Taylor Otwell just announced the release of Laravel 11 on March 12, 2024, at Laracon EU, and we’ll definitely not miss a chance to share our thoughts on this notable update. It’s no surprise the new version comes with lots of new features and changes, and we are here to highlight some of the most important ones below. So get right in. 

Simplified Application Structure

Taylor Otwell and Nuno Maduro have refined the application structure in Laravel 11. At its core, the new structure offers a cleaner, more intuitive framework for developers, minimizes clutter, and maintains Laravel’s signature flexibility. One standout feature is the revamped bootstrap/app.php file, which serves as a centralized location for configuring various aspects such as routing, middleware, and exception handling. This update simplifies applications’ anatomy and makes them better suited for handling complex requirements.

How Application Configuration is Simplified?:

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__.'/../routes/web.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        // Custom middleware configurations here
    })
    ->withExceptions(function (Exceptions $exceptions) {
        // Exception handling customizations
    })->create();

Redefining Service Providers

In Laravel 11, things are getting much simpler. Instead of dealing with five separate service providers, now there’s only one called AppServiceProvider. This means that tasks that used to be spread out across multiple providers are now either automatically handled by the framework, embedded within the bootstrap/app.php, or can be manually added to the AppServiceProvider if needed.

For example, event discovery is now activated by default, significantly reducing the manual effort required to register events and their listeners. If events need to be manually registered, it’s straightforward to do so within the AppServiceProvider. This change also applies to route model bindings and authorization gates, which used to be managed in the AuthServiceProvider but can now also be handled within the AppServiceProvider.

Opt-in API and Broadcast Routing

Laravel recognized the fact that not all applications require API or broadcasting capabilities out-of-the-box, so the new version removes the api.php and channels.php route files from the default installation. Instead, developers have the option to generate these files using simple Artisan commands, which provides a leaner structure for projects that don’t need these features from the start.

php artisan install:api

php artisan install:broadcasting

Cleaner Middleware Management

In Laravel 11, the middleware approach has been majorly updated. Before, a new Laravel application included nine middleware applications that were responsible for tasks like request authentication, ​​input trimming, and CSRF token validation. In this latest release, these middleware have been integrated directly into the framework itself. This significantly reduces the application’s boilerplate code.

Additionally, customization of middleware behavior has been improved. New methods are introduced that can be called from the bootstrap/app.php file. This means you can tailor the way requests are handled to fit your specific application’s needs.

Scheduling and Exception Handling

Further simplifying its structure, Laravel 11 introduces the ability to define scheduled tasks directly within the routes/console.php file using the new Schedule facade. This eliminates the need for a separate console kernel class, making the task-scheduling process more straightforward.

Exception handling has also been reimagined. It’s now customizable via the bootstrap/app.php file. This consolidation significantly reduces the number of files in a new Laravel application and centralizes exception management, making it more manageable and intuitive.

A New Baseline for Application Defaults

By default, new Laravel applications in version 11 use SQLite for database storage and the database driver for sessions, cache, and queue management. This choice reflects a strategic move to allow developers to start their projects immediately after installation without the need for additional software setups or database migrations.

This decision is supported by the maturity and reliability of Laravel’s database drivers, which have demonstrated their effectiveness in production environments across various applications. By providing a unified default for both development and production, Laravel 11 presents a framework that is not only powerful and flexible but also easily accessible to developers of all skill levels.

Laravel Reverb: New Solution To Real-Time Interactions

Another notable feature introduced in Laravel 11 is Laravel Reverb, developed by Joe Dixon. This first-party, scalable WebSocket server seamlessly integrates with Laravel and simplifies real-time communication. 

With Laravel Reverb, you can expect improved speed and the ability to scale horizontally via Redis, ensuring that your applications remain responsive and dynamic even during periods of high demand.

Starting Laravel Reverb:

php artisan reverb:start

Per-Second Rate Limiting

Introduced by Tim MacDonald, per-second rate limiting in Laravel 11 offers granular control over request throttling, which is beneficial for applications needing precise rate management. This feature extends Laravel’s capability to regulate traffic more precisely, preventing misuse while maintaining smooth service delivery. 

Implementing Per-Second Rate Limiting:

RateLimiter::for('invoices', function (Request $request) {
    return Limit::perSecond(1);
});

Health Routing

Health routing, a brainchild of Taylor Otwell, provides Laravel applications with a built-in mechanism to monitor their status. This feature is essential for maintaining high availability and consistent operation, especially in distributed environments like Kubernetes.

By default, the route is served at /up. When an HTTP request is sent to this route, Laravel will also trigger a DiagnosingHealth event – allowing additional health checks.

Graceful Encryption Key Rotation

The graceful encryption key rotation in Laravel 11 addresses a critical aspect of application security management: the updating of encryption keys without disrupting the user experience. Traditionally, changing an application’s encryption key presented significant challenges. It could force all users to log out and render previously encrypted data unreadable unless it was re-encrypted with the new key. This process was complicated and carried the risk of data loss.

Laravel 11’s approach simplifies this process remarkably. Developers can now specify a list of previous encryption keys in the application’s environment configuration using the APP_PREVIOUS_KEYS environment variable. This innovative feature means that Laravel will attempt to decrypt data using the current key first; if that fails, it will sequentially try each of the previous keys. This fallback mechanism ensures that data encrypted with older keys remains accessible, even after the keys have been rotated.