composer: changelog & breaking changes
Auto-tracked from github.com/composer/composer. Updated Jul 06, 2026.
2.10.2
2026-07-01
✓ No breaking changes detected — looks safe to upgrade.
2.2.29
2026-07-01
✓ No breaking changes detected — looks safe to upgrade.
2.10.1
2026-06-04
✓ No breaking changes detected — looks safe to upgrade.
2.10.0
2026-05-28
âš Breaking changes
- Disabled automatic fallback to source checkout if dist/zip install fails, use source-fallback config option to restore old behavior.
- Changed audit command exit code to always be 0 (success) or 1 if anything failed the audit.
- Deprecated most of the audit config in favor of the new policy one.
- Dropped support for insecure 3DES ciphers when ext-curl is missing.
- Enforce allow-plugins even in non-interactive mode for very old pre-2.2 lock files.
- Removed support for automatic source fallback is planned for removal in 2.11, use source-fallback config option temporarily.
2.10.0-RC2
2026-05-20
âš Breaking changes
- Added a new policy config block to control all security related update/install/audit policies. This replaces and deprecates most of the audit config ( for implementation, for RFC/upgrade docs)
2.9.8
2026-05-13
✓ No breaking changes detected — looks safe to upgrade.
2.2.28
2026-05-13
✓ No breaking changes detected — looks safe to upgrade.
1.10.28
2026-05-13
✓ No breaking changes detected — looks safe to upgrade.
⚡ Want an alert the moment your stack breaks — not a weekly digest? ChangeRadar Pro adds instant alerts + unlimited libraries + AI migration steps.Go Pro — $9/mo
Related breaking-change trackers