Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP1





Change Logs

* Tue Apr 09 2019 Yunhe Guo <>
- Version 1.8.5
  * HHVM 4.0 is no longer compatible with Composer. Please use PHP instead going forward.
  * Added forward compatibility with upcoming 2.0 changes
  * Fixed support for PHP 7.3-style heredoc/nowdoc syntax changes in autoload generation
  * Fixed require command usage when combined with --ignore-platform-reqs
  * Fixed and cleaned up various Windows junctions handling issues
* Tue Feb 19 2019 Yunhe Guo <>
- Version 1.8.4
  * Fixed long standing solver bug leading to odd solving issues in
    edge cases, see #7946
  * Fixed HHVM support for upcoming releases
  * Fixed unix proxy for binaries to be POSIX compatible instead of
    breaking some shells
  * Fixed invalid deprecation warning for composer-plugin-api
  * Fixed edge case issues with Windows junctions when working with
    path repositories
* Wed Jan 30 2019
- Version 1.8.3
  * Fixed regression when executing partial updates
* Tue Jan 29 2019
- Version 1.8.2
  * Fixed invalid deprecation warning for ext-pdo_mysql and similar
  * Updated to latest xdebug-handler
* Tue Jan 29 2019
- Version 1.8.2
  * Fixed invalid deprecation warning for ext-pdo_mysql and similar
  * Updated to latest xdebug-handler
* Tue Dec 04 2018 Yunhe Guo <>
- Version 1.8.0
  * Changed post-package-install / post-package-update event to be fired after
    the lock file has been updated as opposed to before
  * Added support for removing packages using a wildcard with the remove
    command, e.g. composer remove foo/*
  * Added chat to the list of support channels you can list in composer.json
  * Added signal handling on require command to restore the composer.json in
    case of abort
  * Added --ignore to outdated command to pass one or more packages that you
    do not want to be listed
  * Added --no-dev to check-platform-reqs command to skip dev requirements
    even if they are installed
  * Added support for running plugin commands from sub-directories within a
    project much like other Composer commands
  * Added support for running Composer via phpdbg
  * Added lib-imagick platform package
  * Fixed validate command always checking for disabled checks when used with
  - -strict
* Thu Nov 01 2018 Yunhe Guo <>
- Version 1.7.3
  * Fixed handling of replace/conflict rules. This may affect dependency
    resolution in some edge cases.
  * Fixed Bitbucket API support and migrated all calls to API v2 as v1 is
  * Fixed support for lib-openssl 1.1.1 having only lowercase algorithm names
  * Fixed escaping of URLs in Perforce and Svn drivers
  * Fixed show command not respecting --path when a single package name was given
  * Fixed regression in 1.7.2's handling of metapackages
* Sat Aug 18 2018
- Version 1.7.2
  * Fixed reporting of authentication/rate limiting issues for GitHub API access
  * Fixed create-project not checking the checking the latest commit out when a
    cache was already present
  * Fixed reporting of errors when global command can not switch the working directory
  * Fixed PHP 5.3 JSON encoding issues with complex unicode character sequences
  * Updated to latest ca-bundle and xdebug-handler projects, see related changelogs
* Wed Aug 08 2018
- Version 1.7.1
  * Fixed issue autoloading plugins in require-dev in some conditions
  * Fixed handling of SSL to on very old PHP versions
- Version 1.7.0
  * Changed default repository URL from to, this might affect people with strict firewall rules
  * Changed output from Updating to Downgrading when performing package downgrades, this might affect anything parsing output
  * Several minor performance improvements
  * Added the overridden platform config's PHP version in the diagnose command output
  * Added basic authentication support for mercurial repos
  * Added explicit i and u aliases for the install and update commands
  * Added support for show command to output json format with --tree
  * Added support for {glob,braces} support in the path repository's path argument
  * Added support in status command for showing diffs in vendor dir even for packages installed as dist/zip archives
  * Added --remove-vcs flag to create-project command to avoid prompting for keeping VCS files
  * Added --no-secure-http flag to create-project command to bypass https (use at your own risk)
  * Added pre-command-run event that lets plugins modify arguments
  * Added RemoteFilesystem::getRemoteContents extension point
  * Fixed setting scripts via config command
  * Fixed --no-plugins not being respected in a few commands
Version: 1.10.22-bp151.3.3.1
* Thu Sep 16 2021 Johannes Weberhofer <>
- Require php-mbstring as requested in bnc#1187416
* Wed Sep 15 2021 Johannes Weberhofer <>
- Version 1.10.22
  * Security: Fixed command injection vulnerability in HgDriver/HgDownloader
    and hardened other VCS drivers and downloaders
    (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472), bnc#1185376
- Version 1.10.21
  * Fixed support for new GitHub OAuth token format
  * Fixed processes silently ignoring the CWD when it does not exist
- Version 1.10.20
  * Fixed exclude-from-classmap causing regex issues when having too many paths
  * Fixed compatibility issue with Symfony 4/5
* Tue Dec 08 2020 Yunhe Guo <>
- Add provides of php8-composer
- Version 1.10.19
  * Fixed regression on PHP 8.0
- Version 1.10.18
  * Allow installation on PHP 8.0
- Version 1.10.17
  * Fixed Bitbucket API authentication issue
  * Fixed parsing of Composer 2 lock files breaking in some rare conditions
* Mon Oct 26 2020 Yunhe Guo <>
- Version 1.10.16
  * Added warning to validate command for cases where packages provide/
    replace a package that they also require
  * Fixed JSON schema validation issue with PHPStorm
  * Fixed symlink handling in archive command
- Version 1.10.15
  * Fixed path repo version guessing issue
- Version 1.10.14
  * Fixed version guesser to look at remote branches as well as local
  * Fixed path repositories version guessing to handle edge cases where
    version is different from the VCS-guessed version
  * Fixed COMPOSER env var causing issues when combined with the global
  * Fixed a few issues dealing with PHP without openssl extension (not
    recommended at all but sometimes needed for testing)
* Mon Sep 14 2020 Yunhe Guo <>
- Version 1.10.13
  * Fixed regressions with old version validation
  * Fixed invalid root aliases not being reported
- Version 1.10.12
  * Fixed regressions with old version validation
- Version 1.10.11
  * Fixed more PHP 8 compatibility issues
  * Fixed regression in handling of CTRL-C when xdebug is loaded
  * Fixed status handling of broken symlinks
* Mon Aug 03 2020 Yunhe Guo <>
- Version 1.10.10
  * Fixed create-project not triggering events while installing the
    root package
  * Fixed PHP 8 compatibility issue
  * Fixed self-update to avoid automatically upgrading to the next
    major version once it becomes stable
- Version 1.10.9
  * Fixed Bitbucket redirect loop when credentials are outdated
  * Fixed GitLab auth prompt wording
  * Fixed self-update handling of files requiring admin permissions
    to write to on Windows (it now does a UAC prompt)
  * Fixed parsing issues in funding.yml files
- Version 1.10.8
  * Fixed compatibility issue with git being configured to show
    signatures by default
  * Fixed discarding of local changes when updating packages to include
    untracked files
  * Several minor fixes
* Wed Jun 03 2020 Yunhe Guo <>
- Version 1.10.7
  * Fixed PHP 8 deprecations
  * Fixed detection of pcntl_signal being in disabled_functions when
    pcntl_async_signal is allowed
Version: 1.10.26-bp153.2.6.1
* Thu May 05 2022 Ferdinand Thiessen <>
- Update to version 1.10.26
  * Security: Fixed command injection vulnerability in
    HgDriver/GitDriver: CVE-2022-24828 boo#1198494
* Fri Feb 25 2022 Ferdinand Thiessen <>
- Update to version 1.10.25
  * Fix regression with PHP 8.1.0 and 8.1.1
- Update to version 1.10.24
  * Fixed PHP 8.1 compatibility
- Update to version 1.10.23
