What's new in PHP 8.1.28
Apr 15, 2024
- Standard:
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
- Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
New in PHP 8.3.6 (Apr 11, 2024)
- Core:
- Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).
- Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
- Fixed bug GH-13446 (Restore exception handler after it finishes).
- Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
- Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
- DOM:
- Add some missing ZPP checks.
- Fix potential memory leak in XPath evaluation results.
- FPM:
- Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
- Fix incorrect check in fpm_shm_free().
- GD:
- Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
- Gettext:
- Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
- MySQLnd:
- Fix GH-13452 (Fixed handshake response [mysqlnd]).
- Fix incorrect charset length in check_mb_eucjpms().
- Opcache:
- Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
- Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
- Random:
- Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
- Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
- Session:
- Fixed bug GH-13680 (Segfault with session_decode and compilation error).
- SPL:
- Fixed bug GH-13685 (Unexpected null pointer in zend_string.h).
- Standard:
- Fixed bug GH-11808 (Live filesystem modified by tests).
- Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()).
- Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
- Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
- Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757)
- Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc).
New in PHP 8.2.18 (Apr 11, 2024)
- Core:
- Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
- Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
- Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
- DOM:
- Add some missing ZPP checks.
- Fix potential memory leak in XPath evaluation results.
- Fix phpdoc for DOMDocument load methods.
- FPM:
- Fix incorrect check in fpm_shm_free().
- GD:
- Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
- Gettext:
- Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
- MySQLnd:
- Fix GH-13452 (Fixed handshake response [mysqlnd]).
- Fix incorrect charset length in check_mb_eucjpms().
- Opcache:
- Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
- Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
- PDO:
- Fix various PDORow bugs.
- Random:
- Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
- Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
- Session:
- Fixed bug GH-13680 (Segfault with session_decode and compilation error).
- Sockets:
- Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name).
- SPL:
- Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15).
- Fixed bug GH-13685 (Unexpected null pointer in zend_string.h).
- Standard:
- Fixed bug GH-11808 (Live filesystem modified by tests).
- Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()).
- Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
- Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
- Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
- Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
- XML:
- Fixed bug GH-13517 (Multiple test failures when building with --with-expat).
New in PHP 8.3.4 (Mar 15, 2024)
- Core:
- Fix ZTS persistent resource crashes on shutdown.
- Curl:
- Fix failing tests due to string changes in libcurl 8.6.0.
- DOM:
- Fix unlikely memory leak in case of namespace removal with extremely deep trees.
- Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
- Fileinfo:
- Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null), backport).
- FPM:
- Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
- GD:
- Fixed bug GH-12019 (detection of image formats in system gd library).
- MySQLnd:
- Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error if CR_SERVER_GONE_ERROR is already set).
- PDO:
- Fix various PDORow bugs.
- PGSQL:
- Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute with null value passed by reference).
- SPL:
- Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15).
- Standard:
- Fixed bug GH-13279 (Instable array during in-place modification in uksort).
- Fixed array key as hash to string (case insensitive) comparison typo for the second operand buffer size (albeit unused for now).
- XML:
- Fixed bug GH-13517 (Multiple test failures when building with --with-expat).
New in PHP 8.2.17 (Mar 14, 2024)
- Core:
- Fix ZTS persistent resource crashes on shutdown.
- Curl:
- Fix failing tests due to string changes in libcurl 8.6.0.
- DOM:
- Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
- Fileinfo:
- Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null), backport).
- FPM:
- Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
- GD:
- Fixed bug GH-12019 (detection of image formats in system gd library).
- MySQLnd:
- Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error if CR_SERVER_GONE_ERROR is already set).
- PGSQL:
- Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute with null value passed by reference).
- Standard:
- Fixed array key as hash to string (case insensitive) comparison typo for the second operand buffer size (albeit unused for now).
New in PHP 8.2.16 (Feb 16, 2024)
- Core:
- Fixed timer leak in zend-max-execution-timers builds.
- Fixed bug GH-12349 (linking failure on ARM with mold).
- Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception).
- Fixed bug GH-13215 (GCC 14 build failure).
- Curl:
- Fix missing error check in curl_multi_init().
- FPM:
- Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).
- GD:
- Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
- Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90).
- MySQLnd:
- Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes).
- Opcache:
- Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on).
- OpenSSL:
- Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).
- PDO_Firebird:
- Fix GH-13119 (Changed to convert float and double values into strings using `H` format).
- Phar:
- Fixed bug #71465 (PHAR doesn't know about litespeed).
