{"id":2092,"date":"2026-07-03T12:03:20","date_gmt":"2026-07-03T12:03:20","guid":{"rendered":"https:\/\/debugspot.com\/blogs\/?p=2092"},"modified":"2026-07-03T12:08:12","modified_gmt":"2026-07-03T12:08:12","slug":"upgrade-to-laravel-13","status":"publish","type":"post","link":"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/","title":{"rendered":"Upgrade to Laravel 13: The Complete Step-by-Step Guide (2026)"},"content":{"rendered":"<p><strong>Ready to move to the newest version?<\/strong> This guide walks you through how to <strong>upgrade to Laravel 13<\/strong> step by step &#8211; from Laravel 11 or 12 &#8211; in about ten minutes. Laravel 13 (released March 2026) keeps breaking changes to a minimum, so for most apps the upgrade to Laravel 13 is quick, safe, and well worth it for the new AI SDK, vector search, and security improvements.<\/p>\n<div style=\"text-align:center;margin:30px 0;\"><a href=\"https:\/\/debugspot.com\/blogs\/category\/laravel\/\" style=\"display:inline-block;background:#7c3aed;color:#ffffff;padding:15px 36px;border-radius:8px;font-size:18px;font-weight:700;text-decoration:none;box-shadow:0 6px 18px rgba(124,58,237,0.4);\">&#128218; More Laravel 13 Tutorials &rarr;<\/a><\/div>\n<figure><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/debugspot.com\/blogs\/wp-content\/uploads\/2026\/07\/upgrade-to-laravel-13-featured-v2.png\" alt=\"How to upgrade to Laravel 13 step-by-step guide\" width=\"1200\" height=\"630\" \/><\/figure>\n<div style=\"background:#f6f7fb;border:1px solid #e3e6ef;border-radius:10px;padding:18px 24px;margin:26px 0;\">\n<strong style=\"font-size:18px;\">&#128209; Table of Contents<\/strong><\/p>\n<ul style=\"margin-top:10px;line-height:1.9;\">\n<li><a href=\"#why\">Why Upgrade to Laravel 13?<\/a><\/li>\n<li><a href=\"#before\">Before You Start<\/a><\/li>\n<li><a href=\"#deps\">Step 2: Update Dependencies<\/a><\/li>\n<li><a href=\"#csrf\">The One High-Impact Change (CSRF)<\/a><\/li>\n<li><a href=\"#breaking\">Other Breaking Changes to Review<\/a><\/li>\n<li><a href=\"#test\">Run Your Tests<\/a><\/li>\n<li><a href=\"#ai\">Bonus: Upgrade With AI<\/a><\/li>\n<li><a href=\"#faq\">Frequently Asked Questions<\/a><\/li>\n<\/ul>\n<\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Why_Upgrade_to_Laravel_13\" >Why Upgrade to Laravel 13?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#How_Long_Does_the_Upgrade_Take\" >How Long Does the Upgrade Take?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Before_You_Start\" >Before You Start<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Step_1_Confirm_Your_PHP_Version\" >Step 1: Confirm Your PHP Version<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Step_2_Update_Your_composerjson_Dependencies\" >Step 2: Update Your composer.json Dependencies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Step_3_Run_the_Update\" >Step 3: Run the Update<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Step_4_Update_the_Laravel_Installer\" >Step 4: Update the Laravel Installer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#The_One_High-Impact_Change_CSRF_Middleware_Rename\" >The One High-Impact Change: CSRF Middleware Rename<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Medium-Impact_The_Cache_serializable_classes_Setting\" >Medium-Impact: The Cache serializable_classes Setting<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Medium-Impact_Database_upsert_Validation\" >Medium-Impact: Database upsert Validation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Other_Breaking_Changes_to_Review\" >Other Breaking Changes to Review<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Step_5_Run_Your_Test_Suite\" >Step 5: Run Your Test Suite<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Step_6_Test_Manually_and_Deploy\" >Step 6: Test Manually and Deploy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Bonus_Upgrade_With_AI_Laravel_Boost\" >Bonus: Upgrade With AI (Laravel Boost)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Common_Upgrade_Problems_and_Fixes\" >Common Upgrade Problems and Fixes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Should_You_Upgrade_Now\" >Should You Upgrade Now?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Related_Laravel_Guides\" >Related Laravel Guides<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Frequently_Asked_Questions\" >Frequently Asked Questions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#How_long_does_it_take_to_upgrade_to_Laravel_13\" >How long does it take to upgrade to Laravel 13?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#What_PHP_version_does_Laravel_13_need\" >What PHP version does Laravel 13 need?