Yii 2.0.16

    The PHP framework team Yii has released version 2.0.16, containing more than a hundred fixes and some improvements . Fixed several security issues.

    The branch Yii 2.0 reached a freeze more than a year ago , which means that it mainly accepts corrections. This was done to allow the Yii team to focus on Yii 3. At the very end of this post there is a little more information about Yii 3.

    This release includes several changes that may affect existing applications. Be sure to read UPGRADE.md .

    Many thanks to the members of the Yii community who are participating in the development. Without you, such a large-scale project would be impossible. Special thanks to translators who keep the documentation up to date.

    Below are the most interesting improvements that still managed to leak into the release. The full list, as usual, can be found in CHANGELOG .

    Active record

    Salem Ouerdani, @tunecino added behavior for optimistic locking.

    Optimistic locking allows multiple users to simultaneously edit a record and avoid potential server side conflicts. In the case when a user tries to save edits based on outdated data (because another user has already been saved), he rushes StaleObjectException, and the update or deletion is not done.

    The mechanism of such a lock was implemented in the first versions of Yii, but it was not so easy to use it correctly. Now just.

    Documentation can be found in the official tutorial
    and API OptimisticLockBehavior .


    The console migration generator now uses table prefixes by default. If you want to change this, then you can put yii\console\controllers\MigrateController::useTablePrefixin falsethe config console commands.


    • The MySQL driver now supports fractional second accuracy for temporary types (MySQL is required> = 5.6.4).
    • The Oracle driver now supports sequence dumping.


    • yii\helpers\Inflector learned to work correctly with UTF-8.
    • Added flag yii\mutex\FileMutex::$isWindowsfor Windows balloon on Unix guest machines.
    • Objects yii\helpers\UnsetArrayValue, yii\helpers\ReplaceArrayValuecan now be restored after using serialization var_export().


    An option has been added $filterOnFocusOutthat determines whether filtering should be performed when focus is lost.


    Now you can install jQuery 3.3.


    • The frequency of attempts to obtain a lock is yii\mutex\FileMutex::acquireLock()increased in the event that it is provided $timeout.
    • Added support $timeoutfor yii\mutex\PgsqlMutex::acquire().

    Security patches

    Two security issues have been fixed:

    • CVE-2018-14578: CSRF token check bypass \yii\web\Request::getMethod()
    • CVE-2018-19454: logging confidential information to \yii\log\Target

    Application Templates

    • Codeception configs have been cleaned in both the basic and advanced templates.
    • A simple Docker config has been added to the Advanced template.
    • The Advanced template now requires a newer version of Codeception, which only works since PHP 7.0. Older applications will work as before.

    Little about Yii 3.0

    The next major version of Yii will be 3.0. A detailed announcement will be later, but for now briefly:

    Updated architecture : the framework is divided into separate packages .
    This will allow you to collect from them what you need.

    JavaScript-independent : along with the reorganization of the source code, Yii is decoupled from the JavaScript framework in the kernel.
    Yii key packages do not require jQuery.

    Compatible with PSR : Yii 3 will follow the recommendations of PHP-FIG. Many PSRs have already been implemented: logging, cache, DI, and others.

    Yii 3.0 is under active development. A detailed announcement will be made to achieve the alpha version.

    Also popular now: