What's New in Laravel 13: Key Features, Improvements & Why It Matters in 2026
Laravel 13, officially released on March 17, 2026, continues Laravel's annual release cadence with a focus on AI-native workflows, stronger defaults, and more expressive developer APIs. Announced by Taylor Otwell at Laracon EU 2026, this release delivers zero breaking changes while introducing substantial new capabilities including first-party AI primitives, native PHP Attribute support across 15+ framework locations, Passkey authentication, JSON:API resources, semantic / vector search, and incremental improvements across queues, cache, and security.Why upgrade now? Laravel 13 requires PHP 8.3+ (dropping PHP 8.2 support), delivers modern PHP features like typed class constants and JIT optimizations, and provides future-proof foundations for building AI-powered applications. Whether you're starting a fresh project or upgrading an existing Laravel 12 app, the transition is often code-change-free. In this guide, you'll find practical sample code for every major feature, upgrade steps, and answers to common questions — helping you quickly adopt Laravel 13's improvements and build faster, more maintainable applications in 2026 and beyond.
Table Of Content
1 Laravel 13 Requirements
Before starting the Laravel 13 install process, ensure you meet the following Laravel 13 requirements:
2. Composer
3. Database (Optional but recommended — PostgreSQL recommended for vector search)
4. Node & npm for frontend dependency management
5. Web Server (Apache or Nginx recommended)
2 What's New in Laravel 13?
Laravel 13 introduces native PHP 8 Attribute support as an optional alternative to class properties for configuring components across 15+ locations including models, controllers, jobs, commands, listeners, mailables, and notifications.
Laravel 12 - Old Way (Class Properties)
class User extends Model
{
protected $table = 'users';
protected $primaryKey = 'user_id';
protected $keyType = 'string';
public $incrementing = false;
protected $fillable = ['name', 'email'];
protected $hidden = ['password', 'remember_token'];
}
Laravel 13 - New Way (PHP Attributes)
use Illuminate\Database\Eloquent\Attributes\Table;
use Illuminate\Database\Eloquent\Attributes\Fillable;
use Illuminate\Database\Eloquent\Attributes\Hidden;
#[Table('users', key: 'user_id', keyType: 'string', incrementing: false)]
#[Fillable('name', 'email')]
#[Hidden('password', 'remember_token')]
class User extends Model
{
//
}
(Cleaner, declarative, and co-located configuration! The old property-based approach still works.)
Middleware and authorization can now be declared directly on classes and methods using attributes.
Laravel 12 - Old Way
class CommentController extends Controller
{
public function __construct()
{
$this->middleware('auth');
$this->middleware('subscribed')->only('store');
}
}
Laravel 13 - New Way
use Illuminate\Routing\Attributes\Controllers\Authorize;
use Illuminate\Routing\Attributes\Controllers\Middleware;
#[Middleware('auth')]
class CommentController
{
#[Middleware('subscribed')]
#[Authorize('create', [Comment::class, 'post'])]
public function store(Post $post)
{
// ...
}
}
(No more constructor-based middleware registration!)
Queue job behavior can also be configured with attributes like #[Tries], #[Backoff], #[Timeout], and #[FailOnTimeout].
Laravel 12 - Old Way
class ProcessPodcast implements ShouldQueue
{
public $tries = 3;
public $timeout = 120;
public $backoff = [10, 30, 60];
}
Laravel 13 - New Way
use Illuminate\Queue\Attributes\Tries;
use Illuminate\Queue\Attributes\Timeout;
use Illuminate\Queue\Attributes\Backoff;
#[Tries(3)]
#[Timeout(120)]
#[Backoff(10, 30, 60)]
class ProcessPodcast implements ShouldQueue
{
public function handle(): void
{
// ...
}
}
The Laravel AI SDK moves from beta to production-stable with Laravel 13. It provides a unified, provider-agnostic API for text generation, tool-calling agents, embeddings, image generation, and audio synthesis. Switch providers (OpenAI, Anthropic, etc.) by changing one config value.
Text Generation & Agents
use App\Ai\Agents\SalesCoach;
$response = SalesCoach::make()->prompt('Analyze this sales transcript...');
return (string) $response;
Image Generation
use Laravel\Ai\Image;
$image = Image::of('A donut sitting on the kitchen counter')->generate();
$rawContent = (string) $image;
Audio Synthesis
use Laravel\Ai\Audio;
$audio = Audio::of('I love coding with Laravel.')->generate();
$rawContent = (string) $audio;
Embeddings
use Illuminate\Support\Str;
$embeddings = Str::of('Napa Valley has great wine.')->toEmbeddings();
(One SDK for text, images, audio, and embeddings — switch providers with a single config change!)
A new method to extend a cache item's TTL without retrieving and re-storing its value. Under the hood, Redis uses EXPIRE, Memcached uses TOUCH, and the database driver issues a single UPDATE.
Laravel 12 - Old Way
// Had to get and re-store the value
$value = Cache::get('heavy_report');
Cache::put('heavy_report', $value, now()->addHours(2));
Laravel 13 - New Way
// Extend TTL without fetching the value
Cache::touch('heavy_report', now()->addHours(2));
// Returns true on success, false if key doesn't exist
(No more unnecessary data transfer for large cached items!)
Laravel 13 adds native vector query support for building AI-powered search experiences using PostgreSQL + pgvector. Generate embeddings via the AI SDK and run similarity searches directly from the query builder.
$documents = DB::table('documents')
->whereVectorSimilarTo('embedding', 'Best wineries in Napa Valley')
->limit(10)
->get();
(Semantic search built right into the query builder — no external packages needed!)