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Can_I_upgrade_directly_from_Laravel_11_to_13\" >Can I upgrade directly from Laravel 11 to 13?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#What_is_the_biggest_breaking_change_in_Laravel_13\" >What is the biggest breaking change in Laravel 13?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Will_the_upgrade_break_my_app\" >Will the upgrade break my app?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Do_I_need_to_update_my_packages_too\" >Do I need to update my packages too?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Can_AI_help_me_upgrade\" >Can AI help me upgrade?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Is_it_safe_to_upgrade_a_production_app\" >Is it safe to upgrade a production app?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Keep_Your_App_Current_and_Secure\" >Keep Your App Current and Secure<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#What_Is_New_in_Laravel_13_A_Closer_Look\" >What Is New in Laravel 13: A Closer Look<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Upgrading_Your_Packages_and_Starter_Kits\" >Upgrading Your Packages and Starter Kits<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Automate_Your_Upgrade\" >Automate Your Upgrade<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Backing_Up_Before_You_Upgrade\" >Backing Up Before You Upgrade<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Cleaning_Up_Deprecated_CSRF_References\" >Cleaning Up Deprecated CSRF References<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#What_Changed_for_Queues_and_Jobs\" >What Changed for Queues and Jobs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#A_Testing_Strategy_for_a_Confident_Upgrade\" >A Testing Strategy for a Confident Upgrade<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Laravel_13_vs_Laravel_12_What_Actually_Changed\" >Laravel 13 vs Laravel 12: What Actually Changed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/debugspot.com\/blogs\/upgrade-to-laravel-13\/#Start_Your_Upgrade_to_Laravel_13\" >Start Your Upgrade to Laravel 13<\/a><\/li><\/ul><\/nav><\/div>\n<h2 id=\"why\"><span class=\"ez-toc-section\" id=\"Why_Upgrade_to_Laravel_13\"><\/span>Why Upgrade to Laravel 13?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Laravel 13 is the framework biggest leap for modern apps, and the good news is that the upgrade to Laravel 13 is refreshingly painless. Here is what you gain:<\/p>\n<ul>\n<li><strong>Laravel AI SDK<\/strong> &#8211; a first-party, provider-agnostic API for building chatbots and AI agents.<\/li>\n<li><strong>Native vector &amp; semantic search<\/strong> &#8211; store embeddings and run similarity queries for AI-powered search.<\/li>\n<li><strong>PHP 8 Attributes &amp; typed Eloquent models<\/strong> &#8211; cleaner, more expressive model definitions.<\/li>\n<li><strong>First-party JSON:API support<\/strong> &#8211; build spec-compliant APIs faster.<\/li>\n<li><strong>Reverb database driver<\/strong> &#8211; real-time features without needing Redis.<\/li>\n<li><strong>Stronger CSRF protection<\/strong> via the new PreventRequestForgery middleware.<\/li>\n<\/ul>\n<figure><img decoding=\"async\" src=\"https:\/\/debugspot.com\/blogs\/wp-content\/uploads\/2026\/07\/upgrade-to-laravel-13-steps-v2.png\" alt=\"Upgrade to Laravel 13 in 3 steps\" width=\"1200\" height=\"470\" \/><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"How_Long_Does_the_Upgrade_Take\"><\/span>How Long Does the Upgrade Take?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>According to Laravel official upgrade guide, the estimated time is just <strong>10 minutes<\/strong>. Laravel documents every possible breaking change, but only a handful are high impact, and most apps are affected by very few of them. That is exactly why the upgrade to Laravel 13 is one of the smoothest in the framework history.<\/p>\n<h2 id=\"before\"><span class=\"ez-toc-section\" id=\"Before_You_Start\"><\/span>Before You Start<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A few minutes of preparation makes the whole process safe:<\/p>\n<ul>\n<li><strong>Commit your code<\/strong> &#8211; create a fresh Git branch so you can roll back instantly if needed.<\/li>\n<li><strong>Check your PHP version<\/strong> &#8211; Laravel 13 requires <strong>PHP 8.3 or higher<\/strong>.<\/li>\n<li><strong>Read the changelog<\/strong> &#8211; skim the official upgrade guide for anything specific to your app.<\/li>\n<li><strong>Have your tests ready<\/strong> &#8211; a passing test suite is your safety net.