Here's what was popular in the PHP community one year ago today:

• PHPUgly Podcast: Episode 99 - Revert This Show

• Exakat Blog: Largest PHP applications (2018)
• Ivan Enderlin: How Automattic (WordPress.com & co.) partly moved away from PHPUnit to atoum?
• Zend Framework Blog: Expressive 3!
• Tomas Votruba: How to Criticize like a Senior Programmer
• Sergey Zhuk: Fast Web Scraping With ReactPHP. Part 2: Throttling Requests
• StarTutorial.com: Understanding Design Patterns - Abstract Factory
• Zend Framework Blog: Async Expressive? Try Swoole!
• Delicious Brains Blog: Hey WordPress Plugin Developers, Stop Supporting Legacy PHP Versions In Your
• QuickerWP.com: Make your WordPress blog fly with these speedy plugins and tweaks
• Symfony Blog: Diversity initiative update
• TutsPlus.com: Deploy PHP Web Applications Using Laravel Forge
• Christoph Rumpel: Laravel Response Caching and CSP
• Pehapkari.cz: Domain-Driven Design - Alternative Relational Database Mapping
• Laravel News: Getting Started with Signed Routes in Laravel
• That Podcast: Episode 49: The One Where the Events Are the Sauce and Not the Meat
• Laravel News Podcast: Episode 59 - Scaling Laravel, testing Vue components, and model events
• Maatwebsite: Laravel Excel - Lessons Learned
• Christop Rumpel: Content Security Policy, Hash-Algorithm and Turbolinks

Latest PECL Releases:

• ahocorasick 0.0.6
  Version fixes

• ahocorasick 0.0.5
  Memory handling fixes in the match result fixes. Minor test and code fixes. PHP 7.3, 7.4 support added.
• ahocorasick 0.0.4
  Initial release
• ahocorasick 0.0.3
  Initial release
• redis 4.3.0
  phpredis 4.3.0

  This is probably the latest release with PHP 5 suport!!!

  • Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko)
  • RedisArray auth [b5549cff, 339cfa2b, 6b411aa8] (Pavlo Yatsukhnenko)
  • Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko)
  • Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder)
  • Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder)
  • Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko)
  • Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko)
  • Xgroup updates [15995c06] (Michael Grunder)
  • RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko)
  • Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko)
  • Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko)
  • Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko)
  • Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius)
  • Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko)
  • Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko)
  • Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp)
  • Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder)
  • Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko)
  • Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko)
  • Masters info leakfix [91bd7426] (Michael Grunder)
  • Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko)
  • Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko)
  • Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee)
  • Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder)
• swoole 4.3.1
  Enhancement --- * After `Server` enabled `ssl_verify_peer`, the client without the certificate will be forcibly disconnected (31a038f) (@shiguangqi) * `MySQLStatement::execute` can accept null arguments (0207ebc) (@twose) * Now part of the fatal error message caused by illegal code will show the call stack trace, the warning will be more friendly (such as calling the coroutine method outside the coroutine) (@twose)

  Fixed

  • FixedswSignalfd_set unexpected result (#2397) (@junwei-qu)
  • Fixed Socks5proxy memory error (9dd0b7c) (@twose)
  • FixedRedis backward compatibility (connect timeou configuration does not work) (21f34cc) (@twose)
  • Fixed Server reload BUG (31a038f) (@shiguangqi)
  • Fixed CoHttpClient with defer mode and call recv with the timeout agrument but timeout does not work (2c1cd83) (@twose)
  • Fixed call the coroutine method out side the coroutine core dump (2bf6b09) (@twose)
  • Fixed Swoole + PHP73 with pcre.jit on MacOS core dump (17ccaf3) (@twose)
  • Fixed build failed on 32-bit env (#2411) (@twose)
  • Fixed CoSocket construct failed (@twose)
  • FixedProcessPool system msg queue not work (#2424) (@matyhtf)
  • Fixed user and group configurations not work in Server with BASE mode (#2402) (@matyhtf)
  • Fixed CoMySQL connect timeout coredump on low version of Linux (d6736e4) (@twose)

Latest PEAR Releases:

• Console_Getopt 1.4.2
  

• pearweb_phars 1.10.14
  
• PEAR 1.10.8
  
• pearweb_phars 1.10.13
  
• PEAR 1.10.9
  
• Text_Wiki 1.2.3
  

Here's what was popular in the PHP community one year ago today:

• Andrew Embler: Automated Dependency Injection Using Containers

• Matthew Setter: First Experiences with Symfony 4 & the Symfony Community
• PHPUgly Podcast: Episode 98 - Ethical Dilemmas
• Laravel News: Getting Started with Laravel Model Events
• Three Devs & A Maybe: The Power of Composition with Scott Wlaschin
• Sebastian De Deyne: Server side rendering JavaScript from PHP
• Yappa Blog: (En)queue Symfony console commands
• Tomas Votruba: Why is Collector Pattern so Awesome
• Marc Baker: Discharging Static #1
• Sergey Zhuk: Amp Promises: Using Router With ReactPHP Http Component
• Laravel News: Testing Vue components with Laravel Dusk
• Christoph Rumpel: Content Security Policy 101
• Pineco.de: Frequently Asked Questions About Laravel based APIs

Latest PECL Releases:

• zookeeper 0.6.4
  Bugs:
  • Fix segmentation fault after destroying Zookeeper instance (Issue #32)
• datadog_trace 0.15.1
  ### Added - Symfony 2.3 web tests for resource name #349 - Update images and enable leak detection, split tests in CI to Unit, Integration and Web #299

  Fixed

  • Resource name on Symfony 2.x requests served through controllers #341
  • Sanitize url in web spans #344
  • Laravel 5.8 compatibility #351
• zookeeper 0.7.1
  Bugs: - Fix segmentation fault after destroying Zookeeper instance (Issue #32)
• xdebug 2.7.0
  Wed, Mar 6, 2019 - xdebug 2.7.0

  = Fixed bugs:

  • Fixed issue #1520: Xdebug does not handle variables and properties with "-" in their name
  • Fixed issue #1577: Code coverage path analysis with chained catch fails in PHP 7.3
  • Fixed issue #1639: Compile warning/error on GCC 8 or Clang due to "break intentionally missing"
  • Fixed issue #1642: Debugger gives: "Warning: Header may not contain NUL bytes"
• redis 4.3.0RC2
  phpredis 4.3.0RC2

  This is probably the latest release with PHP 5 suport!!!

  • Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko)
  • RedisArray auth [b5549cff, 339cfa2b, 6b411aa8] (Pavlo Yatsukhnenko)
  • Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko)
  • Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder)
  • Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder)
  • Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko)
  • Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko)
  • Xgroup updates [15995c06] (Michael Grunder)
  • RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko)
  • Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko)
  • Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko)
  • Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko)
  • Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius)
  • Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko)
  • Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko)
  • Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp)
  • Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder)
  • Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko)
  • Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko)
  • Masters info leakfix [91bd7426] (Michael Grunder)
  • Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko)
  • Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko)
  • Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee)
  • Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder)
• swoole 4.3.0
  New Features --- + `Co::getContext` to get the coroutine context object ([RFC-1018](https://github.com/swoole/rfc-chinese/issues/45)) (@twose) + `Co::getPcid` to get the parent coroutine ID ([RFC-1017](https://github.com/swoole/rfc-chinese/issues/41)) (@twose) + `Co::exists` to know if a coroutine exists (@twose) + Runtime Coroutine Hook supports `stream_select` (#2358) (@matyhtf) + `max_wait_time` configuration support in BASE mode (#2282) (@shiguangqi) + Support for one-way delivery tasks in the `Master/Manager/User` process ([RFC-1015](https://github.com/swoole/rfc-chinese/issues/38)) (@matyhtf) + `CoSocket` has two new APIs `recvAll` and `sendAll` to ensure complete receive/send data until completion or error (3700cbb) (@twose) + `Process` supports the coroutine mode, please refer to ([Use Coroutine in Process](https://wiki.swoole.com/wiki/page/p-process_coro.html)) + `Process->exportSocket` to export `CoSocket` object (91d3621) (@matyhtf) + Added `Server->getCallback` method to get the callback function of the specified name of the Server (@matyhtf)

