Changelog

May 8, 2026

2.9.3

(chore): Bump the php-sdk container’s composer base image from composer:2.7.9 (Alpine 3.20, PHP 8.3.12) to composer:2.9.7 (Alpine 3.22, current PHP), addressing the Alpine 3.20 EOL alert and the PHP 8.3.12 CVEs (CVE-2024-8932, CVE-2024-11236, CVE-2025-1861), and force a fresh apk upgrade so the rebuilt image picks up the patched openssl 3.5.6-r0 from Alpine 3.23.4 (CVE-2026-31789).

(chore): Bump the php-model container’s composer base image from composer:2.7.9 (Alpine 3.20, PHP 8.3.12) to composer:2.9.7 (Alpine 3.22, current PHP), mirroring the php-sdk bump. Addresses the Alpine 3.20 EOL alert and the PHP 8.3.12 CVEs (CVE-2024-8932, CVE-2024-11236, CVE-2025-1861), and standardizes on apk upgrade --no-cache --available for cache invalidation.

May 7, 2026

2.9.2

(chore): Bump generator container Node.js base image to node:22.22-alpine3.23 and apply latest Alpine package security updates at build time.

May 5, 2026

2.9.1

(fix): Apply canonical “all user-specified examples, else first autogenerated” selection in the PHP SDK snippet output path. Aligns the generator’s snippet.json / README example selection with TS-v1 / Python-v1 behavior so dynamic-IR-driven snippets are deterministic across runs.

May 4, 2026

2.9.0

(feat): Generate CONTRIBUTING.md for PHP SDKs.

May 1, 2026

2.8.1

(fix): Fix dynamic snippet generator to emit required global headers as named constructor arguments instead of inside the options array.

April 29, 2026

2.8.0

(feat): Add retryStatusCodes configuration option (legacy | recommended). The default legacy mode preserves existing behavior (retries 408, 429, and all >= 500). The recommended mode only retries 408, 429, 502, 503, 504 (excludes 500 Internal Server Error to avoid retrying non-idempotent failures).

April 27, 2026

2.7.0

(feat): Support x-fern-default as fallback value for parameters in generated PHP SDKs. When a header, query parameter, or path parameter has a clientDefault value in the IR, the generated PHP SDK makes that parameter optional with the default value automatically applied.

2.6.0

(feat): Use auth scheme placeholder values in README snippets when configured via placeholder field on auth schemes.

April 25, 2026

2.5.2

(fix): Fix dynamic snippet generator to emit placeholder auth values when snippet requests omit auth for endpoints that require bearer, OAuth, basic, or header authentication. Previously the generated constructor call was missing the required auth parameter, causing phpstan failures.

April 22, 2026

2.5.1

(chore): Bump @fern-api/generator-cli to 0.9.11. The GitHub pipeline step now creates signed commits via the GitHub REST API (matching fiddle’s legacy InMemoryGitRepo push path), restoring verified fern-api[bot] commits on replay-enabled orgs.

2.5.0

(feat): Add offsetSemantics config option. When set to "page-index", offset pagination increments by 1 each page instead of by the number of items returned ("item-index", the default).

2.4.4

(fix): Fix wire test verification for endpoints with multi-value array query parameters.

2.4.3

(chore): Add crash reporting via Sentry to the generator runtime, and classify thrown errors using the new shared GeneratorError taxonomy so user-facing failures (config, validation, auth, network, environment) are kept distinct from internal Fern bugs — only the latter are forwarded to Sentry. No change to generated output.

April 20, 2026

2.4.2

(chore): Bump phpunit/phpunit dev dependency from 9.0 to 12.5.22 to address GHSA-qrr6-mg7r-m243 (argument injection via newline in PHP INI values forwarded to child processes). Also bumps the PHP version used by the generated ci.yml workflow from 8.1 to 8.3, which is the minimum supported by PHPUnit 12. The php constraint in generated composer.json files is unchanged at 8.1, so production installs (composer install --no-dev) are unaffected.