<\/li>\n<\/ul>\n<figure><img decoding=\"async\" src=\"https:\/\/debugspot.com\/blogs\/wp-content\/uploads\/2026\/07\/upgrade-to-laravel-13-grid-v2.png\" alt=\"New features in Laravel 13\" width=\"1200\" height=\"620\" \/><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Step_1_Confirm_Your_PHP_Version\"><\/span>Step 1: Confirm Your PHP Version<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Laravel 13 needs PHP 8.3+. Check your version first:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>php -v<\/code><\/pre>\n<p>If you are on PHP 8.2 or lower, update PHP before you continue. Most managed hosts and tools like Laravel Herd make switching PHP versions a one-click job.<\/p>\n<h2 id=\"deps\"><span class=\"ez-toc-section\" id=\"Step_2_Update_Your_composerjson_Dependencies\"><\/span>Step 2: Update Your composer.json Dependencies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This is the core of the upgrade. Open <code>composer.json<\/code> and update these version constraints:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>\"require\": {\r\n    \"php\": \"^8.3\",\r\n    \"laravel\/framework\": \"^13.0\",\r\n    \"laravel\/tinker\": \"^3.0\"\r\n},\r\n\"require-dev\": {\r\n    \"laravel\/boost\": \"^2.0\",\r\n    \"pestphp\/pest\": \"^4.0\",\r\n    \"phpunit\/phpunit\": \"^12.0\"\r\n}<\/code><\/pre>\n<p>These are the packages the official guide flags as high impact. If you use other first-party packages (Sanctum, Horizon, Telescope), bump them to their Laravel 13-compatible releases too.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_3_Run_the_Update\"><\/span>Step 3: Run the Update<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>With <code>composer.json<\/code> updated, pull in the new versions:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>composer update<\/code><\/pre>\n<p>Composer resolves the new dependency tree and installs Laravel 13. If you hit a version conflict, the error will name the package holding you back &#8211; update or temporarily remove it, then run the command again.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_4_Update_the_Laravel_Installer\"><\/span>Step 4: Update the Laravel Installer<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you create new apps with the Laravel installer, update it for Laravel 13 compatibility:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>composer global update laravel\/installer<\/code><\/pre>\n<p>Herd users should simply update Herd to the latest release, which bundles a compatible installer.<\/p>\n<h2 id=\"csrf\"><span class=\"ez-toc-section\" id=\"The_One_High-Impact_Change_CSRF_Middleware_Rename\"><\/span>The One High-Impact Change: CSRF Middleware Rename<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This is the single change most apps need to act on. Laravel renamed the CSRF middleware from <code>VerifyCsrfToken<\/code> to <strong><code>PreventRequestForgery<\/code><\/strong>, and it now adds request-origin verification using the <code>Sec-Fetch-Site<\/code> header for stronger protection. The old names remain as deprecated aliases, but you should update any direct references &#8211; especially where you exclude the middleware:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>use Illuminate\\Foundation\\Http\\Middleware\\PreventRequestForgery;\r\n\r\n\/\/ Laravel 12 and earlier\r\n-&gt;withoutMiddleware([VerifyCsrfToken::class]);\r\n\r\n\/\/ Laravel 13\r\n-&gt;withoutMiddleware([PreventRequestForgery::class]);<\/code><\/pre>\n<p>The middleware configuration API also gains a <code>preventRequestForgery(...)<\/code> method. Search your codebase for <code>VerifyCsrfToken<\/code> and update each reference to be safe.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Medium-Impact_The_Cache_serializable_classes_Setting\"><\/span>Medium-Impact: The Cache serializable_classes Setting<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Laravel 13 hardens cache security. The default <code>cache<\/code> config now sets <code>serializable_classes<\/code> to <code>false<\/code>, which blocks PHP deserialization gadget-chain attacks if your <code>APP_KEY<\/code> ever leaks. If your app intentionally caches PHP objects, you must allow-list those classes:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>\/\/ config\/cache.php\r\n'serializable_classes' => [\r\n    App\\Data\\CachedDashboardStats::class,\r\n    App\\Support\\CachedPricingSnapshot::class,\r\n],<\/code><\/pre>\n<p>If you only cache arrays and scalars, you can leave this as is.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Medium-Impact_Database_upsert_Validation\"><\/span>Medium-Impact: Database upsert Validation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Laravel now throws an <code>InvalidArgumentException<\/code> if you call <code>upsert()<\/code> with an empty <code>uniqueBy<\/code> value, instead of generating invalid SQL. On MySQL and MariaDB the driver ignores <code>uniqueBy<\/code> and uses the table indexes, but you must still pass a non-empty value to avoid the exception.