  * Security: Fixed command injection vulnerability CVE-2021-41116
Version: 1.10.6-bp152.1.1
* Mon May 11 2020 Yunhe Guo <>
- Version 1.10.6
  * Fixed version guessing to take composer-runtime-api and
    composer-plugin-api requirements into account to avoid selecting
    packages which require Composer 2
  * Fixed package name validation to allow several dashes following
    each other
  * Fixed post-status-cmd script not firing when there were no
    changes to be displayed
  * Fixed composer-runtime-api support on Composer 1.x, the package
    is now present as 1.0.0
  * Fixed support for composer show --name-only --self
  * Fixed detection of GitLab URLs when handling authentication in
    some cases
* Sat Apr 11 2020 Yunhe Guo <>
- Version 1.10.5
  * Fixed self-update on PHP <5.6, seriously please upgrade
  * Fixed 1.10.2 regression with PATH resolution in scripts
* Thu Apr 09 2020 Yunhe Guo <>
- Version 1.10.4
  * Fixed 1.10.2 regression in path symlinking with absolute path
- Version 1.10.3
  * Fixed invalid --2 flag warning in self-update when no channel is
- Version 1.10.2
  * Added --1 flag to self-update command which can be added to
    automated self-update runs to make sure it won't automatically
    jump to 2.0 once that is released
  * Fixed path repository symlinks being made relative when the repo
    url is defined as absolute paths
  * Fixed potential issues when using "composer ..." in scripts and
    composer/composer was also required in the project
  * Fixed 1.10.0 regression when downloading GitHub archives from
    non-API URLs
  * Fixed handling of malformed info in fund command
  * Fixed Symfony5 compatibility issues in a few commands
* Sat Mar 14 2020 Yunhe Guo <>
- Version 1.10.1
  * Fixed path repository warning on empty path when using wildcards
  * Fixed superfluous warnings when generating optimized autoloaders
- Version 1.10.0
  * Breaking: composer global exec ... now executes the process in
    the current working directory instead of executing it in the
    global directory.
  * Warning: Added a warning when class names are being loaded by a
    PSR-4 or PSR-0 rule only due to classmap optimization, but would
    not otherwise be autoloadable. Composer 2.0 will stop autoloading
    these classes so make sure you fix your autoload configs.
  * Added new funding key to composer.json to describe ways your package's
    maintenance can be funded. This reads info from GitHub's FUNDING.yml
    by default so better configure it there so it shows on GitHub and
  * Added composer fund command to show funding info of your dependencies
  * Added bearer auth config to authenticate using Authorization:
    Bearer <token> headers
  * Added plugin-api-version in composer.lock so third-party tools can
    know which Composer version was used to generate a lock file
  * Added support for --format=json output for show command when showing
    a single package
  * Added support for configuring suggestions using config command,
    e.g. composer config some text
  * Added support for configuring fine-grained preferred-install using
    config command, e.g. composer config* dist
  * Added @putenv script handler to set environment variables from
    composer.json for following scripts
  * Added lock option that can be set to false, in which case no
    composer.lock file will be generated
  * Added --add-repository flag to create-project command which will
    persist the repo given in --repository into the composer.json of
    the package being installed
  * Fixed issue where --no-dev autoload generation was excluding some
    packages which should not have been excluded
  * Added support for IPv6 addresses in NO_PROXY
  * Added package homepage display in the show command
  * Added debug info about HTTP authentications
  * Added Symfony 5 compatibility
  * Added --fixed flag to require command to make it use a fixed constraint
    instead of a ^x.y constraint when adding the requirement
  * Fixed exclude-from-classmap matching subsets of directories e.g.
