We have now released the third release candidate of Slim 3 following testing of RC2. This release fixes a security issue, clears up some inconsistencies and fixes a number of bugs.
Security fix in 3.0.0-RC3:
- #1624 - XXE attacks are now prevented when parsing XML input.
BC breaks in 3.0.0-RC3:
These are the BC breaks since RC2:
- #1631 - The route callable is now bound to the Container rather than to the App to be consistent with middleware binding. This means that if you are using
$this->subRequestthen you now need to
use ($app)and then
$app->subRequest(…). Also if you were using
$this->getContainer()->get(…), you need to change this to
$this->get(…). Note that using
$this->footo retrieve a service from the container continues to work.
- #1626 - Route paths are now simply concatentated with no magic. This may affect the way route groups were previously set up, but from now on, it’s very predictable.
- #1625 - Group middleware is now executed before the route’s middleware as you would expect. See issue #1622 for details.
The full list of changes is here
For details on the what’s new in Slim 3, please see this article about 3.0 beta 1.
We would appreciate it if you could test this release candidate and report all issues that you find. We are hoping that this is the final release candidate (again!) and that 3.0 final will be released imminently. Note though, that as this is a release candidate, we do not promise that there will be no BC breaks until 3.0 final is released.