- Bug: (CVE-2020-15148): Disable unserialization of `yii\db\BatchQueryResult` to prevent remote code execution in case application calls unserialize() on user input containing specially crafted string (samdark, russtone)
- Enh #18213: Do not load fixtures with circular dependencies twice instead of throwing an exception (JesseHines0)
- Bug #18066: Fix `yii\db\Query::create()` wasn't using all info from `withQuery()` (maximkou)
- Bug #18269: Fix integer safe attribute to work properly in `yii\base\Model` (Ladone)
- Enh #18236: Allow `yii\filters\RateLimiter` to accept a closure function for the `$user` property in order to assign values on runtime (nadar)
- Bug #18248: Render only one stack trace on a console for chained exceptions (mikehaertl)
- Bug #18233: Add PHP 8 support (samdark)
- Enh #18196:`yii\rbac\DbManager::$checkAccessAssignments` is now `protected` (alex-code)
- Bug #18239: Fix support of no-extension files for `FileValidator::validateExtension()` (darkdef)
- Bug #18229: Add a flag to specify SyBase database when used with pdo_dblib (darkdef)
- Bug #13973: Correct alterColumn for MSSQL & drop constraints before dropping a column (darkdef)
- Bug #13973: Correct alterColumn for MSSQL & drop constraints before dropping a column (darkdef)
- Bug #18040: Display width specification for integer data types was deprecated in MySQL 8.0.19 (terabytesoftw)
- Bug #15265: PostgreSQL > 10.0 is not pass tests with default value of timestamp CURRENT_TIMESTAMP (terabytesoftw)
- Bug #15265: PostgreSQL > 10.0 is not pass tests with default value of timestamp CURRENT_TIMESTAMP (terabytesoftw)
- Bug #16892: Validation error class was not applied to checkbox and radio when validationStateOn = self::VALIDATION_STATE_ON_INPUT (dan-szabo, samdark)
- Bug #16892: Validation error class was not applied to checkbox and radio when validationStateOn = self::VALIDATION_STATE_ON_INPUT (dan-szabo, samdark)
- Bug #18040: Display width specification for integer data types was deprecated in MySQL 8.0.19 (terabytesoftw)
- Bug #18066: Fix `yii\db\Query::create()` wasn't using all info from `withQuery()` (maximkou)
- Bug #18229: Add a flag to specify SyBase database when used with pdo_dblib (darkdef)
- Bug #18239: Fix support of no-extension files for `FileValidator::validateExtension()` (darkdef)
- Bug #18245: Make resolving DI references inside of arrays in dependencies optional (SamMousa, samdark, hiqsol)
- Bug #18245: Make resolving DI references inside of arrays in dependencies optional (SamMousa, samdark, hiqsol)
- Bug #18248: Render only one stack trace on a console for chained exceptions (mikehaertl)
- Bug #18269: Fix integer safe attribute to work properly in `yii\base\Model` (Ladone)
- Bug: (CVE-2020-15148): Disable unserialization of `yii\db\BatchQueryResult` to prevent remote code execution in case application calls unserialize() on user input containing specially crafted string (samdark, russtone)
- Enh #18196:`yii\rbac\DbManager::$checkAccessAssignments` is now `protected` (alex-code)
- Enh #18213: Do not load fixtures with circular dependencies twice instead of throwing an exception (JesseHines0)
- Enh #18236: Allow `yii\filters\RateLimiter` to accept a closure function for the `$user` property in order to assign values on runtime (nadar)