    foo/ was excluding foobar/
  * Fixed archive command to persist file permissions inside the zip files
  * Fixed init/require command to avoid suggesting packages which are
    already selected in the search results
  * Fixed create-project UX issues
  * Fixed filemtime for vendor/composer/* files is now only changing
    when the files actually change
  * Fixed issues detecting docker environment with an active open_basedir
* Tue Feb 04 2020 Yunhe Guo <>
- Version 1.9.3
  * Fixed GitHub deprecation of access_token query parameter, now
    using Authorization header
* Wed Jan 15 2020 Yunhe Guo <>
- Version 1.9.2
  * Fixed minor git driver bugs
  * Fixed schema validation for version field to allow dev-* versions
  * Fixed external processes' output being formatted even though it
    should not
  * Fixed issue with path repositories when trying to install feature
* Fri Nov 01 2019 Yunhe Guo <>
- Version 1.9.1
  * Fixed various credential handling issues with gitlab and github
  * Fixed credentials being present in git remotes in Composer cache
    and vendor directory when not using SSH keys
  * Fixed composer why not listing replacers as a reason something
    is present
  * Fixed various PHP 7.4 compatibility issues
  * Fixed root warnings always present in Docker containers, setting
    COMPOSER_ALLOW_SUPERUSER is not necessary anymore
  * Fixed GitHub access tokens leaking into debug-verbosity output
  * Fixed several edge case issues detecting GitHub, Bitbucket and
    GitLab repository types
  * Fixed Composer asking if you want to use a composer.json in a
    parent directory when ran in non-interactive mode
  * Fixed classmap autoloading issue finding classes located within
    a few non-PHP context blocks (?>...<?php)
* Fri Aug 02 2019 Yunhe Guo <>
- Version 1.9.0
  * Added a --no-cache flag available on all commands to run with
    the cache disabled
  * Added PHP_BINARY as env var pointing to the PHP process when
    executing Composer scripts as shell scripts
  * Added a use-github-api config option which can set the no-api
    flag on all GitHub VCS repositories declared
  * Added a static helper you can preprend to a script to avoid
    process timeouts, "Composer\\Config::disableProcessTimeout"
  * Added Event::getOriginatingEvent to retrieve an event's original
    event when a script handler forwards to another one
  * Added support for autoloading directly from a phar file
  * Fixed loading order of plugins to always initialize them in order
    of dependencies
  * Fixed various network-mount related issues
  * Fixed --ignore-platform-reqs not ignoring conflict rules against
    platform packages
* Tue Jun 11 2019 Yunhe Guo <>
- Version 1.8.6
  * Fixed handling of backslash-escapes handling in compoesr.json
    when using the require command
  * Fixed create-project not following classmap-authoritative and
    apcu-autoloader config values
  * Fixed HHVM version warning showing up in some cases when it was
    not in use
Version: 1.6.5-bp150.2.4
* Sun May 06 2018
- Remove _service:download_url:composer.phar
* Sat May 05 2018
- Version 1.6.5
  * Fixed regression in 1.6.4 causing strange update behaviors with dev packages
  * Fixed regression in 1.6.4 color support detection for Windows
  * Fixed issues dealing with broken symlinks when switching branches and using
    path repositories
  * Fixed JSON schema for package repositories
  * Fixed issues on computers set to Turkish locale
  * Fixed classmap parsing of files using short-open-tags when they are disabled
    in php
- Drop download_url service because it is not accepted by Factory
* Sat Apr 14 2018
- Use download_url service
- Version 1.6.4
  * Security fixes in some edge case scenarios, recommended update for all users
  * Fixed regression in version guessing of path repositories
  * Fixed removing aliased packages from the repository, which might resolve some odd update bugs
  * Fixed updating of package URLs for GitLab
  * Fixed run-script --list failing when script handlers were defined
  * Fixed init command not respecting the current php version when selecting package versions
  * Fixed handling of uppercase package names in why/why-not commands
  * Fixed exclude-from-classmap symlink handling
  * Fixed filesystem permissions of PEAR binaries
  * Improved performance of subversion repos
  * Other minor fixes
* Tue Mar 27 2018
- Version 1.6.3
  * Fixed GitLab downloads failing in some edge cases
  * Fixed ctrl-C handling during create-project
  * Fixed GitHub VCS repositories not prompting for a token in some conditions
  * Fixed SPDX license identifiers being case sensitive
  * Fixed and clarified a few dependency resolution error reporting strings
  * Fixed SVN commit log fetching in verbose mode when using private repositories
- Version 1.6.2
  * Fixed more autoloader regressions
  * Fixed support for updating dist refs in gitlab URLs
- Version 1.6.1
  * Fixed upgrade regression due to some autoloader cleanups
  * Fixed some overly loose version constraints
- Version 1.6.0
  * Improved performance of installs and updates from git clones when checking
    out known commits
  * Added check-platform-reqs command that checks that your PHP and extensions
    versions match the platform requirements of the installed packages
  * Added support for SPDX license identifiers v3.0, deprecates GPL/LGPL/AGPL
    identifiers, which should now have a -only or -or-later suffix added.
