive with regards to the `CONTENT_` keys; PHP only maps `CONTENT_LENGTH`, `CONTENT_MD5`, and `CONTENT_LENGTH` in this way. To remain backwards compatible, we are not changing that behavior. However, users who are experiencing conflicts with env variables they have declared (as an example, `CONTENT_API_KEY`) can define the env variable `LAMINAS_DIACTOROS_STRICT_CONTENT_HEADER_LOOKUP`. When present, the logic for marshalling headers will only consider exact matches on those three `CONTENT_` keys, and ignore any others it identifies. (Behavior for `HTTP_` prefixed headers remains the same.)

    No due date
    4/4 issues closed
    100% complete0 open4 closed

  • 2.5.1

    2.5.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.4.1

    2.4.x bugfix release (patch)

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.5.0

    Feature release (minor)

    No due date
    2/2 issues closed
    100% complete0 open2 closed

  • 3.0.0

    ### Added This version adds support for PSR-7 v2.0. While we had previously added return type hints in Diactoros, there were a few cases where PSR-7 updated the interfaces to use `void` returns where we had not. As a result, this release represents a BC break for anybody extending our classes, as defining an extension that uses one of these methods with a mixed return type (or omitting the return type entirely) will result in a type error. The interfaces affected were `Psr\Http\Message\StreamInterface` and `Psr\Http\Message\UploadedFileInterface`. For consumers, this version should be entirely backwards compatible in usage. For those extending our classes, you will only run into issues when extending implementations of the above interfaces.

    No due date
    15/15 issues closed
    100% complete0 open15 closed

  • 2.3.2

    No due date
    1/1 issues closed
    100% complete0 open1 closed

  • 2.4.0

    Feature release (minor)

    No due date
    2/2 issues closed
    100% complete0 open2 closed