- Fixed bug GH-13037 (PharData incorrectly extracts zip file).
- Random:
- Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines).
- Session:
- Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader).
- Streams:
- Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail).
New in PHP 8.3.3 (Feb 15, 2024)
- Core:
- Fixed timer leak in zend-max-execution-timers builds.
- Fixed bug GH-12349 (linking failure on ARM with mold).
- Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception).
- Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed when used in trait).
- Fixed bug GH-13215 (GCC 14 build failure).
- Curl:
- Fix missing error check in curl_multi_init().
- FPM:
- Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).
- GD:
- Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
- Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90).
- LibXML:
- Fix crashes with entity references and predefined entities.
- MySQLnd:
- Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes).
- Opcache:
- Fixed bug GH-13145 (strtok() is not comptime).
- Fixed type inference of range().
- Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on).
- OpenSSL:
- Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).
- PDO_Firebird:
- Fix GH-13119 (Changed to convert float and double values into strings using `H` format).
- Phar:
- Fixed bug #71465 (PHAR doesn't know about litespeed).
- Fixed bug GH-13037 (PharData incorrectly extracts zip file).
- Random:
- Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines).
- Session:
- Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader).
- Standard:
- Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault).
- Streams:
- Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail).
New in PHP 8.3.2 (Jan 18, 2024)
- Core:
- Fixed bug GH-12953 (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements).
- Fixed bug GH-12999 (zend_strnlen build when strnlen is unsupported).
- Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings).
- Fixed bug GH-12854 (8.3 - as final trait-used method does not correctly report visibility in Reflection).
- Cli:
- Fix incorrect timeout in built-in web server when using router script and max_input_time.
- DOM:
- Fixed bug GH-12870 (Creating an xmlns attribute results in a DOMException).
- Fix crash when toggleAttribute() is used without a document.
- Fix crash in adoptNode with attribute references.
- Fixed bug GH-13012 (DOMNode::isEqualNode() is incorrect when attribute order is different).
- FFI:
- Fixed bug GH-9698 (stream_wrapper_register crashes with FFICData).
- Fixed bug GH-12905 (FFI::new interacts badly with observers).
- Intl:
- Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
- Hash:
- Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on strings >= 4GiB).
- ODBC:
- Fix crash on Apache shutdown with persistent connections.
- Opcache:
- Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result).
- Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258.
- OpenSSL:
- Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
- PDO:
- Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
- PDO_ODBC:
- Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
- PGSQL:
- Fixed auto_reset_persistent handling and allow_persistent type.
- Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
- Phar:
- Fixed bug #77432 (Segmentation fault on including phar file).
- PHPDBG:
- Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c).
- SimpleXML:
- Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash.
- Fixed bug GH-12929 (SimpleXMLElement with stream_wrapper_register can segfault).
- Tidy:
- Fixed bug GH-12980 (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes).
New in PHP 8.2.15 (Jan 18, 2024)
- Core:
- Fixed bug GH-12953 (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements).
- Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings).
- Cli:
- Fix incorrect timeout in built-in web server when using router script and max_input_time.
- FFI:
- Fixed bug GH-9698 (stream_wrapper_register crashes with FFICData).
- Fixed bug GH-12905 (FFI::new interacts badly with observers).
- Intl:
- Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
- Hash:
- Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on strings >= 4GiB).
- ODBC:
- Fix crash on Apache shutdown with persistent connections.
- Opcache:
- Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result).
- Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258.
- OpenSSL:
- Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
- PDO:
- Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
- PDO_ODBC:
- Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
- PGSQL:
- Fixed auto_reset_persistent handling and allow_persistent type.
- Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
- Phar:
- Fixed bug #77432 (Segmentation fault on including phar file).
- PHPDBG:
- Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c).
- SimpleXML:
- Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash.
- Tidy:
- Fixed bug GH-12980 (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes).
New in PHP 8.2.14 (Dec 22, 2023)
- Core:
- Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).
- Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).
- Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
- Fix various missing NULL checks.
- Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
- Date:
- Fixed improbably integer overflow while parsing really large (or small) Unix timestamps.
- DOM:
- Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix).
- FPM:
- Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
- FTP:
- Fixed bug GH-9348 (FTP & SSL session reuse).
- Intl:
- Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1).
- LibXML:
- Fixed bug GH-12702 (libxml2 2.12.0 issue building from src).
- Fixed test failures for libxml2 2.12.0.
- MySQLnd:
- Avoid using uninitialised struct.
- Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
- Opcache:
- Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error).
- Fixed JIT bug (JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown).
- OpenSSL:
- Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
- PCRE:
- Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux).
- PDO PGSQL:
- Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
- PGSQL:
- Fixed bug GH-12763 wrong argument type for pg_untrace.
- PHPDBG:
- Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c).
- SOAP:
- Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
- SPL:
- Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination with GlobIterator and no directory separator).
- SQLite3:
- Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
- Standard:
- Fix memory leak in syslog device handling.
- Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost).
- Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array).
- Streams:
- Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
- Zip:
- Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).
New in PHP 8.3.1 (Dec 21, 2023)
- Core:
- Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
- Fix various missing NULL checks.
- Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
- Fixed bug GH-12826 (Weird pointers issue in nested loops).
- FPM:
- Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
- FTP:
- Fixed bug GH-9348 (FTP & SSL session reuse).
- LibXML:
- Fixed test failures for libxml2 2.12.0.
- MySQLnd:
- Avoid using uninitialised struct.
- Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
- Opcache:
- Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error).
- Fixed JIT bug (JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown).
- PDO PGSQL:
- Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
- SOAP:
- Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
- Standard:
- Fixed GH-12745 (http_build_query() default null argument for $arg_separator is implicitly coerced to string).
New in PHP 8.1.27 (Dec 21, 2023)
- Core:
- Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).
- Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).
- Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
- DOM:
- Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix).
- FPM:
- Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
- Intl:
- Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1).
- LibXML:
- Fixed bug GH-12702 (libxml2 2.12.0 issue building from src).
- MySQLnd:
- Avoid using uninitialised struct.
- OpenSSL:
- Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
- PCRE:
- Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux).
- PGSQL:
- Fixed bug GH-12763 wrong argument type for pg_untrace.
- PHPDBG:
- Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c).
- SQLite3:
- Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
- Standard:
- Fix memory leak in syslog device handling.
- Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost).
- Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array).
- Streams:
- Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
- Zip:
- Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).
New in PHP 8.3.0 (Nov 26, 2023)
- Bcmath:
- Fixed GH-11761 (removing trailing zeros from numbers) (jorgsowa)
- CLI:
- Added pdeathsig to builtin server to terminate workers when the master process is killed.
- Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without a script).
- Implement GH-10024 (support linting multiple files at once using php -l).
- Core:
- Fix GH-11388 (Allow "final" modifier when importing a method from a trait).
- Fixed bug GH-11406 (segfault with unpacking and magic method closure).
- Fixed bug GH-9388 (Improve unset property and __get type incompatibility error message).
- SA_ONSTACK is now set for signal handlers to be friendlier to other in-process code such as Go's cgo.
- SA_ONSTACK is now set when signals are disabled.
- Fix GH-9649: Signal handlers now do a no-op instead of crashing when executed on threads not managed by TSRM.
- Added shadow stack support for fibers.
- Fix bug GH-9965 (Fix accidental caching of default arguments with side effects).
- Implement GH-10217 (Use strlen() for determining the class_name length).
- Fix bug GH-8821 (Improve line numbers for errors in constant expressions).
- Fix bug GH-10083 (Allow comments between & and parameter).
- Zend Max Execution Timers is now enabled by default for ZTS builds on Linux.
- Fix bug GH-10469 (Disallow .. in open_basedir paths set at runtime).
- Fix bug GH-10168, GH-10582 (Various segfaults with destructors and VM return values).
- Fix bug GH-10935 (Use of trait doesn't redeclare static property if class has inherited it from its parent).
- Fix bug GH-11154 (Negative indices on empty array don't affect next chosen index).
- Fix bug GH-8846 (Implement delayed early binding for classes without parents).
- Fix bug #79836 (Segfault in concat_function).
- Fix bug #81705 (type confusion/UAF on set_error_handler with concat operation).
- Fix GH-11348 (Closure created from magic method does not accept named arguments).
- Fix GH-11388 (Allow "final" modifier when importing a method from a trait).
- Fixed bug GH-11406 (segfault with unpacking and magic method closure).
- Fixed bug GH-11507 (String concatenation performance regression in 8.3).
- Fixed GH-11488 (Missing "Optional parameter before required" deprecation on union null type).
- Implement the #[Override] attribute RFC.
- Fixed bug GH-11601 (Incorrect handling of unwind and graceful exit exceptions).
- Added zend_call_stack_get implementation for OpenBSD.
