All notable changes to Laravel Uploads are documented here.
- Changed the private file route middleware default to
[]so host appwebmiddleware cannot redirect file/image requests before streaming.
- Regenerate private upload URLs when a cached token points to a missing or expired upload link.
- Fixed a time-sensitive cache registry test so it passes consistently on Laravel 10.
- Changed the default
cache.registry_ttlto60minutes.
1.1.4 - 2026-04-27
- Changed the generated URL cache-key registry to expire instead of being stored forever.
- Added
cache.registry_ttlconfiguration for the internal generated URL cache-key registry.
1.1.3 - 2026-04-27
- Refactored upload manager internals into focused service concerns for path safety, validation, and URL generation.
- Added this changelog and linked it from the README.
1.1.2 - 2026-04-27
- Made uploadable model URL exposure enabled by default.
- Added
expose => falseas the per-field opt-out for JSON/array serialization. - Updated documentation and tests for the new exposure default.
1.1.1 - 2026-04-27
- Updated security guidance for current 1.x behavior.
- Clarified that SVG inline preview is blocked by the controller.
- Documented operational responsibilities for upload limits, throttling, cleanup scheduling,
expose, and tenant public URL resolvers. - Kept ServBay and build-machine documentation intact.
1.1.0 - 2026-04-27
- Added tenant/CDN-aware public URL resolver support.
- Public uploads now return disk/resolver URLs without creating private token rows.
- Private uploads continue using expiring package token URLs.
- Added favicon upload support through
Uploads::upload(..., ['favicon' => true]). - Added model uploadable value hooks, including field-specific hooks.
- Improved multiple uploadable value resolution.
- Renamed the install command to
php artisan install:laravel-uploads. - Shortened README while keeping core usage, security notes, and ServBay documentation.
- Removed tracked
.DS_Storefiles.
1.0.9 - 2026-04-27
- Hardened upload path validation and disk containment checks.
- Switched validation decisions to server-side MIME detection.
- Made model serialization safer through configurable upload URL exposure.
- Added image and favicon processing safety checks.
- Improved file streaming to avoid loading downloads fully into PHP memory.
- Prevented upload metadata persistence when storage writes fail.