Laravel Cloud: More Features, Smarter Pricing
Laravel Cloud pricing changes: new plan names, more features, and predictable usage-based billing start today.
Calvin Schemanski
Laravel Cloud pricing changes: new plan names, more features, and predictable usage-based billing start today.
Calvin Schemanski
Ship Laravel features faster with Boost, a Composer package that accelerates AI-assisted Laravel development by providing the essential context and structure that AI needs to generate high-quality, Laravel-specific code.
Ashley Hindle
All the highlights from Laracon 2025, including Laravel Cloud autoscaling, Forge upgrades, framework changes, and Nightwatch pricing.
Ana Tavares
Today, we're thrilled to announce the release of Laravel 11 and Laravel Reverb.
Taylor Otwell
Today we're thrilled to announce that we have tagged the Laravel 10.0 release! Laravel 10 continues the improvements made in Laravel 9 by introducing argument and return types to all application skeleton methods, as well as all stub files used to generate classes throughout the framework. In addition, a new, developer-friendly abstraction layer has been introduced for starting and interacting with external processes. Further, Laravel Pennant has been introduced to provide a wonderful approach to managing your application's "feature flags". To get all of the juicy details about this release, check out our official [release notes](https://laravel.com/docs/10.x/releases#laravel-10) and [upgrade guide](https://laravel.com/docs/10.x/upgrade). We'll cover some of the highlights below. ### Method Signature + Return Types On its initial release, Laravel utilized all of the type-hinting features available in PHP at the time. However, many new features have been added to PHP in the subsequent years, including additional primitive type-hints, return types, and union types. Laravel 10.x thoroughly updates the application skeleton and all stubs utilized by the framework to introduce argument and return types to all method signatures. In addition, extraneous "doc block" type-hint information has been deleted: ```php
Taylor Otwell
This week we shipped Laravel 9.0 - the exciting next chapter in our journey to make web development enjoyable and productive! Laravel 9 continues the improvements made in Laravel 8.x by introducing support for Symfony 6.0 components, Symfony Mailer, Flysystem 3.0, improved `route:list` output, a Laravel Scout database driver, new Eloquent accessor / mutator syntax, implicit route bindings via Enums, and a variety of other bug fixes and usability improvements. As you may know, Laravel transitioned to yearly releases with the release of Laravel 8. Previously, major versions were released every 6 months. This transition is intended to ease the maintenance burden on the community and challenge our development team to ship amazing, powerful new features without introducing breaking changes. Therefore, we have shipped a variety of robust features to Laravel 8 without breaking backwards compatibility, such as parallel testing support, improved Breeze starter kits, HTTP client improvements, and even new Eloquent relationship types such as "has one of many". We hope you enjoy this new release! — The Laravel Team Some notable improvements in Laravel 9.0 include: - [Transition from SwiftMailer to Symfony Mailer](https://laravel.com/docs/9.x/releases#symfony-mailer) - [Update to Flysystem 3.x](https://laravel.com/docs/9.x/releases#flysystem-3) - [Improved Eloquent Accessors / Mutators](https://laravel.com/docs/9.x/releases#eloquent-accessors-and-mutators) - [Enum Eloquent Attribute Casting](https://laravel.com/docs/9.x/releases#enum-casting) - [Implicit Route Bindings With Enums](https://laravel.com/docs/9.x/releases#implicit-route-bindings-with-enums) - [Forced Scoping Of Route Bindings](https://laravel.com/docs/9.x/releases#forced-scoping-of-route-bindings) - [Controller Route Groups](https://laravel.com/docs/9.x/releases#controller-route-groups) - [Full Text Indexes / Where Clauses](https://laravel.com/docs/9.x/releases#full-text) - [Laravel Scout Database Engine](https://laravel.com/docs/9.x/releases#laravel-scout-database-engine) - [Rendering Inline Blade Templates](https://laravel.com/docs/9.x/releases#rendering-inline-blade-templates) - [Slot Name Shortcut](https://laravel.com/docs/9.x/releases#slot-name-shortcut) - [Checked / Selected Blade Directives](https://laravel.com/docs/9.x/releases#checked-selected-blade-directives) - [Laravel Breeze API & Next.js](https://laravel.com/docs/9.x/releases#laravel-breeze-api) - [Improved Ignition Exception Page](https://laravel.com/docs/9.x/releases#exception-page) - [Improved route:list CLI Output](https://laravel.com/docs/9.x/releases#improved-route-list) - [Test Coverage Using Artisan test Command](https://laravel.com/docs/9.x/releases#test-coverage-support-on-artisan-test-Command) - [Soketi Echo Server](https://laravel.com/docs/9.x/releases#soketi-echo-server) - [Improved Collections IDE Support](https://laravel.com/docs/9.x/releases#improved-collections-ide-support) - [New Helpers](https://laravel.com/docs/9.x/releases#new-helpers)
Dries Vints
As you may know, this year we updated the Laravel release cycle to include one major release per year. Previously, we released two major versions per year. These release changes would typically indicate that a Laravel 9 release is due in September of this year. However, as you may know, Laravel uses a variety of community-driven packages as well as nine Symfony components for a number of features within the framework. Symfony 6.0 is due for release in November. For that reason, we are choosing to delay the Laravel 9.0 release until January 2022. By delaying the release, we can upgrade our underlying Symfony components to Symfony 6.0 without being forced to wait until September 2022 to perform this upgrade. In addition, this better positions us for future releases as our yearly releases will always take place two months after Symfony's releases. This means that the upcoming Laravel release schedule will look as follows: - Laravel 9.0: January 2022 - Laravel 10.0: January 2023 - Laravel 11.0: January 2024 We are continuing to deliver exciting new improvements to the Laravel 8.x release series. In fact, we have been able to ship a variety of amazing new features without needing a major release, including parallel testing, model broadcasting improvements, and more. We look forward to shipping even more wonderful improvements to you soon!