Laravel now includes first-party JSON:API resource classes that handle resource object serialization, relationship inclusion, sparse fieldsets, links, and compliant response headers automatically.
Laravel 12 - Old Way (Manual JSON:API compliance)
// Had to manually format or use third-party packages
class PostResource extends JsonResource
{
public function toArray($request)
{
return [
'type' => 'posts',
'id' => (string) $this->id,
'attributes' => [
'title' => $this->title,
'body' => $this->body,
],
];
}
}
Laravel 13 - New Way (Built-in JSON:API Resources)
use Illuminate\Http\Resources\Json\JsonApiResource;
class PostResource extends JsonApiResource
{
// Automatically handles serialization, relationships,
// sparse fieldsets, links, and JSON:API headers
}
(Full JSON:API spec compliance out of the box!)
Define which queue and connection each job class uses from a single, central location in a service provider — no more scattered configuration.
Laravel 12 - Old Way
// Set queue on each job class
class ProcessPodcast implements ShouldQueue
{
public $connection = 'redis';
public $queue = 'podcasts';
}
// Or specify at dispatch
ProcessPodcast::dispatch($podcast)->onQueue('podcasts')->onConnection('redis');
Laravel 13 - New Way
// In a service provider - centralized routing
Queue::route(ProcessPodcast::class, connection: 'redis', queue: 'podcasts');
// Now just dispatch normally
ProcessPodcast::dispatch($podcast);
(Centralized queue routing — manage all job routing in one place!)
WebAuthn (Passkeys) is natively integrated into Laravel Fortify and the Starter Kits. Users can securely log in via Face ID, Touch ID, or hardware security keys out of the box — no third-party packages required.
// In config/fortify.php
'features' => [
Features::registration(),
Features::resetPasswords(),
Features::emailVerification(),
Features::passkeys(), // New in Laravel 13!
],
(Passwordless login with biometrics or hardware keys — built right in!)
The new Laravel 13 starter kits bring team-based multi-tenancy back to the official scaffolding, improving on Jetstream's original Teams feature. Users can operate different team contexts in separate browser tabs via URL routing — something the old session-based approach could not support.
// URL-based team switching (works across browser tabs)
// /teams/1/dashboard <-- Team A in Tab 1
// /teams/2/dashboard <-- Team B in Tab 2
// No more session conflicts between teams!
$user->teams; // Access all teams
$user->currentTeam; // Resolved from URL, not session
(Multi-team support with URL-based context — no more session conflicts!)
Laravel 13 adds a database driver to Reverb, the built-in real-time communication layer. Previously, real-time features required a separate Redis infrastructure. Now the same capabilities run directly on your existing database.
// In config/reverb.php
'driver' => 'database', // New! No Redis required
// Real-time broadcasting works the same way
broadcast(new OrderShipped($order));
(Real-time features without Redis — great for smaller apps and simpler infrastructure!)
Laravel's CSRF protection middleware has been enhanced and formalized as PreventRequestForgery, adding origin-aware request verification while preserving compatibility with token-based CSRF protection.
// Automatically applied — enhanced origin-aware verification
// Works alongside existing CSRF token protection
// No code changes needed for existing apps
(Stronger security with zero effort on your part!)
6 Conclusion
Written by Revathi M
PHP Developer & Technical Writer · 10+ years building web applications with CodeIgniter and Laravel
Revathi specializes in PHP backend development, authentication systems, and REST API design. She writes practical, production-tested tutorials at Get Sample Code to help developers build secure applications faster.
Frequently Asked Questions
Laravel 13 requires PHP 8.3 or higher (dropping PHP 8.2 support), Composer, an optional database (PostgreSQL recommended for vector search), Node.js and npm for frontend assets, and a web server like Apache or Nginx.
PHP Attributes are a new optional way to configure Laravel components like models, controllers, jobs, and listeners using declarative syntax like #[Table('users')] and #[Middleware('auth')] instead of class properties. The old property-based approach still works.
The Laravel AI SDK is a first-party, production-stable package that provides a unified API for text generation, tool-calling agents, image creation, audio synthesis, and embedding generation. It supports multiple providers like OpenAI and Anthropic with a single config change.
Cache::touch() extends the TTL (time-to-live) of a cached item without retrieving and re-storing its value. It uses optimized driver-specific commands (EXPIRE for Redis, TOUCH for Memcached, UPDATE for database).
Laravel 13 adds native vector query support via whereVectorSimilarTo() on the query builder. It works with PostgreSQL + pgvector to perform semantic similarity searches against embeddings generated from the AI SDK.
Laravel 13 includes first-party JSON:API resource classes that automatically handle resource object serialization, relationship inclusion, sparse fieldsets, links, and JSON:API-compliant response headers.
Queue::route() lets you define default queue and connection routing rules for specific job classes from a central service provider, eliminating the need to configure queue properties on each job class or at every dispatch site.
Yes, WebAuthn (Passkeys) is natively integrated into Laravel Fortify and the Starter Kits. Users can log in via Face ID, Touch ID, or hardware security keys without needing third-party packages.
Laravel 13 starter kits reintroduce team-based multi-tenancy with URL-based team context switching. Users can operate different teams in separate browser tabs without session conflicts, improving on Jetstream's original implementation.
No. Laravel 13 was designed with zero breaking changes at the application level. All new features are optional. The only infrastructure requirement is PHP 8.3 minimum. Most Laravel 12 apps can upgrade without code changes.