Tomas Votruba has a new post to his site sharing a listing of some of the more useful and well-established development tooling for PHP and related technologies.

From coding standard tools, over static analysis to instant upgrade tools. This post is going to be a geeky history trip.

Which tool was first? How they build on shoulders of each other?

Are you a lazy programmer who wants to delegate as much work as possible to 3rd party code? Today, you'll become even lazier.

He breaks the article down into three sections, each with several tools linked under them:

• Coding Standard Tools
• Static Analysis Tools
• Instant Upgrade Tools

The items under each link to more information about the tool and provides a brief summary of how it helps you and your code. There's not any examples of them in use, though. You'll need to visit the project's page for more information about that.

On the Laravel News site there's a new post sharing information about an upcoming upgrade for the framework's date handling. In Laravel 5.8, there's plans to update the Carbon library to v2.

Thanks to Carbon maintainer @kylekatarnls you will be able to use Carbon 1.0 or Carbon 2.0 staring in Laravel 5.8. The update includes the ability to use Carbon immutable and even make your application use CarbonImmutable as the default.

[...] According to the laravel/framework pull request you can choose which class you want for dates “such CarbonImmutable, Chronos or simply DateTime.”

For those that want to transition to using some of the features Carbon v2 provides, they've linked to an upgrade guide and some information about how localization will change as a re result of the upgrade.

The Drupal project has announced a critical security vulnerability in the currently supported versions of the popular CMS: Drupal 7 and 8 (as well as v6). The announcement on the main Drupal site details the issues and provides a link to an FAQ with more detail about the issue.

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

[...] Drupal 8, 7, and 6 sites are affected. According to the Drupal project usage information this represents over one million sites or about 9% of sites that are running a known CMS according to Builtwith.

The issue could allow an attacker to take full control of the application and execute whatever code they'd want to on the server. They recommend upgrading immediately to safeguard your Drupal application. They also provide links to a guide on what to do if you are hacked and to the Drupal 6 patch (as well as steps you can take if you can't upgrade).

The Zend Framework blog has posted their official announcement of the release of Expressive version 3, the latest major release for the Zend Framework-based microframework based around PSR-15 middleware.

Expressive 3 embraces modern PHP, and requires PHP 7.1 or higher. Strong type-hinting, including return type hints, make both our job and your job easier and more predictable. The ability to use all modern PHP features helps us deliver a solid base for your application.

Expressive 3 provides full support for the PSR-15 (Middleware and Request Handlers) standard. [...] Expressive 3 massively refactors its internals as well. [...] Expressive 3 provides more command line tooling and tooling improvements in order to make developing your application easier.

[...] Finally, we recognize that Expressive has changed massively between versions 1 and 3, while simultaneously keeping its primary API stable and unchanged. However, to help users find the information they need for the version they run, we have rolled out versioned documentation, with each version providing only information specific to its release cycle.

The post also lists out some of the new components including zend-expressive-session, zend-expressive-csrf and zend-expressive-hal. There's also links to more information about upgrading, community resources and a "thank you" section to several people that helped get the project to this version 3 release.

On thePHP.cc site there's a post that talks about an upcoming PHP release, PHP 7.2, and why it's important despite it not having any amazing new features or too much in the way of major changes. There are a few things they mention, however, that make it seem a lot less boring.

A while ago, Sebastian said in a presentation that "PHP 7.2 will be a boring release". What he meant by that is that PHP 7.2 does not have an awful lot of fancy new features. Okay, adding the sodium extension to PHP's standard distribution is great, but the majority of PHP developers do not have to deal with cryptography in PHP on a daily basis.

[...] We are not so sure anymore that PHP 7.2 really is a boring release. As with every release in the 7 series, PHP keeps getting faster and faster. [...] The PHP core developers, again, did a great job cleaning up some more sins of the past. [...] Along with the cleanups that were already done, quite a few things have been deprecated in PHP 7.2, which schedules them for removal in PHP 8.