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/debugspot.com\/blogs\/wp-content\/uploads\/2026\/07\/upgrade-to-laravel-13-checklist-grid-v2.png\" alt=\"Laravel 13 upgrade checklist\" width=\"1200\" height=\"620\" \/><\/figure>\n<h2 id=\"breaking\"><span class=\"ez-toc-section\" id=\"Other_Breaking_Changes_to_Review\"><\/span>Other Breaking Changes to Review<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Most of the remaining changes are low impact and will not affect a typical app, but it is worth scanning this list:<\/p>\n<ul>\n<li><strong>Queue JobAttempted event:<\/strong> the boolean <code>$event-&gt;exceptionOccurred<\/code> is replaced by <code>$event-&gt;exception<\/code> (a Throwable or null).<\/li>\n<li><strong>QueueBusy event:<\/strong> the <code>$connection<\/code> property is renamed to <code>$connectionName<\/code>.<\/li>\n<li><strong>Cache &amp; session keys:<\/strong> default prefixes now use hyphens (<code>-cache-<\/code>) instead of underscores. Set <code>CACHE_PREFIX<\/code> and <code>SESSION_COOKIE<\/code> explicitly to keep old values.<\/li>\n<li><strong>Pagination views:<\/strong> Bootstrap 3 view names changed to <code>pagination::bootstrap-3<\/code>.<\/li>\n<li><strong>Container::call:<\/strong> nullable class parameters with a default now resolve to <code>null<\/code> instead of an instance.<\/li>\n<li><strong>Domain routes:<\/strong> routes with an explicit domain are now matched before non-domain routes.<\/li>\n<li><strong>Global helpers:<\/strong> a new PHP 8.5 polyfill defines <code>array_first()<\/code> \/ <code>array_last()<\/code>; prefer <code>Arr::first()<\/code> to avoid conflicts with legacy helpers.<\/li>\n<li><strong>Model booting:<\/strong> creating a model instance during its own boot cycle now throws a <code>LogicException<\/code>.<\/li>\n<li><strong>Password reset email:<\/strong> the default subject changed to &#8220;Reset your password&#8221;.<\/li>\n<\/ul>\n<p>For the low-impact items, a quick project-wide search for the old property or method names is all it takes to confirm you are clear.<\/p>\n<h2 id=\"test\"><span class=\"ez-toc-section\" id=\"Step_5_Run_Your_Test_Suite\"><\/span>Step 5: Run Your Test Suite<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Your tests are the fastest way to catch anything the upgrade touched:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>php artisan test<\/code><\/pre>\n<p>Green across the board? You are almost done. If a test fails, the message usually points straight at the breaking change responsible &#8211; check it against the list above.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_6_Test_Manually_and_Deploy\"><\/span>Step 6: Test Manually and Deploy<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Beyond automated tests, click through the critical paths of your app &#8211; login, forms, payments, and anything using CSRF or queues, since those saw changes. Once you are confident, deploy as usual: push your branch, run <code>composer install --no-dev<\/code> on the server, run migrations, and clear caches with <code>php artisan optimize:clear<\/code>.<\/p>\n<h2 id=\"ai\"><span class=\"ez-toc-section\" id=\"Bonus_Upgrade_With_AI_Laravel_Boost\"><\/span>Bonus: Upgrade With AI (Laravel Boost)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Laravel 13 introduces a genuinely modern shortcut. <strong>Laravel Boost<\/strong> is a first-party MCP server that gives your AI assistant guided upgrade prompts. Install it, then run a single slash command in Claude Code, Cursor, or VS Code:<\/p>\n<pre style=\"background:#0d1117;color:#e6edf3;padding:18px;border-radius:8px;overflow-x:auto;font-size:14px;line-height:1.6;\"><code>composer require laravel\/boost:^2.0 --dev\r\n\r\nphp artisan boost:install\r\n\r\n# then, in your AI editor:\r\n\/upgrade-laravel-v13<\/code><\/pre>\n<p>The assistant walks through each change for you. Prefer a fully automated route? <strong>Laravel Shift<\/strong> (laravelshift.com) is a community service that performs the upgrade to Laravel 13 automatically and opens a pull request with the changes.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_Upgrade_Problems_and_Fixes\"><\/span>Common Upgrade Problems and Fixes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li><strong>Composer version conflict:<\/strong> a package is not yet Laravel 13-ready &#8211; update it, or temporarily remove it and re-run <code>composer update<\/code>.