Changelog

May 15, 2026

2.10.1

(fix): Dynamic snippets now render path-parameter arguments in IR (URL / SDK signature) order rather than in the order they happen to appear in the input request, so generated examples line up with the actual SDK method signature even when the spec lists path parameters in a different order.

May 14, 2026

2.10.0

(feat): Support streaming response bodies in generated PHP SDKs (Server-Sent Events, NDJSON, and raw text). Endpoints with a response-stream now return a typed SseStream<T>, JsonStream<T>, or TextStream that iterates the response frame-by-frame and deserializes each one into the declared payload type. Previously these endpoints were emitted as broken void methods that always threw <Sdk>ApiException regardless of HTTP status.

2.9.7

(chore): Patch the bundled ip-address to v10.2.0 in the php-sdk container to address CVE-2026-42338 / GHSA-v2v4-37r5-5v8g (XSS in Address6 HTML- emitting methods). npm 11.12.1 (shipped with node:24.15) bundles ip-address@10.1.0 via socks; this overlays the published 10.2.0 tarball in place at image build time.

May 13, 2026

2.9.6

(fix): Stop launching WireMock with --global-response-templating in generated wire-test docker-compose.test.yml. Response examples containing literal {{...}} are now served verbatim instead of being passed through WireMock’s Handlebars transformer, which would fail to resolve them as helpers and return 500.

May 12, 2026

2.9.5

(chore): Patch PHP SDK + PHP model generator container CVEs flagged in the AWS ECR / grype scan. Refresh apk upgrade --available to pull the latest Alpine 3.23 security patches and patch npm’s bundled picomatch@4.0.3 -> 4.0.4 and brace-expansion@5.0.4 -> 5.0.5 via tarball replacement.

May 11, 2026

2.9.4

(chore): Bump the PHP SDK and PHP model generator containers’ Node base image from node:22.22-alpine3.23 to node:24.15-alpine3.23. Aligns the generators with the rest of the Fern generator containers on a single Node major version (Node 24) and picks up Node 24’s CVE patches.

May 8, 2026

2.9.3

(chore): Bump the php-sdk container’s composer base image from composer:2.7.9 (Alpine 3.20, PHP 8.3.12) to composer:2.9.7 (Alpine 3.22, current PHP), addressing the Alpine 3.20 EOL alert and the PHP 8.3.12 CVEs (CVE-2024-8932, CVE-2024-11236, CVE-2025-1861), and force a fresh apk upgrade so the rebuilt image picks up the patched openssl 3.5.6-r0 from Alpine 3.23.4 (CVE-2026-31789).

(chore): Bump the php-model container’s composer base image from composer:2.7.9 (Alpine 3.20, PHP 8.3.12) to composer:2.9.7 (Alpine 3.22, current PHP), mirroring the php-sdk bump. Addresses the Alpine 3.20 EOL alert and the PHP 8.3.12 CVEs (CVE-2024-8932, CVE-2024-11236, CVE-2025-1861), and standardizes on apk upgrade --no-cache --available for cache invalidation.

May 7, 2026

2.9.2

(chore): Bump generator container Node.js base image to node:22.22-alpine3.23 and apply latest Alpine package security updates at build time.

May 5, 2026

2.9.1

(fix): Apply canonical “all user-specified examples, else first autogenerated” selection in the PHP SDK snippet output path. Aligns the generator’s snippet.json / README example selection with TS-v1 / Python-v1 behavior so dynamic-IR-driven snippets are deterministic across runs.

May 4, 2026

2.9.0

(feat): Generate CONTRIBUTING.md for PHP SDKs.

May 1, 2026

2.8.1

(fix): Fix dynamic snippet generator to emit required global headers as named constructor arguments instead of inside the options array.