Changelog

Releases and updates to the PointArt framework.

1.1.1-patch v1.1.1
2026-04-10 Cn8001

What Is New?

ClassLoader

- Implemented relative ClassLoader for child directories inside app/components/

1.1.0-stable v1.1.0
2026-03-27 Cn8001

PointArt Framework v1.1.0

CORS Support

  • Full CORS support configured entirely via .env — no code changes required
  • Configurable allowed origins, methods, headers, credentials, and max-age
  • OPTIONS preflight requests are intercepted by the framework and return 204 automatically
  • Disabled by default (opt-in)

CSRF Protection

  • CSRF token validation enabled by default for all POST form requests
  • JSON API requests (Content-Type: application/json) bypass the check automatically
  • csrf_field() and csrf_token() helpers for forms and AJAX
  • Per-route exemption via csrfExempt: true on #[Route]
  • Can be disabled globally via CSRF_ENABLED=false

Built-in Self-Updater

  • Update the framework directly from the browser — no CLI or SSH required
  • Pulls versioned releases from GitHub with channel selection (Stable/Patch or Dev)
  • Session-based authentication with a secret key from .env
  • Backs up all overwritten files before applying updates
  • Collapsible release notes with link to full changelog
  • Protected paths: app/, .env, *.sqlite are never touched
  • Enable via UPDATER_ENABLED=true and UPDATER_SECRET=your-secret in .env
  • Disable via UPDATER_ENABLED=false for production after update.

New .env Keys

  • CORS_ENABLED, CORS_ALLOWED_ORIGINS, CORS_ALLOWED_METHODS, CORS_ALLOWED_HEADERS, CORS_ALLOW_CREDENTIALS, CORS_MAX_AGE
  • CSRF_ENABLED
  • UPDATER_ENABLED, UPDATER_SECRET

New Files

  • framework/core/Cors.php — CORS middleware
  • framework/core/Csrf.php — CSRF protection
  • framework/core/Updater.php — Self-updater
  • framework/VERSION — Version tracking
1.0.1-patch v1.0.1
2026-03-21 Cn8001

.htaccess

- Added RewriteCond !-f !-d so static files are served directly

- Added 403 block for tests/, framework/, app/ (except public/), .env, config.php, etc.

- css/js or public files should be inside app/public directory, all other directory and files are closed due to security concerns.

1.0.0 v1.0.0
2026-03-21 Cn8001

v1.0.0 — Initial Release

Full changelog: https://pointartframework.com

PointArt is a Spring Boot-inspired PHP micro-framework that brings attribute-based programming to plain PHP — no

Composer, no build step, no boilerplate.

What's included

Routing

- #[Router] and #[Route] for attribute-based route declaration

- Path parameter injection (/show/{id}) and query string passthrough

- #[RequestParam] for POST body and file upload injection

- Auto-scanning of app/components/ with serialized route cache for zero-overhead subsequent requests

Dependency Injection

- #[Wired] property injection resolved via Reflection

- #[Service] singleton registration

- Lazy instantiation — controllers are only created when their route is matched

ORM

- #[Entity], #[Column], #[Id] annotations

- Model::find(), findAll(), findBy(), findOne(), save(), delete() with no SQL required

- Supports MySQL, PostgreSQL, and SQLite via PDO

Repository pattern

- Extend Repository, declare abstract methods — implementations are generated at runtime

- Dynamic finders: findByName(), findByAgeGreaterThan(), countByStatus(), existsByEmail(), deleteByStatus() and more

- #[Query] for raw SQL when you need it

Views

- Plain .php files, no template engine

- Renderer::render($view, $data) extracts variables into view scope

Runs on any shared host with PHP 8.1+ and Apache mod_rewrite.