Release Notes
This page is a curated layer over the raw authoritative
CHANGELOG.md. For complete detail (including every Added/Changed/Removed/Fix line) consult the full changelog.
v1.53.0 - Nunki
Released: June 8, 2026
A backward-compatible release that adds two generic, chainable database extension seams — so extensions can enforce scopes, narrow queries, or veto statements without patching core — and folds in four bug fixes uncovered while building the upcoming glueful/tenancy extension. Both seams are no-ops on a plain install (zero behavior change). No env vars, no migrations, no breaking changes; composer update glueful/framework suffices.
Key Highlights
Chainable DB Extension Seams (interceptors + table hooks)
Four Bug Fixes (queue deserialization, write-path, container)
Migration Notes
- No action required.
composer update glueful/frameworkpicks up 1.53.0. No new env vars, no migrations, no API breaks; the seams are opt-in and inert unless an extension registers a hook. - The api-skeleton
^1.52.0constraint already permits 1.53.0 — no skeleton changes ship in this release.
composer update glueful/framework
v1.52.0 - Mizar
Released: June 7, 2026
A coordinated breaking release that makes core lean: four subsystems move out of the framework into standalone, opt-in glueful/* extensions, each behind a narrow seam core consumes only if bound. Archive → glueful/archive, CDN / edge-cache → glueful/cdn, queue operations (supervision / autoscaling / worker-metrics) → glueful/queue-ops, and rich media (image processing / thumbnails / metadata) → glueful/media. A plain core install boots, serves uploads, runs a lean single-worker queue:work, and caches responses with none of these subsystems' heavy dependencies present — intervention/image and james-heinrich/getid3 are removed from core. Every subsystem is restored with a single composer require. See the migration notes.
Key Highlights
Archive & CDN / Edge-Cache Extracted (seam-backed)
Queue Ops Extracted; Core Ships a Lean Worker
Rich Media Extracted; Uploads Stay in Core
Migration Notes
- Restore any subsystem with one
composer require(auto-discovered viaextra.glueful):glueful/archive,glueful/cdn,glueful/queue-ops,glueful/media. Runphp glueful migrate:runfor those that ship schema (archive). - Refresh the production command manifest on deploy. This release removes the core
archive:manage,cache:purge, andqueue:autoscalecommands; astorage/cache/glueful_commands_manifest.phpgenerated before the upgrade still references them and breaks CLI boot. Runphp glueful commands:cache --clear—php glueful cache:cleardoes not clear the command manifest. - No-extension behavior is graceful, not fatal. Seams degrade to no-ops/defaults:
NullEdgeCache(response caching still emits surrogate keys), leanqueue:work, type-only media metadata + original-served variants. Removed helpers/commands (image(),queue:autoscale, thequeue:worksub-actions) are absent (function/command-not-found), not error-printing stubs. - Namespace maps (when restoring an extension and updating app code):
Glueful\Services\ImageProcessor→Glueful\Extensions\Media\ImageProcessor;Glueful\Cache\EdgeCacheService→Glueful\Extensions\Cdn\EdgeCachePurger;Glueful\Queue\Monitoring\WorkerMonitor→Glueful\Extensions\QueueOps\Monitoring\WorkerMonitor;Glueful\Services\Archive\*→Glueful\Extensions\Archive\*. Full maps in the frameworkUPGRADE.md. - No new framework env vars, no core migrations. The api-skeleton is bumped to
^1.52.0and ships lean (extensions are opt-in; its publishedconfig/image.php,cache.edge,queue.workers.*ops blocks, andcapabilities.archivewere removed).
composer update glueful/framework
# then, to restore what you use:
composer require glueful/media glueful/queue-ops glueful/cdn glueful/archive
php glueful commands:cache --clear
v1.51.0 - Larawag
Released: June 6, 2026
A five-part refinement of the core notification subsystem. The framework now ships a real in-app database channel (the default ['database'] channel resolves end-to-end instead of failing as channel_not_found), validates channels at dispatch rather than construction, makes persistence optional and safe (NOTIFICATIONS_DATABASE_STORE=false), abstracts async queue dispatch behind an injectable seam, adds structured channel results (NotificationResult), and routes all channel registration through one extension boot() path. Mostly additive — but two deliberate breaking changes land in channel registration/dispatch. See the migration notes.
