Taylor Otwell just announced the release of Laravel 11 on March 12, 2024, at Laracon EU, and we’ll definitely not miss a chance to share our thoughts on this notable update. It’s no surprise the new version comes with lots of new features and changes, and we are here to highlight some of the most important ones below. So get right in.
Simplified Application Structure
Taylor Otwell and Nuno Maduro have refined the application structure in Laravel 11. At its core, the new structure offers a cleaner, more intuitive framework for developers, minimizes clutter, and maintains Laravel’s signature flexibility. One standout feature is the revamped bootstrap/app.php file, which serves as a centralized location for configuring various aspects such as routing, middleware, and exception handling. This update simplifies applications’ anatomy and makes them better suited for handling complex requirements.
How Application Configuration is Simplified?:
return Application::configure(basePath: dirname(__DIR__)) ->withRouting( web: __DIR__.'/../routes/web.php', commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware) { // Custom middleware configurations here }) ->withExceptions(function (Exceptions $exceptions) { // Exception handling customizations })->create();
Redefining Service Providers
In Laravel 11, things are getting much simpler. Instead of dealing with five separate service providers, now there’s only one called AppServiceProvider. This means that tasks that used to be spread out across multiple providers are now either automatically handled by the framework, embedded within the bootstrap/app.php, or can be manually added to the AppServiceProvider if needed.
For example, event discovery is now activated by default, significantly reducing the manual effort required to register events and their listeners. If events need to be manually registered, it’s straightforward to do so within the AppServiceProvider. This change also applies to route model bindings and authorization gates, which used to be managed in the AuthServiceProvider but can now also be handled within the AppServiceProvider.
Opt-in API and Broadcast Routing
Laravel recognized the fact that not all applications require API or broadcasting capabilities out-of-the-box, so the new version removes the api.php and channels.php route files from the default installation. Instead, developers have the option to generate these files using simple Artisan commands, which provides a leaner structure for projects that don’t need these features from the start.
php artisan install:api
php artisan install:broadcasting
Cleaner Middleware Management
In Laravel 11, the middleware approach has been majorly updated. Before, a new Laravel application included nine middleware applications that were responsible for tasks like request authentication, input trimming, and CSRF token validation. In this latest release, these middleware have been integrated directly into the framework itself. This significantly reduces the application’s boilerplate code.
Additionally, customization of middleware behavior has been improved. New methods are introduced that can be called from the bootstrap/app.php file. This means you can tailor the way requests are handled to fit your specific application’s needs.
Scheduling and Exception Handling
Further simplifying its structure, Laravel 11 introduces the ability to define scheduled tasks directly within the routes/console.php file using the new Schedule facade. This eliminates the need for a separate console kernel class, making the task-scheduling process more straightforward.
Exception handling has also been reimagined. It’s now customizable via the bootstrap/app.php file. This consolidation significantly reduces the number of files in a new Laravel application and centralizes exception management, making it more manageable and intuitive.
A New Baseline for Application Defaults
By default, new Laravel applications in version 11 use SQLite for database storage and the database driver for sessions, cache, and queue management. This choice reflects a strategic move to allow developers to start their projects immediately after installation without the need for additional software setups or database migrations.
This decision is supported by the maturity and reliability of Laravel’s database drivers, which have demonstrated their effectiveness in production environments across various applications. By providing a unified default for both development and production, Laravel 11 presents a framework that is not only powerful and flexible but also easily accessible to developers of all skill levels.
Laravel Reverb: New Solution To Real-Time Interactions
Another notable feature introduced in Laravel 11 is Laravel Reverb, developed by Joe Dixon. This first-party, scalable WebSocket server seamlessly integrates with Laravel and simplifies real-time communication.
With Laravel Reverb, you can expect improved speed and the ability to scale horizontally via Redis, ensuring that your applications remain responsive and dynamic even during periods of high demand.
Starting Laravel Reverb:
php artisan reverb:start
Per-Second Rate Limiting
Introduced by Tim MacDonald, per-second rate limiting in Laravel 11 offers granular control over request throttling, which is beneficial for applications needing precise rate management. This feature extends Laravel’s capability to regulate traffic more precisely, preventing misuse while maintaining smooth service delivery.
Implementing Per-Second Rate Limiting:
RateLimiter::for('invoices', function (Request $request) { return Limit::perSecond(1); });
Health Routing
Health routing, a brainchild of Taylor Otwell, provides Laravel applications with a built-in mechanism to monitor their status. This feature is essential for maintaining high availability and consistent operation, especially in distributed environments like Kubernetes.
By default, the route is served at /up. When an HTTP request is sent to this route, Laravel will also trigger a DiagnosingHealth event – allowing additional health checks.
Graceful Encryption Key Rotation
The graceful encryption key rotation in Laravel 11 addresses a critical aspect of application security management: the updating of encryption keys without disrupting the user experience. Traditionally, changing an application’s encryption key presented significant challenges. It could force all users to log out and render previously encrypted data unreadable unless it was re-encrypted with the new key. This process was complicated and carried the risk of data loss.
Laravel 11’s approach simplifies this process remarkably. Developers can now specify a list of previous encryption keys in the application’s environment configuration using the APP_PREVIOUS_KEYS environment variable. This innovative feature means that Laravel will attempt to decrypt data using the current key first; if that fails, it will sequentially try each of the previous keys. This fallback mechanism ensures that data encrypted with older keys remains accessible, even after the keys have been rotated.
# Environment configuration APP_KEY=base64:newKeyHere APP_PREVIOUS_KEYS=base64:oldKey1,base64:oldKey2
Automatic Password Rehashing
Stephen Rees-Carter‘s contribution to Laravel 11, automatic password rehashing, represents a step forward in maintaining the security integrity of stored user passwords. Password hashing is crucial in web security, as it converts plain-text passwords into encrypted forms to protect user credentials from unauthorized access. However, with increasing computational power, these encrypted forms need periodic strengthening to prevent vulnerabilities.
Laravel 11 tackles this issue head-on by integrating automatic rehashing of user passwords. When the “bcryp”t work factor—a measure of the computational effort required to generate the hash—is adjusted upwards in the application’s configuration, Laravel automatically updates users’ password hashes upon their next login. This adjustment is done silently and requires no action from the user, which makes the application’s password-hashing security stronger against evolving threats.
Laravel 11: Final thoughts
Overall, Laravel 11 is more than just an update – it’s also a testament to the framework’s commitment to innovation, usability, and security. By taking advantage of these improvements and new features, Laravel developers will be able to create safer and more robust applications.