1.3.0-RC

Run composer self-update --preview to try this out!

• Added workaround for xdebug performance impact by restarting PHP without xdebug automatically in case it is enabled
• Added --minor-only to the outdated command to only show updates to minor versions and ignore new major versions
• Added --apcu-autoloader to the update/install commands and --apcu to dump-autoload to enable an APCu-caching autoloader, which can be more efficient than --classmap-authoritative if you attempt to autoload many classes that do not exist, or if you can not use authoritative classmaps for some reason
• Added summary of operations to be executed before they run, and made execution output more compact
• Added php-debug and php-zts virtual platform packages
• Added gitlab-token auth config for GitLab private tokens
• Added --strict to the outdated command to return a non-zero exit code when there are outdated packages
• Added ability to call php scripts using the current php interpreter (instead of finding php in PATH by default) in script handlers via @php ...
• Added COMPOSER_ALLOW_XDEBUG env var to circumvent the xdebug-disabling behavior
• Added COMPOSER_MIRROR_PATH_REPOS env var to force mirroring of path repositories vs symlinking
• Added COMPOSER_DEV_MODE env var that is set by Composer to forward the dev mode to script handlers
• Fixed support for git 2.11
• Fixed output from zip and rar leaking out when an error occured
• Removed hash from composer.lock, only content-hash is now used which should reduce conflicts
• Minor fixes and performance improvements

1.2.4

• Fixed regression in output handling of scripts from 1.2.3
• Fixed support for LibreSSL detection as lib-openssl
• Fixed issue with Zend Guard in the autoloader bootstrapping
• Fixed support for loading partial provider repositories

1.2.3

• Fixed bug in HgDriver failing to identify BitBucket repositories
• Fixed support for loading partial provider repositories

1.2.2

• Fixed selection of packages based on stability to be independent from package repository order
• Fixed POST_DEPENDENCIES_SOLVING not containing some operations in edge cases
• Fixed issue handling GitLab URLs containing dots and other special characters
• Fixed issue on Windows when running composer at the root of a drive
• Minor fixes

1.2.1

• Fixed edge case issues with the static autoloader
• Minor fixes

1.2.0

• Security: Fixed httpoxy vulnerability. This only affects people using Composer outside of the CLI
• Added caching of git repositories if you have git 2.3+ installed. Repositories will now be cached once and then cloned from local cache so subsequent installs should be faster
• Added detection of HEAD changes to the status command. If you git checkout X in a vendor directory for example it will tell you that it is not at the version that was installed
• Added a virtual php-ipv6 extension to require PHP compiled with IPv6 support
• Added --no-suggest to install and update commands to skip output of suggestions at the end
• Added --type to the search command to restrict to a given package type
• Added fossil support as alternative to git/svn/.. for package downloads
• Improved BitBucket OAuth support
• Added support for blocking cache operations using COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
• Added support for using declare(strict_types=1) in plugins
• Added --prefer-stable and --prefer-lowest to the require command
• Added --no-scripts to the require and remove commands
• Added _comment top level key to the schema to endorse using it as a place to store comments (it can be a string or array of strings)
• Added support for justinrainbow/json-schema 2.0
• Fixed binaries not being re-installed if deleted by users or the bin-dir changes. update and install will now re-install them
• Fixed home command to avoid rogue output on unix
• Many minor UX and docs improvements

1.2.0-RC

Run composer self-update --preview to try it out!

• Added caching of git repositories if you have git 2.3+ installed. Repositories will now be cached once and then cloned from local cache so subsequent installs should be faster
• Added detection of HEAD changes to the status command. If you git checkout X in a vendor directory for example it will tell you that it is not at the version that was installed
• Added a virtual ext-network-ipv6 extension to require PHP compiled with IPv6 support
• Added --no-suggest to install and update commands to skip output of suggestions at the end
• Added --type to the search command to restrict to a given package type
• Added fossil support as alternative to git/svn/.. for package downloads
• Improved BitBucket OAuth support
• Added support for blocking cache operations using COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
• Added support for using declare(strict_types=1) in plugins
• Added --prefer-stable and --prefer-lowest to the require command
• Added --no-scripts to the require and remove commands
• Added _comment top level key to the schema to endorse using it as a place to store comments (it can be a string or array of strings)
• Added support for justinrainbow/json-schema 2.0
• Fixed binaries not being re-installed if deleted by users or the bin-dir changes. update and install will now re-install them
• Many minor UX and docs improvements

1.1.3

• Fixed bitbucket oauth instructions
• Fixed version parsing issue
• Fixed handling of bad proxies that modify JSON content on the fly

1.1.2

• Fixed degraded mode issue when accessing packagist.org
• Fixed GitHub access_token being added on subsequent requests in case of redirections
• Fixed exclude-from-classmap not working in some circumstances
• Fixed openssl warning preventing the use of config command for disabling tls

1.1.1

• Fixed regression in handling of #reference which made it update every time
• Fixed dev platform requirements being required even in --no-dev install from a lock file
• Fixed parsing of extension versions that do not follow valid numbers, we now try to parse x.y.z and ignore the rest
• Fixed exact constraints warnings appearing for 0.x versions
• Fixed regression in the remove command