€0.00 — free as in speech Cache: warm · Deploys: fair, 0% rollbacks expected Page A1

The Daily Commit

Dev news, typeset daily — PHP · AI · The Wider Stack

Motto of the day

“PHP 8.6 deprecates code, AI deprecates trust”

generated from today’s headlines by the motto desk

Saturday, July 11, 2026 Vol. I — No. 035 EN DE FR ES

PHP · The Lead · RFC Watch

RFC: Duration class

An RFC is open for discussion and vote on the PHP internals list proposing a new Duration class. The proposal draws inspiration from Java, Rust and Temporal while defining requirements based on PHP-specific constraints and practical experience with date and time handling.

continued: summary & source

curated by Georg

PHP · RFC Watch

[RFC] Pipe Assignment Operator

The RFC proposes a compound assignment form of the pipe operator: $x |>= callable becomes shorthand for $x = $x |> callable. Chaining is supported. An implementation including tests has been submitted as a pull request against php-src, and discussion is open on the internals list.

curated by Georg

PHP · RFC Watch

[RFC] Readonly Property Defaults

Proposal to allow default values on readonly class properties, enabling strict contracts with constant-like behaviour that cannot change at runtime. The RFC introduces a minimal change to permit initialization of readonly properties without constructor assignment, strengthening type safety and reducing boilerplate in implementations.

curated by Heiko


Ad — php-net.pro · in our own cause

Ad · php-net.pro

Reach 145,000+ PHP developers.

Sponsored posts on @php_net — the largest independent PHP account on X. From €399 net, booked online in minutes: write, preview, schedule, pay.

Book a post →

◇ this ad position rotates with every refresh · plus VAT where applicable


PHP · RFC Watch

RFC: Deprecations for PHP 8.6

An RFC proposes multiple deprecations targeting PHP 8.6. Discussion on the internals list focuses on the absence of impact analysis for existing code in many proposals. Contributors debate the need for systematic assessment before removing features and suggest using tools such as PHPCompatibility to evaluate real-world effects across codebases.

curated by Georg

PHP · Security

FrankenPHP 1.12.4 – Security & Stability Hardening

FrankenPHP 1.12.4 closes HTTP header spoofing via underscore collision, bundles Caddy 2.11.4 and Mercure 0.24.2 security patches, and fixes worker-mode crashes and data races. The CGI dash-to-underscore mapping allowed attackers to forge headers; Caddy now strips underscores at server layer. All users should upgrade immediately.

curated by Heiko

PHP · Releases

Composer 2.10.2

Composer 2.10.2 delivers multiple security fixes: package name validation, protection against path traversal in bin paths, sanitization of credentials in verbose output, stricter redirect handling, and prevention of phar metadata unserialization. Additional changes include retry logic for GitHub downloads, improved audit output, self-update warnings for EOL versions, and several bug fixes.

curated by Georg

The Wider Stack

Dev · Security

Django releases 6.0.7 and 5.2.16 to fix security issues

Django has released versions 6.0.7 and 5.2.16 to address three low-severity security issues across supported branches. The fixes cover a cached Set-Cookie exposure risk, a heap buffer over-read in GDALRaster, and a header injection possibility in DomainNameValidator. Users are advised to upgrade pro…

curated by Charlie


Situations Vacant — PHP

coming soon

A short list, chosen by hand — not scraped by keyword. The jobs desk opens this autumn.

a Job.bo integration · every listing read by a human before it prints