They talk about some of the changes coming with PHP 7.2 including the addition of libsodium support, smaller changes to variable handling and what's being done to prepare the language for the next major version, PHP 8. They also remind their readers that no version of PHP 5 - even 5.6 - is supported any longer (just security fixes now) and all current users of the language should upgrade to PHP 7.0+ immediately.

Those on OSX using PHP via Homebrew may be wondering how they can upgrade their systems to the latest version of the language, PHP 7.2. Fortunately, as Freek Van der Herten shows in this new post the upgrade process is just a few quick commands away.

PHP 7.2 was released almost two months ago. I decided to wait a bit until a stable version of Xdebug with PHP 7.2 compatibility was available. And that happened yesterday with the release of Xdebug 2.6.

To make the switch over to PHP 7.2 from 7.1 (or really any other PHP version) it's a simple matter of unlinking the current version and installing PHP 7.2 with the matching Xdebug package. He also includes the commands for installing the packages for Imagick and Redis handling.

On the main PHP.net site they've posted an announcement about the latest release in the PHP 7.1.x series: PHP 7.1.12:

The PHP development team announces the immediate availability of PHP 7.1.12. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.

Bugs in this released include issues in PHP's CLI handling, GD image manipulation, internationalization and reflection with Mysqli. You can find the full listing of issues fixed in the full Changelog. As always you can download this latest release from the main downloads page for the source packages and windows.php.net for the Windows binaries.

In a post to his site Adam Culp makes a recommendation to all of those running their applications on older versions of the language: stop the pain, get to PHP7.

So, now you may be asking, “What does [my football story] have to do with upgrading to PHP version 7?” The answer, because many are letting the pain of moving to PHP 7 prevent them from experiencing the pleasure and rewards.

PHP version 7.0 was released almost 2 years ago. (1 year 10 months to be exact.) And many are still running PHP version 5.something. As a matter of fact, PHP version 7.0 is already going to run out of active community support in only 1 month and will only receive security fixes for another year after that.

He then talks about some of the pains that usually come with upgrading, especially when the jump is a relatively large one (like from the 5.x world). He mentions the acclamation of limitations that is all too easy to get used to with older versions. He also covers some of the pleasures that come with PHP 7 including one of the most major ones: the instance performance boost it gives most applications.

On the Facile.it Engineering blog there's a recent post sharing some tips on how to gradually upgrade your PHPUnit tests to work with version 6 of the popular PHP unit testing tool.

In the latest months I wrote multiple times, in different projects, code migrating PHPUnit toward major version 6. This upgrade is harder than the previous one, since in this version it was introduced a big breaking change: all classes got (finally!) namespaced.

This means that any usage of those classes in your project needs to be updated. [...] In this article I will explain which steps I applied during those migrations, highlighting the most frequent hiccups.

He then start with "the easy one" to take care of the refactor: updating tests to replace the "PHPUnit_*" classes with the namespaced versions. With those out of the way, he talks about "the bumpy one" to handle: modifying test listeners to work with the new PHPUnit structure. Once these are taken care of you can then make the move up to PHPUnit 6 and PHP 7 (if you're not there already) full time.

On the SitePoint PHP blog Thomas Punt has returned with more pthreads knowledge and shows you a few things to watch out for when upgrading from pthreads v2 to v3. pthreads is a PHP extension that allows for better process handling directly from PHP than just the built in proc_* functions.

A fair amount has changed for the pthreads extension with the release of pthreads v3. This article aims to cover the necessary information for those who are looking to upgrade their applications from pthreads v2 to v3.

If you’re unfamiliar with pthreads, check out my introduction to pthreads instead!

He starts with some of the more generic changes in this latest version with the most major being that it can now only be used in the command-line environment. Other changes were made to workers, method modifiers and the removal of some classes and methods. He also mentions some of the methods that were changed and some new classes/methods that were added. Overall he's of the opinion that, while some of the changes could make for headaches in the transition, v3 of the extension has "received a nice cleanup and is looking ever better."