- Active Record
- Security fixes
- Project templates
- A bit about Yii 3.0
We are very pleased to announce the release of Yii Framework version 2.0.16. Please refer to the instructions at https://www.yiiframework.com/download/ to install or upgrade to this version.
Version 2.0.16 is a minor release of Yii 2.0 which contains more than a hundred enhancements and bug fixes including security fixes.
Yii 2.0 reached feature freeze more than a year ago, meaning that the 2.0 branch will only receive bug fixes. That was done in order to allow the Yii Team to focus on the upcoming Yii 3 rewrite. There's more on Yii 3 at the very end of this announcement.
There are minor changes that may affect your existing applications, so make sure to check the UPGRADE.md file.
Huge thanks to all Yii community members who contribute to the framework. It wouldn't have been possible without you. Additional thanks to translators who are keeping international documentation up to date.
There are many active Yii communities so if you need help or want to share your experience, feel free to join them.
You can also discuss this news on our forum.
Below we summarize some of the enhancements and changes that slipped into this release. A complete list of changes can be found in the CHANGELOG.
Active Record ¶
A behavior for optimistic locking was added by Salem Ouerdani, @tunecino.
Optimistic locking allows multiple users to access the same record for edits and avoids potential conflicts. In case when a user attempts to save the record upon some staled data (because another user has modified the data), a StaleObjectException exception will be thrown, and the update or deletion is skipped.
The locking itself was implemented from the first versions of Yii but using it properly wasn't easy. Now it is. You can find details in the guide section on optimistic locks and in OptimisticLockBehavior itself.
Console migration generator defaults were changed so that the migrations are generated with table prefixes used. If you
want to disable this behavior, set
yii\console\controllers\MigrateController::useTablePrefix to false via console
- The MySQL driver now supports fractional seconds for time types (require MySQL >= 5.6.4).
- The Oracle driver now supports resetting sequences.
yii\helpers\Inflectornow works correctly with UTF-8.
yii\mutex\FileMutex::$isWindowsfor Windows file shares on Unix guest machines.
yii\helpers\ReplaceArrayValueobject can now be restored after serialization using
$filterOnFocusOut option that allows to toggle if filtering should be triggerd when filter field is losing focus.
jQuery 3.3 is now allowed to be installed.
- Increased frequency of lock tries for
yii\mutex\FileMutex::acquireLock()when $timeout is provided.
- Added support for
Security fixes ¶
Two security issues were fixed in this release:
- CVE-2018-14578: CSRF token check bypassing in
- CVE-2018-19454: Excess logging of sensitive information in
Project templates ¶
- Codeception configs were cleaned up in both basic and advanced project templates.
- A basic Docker configuration was added to the Advanced project template, allowing you to quickly start developing.
- Advanced template tests require newer version of Codeception that works starting with PHP 7.0. Old applications will work with older versions of Codeception so there's no need for upgrade if you don't want it.
A bit about Yii 3.0 ¶
Yii 3 will be the next major version of the Yii framework. A separate announcement will be made subsequently, but here's a brief overview of the future:
A new architecture: The Yii framework has been split into several packages. This will allow you to pick the packages you need to compose your Yii application instead of installing one package that provides everything.
PSR Compatibility: Yii 3 will embrace the PHP-FIG recommendations, and implement many PSRs: Logging, Caching, DI, etc.
Yii 3.0 is currently being developed. We will make separate announcements when it reaches alpha stability.