  * Added --with-all-dependencies to the update and require commands which
    updates all dependencies of the listed packages, including those that are
    direct root requirements
  * Added scripts-descriptions key to composer.json to customize the description
    and document your custom commands
  * Added support for the uppercase NO_PROXY env var
  * Added support for COMPOSER_DEFAULT_{AUTHOR,LICENSE,EMAIL,VENDOR} env vars to
    pre-populate init command values
  * Added support for COMPOSER_MEMORY_LIMIT env var to make Composer set the PHP
    memory limit explicitly
  * Added support for simple strings for the bin
  * Added support for local fossil repositories
  * Added suggestions for alternative spellings when entering packages in init
    and require commands and nothing can be found
  * Fixed installed.json data to be sorted alphabetically by package name
  * Fixed compatibility with Symfony 4.x components that Composer uses
- Version 1.5.6
  * Fixed root package version guessed when a tag is checked out
  * Fixed support for GitLab repos hosted on non-standard ports
  * Fixed regression in require command when requiring unstable packages, part 3
- Version 1.5.5
  * Fixed regression in require command when requiring unstable packages, part 2
- Version 1.5.4
  * Fixed regression in require command when requiring unstable packages
- Version 1.5.3
  * Fixed require/remove commands reverting the composer.json change when a
    non-solver-related error occurs
  * Fixed GitLabDriver to support installations of GitLab not at the root of the
  * Fixed create-project not following the optimize-autoloader flag of the root
  * Fixed Authorization header being forwarded across domains after a redirect
  * Improved some error messages for clarity
* Sat Oct 28 2017
- As long as we package the PHAR we do not need additional PEAR packages
  from external packages
* Sat Oct 28 2017
- version 1.5.2
  Full changelog:
  Besides many fixes and improvements, there are the following new functions
  * Added ability to call composer from within sub-directories of a project
  * Added support for Bitbucket API v2
  * Added support for GitLab API v4
  * Added support for GitLab sub-groups
  * Added COMPOSER_BINARY env var that is defined within the scope of a
    Composer run automatically with the path to the phar file
  * Capifony users beware: This release has output format tweaks
  * Improved baseline psr-4 autoloader performance for projects with many
    nested namespaces configured
  * Improved memory usage of dependency solver
  * Added --format json option to the outdated and show command
  * Added --ignore-filters flag to archive command to bypass
    the .gitignore and co
  * Added support for outdated output without ansi colors
* Sun Oct 01 2017
- fix requires for php-pear-Console, so that php-composer can use
  without php5-pear-symfony2-Console. It use now php7-pear-symfony2-Console
* Mon Jan 09 2017
- version 1.3.1
  * Fixed dist downloads from Bitbucket
  * Fixed some regressions related to xdebug disabling
  * Fixed `--minor-only` flag in `outdated` command
  * Fixed handling of config.platform.php which did not replace other php-* package's versions
* Thu Jan 05 2017
- version 1.3.0
  * Added workaround for xdebug performance impact by restarting PHP without
    xdebug automatically in case it is enabled
  * Added --minor-only to the outdated command to only show updates to minor
    versions and ignore new major versions
  * Added --apcu-autoloader to the update/install commands and --apcu to
    dump-autoload to enable an APCu-caching autoloader, which can be more
    efficient than --classmap-authoritative if you attempt to autoload many
    classes that do not exist, or if you can not use authoritative classmaps for
    some reason
  * Added summary of operations to be executed before they run, and made
    execution output more compact
  * Added php-debug and php-zts virtual platform packages
  * Added gitlab-token auth config for GitLab private tokens
  * Added --strict to the outdated command to return a non-zero exit code when
    there are outdated packages
  * Added ability to call php scripts using the current php interpreter (instead
    of finding php in PATH by default) in script handlers via @php ...
