Craft 3.6 RC1, securing Craft assets, PHP 8 caution, and updates-a-go-go.
Hello again. Welcome to issue 125 of Craft Link List. This issue comes to you as the Thanksgiving holiday 🦃ends in the US. That might account for a fewer number of Craft-specific links in this issue, but there are still exciting things we'll cover that a Craft developer might find interesting.
Craft 3.6 RC1 is the top story in this issue. PHP 8 is another important update happening now, but when it comes to Craft + PHP 8, proceed with caution for the time being. Sprig has recently received an update, and there's news on the Let's Encrypt API. Also look for Chris Chapman‘s post on securing assets in Craft.
Thank you to the sponsors of this issue.
Fortrabbit is a preferred hosting provider for Craft CMS, offering a modern PHP application platform tailored for Craft, with Git deployments and Composer support. Try fortrabbit today.
Freeform 3.9 includes new Update Notices that alert you to updates to Freeform features you're using, critical security warnings, and even API integration changes to keep your site humming.
Let's hit the links.
Craft 3.6 Release Candidate 1
We're edging closer to Craft 3.6 with Release Candidate 1. I mentioned the following when the beta came out, but there are a couple of requirements to be aware of before you jump into 3.6.
- If you have a custom session driver, make sure you update it for Yii 2.0.29 compatibility.
- Craft now requires PHP 7.2.5 or later.
PHP: PHP 8.0.0 Release Announcement
PHP 8 is out and brings along “named arguments, union types, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and improvements in the type system, error handling,” and more.
PHP 8 is out BUT don’t update yet...
Brandon Kelly on Twitter:
"Wouldn’t recommend upgrading to it for #craftcms projects quite yet (even w/ 3.6.0-RC1) except for testing plugin compatibility. We are still waiting on a couple fixes to be merged/released, including this critical one for @yiiframework: https://github.com/yiisoft/yii2/pull/18407
Craft 3.5.16 released
Craft 3.5.16 was released last week as the current production build of Craft. Here's what you can look forward to.
- 🎇 Improved WebP support means you can transform your images into the webp format
- 👤 Accessibility, UI, and UX improvements
- 🛑new Twig variable:
- 🐛 Bug fixes
Standing on Our Own Two Feet - Let's Encrypt - Free SSL/TLS Certificates
If you rely on Let's Encrypt to create your TLS certificates, there's a change happening soon that you need to be aware of. Here are a few excerpts from the article linked above:
Some software that hasn’t been updated since 2016 (approximately when our root was accepted to many root programs) still doesn’t trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt.
Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate.
If you're on Heroku, for example, you've probably received an email that has encouraged you to go out and buy a certificate on your own instead of relying on Let's Encrypt for now.
Xdebug - Xdebug 3.0.0 is out!
Configuration changes, massive performance improvements, and PHP 8 support are the primary features in Xdebug 3.
When you're ready for this update, be sure to check out the update guide.
Craft CMS Hosting Partner
We like to automate ALL THE THINGS — except customer support.
Get started with a free trial today! And ask whenever you have any questions.
Tools, tips, and fundamentals
Sprig 1.1.0 adds Features & Security ⭐️
I don’t typically include updates to non-first-party content in the newsletter. Sprig is an exception to that rule because it might be "the best thing to come out of 2020."
</> htmx - high power tools for html
Apply project config on`git pull`
Git hooks “are programs you can place in a hooks directory to trigger actions at certain points in git’s execution.” If you use them on your Craft project, Jason Siffring shared a suggestion for applying your project config automatically by placing
project-config/apply in your
Interested? You might also want to check out Husky, which promises to make Git Hooks easy.
Perfecting your technique
nystudio107 | Updating Craft CMS Without Headaches ⭐️
Updating Craft CMS to the latest version doesn’t have to cause headaches. Here’s a prescription for how to update Craft CMS without pain.
General Config Settings | Same Site Cookie Value
A security topic came up in Discord a couple of weeks ago regarding the suggestion of hardening the
SameSite cookie setting in Craft. You can control that in Craft with the configuration setting mentioned in the docs at the link above. Setting it to
Lax won't cause any issues as far as Craft is concerned, "but there may be implications for the front-end of your site," said Brad Bell. If you updated your
sameSiteCookieValue, you'll want to read this SameSite Overview.
Securing Sensitive Craft CMS Assets with AWS Lambda ⭐️
In this article, Chris Chapman, from Clearfire, discusses how to protect uploaded Asset files from being publicly available at their Asset URLs, by using AWS Lambda. Useful for securing Asset URLs for intranets or authenticated users.
Redirect after saving an entry
Check out the Stack Exchange post for the question and answer and then read the Craft docs about the
Catch & resolve issues sooner with the new Dashboard & Update Notices
Freeform 3.9 includes a redesigned Dashboard and a new built-in Update Notices and What's New center to display notices and warnings, giving you some peace of mind as it keeps you informed about new features and issues that only specifically affect your site. Paired with Weekly Digest email notifications, this is a powerful feature that allows you to run your site on autopilot.
Hop Reveal gives site editors a quick and helpful visual cue to which server they are working on -- staging, development or production -- on both front-end and back-end website pages.
Marketplace for Craft Commerce
Make your Craft ecommerce site into a Marketplace: add payees to products, charge a fee for your platform, and handle payouts automatically via Stripe Connect.
The Craft Advantage
"Stumbled upon @CraftCMS" Twitter thread
The thread concludes with this:
The fact that this CMS is able to do headless with out of the box GraphQL support and a traditional template style combined with a really nice editing experience is so good.
Yii, Twig, PHP & More
Abuse dd() and superglobals
Liam Hammett shared a
dd_on function for PHP on Twitter. Basically, it's a
dd-like function that you can execute multiple times and have it return on a specified iteration. If you're using Xdebug, you don't need this.
The Grand Unification Proposal
This is not an appropriate venue to discuss replacing the entire web tech stack.
Tech twitter has been increasingly overwhelming
Yes, there is too much to learn. No one can know it all. Things change fast. You're in good company.
It’s not Craft, but it’s interesting.
Show your brand logo in Gmail easily by adding a BIMI record to your DNS
The Tweet above is how I found out about BIMI records. You can read about how to create them at the MX Toolbox page on BIMI Records. The BIMI Group also has a BIMI LookUp & Generator tool, if you want an alternative to MX Toolbox.
You'll need to create the correct type of SVG logo file. On this page about SVG Conversion Tools from the BIMI Group, you'll find tools for Windows, Mac, and Illustrator.
If you're looking for a tool to help you set up the DMARC record, which is required as part of the process, visit the DMARC Analyzer tool.
devMode.fm // The Chakra UI Component Library
Segun “Sage” Adebayo, the creator of the Chakra UI component library for React and Vue.js, joins the devMode crew to talk about how Chakra came to be, and how helping people has changed his life.
Did you get a new M1 Mac?
If you are tired of typing "arch -x86_64", they check out Matt Stauffer’s tip.
Also check out Matt’s testing of the dev tools many of us use day to day on his new M1 Mac.
HTTP Headers Chrome plugin
This Chrome plugin will show the headers of any page in an easy-to-access modal window.
Maizzle - Framework for Rapid Email Prototyping
Maizzle is a framework that helps you quickly build HTML emails with Tailwind CSS and advanced, email-specific post-processing.