Laravel 11 Now Available
Thursday March 14, 2024Today, we're thrilled to announce the release of Laravel 11 and Laravel Reverb.
As we announced at Laracon EU, Laravel 11 introduces a minimal application structure, using SQLite by default, implementing health routing, offering per-second rate limiting, supporting graceful encryption key rotation, improving queue testing, introducing new Artisan commands, adding Resend mail transport, integrating Prompt validator, and more.
Reverb is the latest addition to the Laravel ecosystem and is a first-party, scalable WebSocket server that has been introduced to provide robust real-time capabilities to your applications.
To get all of the juicy details about this release, check out our official release notes and upgrade guide. Below, we'll cover some of the highlights.
Minimal Application Structure
Laravel 11 introduces a minimal application structure for new Laravel applications, without requiring any changes to existing applications. The new application structure is intended to provide a leaner, more modern experience, while retaining many of the concepts that Laravel developers are already familiar with.
The app folder has been massively simplified; both the HTTP and Console kernels have been removed. The nine middlewares that were rarely customized have now been moved into the framework itself, the exception handler has been removed, and the Providersdirectory has been streamlined to a single provider.
Here is what the new app folder looks like:
Rest assured, customization remains a priority. To adjust the high-level application behavior settings, you can utilize the revitalized bootstrap/app.php file. This file allows you to modify your application's routing, middleware, service providers, exception handling, and more:
In addition, the routes folder has been simplified; the api.php and channels.phproute files are no longer present by default, since many applications do not require these files.
Instead, they can be created using simple Artisan commands:
php artisan install:api
php artisan install:broadcasting
And there's more! There are numerous details about Laravel's new application structure that we can't cover in this blog post. Make sure to check out our release notes to learn everything about it.
Laravel Reverb
Laravel Reverb brings blazing-fast and scalable real-time WebSocket communication directly to your Laravel application, and provides seamless integration with Laravel’s existing suite of event broadcasting tools, such as Laravel Echo.
Futhermore, Reverb supports horizontal scaling via Redis's publish / subscribe capabilities, allowing you to distribute your WebSocket traffic across multiple backend Reverb servers all supporting a single, high-demand application.
Here is an example of a stress test with ~30,000 clients maintaining open connections to Reverb, where each connection is subscribed to 10 different channels, and more than 6,000 messages are being exchanged per second:
Additionally, you may monitor the performance of your Reverb servers in Laravel Pulse to get a better understanding of the number of connections and messages being handled. To dig deeper into Laravel Reverb, please consult the complete Reverb documentation.
SQLite By Default
By default, new Laravel applications use SQLite for database storage, as well as the database driver for Laravel's session, cache, and queue. Furthermore, creating a project using composer create-project command or through the Laravel Installer will automatically create the SQLite file and run the initial database migrations for you:
This allows you to begin building your application immediately after creating a new Laravel application, without being required to install additional software or create additional database migrations.
Health Routing
New Laravel 11 applications include a health routing directive, which instructs Laravel to define a simple health-check endpoint that may be invoked by third-party application health monitoring services or orchestration systems like Kubernetes. By default, this route is served at /up:
When HTTP requests are made to this route, Laravel will dispatch a DiagnosingHealthevent, allowing you to perform additional health checks relevant to your application, such as verifying database connectivity and ensuring the cache is working as expected.
Queue Interaction Testing
Previously, attempting to test that a queued job was released, deleted, or manually failed was cumbersome and required the definition of custom queue fakes and stubs. However, in Laravel 11, you may easily test for these queue interactions using the withFakeQueueInteractions method:
Besides the assertReleased assertion, which you can use to verify if a job was released back into the queue, you may also use the assertFailed or assertDeleted assertions to determine if a job has failed or been deleted, respectively.
Graceful Encryption Key Rotation
Since Laravel encrypts all cookies, including your application's session cookie, essentially every request to a Laravel application relies on encryption. However, because of this, rotating your application's encryption key would log all users out of your application. In addition, decrypting data that was encrypted by the previous encryption key becomes impossible.
Laravel 11 allows you to define your application's previous encryption keys as a comma-delimited list via the APP_PREVIOUS_KEYS environment variable:
When encrypting values, Laravel will always use the "current" encryption key, which is within the APP_KEY environment variable. When decrypting values, Laravel will first try the current key. If decryption fails using the current key, Laravel will try all previous keys until one of the keys is able to decrypt the value.
This approach to graceful decryption allows users to keep using your application uninterrupted even if your encryption key is rotated.
For more information on encryption in Laravel, check out the encryption documentation.