<\/li>\n<li><strong>&#8220;Class VerifyCsrfToken not found&#8221;:<\/strong> update the reference to <code>PreventRequestForgery<\/code>.<\/li>\n<li><strong>Cache errors after upgrading:<\/strong> allow-list your cached classes in <code>serializable_classes<\/code> or switch to array payloads.<\/li>\n<li><strong>Queue listener breaks:<\/strong> update <code>$exceptionOccurred<\/code> to <code>$exception<\/code> and <code>$connection<\/code> to <code>$connectionName<\/code>.<\/li>\n<li><strong>Class not found after update:<\/strong> run <code>composer dump-autoload<\/code>.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Should_You_Upgrade_Now\"><\/span>Should You Upgrade Now?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>For most applications, yes. The 10-minute estimate is realistic, the breaking changes are few, and Laravel 13 unlocks the AI SDK and vector search that are quickly becoming standard. Upgrading early also keeps you on a supported release for security fixes. Unless you depend on a package with no Laravel 13 release yet, there is little reason to wait &#8211; the upgrade to Laravel 13 pays for itself almost immediately.<\/p>\n<h2 id=\"related\"><span class=\"ez-toc-section\" id=\"Related_Laravel_Guides\"><\/span>Related Laravel Guides<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Once you are on Laravel 13, these free DebugSpot tutorials will help you make the most of it:<\/p>\n<ul>\n<li><a href=\"https:\/\/debugspot.com\/blogs\/laravel-ai-chatbot\/\">Laravel AI Chatbot: The Easy 2026 Guide (Laravel 13 AI SDK)<\/a><\/li>\n<li><a href=\"https:\/\/debugspot.com\/blogs\/search-comma-separated-values-laravel\/\">How to Search Comma Separated Values In Laravel<\/a><\/li>\n<li><a href=\"https:\/\/debugspot.com\/blogs\/generate-admin-panel-in-laravel\/\">Easily Generate an Admin Panel in Laravel in Just 2 Minutes<\/a><\/li>\n<li><a href=\"https:\/\/debugspot.com\/blogs\/install-configure-supervisor-laravel-linux\/\">6 Easy Steps: How to Install and Configure Supervisor for a Laravel Application on Linux<\/a><\/li>\n<li><a href=\"https:\/\/debugspot.com\/blogs\/how-to-check-checkbox-checked-jquery\/\">Easily Ensure At Least One Checkbox is Checked: jQuery Validation Guide<\/a><\/li>\n<\/ul>\n<h2 id=\"faq\"><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions\"><\/span>Frequently Asked Questions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"How_long_does_it_take_to_upgrade_to_Laravel_13\"><\/span>How long does it take to upgrade to Laravel 13?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Laravel estimates about 10 minutes for most applications, since only a few breaking changes are high impact.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_PHP_version_does_Laravel_13_need\"><\/span>What PHP version does Laravel 13 need?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Laravel 13 requires PHP 8.3 or higher. Update PHP first if you are on an older version.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Can_I_upgrade_directly_from_Laravel_11_to_13\"><\/span>Can I upgrade directly from Laravel 11 to 13?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It is smoothest to go 11 to 12 to 13, applying each upgrade guide in turn, but many apps can jump straight if dependencies allow.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_is_the_biggest_breaking_change_in_Laravel_13\"><\/span>What is the biggest breaking change in Laravel 13?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The CSRF middleware rename from VerifyCsrfToken to PreventRequestForgery is the main high-impact change to update.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Will_the_upgrade_break_my_app\"><\/span>Will the upgrade break my app?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>For most apps, no. Commit your code first, run your tests, and fix any flagged breaking changes &#8211; the process is designed to be safe.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Do_I_need_to_update_my_packages_too\"><\/span>Do I need to update my packages too?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Yes. Update laravel\/framework, tinker, boost, pest, and phpunit as shown, plus any first-party packages you use.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Can_AI_help_me_upgrade\"><\/span>Can AI help me upgrade?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Yes. Laravel Boost provides an \/upgrade-laravel-v13 command for AI editors, and Laravel Shift can automate the whole upgrade.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Is_it_safe_to_upgrade_a_production_app\"><\/span>Is it safe to upgrade a production app?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Upgrade on a branch, run your full test suite and manual checks, then deploy. That workflow makes production upgrades low risk.