  * Added COMPOSER_ALLOW_XDEBUG env var to circumvent the xdebug-disabling
  * Added COMPOSER_MIRROR_PATH_REPOS env var to force mirroring of path
    repositories vs symlinking
  * Added COMPOSER_DEV_MODE env var that is set by Composer to forward the dev
    mode to script handlers
  * Fixed handling of annotated git tags vs lightweight tags leading to useless
    updates sometimes
  * Fixed case insensitivity of remove command
  * Fixed support for git 2.11
  * Fixed output from zip and rar leaking out when an error occured
  * Removed hash from composer.lock, only content-hash is now used which should
    reduce conflicts
  * Minor fixes and performance improvements
* Tue Sep 20 2016
- version 1.2.1
  * Fixed edge case issues with the static autoloader
  * Minor fixes
* Sat Sep 10 2016
- version 1.2.0
  * Security: Fixed httpoxy vulnerability. This only affects people using
  Composer outside of the CLI
  * Added caching of git repositories if you have git 2.3+ installed.
  Repositories will now be cached once and then cloned from local cache so
  subsequent installs should be faster
  * Added detection of HEAD changes to the status command. If you git checkout X
  in a vendor directory for example it will tell you that it is not at the
  version that was installed
  * Added a virtual php-ipv6 extension to require PHP compiled with IPv6 support
  * Added --no-suggest to install and update commands to skip output of suggestions at the end
  * Added --type to the search command to restrict to a given package type
  * Added fossil support as alternative to git/svn/.. for package downloads
  * Improved BitBucket OAuth support
  * Added support for blocking cache operations using
  COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
  * Added support for using declare(strict_types=1) in plugins
  * Added --prefer-stable and --prefer-lowest to the require command
  * Added --no-scripts to the require and remove commands
  * Added _comment top level key to the schema to endorse using it as a place
  to store comments (it can be a string or array of strings)
  * Added support for justinrainbow/json-schema 2.0
  * Fixed binaries not being re-installed if deleted by users or the bin-dir
  changes. update and install will now re-install them
  * Fixed home command to avoid rogue output on unix
  * Many minor UX and docs improvements
* Tue Jul 05 2016
- version 1.1.3
  * Fixed bitbucket oauth instructions
  * Fixed version parsing issue
  * Fixed handling of bad proxies that modify JSON content on the fly
- version 1.1.2
  * Fixed degraded mode issue when accessing
  * Fixed GitHub access_token being added on subsequent requests in case of
  * Fixed exclude-from-classmap not working in some circumstances
  * Fixed openssl warning preventing the use of config command for disabling
- version 1.1.1
  * Fixed regression in handling of #reference which made it update every time
  * Fixed dev platform requirements being required even in --no-dev install
    from a lock file
  * Fixed parsing of extension versions that do not follow valid numbers, we
    now try to parse x.y.z and ignore the rest
  * Fixed exact constraints warnings appearing for 0.x versions
  * Fixed regression in the remove command
- version 1.1.0
  * Added ability for plugins to register their own composer commands
  * Added BaseCommand::isProxyCommand that can be overriden to mark a command
    as being a mere proxy, which helps avoid duplicate warnings etc on composer
  * Optimized the autoloader initialization using static loading on PHP 5.6 and
    above, this reduces the load time for large classmaps to almost nothing
  * Added --latest to show command to show the latest version available of your
  * Added --outdated to show command an composer outdated alias for it, to show
    only packages in need of update
  * Added --direct to show and outdated commands to show only your direct
    dependencies in the listing
  * Added support for editing all top-level properties (name,
    minimum-stability, ...) as well as extra values via the config command
  * Added abandoned state warning to the show and outdated commands when
    listing latest packages
  * Added support for ~/ and $HOME/ in the path repository paths
  * Added support for wildcards in the show command package filter, e.g.