  Enhancement

  • The default max number of connections is 100K (instead of 10K) now. If the system configuration is less than this number, use the system configuration first (3d2e387) (@twose)
  • Optimize the code for the Timer module, which now runs faster and accepts any number of arguments (#2347) (@twose)
  • Co::stats will show more information such as the number of events, the number of registered signals, the number of AIO tasks, etc. (@matyhtf)
  • Co::getBackTrace with no params is equivalent to debug_backtrace (@twose)
  • Co::listCoroutines is renamed to Co::list, but the original name is still reserved as an alias (Backward compatibility) (@twose)
  • Table::exist, Server::exist are renamed to exists, but the original name is still reserved as aliases (Backward compatibility) (@twose)
  • Redis will automatically authenticate and select the corresponding database when it is automatically reconnected. Add API: getOptions, getAuth, getDBNum (#2303) (fdac8a3) (@windrunner414 & @twose)
  • The default Socket buffer size on FreeBSD should be 2M (750a29c) (@twose)
  • Server->stats will show worker_dispatch_count which can get the number of requests submitted by the master to the current process. The number of requests in the queue can be got by worker_dispatch_count - worker_request_count (a353808) (@matyhtf)
  • Remove Nghttp2 dependencies, no longer need to install it, configuring compilation parameters to open
  • Coroutines now have no max nesting level limitation (there are no real nesting relations between coroutines) (5458cbc) (@twose)
  • When the coroutine reaches the max limitation, the HTTP server will return a 503 error indicating that the service is temporarily unavailable (ebd377f) (@twose)
  • defer will now accept a parameter whose value is the return value at the end of the coroutine (example) (@twose)

  Fixed

  • Fixed error when the task method passed a null argument (#2366) (@twose)
  • Fixed Http client send big data incomplete (#2360) (@twose)
  • Fixed the bug that unprocessed data in the buffer was lost when the TCP client used the eof protocol (a59ae39) (@twose)
  • Fixed async security of Server Reload (022f859) (@matyhtf)
  • Fixed the index value of the connection iterator (b066146) (@twose)
  • Fixed the bug that Set-Cookie special characters are too long to be outputed (#2368) (@mabu233 & @twose)
  • Fixed the bug that Http client did not decode the cookie (duplicated encode when sent) (069ca5d) (@twose)
  • Fixed Http client download with timeout lead to coredump (#2377) (@matyhtf & @twose)
  • Fixed __call and call_user_func* lead to coredump when calling MySQL client method (#2387) (@matyhtf)
  • Fixed coredump when Http2 client header name passed in a number (#2375) (@mabu233)
  • Fixed SwooleEvent::dispatch behavior not as expected (#2390) (@matyhtf)
  • Fixed Socks5 proxy handshake failed (94ef96c) (@twose)
  • Fixed a memory read error caused by a connection failure in a low-version Linux kernel (5adf625) (@matyhtf & @twose)
  • Fixed the bug that the server used the timer in the BASE single-process mode not work (82eca13) (@twose)
  • Fixed compilation failure due to unstable ZendAPI in low-version (768b8a7) (@shiguangqi)
  • Fixed EINVAL when calling sendto (#2395) (@junwei)

  Unsupported

  • Create server or customs process after using async file IO are not allowed
  • Create server or customs process in coroutine are not allowed

  Removed

  • WebsocketServer->exists only shows if the connection exists. Please use the isEstablished method to get if it is a Websocket client.
  • Remove the swoole.fast_serialize configuration item
  • Removed the PHP Warning when the CoClient method return failed
  • Remove the Server->gzip method
  • Remove PicoHttpParser support

  Remove async modules

  Remove all async modules, separate asynchronous extensions to async-ext:

  • Async functions
  • MySQL
  • Redis
  • HttpClient
  • MemoryPool
  • MsgQueue
  • RingQueue

Here's what was popular in the PHP community one year ago today:

• Algotech Solutions: Converting to another web framework: Basic apps in Symfony and Django

• Laravel News Podcast: Episode 57 - Laravel 5.6, Spark 6.0, and framework helpers
• Nathan Dench: BrisPHP News - 1 March 2018
• Script-Tutorials.com: Design Patterns in PHP
• Laravel News: User Defined Schedules in Laravel
• Andrew Embler: A Concrete Guide to Dependency Injection
• Laravel News: Navigating a New Laravel Codebase
• Frank de Jonge: Being in control of time in PHP
• Derick Rethans: Analemmas
• Zend Framework Blog: Expressive 3.0.0RC2 released
• PHP.net: Multiple Versions Released - 7.1.15, 5.6.34 & 7.2.3
• Matthias Noback: Mocking at architectural boundaries: the filesystem and randomness
• Scotch.io: Build A Telegram Bot with Laravel and BotMan
• Voices of the ElePHPant: It’s the Booze Talking - Frameworks
• Laravel News: Real-time messaging with Nexmo and Laravel

Latest PECL Releases:

• protobuf 3.7.0
  GA release.

