Oh Dear

Fixed

• Cache-miss and stale-cache warnings produced by cachedViaCron now carry the same name and label (e.g. Security Vulnerabilities, Abandoned Packages) as a successfully computed result, instead of the fully-qualified class name. Also fixed Check::getName() to return the short class name on Linux, where basename() did not split on backslashes.

Added

• The CVE and Abandoned Packages health checks can opt into cron-refreshed caching via ->cachedViaCron(int $staleAfterSeconds). When enabled, the health-check endpoint reads the cached result instead of spawning composer subprocesses inline (which can take several seconds per advisory). Run craft ohdear/health-check/refresh on cron to populate the cache.
• New console command craft ohdear/health-check/refresh iterates registered checks and refreshes the cached result for those that opted into cachedViaCron.

Changed

• CveCheck and AbandonedPackagesCheck now share a single composer audit invocation when both run in the same process (refresh command, or one HTTP request with caching disabled), eliminating the duplicate audit subprocess.

Fixed

• The CVE and Abandoned Packages health checks now copy composer.phar to a unique per-call path and validate the copy succeeded. This prevents concurrent checks from clobbering each other's phar (which surfaced as Cannot open phar archive errors) and surfaces a clear warning if the phar can't be prepared.

Added

• Added a health check that calls the backup/monitor craft command to monitor backups managed by the Craft Backup plugin.

Fixed

• The CVE and Abandoned Packages health checks no longer crash with a cryptic TypeError when composer audit produces non-JSON output. They now return a warning result carrying Composer's actual error message.

Added

• Added a health check for whether the allowAdminChanges general config setting is enabled.

Fixed

• Fixed and improved the handling of errors related to the plugin settings.

Added

• Support the latest version of the Oh Dear API and PHP SDK.

Fixed

• Prevent unnecessary API calls against the Oh Dear API.

Added

• Added default description to queue health check job

Changed

• Moved plugin registrations depending on Craft's initialization into onInit() method

Added

• New health check: CVE (Monitor installed packages for known vulnerabilities using Composer Audit)
• New health check: Abandoned (Monitor installed packages for abandoned packages using Composer Audit)

Changed

• Optimized wording in existing health checks

Added

• Added new Lighthouse check 💡🏠

Changed

• Improved Broken Link and Mixed Content checks

Craft Oh Dear for Craft CMS 5 is now available.

Fixed

• Missing custom plugin name in widget