All Products

PHP Framework

Starter Kits

Packages

Developers

Resources

Upcoming Events

Learn

Watch series
Laracasts

Featured products

Cloud

Cloud New

A fully managed application platform for deploying and hosting Laravel applications.

Pay as you go pricing
Nightwatch

Nightwatch New

Unparalleled monitoring and insights into your application's performance.

Get started for free
Forge

Forge

Provision VPS servers and deploy on DigitalOcean, Akamai, Vultr, Amazon, Hetzner, and more.

Plans from $12 / month
Nova

Nova

The simplest and fastest way to build production-ready administration panels using Laravel.

Licenses from $99

PHP Framework

Starter Kits

Packages

Developers

Resources

Upcoming events

Learn

Watch series
Laracasts
Blog / General

Log4j Vulnerability Update

Log4j is a Java library by Apache used to log debug messages within applications. It's recently been featured in news outlets around the world due to a vulnerability (known as Log4Shell) that was discovered allowing remote code execution using a specific string.

Laravel Forge

Laravel Forge does not install Log4j by default. Furthermore, Forge does not install any applications known to use Log4j.

The vast majority of servers provisioned by Forge will not be vulnerable; however, if you have manually installed applications such as ElasticSearch your server may be affected.

To check if your server is affected, you can use a script such as log4j_checker_beta.

Laravel Vapor

Laravel Vapor does not install or use Log4j in both the native or Docker runtimes. However, if you have manually installed libraries, use custom layers, or customize your Dockerfile, it is possible that Log4j has been installed due to those modifications.

You should check your environment for vulnerability and take action if necessary.

Keep reading

General April 4, 2024

Encryption and the In-between

Last year, we introduced a simple but surprisingly useful feature to Laravel Forge: the ability to add notes to servers. While checking the uptake of this feature, we noticed that customers were often storing sensitive data in the field. We hadn’t designed notes to store sensitive information, so we found ourselves in a situation where we now needed to encrypt existing unencrypted data, while also allowing for new data to be inserted as encrypted data - at the same time, the dashboard needed to be able to show the notes correctly whether they had been encrypted or not. Our migration process looked like this: 1. Run a command that encrypts all existing unencrypted server notes. 2. Update our model to cast the `notes` field, encrypting or decrypting as required. To do this, we leaned on [Laravel’s custom casts](https://laravel.com/docs/11.x/eloquent-mutators#custom-casts) feature to handle this “sometimes encrypted” data. We created a new cast `SometimesEncrypted` that allowed us to gracefully decrypt the encrypted notes, or simply return the plaintext version which may have been available during the migration: ```php

James Brooks

General December 19, 2022

Laravel Loves PHP 8.2

Last week saw the official release of PHP 8.2, bringing with it features such as read-only classes, DNF types, and much more. As you may have noticed, we've been busy preparing the Laravel framework, first-party packages, and the surrounding ecosystem to provide support for this exciting new release of PHP. ## Laravel If you want to use PHP 8.2 with your Laravel project, you should update your dependencies to use the latest versions of the framework as well as the latest versions of all first-party packages such as Cashier, Passport, Scout, etc. ![image](https://laravel-blog-assets.s3.amazonaws.com/cuNz2q7vmF8us0h934JhSY5hprK8lAAZPXw0siF4.png "image") Of course, you should also ensure you update any third-party packages accordingly. ## Forge If you use Forge to provision servers and deploy your applications, you may now select PHP 8.2 when creating a server. ![image](https://laravel-blog-assets.s3.amazonaws.com/yB1Yo6zGuJFpwyQIJeOW1SoD5ZWwiU7Tdh23c1cC.png "image") You may also install PHP 8.2 on existing servers from the "PHP" tab of your server's management dashboard. ![image](https://laravel-blog-assets.s3.amazonaws.com/PeQjgVeQlbYkqJGMyEw4N6eZVb8Q8nfVL7wAdzlR.png "image") ## Vapor We have also updated Vapor to provide PHP 8.2 support for our native and Docker runtimes. To update your native runtime to PHP 8.2, set the `runtime` option of your application's `vapor.yml` file to `php-8.2:al2` and redeploy your application. ![image](https://laravel-blog-assets.s3.amazonaws.com/O3QpHQ2GEvCxUCvkw59b8xiDvInhFqsOwIHd5PfV.png "image") If you are using the Docker runtime, you may update the base image in your Dockerfile to `laravelphp/vapor:php82` and redeploy your application. ![image](https://laravel-blog-assets.s3.amazonaws.com/6Lfm3nfio9eUHv9z0oNdEzfdrZH5NOyuOHxbps9I.png "image") ## Envoyer If you use Envoyer to manage your application's deployments, you may now select PHP 8.2 from your server's settings. ![image](https://laravel-blog-assets.s3.amazonaws.com/FswmEfdErIUr7iFQKQZkKM5TyEWEs3jbNawQOQfI.png "image") At Laravel, we're committed to providing you with the most robust, modern, and developer-friendly PHP experience. We hope you're as eager as we are to get started with PHP 8.2. With these updates to the ecosystem, it really couldn't be simpler!

Joe Dixon

Stay connected with the latest Laravel news

Laravel is the most productive way to
build, deploy, and monitor software.

Products

Packages

Resources

Partners