• parallel 0.8.2
  - fix bugs in copying literals
• datadog_trace 0.14.1
  ### Fixed - Large number of mysqli spans not containing relevant information #330
• gRPC 1.19.0
  - gRPC C Core 1.19 uptake
• zookeeper 0.7.0
  Improvements: - Make parameter 'acls' of method 'create' optional - Add static method 'dispatch' - Drop PHP-5 support (Issue #14) Bugs: - Fix segmentation fault found in PHP 7.3
• datadog_trace 0.14.0
  ### Added - Loading of integrations before knowing if the library will be actually used #319 - Ability to define tracing for not yet defined methods and classes #325

Popular posts from PHPDeveloper.org for the past week:

• php[architect]: Episode 16 - Remotely Working

• Sergey Zhuk: Building a RESTful API Using ReactPHP and MySQL
• Rob Allen: Using img2lambda to publish your Serverless PHP layer
• Christian Scheb: PHPStorm Inspections for your Continuous Integration Process
• Snyk.io: The State of Open Source Security Report 2019
• Leonid Mamchenkov: Refactoring.Guru : Design Patterns + PHP
• Michelangelo van Dam: Documentation of a project
• Tomas Votruba: 5 Tips to Effective Work with Github Repository
• Tomas Votruba: How we Migrated from Nette to Symfony in 3 Weeks - Part 1

Here's what was popular in the PHP community one year ago today:

• CloudWays Blog: Getting Started With Vue.Js In Symfony

• php[architect]: March 2018 Issue Released - Long Running PHP
• Kinsta Blog: The Definitive PHP 5.6, 7.0, 7.1, 7.2 & HHVM Benchmarks (2018)
• That Podcast: Episode 48: The One Without All the CSS
• Pehapkari.cz: Domain-Driven Design - Repository
• Tomas Votruba: Rector: Part 2 - Maturity of PHP Ecosystem and Founding Fathers
• Tomas Votruba: How to change PHP code with Abstract Syntax Tree
• Pineco.de: Little Snippets to Keep Your Code Cleaner
• GitHub Blog: Quickly review changed functions in your PHP pull requests
• Joe Ferguson: Laravel Homestead – The missing manual part 1 – Site Parameters
• TutsPlus.com: Eloquent Mutators and Accessors in Laravel
• Cees-Jan Kiewiet: Smoke testing ReactPHP applications with Cigar
• Laravel News: Data-driven testing with PHPUnit
• Zend Framework Blog: Expressive 3.0.0RC1 is now ready!
• Christoph Rumpel: Build a newsletter chatbot in PHP (Part 1 & 2)
• Laravel News: LaravelLive India 2018
• Websec.io: Using Canaries for Input Detection and Response
• php[architect] Podcast Episode 7: Know Your Tools
• Sergey Zhuk: Working With FileSystem In ReactPHP

On the Snyk.io site they've announced the release of their State of Open Source Security Report for 2019. In this report they talk about packages and managers outside of the PHP ecosystem, but there's also plenty in there about general Open Source security, regardless of the technology used.

We’ve seen big technology players doubling-down on open source in 2018. In every registry we reviewed, we saw an increasing rate of open source libraries being indexed in every language ecosystem. This is to be expected, but the rate of growth may come as a surprise to many.

[...] In 2017 the CVE list reported more than 14,000 vulnerabilities, breaking the record for the most CVEs reported in a single year. 2018 continued the record-breaking streak with over 16,000 vulnerabilities reported.

We can see how open source package growth translates into user adoption when looking at the download numbers for various packages in different ecosystems.

They specifically cover packages in the Node.js, Python and Java worlds but the same principles apply to PHP and Composer packages too. There's a few other related posts that go into more detail on the vulnerability increases, the desire for Open Source developers to be security-minded and other topics. You can get all of the information in one place, though: the PDF version of the report.