composer: changelog & breaking changes

Auto-tracked from github.com/composer/composer. Updated Jul 06, 2026.

2.10.2

2026-07-01

✓ No breaking changes detected — looks safe to upgrade.

2.2.29

2026-07-01

✓ No breaking changes detected — looks safe to upgrade.

2.10.1

2026-06-04

✓ No breaking changes detected — looks safe to upgrade.

2.10.0

2026-05-28
âš  Breaking changes
  • Disabled automatic fallback to source checkout if dist/zip install fails, use source-fallback config option to restore old behavior.
  • Changed audit command exit code to always be 0 (success) or 1 if anything failed the audit.
  • Deprecated most of the audit config in favor of the new policy one.
  • Dropped support for insecure 3DES ciphers when ext-curl is missing.
  • Enforce allow-plugins even in non-interactive mode for very old pre-2.2 lock files.
  • Removed support for automatic source fallback is planned for removal in 2.11, use source-fallback config option temporarily.

2.10.0-RC2

2026-05-20
âš  Breaking changes
  • Added a new policy config block to control all security related update/install/audit policies. This replaces and deprecates most of the audit config ( for implementation, for RFC/upgrade docs)

2.9.8

2026-05-13

✓ No breaking changes detected — looks safe to upgrade.

2.2.28

2026-05-13

✓ No breaking changes detected — looks safe to upgrade.

1.10.28

2026-05-13

✓ No breaking changes detected — looks safe to upgrade.

Get breaking-change alerts for YOUR stack

Drop your email + the libraries you use. We'll alert you when one ships a breaking change — before it breaks your deploy. Free.

⚡ Want an alert the moment your stack breaks — not a weekly digest? ChangeRadar Pro adds instant alerts + unlimited libraries + AI migration steps.Go Pro — $9/mo

Related breaking-change trackers