Joomla! 3.5 was recently released and includes 34 new ways to Do More (or new features). The marketing material covers a lot of user facing changes but doesn't quite get into some of the under the hood features that were added too. So after you've upgraded your site, take a glance at some of these additional changes.
Additional Cache Handlers
With the last "minor" Joomla release, work has gone into improving the available cache handlers on different systems. This allows new engines to be used to store your cache data. In Joomla 3.4, support for the Redis system was added and now Joomla 3.5 adds native support for APCu. Before Joomla 3.5, APCu could be used with the APC handler but it relied on being able to use the legacy
apc_* functions which aren't natively available in PHP after PHP 5.5's release. Also, with PHP 7, these
apc_* functions now require additional PECL extensions to be installed making the use of APCu more complicated. So Joomla now ships with a native cache handler designed specifically for PHP's APCu extension.
Cryptography is not an easy thing to do in any language, especially if you don't fully understand it. Joomla 3.4 and earlier shipped with some cryptography APIs written by past contributors to the Joomla project but they had several small issues which could cause some wrong things to happen. Thanks to several issue reports from Scott Arciszewski several of Joomla's cryptographic APIs have been improved by using the resources available to the PHP community, to include:
JCrypt::genRandomBytes()is now a wrapper around PHP 7's
random_bytes()function and in PHP 5 environments uses the random_compat polyfill to allow consistent use of this new PHP function in all of Joomla's supported environments. This same library has been adopted by the likes of Symfony and WordPress as well.
JCrypt::timingSafeCompare()method, which now wraps PHP 5.6's
hash_equals()function. For earlier PHP versions, this function is supported by Symfony's PHP 5.6 polyfill.
- A new JCryptCipher is added as a secure alternative for all pre-existing JCryptCipher classes (this is explained further in this README file)
Test Infrastructure Improvements
Part of what it takes to keep a large project like Joomla stable is its ability to rely on strong automated testing suites to help quickly detect possible issues. On every pull request and commit to the Joomla repository, several tests are run to validate internal behaviors. In the work leading up to 3.5, several improvements were made to the test infrastructure making it possible for more of the Joomla code to be consistently tested and for contributors to catch uses of deprecated code (meaning that code may go away in future releases of the affected packages).
More Overridable Markup
It's important that users be able to override markup to suit their needs, and for the most part Joomla supports this. But, there are still some black holes that require core hacks or magic to be able to override. Luckily, with Joomla 3.5 less of this is required in the JForm library. JFormField itself now supports the use of the JLayout renderer to enable form fields to be overridden (but first this requires form fields to be updated to support this; only a few core fields are so far).
MySQL utf8mb4 Support
Nic mentioned this in the comments below, but I'll quickly expand on it. Yes, this means you can fill your blog posts with 💩 but there is a lot more to this than emoji support. The security implications are real, also pointed out by Nic's comments, and that was in part why WordPress too added utf8mb4 support to their platform last year (and if I remember correctly, my Google-fu is failing at the moment, there was a security issue fixed in WordPress by adding this support).
Now Go Upgrade
With numerous new features and some small performance gains to be had (especially if you can upgrade to PHP 7 as this site has), the reasons to not update to Joomla 3.5 are minimal at best.