Taylor Otwell
For the last 4 years, Laravel has released a new "major" version every 6 months. Before adopting the "semantic versioning" standard - the second number in the Laravel version number changed every 6 months. With the adoption of semantic versioning, the first number in the Laravel version number changed every 6 months. However, the release cycle speed stayed the same throughout that transition - even though many users felt that Laravel versions were being released more frequently. Over the same 4 years, Laravel has matured and solidified its position as the development framework of choice for most PHP developers. As the number of businesses and individuals using Laravel has grown substantially, I feel like now is a good time to update our release schedule to help ease the maintenance burden on our community. So, beginning immediately, Laravel is moving from a 6 month major release cycle to a 12 month release cycle. Therefore, since Laravel 8.0 was released in September of 2020, Laravel 9.0 (LTS) will not be released until September of 2021. Laravel 10.0 will be released in September of 2022, etc. Due to this decision, we decided to backport parallel testing (a major feature of the 9.0 release) to Laravel 8.0 so that our users could take advantage of it immediately. That feature was released today. This new release cycle will not only ease the the maintenance burden on our community and relieve the stress of feeling like you are being "left behind", it will challenge us as Laravel developers to implement high-value, amazing features without breaking backwards compatibility so that we can deliver them to you as quickly as possible. These changes have been reflected in [our support policy documentation](https://laravel.com/docs/releases#support-policy). Matt Stauffer, a long time Laravel community member, has created a very helpful website to assist you in visualizing the current and upcoming releases of Laravel as well as their support / maintenance periods: [https://laravelversions.com/](https://laravelversions.com/) If you are running an older version of Laravel and would like to take advantage of all the latest features in Laravel 8, you may automate the process of upgrading with Shift: [https://laravelshift.com](https://laravelshift.com).
Taylor Otwell
**Note: This security patch only affects applications using the `$guarded` property on models. In addition, applications that set `$guarded` to `[]` or `['*']` are not affected by the bug described in this post.** Today we are releasing a follow-up to yesterday's security patches. Today's patch secures another subtle security issue when using `$request->all()` to update Eloquent's models that use the `$guarded` property. When listing individual columns in the `$guarded` property, any columns that are not included in the list can be updated via mass assignment. This is expected behavior. However, unexpected updates may happen if requests are crafted to contain JSON column nesting expressions (`{"foo->bar": "value"}`). Even if the JSON `foo` column is guarded, this expression could update the `bar` JSON key within the column (because `foo->bar` is not listed in the guarded clause). Today's patch fixes this and other potential unexpected behaviors by comparing the column that is being updated with an actual list of database columns that exist on the database table. We retrieve this column list using Laravel's schema inspection facilities that already existed in the framework. Note that this will introduce one extra database query to retrieve the column listing when attempting to mass assign attributes to a model that is using the `$guarded` property. If the `$guarded` property is empty or is set to `['*']` the extra query is unnecessary and will not be executed. Applications that use `$fillable` are already protected by default and do not require us to confirm the column's validity. **As a personal recommendation, I recommend always using `$fillable` instead of `$guarded`. In general, `$fillable` is a safer approach to mass assignment protection because you are forced to list any new columns added to the database to the `$fillable` array. In contrast, you may easily forget to add a new column to a `$guarded` array, leaving it open for mass assignment by default.**
Taylor Otwell
Today we released a security patch for Laravel 6.x and 7.x. In previous releases of Laravel, it was possible to mass assign Eloquent attributes that included the model's table name: ``` $model->fill(['users.name' => 'Taylor']); ``` When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent and was not documented. However, when paired with validation, this can lead to unexpected and unvalidated values being saved to the database. For this reason, we have removed the automatic stripping of table names from mass-asignment operations so that the attributes go through the typical "fillable" / "guarded" logic. Any attributes containing table names that are not explicitly declared as fillable will be discarded. This security release will be a breaking change for applications that were relying on the undocumented table name stripping during mass assignment. **Since this feature was relatively unknown and undocumented, we expect the vast majority of Laravel applications to be able to upgrade without issues.**
Taylor Otwell
Laravel is the most productive way to
build, deploy, and monitor software.