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Keep_Your_App_Current_and_Secure\"><\/span>Keep Your App Current and Secure<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Staying on the latest release is not just about new features &#8211; it is about security and long-term support. Older Laravel versions eventually stop receiving security patches, which leaves your application exposed to vulnerabilities that never get fixed. By keeping up with each yearly release, you make every future upgrade smaller and easier, avoid piling up years of breaking changes to tackle all at once, and stay eligible for the latest security fixes and community support. Treat the upgrade to Laravel 13 as part of routine maintenance rather than a one-off project, and your codebase will stay healthy, fast, and ready for whatever the framework introduces next. A little regular upkeep now saves a painful, high-risk rewrite later.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_Is_New_in_Laravel_13_A_Closer_Look\"><\/span>What Is New in Laravel 13: A Closer Look<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Before you upgrade, it helps to know what you are getting. Laravel 13 headline feature is the <strong>AI SDK<\/strong>, a first-party package for building chatbots and AI agents across OpenAI, Anthropic, Gemini, and more with a single clean API. Alongside it, <strong>native vector search<\/strong> lets you store embeddings and run similarity queries. On the developer-experience side, <strong>PHP 8 Attributes<\/strong> and <strong>typed Eloquent models<\/strong> make your models more expressive. The framework also adds first-party <strong>JSON:API<\/strong> support, centralized queue routing with <code>Queue::route()<\/code>, and the <strong>Reverb database driver<\/strong> for real-time broadcasting without Redis. For the complete list of changes, see the <a href=\"https:\/\/laravel.com\/docs\/13.x\/upgrade\" target=\"_blank\" rel=\"noopener\">official Laravel 13 upgrade guide<\/a>. Together, these are why the upgrade to Laravel 13 is worth doing sooner rather than later.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Upgrading_Your_Packages_and_Starter_Kits\"><\/span>Upgrading Your Packages and Starter Kits<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The framework is only part of your dependency tree. After bumping <code>laravel\/framework<\/code>, check every other Laravel package you rely on &#8211; Sanctum, Horizon, Telescope, Scout, Cashier, and Socialite all ship Laravel 13-compatible releases. If you used an official starter kit, review its 13.x branch on GitHub and sync any changes. Third-party community packages are the most common thing to hold up an upgrade, so if <code>composer update<\/code> complains, the offending package name will be right there in the error for you to update or replace.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Automate_Your_Upgrade\"><\/span>Automate Your Upgrade<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you would rather not do this by hand, two tools help. <a href=\"https:\/\/laravelshift.com\" target=\"_blank\" rel=\"noopener\">Laravel Shift<\/a> is a community service that performs the upgrade to Laravel 13 automatically and opens a pull request with the changes. <a href=\"https:\/\/github.com\/laravel\/boost\" target=\"_blank\" rel=\"noopener\">Laravel Boost<\/a> gives your AI editor a guided <code>\/upgrade-laravel-v13<\/code> command that walks through each change for you. Either way, the upgrade becomes almost hands-off, though it is still wise to review and test the result.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Backing_Up_Before_You_Upgrade\"><\/span>Backing Up Before You Upgrade<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Never upgrade without a safety net. Create a dedicated Git branch such as <code>upgrade\/laravel-13<\/code>, commit your current state, and, if your app is live, take a database backup too. This means that if anything goes wrong, rolling back is a single command rather than a stressful scramble. Working on a branch also lets you run the full upgrade and test suite in isolation before merging, keeping your main branch stable the entire time.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cleaning_Up_Deprecated_CSRF_References\"><\/span>Cleaning Up Deprecated CSRF References<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Because the CSRF change is the most likely to affect real apps, it deserves a second pass. Search your whole project for <code>VerifyCsrfToken<\/code> &#8211; in middleware exclusions, test helpers, and route definitions &#8211; and switch each one to <code>PreventRequestForgery<\/code>. While the deprecated aliases still work, updating now prevents surprises later when they are eventually removed. If you have custom CSRF logic, review how the new <code>Sec-Fetch-Site<\/code> origin check interacts with it, especially for APIs called from other origins.