    composer show seld/*
  * Added ability to call composer itself from scripts via @composer ...
  * Added untracked files detection to the status command
  * Added warning to validate command when using exact-version requires
  * Added warning once per domain when accessing insecure URLs with secure-http
  * Added a dependency on composer/ca-bundle (extracted CA bundle management to
    a standalone lib)
  * Added support for empty directories when archiving to tar
  * Added an init event for plugins to react to, which occurs right after a
    Composer instance is fully initialized
  * Added fallback to SSH for https bitbucket URLs
  * Added many new detections of problems in the why-not/prohibits command to
    figure out why something does not get installed in the expected version
  * Added a deprecation notice for script event listeners that use legacy
    script classes
  * Fixed abandoned state not showing up if you had a package installed before
    it was marked abandoned
  * Fixed --no-dev updates creating an incomplete lock file, everything is now
    always resolved on update
  * Fixed partial updates in case the vendor dir was not up to date with the
    lock file
  * Fixed archiving generating long paths in zip files on Windows
- version 1.0.3
  * Security: Fixed possible command injection from the env vars into our sudo
  * Fixed interactive authentication with gitlab
  * Fixed class name replacement in plugins
  * Fixed classmap generation mistakenly detecting anonymous classes
  * Fixed auto-detection of stability flags in complex constraints like
    2.0-dev || ^1.5
  * Fixed content-length handling when redirecting to very small responses
- version 1.0.2
  * Fixed regression in 1.0.1 on systems with mbstring.func_overload enabled
  * Fixed regression in 1.0.1 that made dev packages update to the latest
    reference even if not whitelisted in a partial update
  * Fixed init command ignoring the COMPOSER env var for choosing the json file
  * Fixed error reporting bug when the dependency resolution fails
  * Fixed handling of $ sign in composer config command in some cases it could
  * corrupt the json file
- version 1.0.1
  * Fixed URL updating when a package's URL changes, composer.lock now contains
    the right URL including correct reference
  * Fixed URL updating of the origin git remote as well for packages installed
    as git clone
  * Fixed binary .bat files generated from linux being incompatible with
    windows cmd
  * Fixed handling of paths with trailing slashes in path repository
  * Fixed create-project not using platform config when selecting a package
  * Fixed self-update not showing the channel it uses to perform the update
  * Fixed file downloads not failing loudly when the content does not match the
    Content-Length header
  * Fixed secure-http detecting some malformed URLs as insecure
  * Updated CA bundle
* Wed Apr 06 2016
- version 1.0.0
  * Added support for bitbucket-oauth configuration
  * Added warning when running composer as super user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must
  * Added PluginManager::getGlobalComposer getter to retrieve the global instance (which can be null!)
  * Fixed dependency solver error reporting in many cases it now shows you proper errors instead of just saying a package does not exist
  * Fixed output of failed downloads appearing as 100% done instead of Failed
  * Fixed handling of empty directories when archiving, they are not skipped anymore
  * Fixed installation of broken plugins corrupting the vendor state when combined with symlinked path repositories
* Wed Dec 09 2015
- Utilize php version agnostic packages to be compatible with php7.
