1.2.4

• Fixed regression in output handling of scripts from 1.2.3
• Fixed support for LibreSSL detection as lib-openssl
• Fixed issue with Zend Guard in the autoloader bootstrapping
• Fixed support for loading partial provider repositories

1.2.3

• Fixed bug in HgDriver failing to identify BitBucket repositories
• Fixed support for loading partial provider repositories

1.2.2

• Fixed selection of packages based on stability to be independent from package repository order
• Fixed POST_DEPENDENCIES_SOLVING not containing some operations in edge cases
• Fixed issue handling GitLab URLs containing dots and other special characters
• Fixed issue on Windows when running composer at the root of a drive
• Minor fixes

1.2.1

• Fixed edge case issues with the static autoloader
• Minor fixes

1.2.0

• Security: Fixed httpoxy vulnerability. This only affects people using Composer outside of the CLI
• Added caching of git repositories if you have git 2.3+ installed. Repositories will now be cached once and then cloned from local cache so subsequent installs should be faster
• Added detection of HEAD changes to the status command. If you git checkout X in a vendor directory for example it will tell you that it is not at the version that was installed
• Added a virtual php-ipv6 extension to require PHP compiled with IPv6 support
• Added --no-suggest to install and update commands to skip output of suggestions at the end
• Added --type to the search command to restrict to a given package type
• Added fossil support as alternative to git/svn/.. for package downloads
• Improved BitBucket OAuth support
• Added support for blocking cache operations using COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
• Added support for using declare(strict_types=1) in plugins
• Added --prefer-stable and --prefer-lowest to the require command
• Added --no-scripts to the require and remove commands
• Added _comment top level key to the schema to endorse using it as a place to store comments (it can be a string or array of strings)
• Added support for justinrainbow/json-schema 2.0
• Fixed binaries not being re-installed if deleted by users or the bin-dir changes. update and install will now re-install them
• Fixed home command to avoid rogue output on unix
• Many minor UX and docs improvements

1.2.0-RC

Run composer self-update --preview to try it out!

• Added caching of git repositories if you have git 2.3+ installed. Repositories will now be cached once and then cloned from local cache so subsequent installs should be faster
• Added detection of HEAD changes to the status command. If you git checkout X in a vendor directory for example it will tell you that it is not at the version that was installed
• Added a virtual ext-network-ipv6 extension to require PHP compiled with IPv6 support
• Added --no-suggest to install and update commands to skip output of suggestions at the end
• Added --type to the search command to restrict to a given package type
• Added fossil support as alternative to git/svn/.. for package downloads
• Improved BitBucket OAuth support
• Added support for blocking cache operations using COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
• Added support for using declare(strict_types=1) in plugins
• Added --prefer-stable and --prefer-lowest to the require command
• Added --no-scripts to the require and remove commands
• Added _comment top level key to the schema to endorse using it as a place to store comments (it can be a string or array of strings)
• Added support for justinrainbow/json-schema 2.0
• Fixed binaries not being re-installed if deleted by users or the bin-dir changes. update and install will now re-install them
• Many minor UX and docs improvements

1.1.3

• Fixed bitbucket oauth instructions
• Fixed version parsing issue
• Fixed handling of bad proxies that modify JSON content on the fly

1.1.2

• Fixed degraded mode issue when accessing packagist.org
• Fixed GitHub access_token being added on subsequent requests in case of redirections
• Fixed exclude-from-classmap not working in some circumstances
• Fixed openssl warning preventing the use of config command for disabling tls

1.1.1

• Fixed regression in handling of #reference which made it update every time
• Fixed dev platform requirements being required even in --no-dev install from a lock file
• Fixed parsing of extension versions that do not follow valid numbers, we now try to parse x.y.z and ignore the rest
• Fixed exact constraints warnings appearing for 0.x versions
• Fixed regression in the remove command

1.1.0

• Added ability for plugins to register their own composer commands
• Added BaseCommand::isProxyCommand that can be overriden to mark a command as being a mere proxy, which helps avoid duplicate warnings etc on composer startup
• Optimized the autoloader initialization using static loading on PHP 5.6 and above, this reduces the load time for large classmaps to almost nothing
• Added --latest to show command to show the latest version available of your dependencies
• Added --outdated to show command an composer outdated alias for it, to show only packages in need of update
• Added --direct to show and outdated commands to show only your direct dependencies in the listing
• Added support for editing all top-level properties (name, minimum-stability, ...) as well as extra values via the config command
• Added abandoned state warning to the show and outdated commands when listing latest packages
• Added support for ~/ and $HOME/ in the path repository paths
• Added support for wildcards in the show command package filter, e.g. composer show seld/*
• Added ability to call composer itself from scripts via @composer ...
• Added untracked files detection to the status command
• Added warning to validate command when using exact-version requires
• Added warning once per domain when accessing insecure URLs with secure-http disabled
• Added a dependency on composer/ca-bundle (extracted CA bundle management to a standalone lib)
• Added support for empty directories when archiving to tar
• Added an init event for plugins to react to, which occurs right after a Composer instance is fully initialized
• Added fallback to SSH for https bitbucket URLs
• Added many new detections of problems in the why-not/prohibits command to figure out why something does not get installed in the expected version
• Added a deprecation notice for script event listeners that use legacy script classes
• Fixed abandoned state not showing up if you had a package installed before it was marked abandoned
• Fixed --no-dev updates creating an incomplete lock file, everything is now always resolved on update
• Fixed partial updates in case the vendor dir was not up to date with the lock file
• Fixed archiving generating long paths in zip files on Windows