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_Changed_for_Queues_and_Jobs\"><\/span>What Changed for Queues and Jobs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If your app leans on queues, two small renames matter. The <code>JobAttempted<\/code> event now exposes the actual exception object via <code>$exception<\/code> instead of the old boolean <code>$exceptionOccurred<\/code>, which is more useful for logging and retries. The <code>QueueBusy<\/code> event renames <code>$connection<\/code> to <code>$connectionName<\/code> for consistency. Update any listeners that reference the old names. Queued notifications also now honour the missing-models behaviour more reliably.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"A_Testing_Strategy_for_a_Confident_Upgrade\"><\/span>A Testing Strategy for a Confident Upgrade<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Tests turn an upgrade from a gamble into a routine task. Run your full suite immediately after <code>composer update<\/code>, and treat each failure as a signpost to a specific breaking change rather than a crisis. If your coverage is thin, prioritize a few high-value tests around authentication, forms, payments, and queues before upgrading, since those areas are where issues surface first. Pest 4 and PHPUnit 12 both come with Laravel 13, so update your test dependencies at the same time as the framework.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Laravel_13_vs_Laravel_12_What_Actually_Changed\"><\/span>Laravel 13 vs Laravel 12: What Actually Changed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Compared to the jump some frameworks demand, Laravel 12 to 13 is deliberately gentle. The public API you write every day &#8211; routes, controllers, Eloquent, Blade &#8211; is essentially unchanged, which is why the ten-minute estimate holds for most apps. The differences are concentrated in security hardening, a few event and config renames, and a big pile of new opt-in capabilities like the AI SDK. In practice, the upgrade to Laravel 13 feels less like a migration and more like switching on powerful new tools while your existing code keeps working.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Start_Your_Upgrade_to_Laravel_13\"><\/span>Start Your Upgrade to Laravel 13<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The upgrade to Laravel 13 is quick, safe, and unlocks powerful new features. Back up your code, update your dependencies, handle the CSRF rename, run your tests, and you are done. Explore more free <a href=\"https:\/\/debugspot.com\/blogs\/category\/laravel\/\">Laravel tutorials<\/a> and handy <a href=\"https:\/\/debugspot.com\/\">free developer tools<\/a> from DebugSpot.<\/p>\n<div style=\"text-align:center;margin:30px 0;\"><a href=\"https:\/\/debugspot.com\/blogs\/category\/laravel\/\" style=\"display:inline-block;background:#7c3aed;color:#ffffff;padding:15px 36px;border-radius:8px;font-size:18px;font-weight:700;text-decoration:none;box-shadow:0 6px 18px rgba(124,58,237,0.4);\">&#128218; More Laravel 13 Tutorials &rarr;<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Upgrade to Laravel 13 in 2026 with this step-by-step guide &#8211; composer changes, PHP 8.3, breaking changes, and testing. Upgrade from Laravel 11 or 12 in minutes.<\/p>\n","protected":false},"author":1,"featured_media":2088,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"rank_math_lock_modified_date":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2092","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-laravel"],"acf":[],"_links":{"self":[{"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/posts\/2092"}],"collection":[{"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/comments?post=2092"}],"version-history":[{"count":3,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/posts\/2092\/revisions"}],"predecessor-version":[{"id":2095,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/posts\/2092\/revisions\/2095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/media\/2088"}],"wp:attachment":[{"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/media?parent=2092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/categories?post=2092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/debugspot.com\/blogs\/wp-json\/wp\/v2\/tags?post=2092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}