Slim 3.0 RC2 Released
I released Slim 3 RC 2 today after a longer than expected gap from RC1. The gap was caused by two things:
- Real LifeTM was busy for all the core team members
- People test RCs, but not betas!
Obviously, the important one here was testing. Thank your everyone who tested RC1!
As a result, a number of important issues were raised after RC1 was released which we had to address. Two key BC-breaking ones involved potential security issues around trusting X-Forwarded headers:
- #1559 – `Request::getIp()` has been removed
- #1570 – Inspection of `X-Forwarded-Proto` and `X-Forwarded-Host` headers in `Uri` have been removed
As these are related to the headers, the obvious solution to was to replace with middleware. I created rka-ip-address-middleware and rka-scheme-and-host-detection-middleware to provide the same functionality in a more controlled manner, though I’m sure other alternatives will arise as more people write PSR-7 middleware.
We also made a few improvements. My favourite one is with the way errors are handled when the Accept header is JSON or XML; our response is now in the correct format! This is very important for APIs and it is important to us that out-of-the-box, we are a good API citizen. Note that the error handler’s determination of the current accept header is simplistic and so is not exposed to your application. Please use Ryan Szrama’s NegotiationMiddleware for your application’s needs.
In this cycle we fixed a lot of issues, and are happy with the state of Slim 3. So happy, in fact, that we intend to release final next week unless someone finds a show-stopper!
If you have any interest in Slim or micro-frameworks, please test this release and report any issues that you find. We’d appreciate it!
