Version 4.1.5

Release Date: November 8, 2021

4.1.5 release of CodeIgniter4

BREAKING 

Fixed a bug on CSRF protection. Now CSRF protection works on PUT/PATCH/DELETE requests when CSRF filter is applied. If you use such requests, you need to send CSRF token.
In the previous version, if you didn’t provide your own headers, CURLRequest would send the request-headers from the browser, due to a bug. As of this version, it does not send them.
Fixed BaseBuilder::insertBatch() return value for testMode. Now it returns SQL string array instead of a number of affected rows. This change was made because of maintaining compatibility between returning types for batch methods. Now the returned data type for BaseBuilder::insertBatch() is the same as the updateBatch() method.
Major optimizations have been made to the way data is processed in BaseBuilder::insertBatch() and BaseBuilder::updateBatch() methods. This resulted in reduced memory usage and faster query processing. As a trade-off, the result generated by the $query->getOriginalQuery() method was changed. It no longer returns the query with the binded parameters, but the actual query that was run.

Added Cache config for reserved characters
The addForeignKey() function of the Forge class can now define composite foreign keys in an array
The dropKey function of the Forge class can remove key
Now _ can be used as separators in environment variable. See Namespace Separator.
Added Multiple filters for a route and Classname filter
Reduced memory usage of insertBatch() and updateBatch()
Added Session based CSRF Protection
Added valid_url_strict rule for Validation
Debug Toolbar
- Added formatted query string to timeline
- Improved keyword highlighting and escaping of query strings

Always escape identifiers in the set, setUpdateBatch, and insertBatch functions in BaseBuilder.

Deprecated CodeIgniter\\Cache\\Handlers\\BaseHandler::RESERVED_CHARACTERS in favor of the new config property

See the repo’s CHANGELOG.md for a complete list of bugs fixed.