Key Highlights
Real database Channel + Dispatch-Time Validation
Optional, Safe Persistence + Injectable Async Queue
Structured Results + Extension-Driven Registration
Migration Notes
- Breaking:
ChannelManagerchannel-name methods renamed (no aliases). ReplacegetAvailableChannels()withgetRegisteredChannelNames(); for only the currently-available channels' names, use the newgetActiveChannelNames().getActiveChannels()(returning channel objects) is unchanged. - Breaking: notification jobs/commands require an
ApplicationContext.DispatchNotificationChannels,SendNotification,ProcessRetriesCommand, andNotificationRetryTaskresolve the shared container dispatcher and throwNotificationContextRequiredExceptionif constructed without a context — they no longer build ad-hoc managers or hardcode theEmailNotificationprovider. The queue worker and console kernel already provide a context. - Channel packages register from
boot(). Custom or not-yet-migrated channel extensions must register their channel/hooks via the newregisterNotificationChannel()/registerNotificationExtension()helpers; until they do, that channel won't auto-wire into the shared dispatcher used by the async jobs. - Retry config key moved from the
emailnotificationnamespace to channel-agnosticnotifications.retry(built-in defaults otherwise). - No new env vars, no migrations. The
notificationscapability default staystrue; setNOTIFICATIONS_DATABASE_STORE=falseto run without a database store.
composer update glueful/framework
v1.50.2 - Kochab
Released: June 5, 2026
Route docblocks can now document query parameters with an editor-clean @queryParam name:type="…" tag that the OpenAPI generator actually parses. The old approach overloaded the reserved @param tag (@param page query integer false "…"), which IDEs/Intelephense mis-read as undefined PHPDoc types (P1133 warnings). A latent doc-gen bug is also fixed: routes that declared a query parameter alongside a {id} path segment silently lost the path parameter from their spec. Framework-only — no env vars, no migrations, no API breaks.
Key Highlights
@queryParamroute-doc tag.CommentsDocGeneratorparses@queryParam name:type="description" [{required}]as anin: queryOpenAPI parameter — no more reserved-@paramfalse positives in your editor. The legacy positional@param … query …form still parses, so existing route docblocks are unaffected.- Path params no longer dropped. URL
{name}path parameters were auto-derived only when no parameters were documented at all; a route with a query param plus a{id}lost its path param from the generated spec. Path params are now always derived from the URL and merged with documented params (de-duplicated by name; an explicit docblock still wins). routes/resource.phpmigrated to@queryParamfor the/data/{table}list endpoint'spage/limit/sort/orderparams (they now actually appear in the spec).
Migration Notes
composer update glueful/framework is sufficient — the api-skeleton ^1.50.1 constraint already permits 1.50.2. No action required; the new tag is opt-in and the legacy @param form continues to work.
v1.50.1 - Kochab
Released: June 5, 2026
Two extension points that silently did nothing are now fixed. ServiceProvider::mergeConfig() delegated to a config.manager service that was never registered, so an extension's config/*.php defaults never reached config() — every first-party extension ran on empty/hardcoded fallbacks unless the app shipped its own copy. And LoginResponseBuildingEvent listeners' changes were discarded by the login-response shaper. Both now work as documented. Framework-only: no env vars, no migrations, no API breaks.
Key Highlights
mergeConfig()actually merges now. Backed by the newApplicationContext::mergeConfigDefaults(), extension config defaults are merged under framework/app/env config files (your app'sconfig/*.phpstill wins) and persist acrossclearConfigCache(). Affected extensions:glueful/aegis,conversa,email-notification,entrada,meilisearch,notiva,payvia,runiva.LoginResponseBuildingEventlisteners affect the response.LoginResponseShaper::shape()now reads$event->getResponse()back, so a listener can add fields (e.g. organization/department context) to the login response.
Migration Notes
composer update glueful/framework is sufficient — the api-skeleton ^1.50.0 constraint already permits 1.50.1. Behavioral note: enabled first-party extensions now receive their declared config defaults (previously ignored); review those defaults if you relied on the prior empty behavior.
v1.50.0 - Kochab
Released: June 4, 2026
The concrete user store is extracted to the first-party glueful/users extension, leaving a provider-agnostic core that talks to identity through UserProviderInterface + the canonical UserIdentity. In parallel, the framework now owns the database schema for its own subsystems — the auth security spine plus DB-backed platform capabilities (queue, scheduler, notifications, metrics, locks, uploads, archive) — as first-class, config-gated, source-tracked migrations, replacing lazy runtime DDL. Breaking (shipped as a minor per the pre-public policy): apps must enable a user store. See the migration notes.
Key Highlights
Provider-Agnostic Identity
Core Owns Its Schema
Ordered, Package-Scoped Migrations
Migration Notes
- Breaking: enable a user store. Core no longer ships
Glueful\Models\User/Glueful\Repository\UserRepository, andAuthenticatedUseris removed. Install and enableglueful/users(the api-skeleton does so by default). Without a store, auth fails closed. Seedocs/IDENTITY.md. api_keys.user_id→user_uuid. The column (andApiKeyServiceinput /ApiKeymodel field) is renamed; it remains an indexed UUID with no FK.- Schema is migration-owned. Run
php glueful migrate:run; capability tables install perconfig/capabilities.php+ driver config (queue.default,lock.default,uploads.enabled). Seedocs/MIGRATIONS_AND_CAPABILITIES.md.
composer require glueful/users
php glueful migrate:run
Older releases (v1.49.1 and earlier) live in the Release Archive. The version table at the top links every release; for the full machine-readable history see the CHANGELOG.