* Sun Nov 15 2015
- Fix version: indicate alpha release via ~ (tilde)
- Add php5-json dependency
- version 1.0.0-alpha11
  * Added config.platform to let you specify what your target environment
    looks like and make sure you do not inadvertently install dependencies
    that would break it
  * Added exclude-from-classmap in the autoload config that lets you
    ignore sub-paths of classmapped directories, or psr-0/4 directories
    when building optimized autoloaders
  * Added path repository type to install/symlink packages from local paths
  * Added possibility to reference script handlers from within other
    handlers using @script-name to reduce duplication
  * Added suggests command to show what packages are suggested, use -v to
    see more details
  * Added content-hash inside the composer.lock to restrict the warnings
    about outdated lock file to some specific changes in the composer.json
  * Added archive-format and archive-dir config options to specify default
    values for the archive command
  * Added --classmap-authoritative to install, update, require, remove and
    dump-autoload commands, forcing the optimized classmap to be
  * Added -A / --with-dependencies to the validate command to allow
    validating all your dependencies recursively
  * Added --strict to the validate command to treat any warning as an
    error that then returns a non-zero exit code
  * Added a dependency on composer/semver, which is the externalized lib
    for all the version constraints parsing and handling
  * Added support for classmap autoloading to load plugin classes and
    script handlers
  * Added bin-compat config option that if set to full will create .bat
    proxy for binaries even if Compoesr runs in a linux VM
  * Added SPDX 2.0 support, and externalized that in a
    composer/spdx-licenses lib
  * Added warnings when the classmap autoloader finds duplicate classes
  * Added --file to the archive command to choose the filename
  * Added Ctrl+C handling in create-project to cancel the operation cleanly
  * Fixed version guessing to use ^ always, default to stable versions,
    and avoid versions that require a higher php version than you have
  * Fixed the lock file switching back and forth between old and new URL
    when a package URL is changed and many people run updates
  * Fixed partial updates updating things they shouldn't when the current
    vendor dir was out of date with the lock file
  * Fixed PHAR file creation to be more reproducible and always generate
    the exact same phar file from a given source
  * Fixed issue when checking out git branches or tags that are also the
    name of a file in the repo
  * Many minor fixes and documentation additions and UX improvements
* Wed Aug 26 2015
- Fixed download location
* Tue Jun 16 2015
- php5-openssl is reuired, too.
* Tue May 26 2015
- php5-phar is required
* Tue Apr 28 2015
- Renamed package
- Added license
* Mon Apr 27 2015
- version 1.0.0-alpha10
  * Break: The following event classes are deprecated and you should update
    your script handlers to use the new ones in type hints:
  - Composer\Script\CommandEvent is deprecated, use Composer\Script\Event
  - Composer\Script\PackageEvent is deprecated, use
  * Break: Output is now split between stdout and stderr. Any irrelevant output
    to each command is on stderr as per unix best practices.
  * Added support for npm-style semver operators (^ and - ranges, (space) =
    AND, || = OR)
  * Added --prefer-lowest to update command to allow testing a package with the
    lowest declared dependencies
  * Added support for parsing semver build metadata +anything at the end of
  * Added --sort-packages option to require command for sorting dependencies
  * Added --no-autoloader to install and update commands to skip autoload
  * Added --list to run-script command to see available scripts
  * Added --absolute to config command to get back absolute paths
  * Added classmap-authoritative config option, if enabled only the classmap
    info will be used by the composer autoloader
  * Added support for branch-alias on numeric branches
  * Added support for the https_proxy/HTTPS_PROXY env vars used only for https
  * Added support for using real composer repos as local paths in
    create-project command
  * Added --no-dev to licenses command
  * Added support for PHP 7.0 nightly builds
  * Fixed detection of stability when parsing multiple constraints
  * Fixed installs from lock file containing updated composer.json requirement
  * Fixed the autoloader suffix in vendor/autoload.php changing in every build
  * Many minor fixes, documentation additions and UX improvements