- Add stack limit check in zend_eval_const_expr().
- Expose time spent collecting cycles in gc_status().
- Remove WeakMap entries whose key is only reachable through the entry value.
- Resolve open_basedir paths on INI update.
- Fixed oss-fuzz #60741 (Leak in open_basedir).
- Fixed segfault during freeing of some incompletely initialized objects due to OOM error (PDO, SPL, XSL).
- Introduced Zend guard recursion protection to fix __debugInfo issue.
- Fixed oss-fuzz #61712 (assertion failure with error handler during binary op).
- Fixed GH-11847 (DTrace enabled build is broken).
- Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property that is unset in error handler).
- Fixed warning emitted when checking if a user stream is castable.
- Fixed bug GH-12123 (Compile error on MacOS with C++ extension when using ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX).
- Fixed bug GH-12189 (#[Override] attribute in trait does not check for parent class implementations).
- Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable warning).
- Fixed buffer underflow when compiling memoized expression.
- Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec).
- Curl:
- Added Curl options and constants up to (including) version 7.87.
- Date:
- Implement More Appropriate Date/Time Exceptions RFC.
- DOM:
- Fix bug GH-8388 (DOMAttr unescapes character reference).
- Fix bug GH-11308 (getElementsByTagName() is O(N^2)).
- Fix #79700 (wrong use of libxml oldNs leads to performance problem).
- Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after normalisation).
- Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion.
- Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong output).
- Implemented DOMDocument::adoptNode(). Previously this always threw a "not yet implemented" exception.
- Fixed bug GH-9628 (Implicitly removing nodes from DOMDocument breaks existing references).
- Added DOMNode::contains() and DOMNameSpaceNode::contains().
- Added DOMElement::getAttributeNames().
- Added DOMNode::getRootNode().
- Added DOMElement::className and DOMElement::id.
- Added DOMParentNode::replaceChildren().
- Added DOMNode::isConnected and DOMNameSpaceNode::isConnected.
- Added DOMNode::parentElement and DOMNameSpaceNode::parentElement.
- Added DOMNode::isEqualNode().
- Added DOMElement::insertAdjacentElement() and DOMElement::insertAdjacentText().
- Added DOMElement::toggleAttribute().
- Fixed bug GH-11792 (LIBXML_NOXMLDECL is not implemented or broken).
- adoptNode now respects the strict error checking property.
- Align DOMChildNode parent checks with spec.
- Fixed bug #80927 (Removing documentElement after creating attribute node: possible use-after-free).
- Fix various namespace prefix conflict resolution bugs.
- Fix calling createAttributeNS() without prefix causing the default namespace of the element to change.
- Fixed GH-11952 (Confusing warning when blocking entity loading via libxml_set_external_entity_loader).
- Fix broken cache invalidation with deallocated and reallocated document node.
- Fix compile error when php_libxml.h header is included in C++.
- Fixed bug #47531 (No way of removing redundant xmlns: declarations).
- Exif:
- Removed unneeded codepaths in exif_process_TIFF_in_JPEG().
- FFI:
- Implement GH-11934 (Allow to pass CData into struct and/or union fields).
- Fileinfo:
- Upgrade bundled libmagic to 5.43.
- Fix GH-11408 (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension).
- FPM:
- The status.listen shared pool now uses the same php_values (including expose_php) and php_admin_value as the pool it is shared with.
- Added warning to log when fpm socket was not registered on the expected path.
- Fixed bug #76067 (system() function call leaks php-fpm listening sockets).
- Fixed GH-12077 (PHP 8.3.0RC1 borked socket-close-on-exec.phpt).
- GD:
- Removed imagerotate "ignore_transparent" argument since it has no effect.
- Intl:
- Added pattern format error infos for numfmt_set_pattern.
- Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for the Spoofchecker's class.
- Updated datefmt_set_timezone/IntlDateformatter::setTimezone returns type. (David Carlier).
- Updated IntlBreakInterator::setText return type.
- Updated IntlChar::enumCharNames return type.
- Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.
- JSON:
- Added json_validate().
- LDAP:
- Deprecate calling ldap_connect() with separate hostname and port.
- LibXML:
- Fix compile error with -Werror=incompatible-function-pointer-types and old libxml2.
- MBString:
- mb_detect_encoding is better able to identify the correct encoding for Turkish text.
- mb_detect_encoding's "non-strict" mode now behaves as described in the documentation. Previously, it would return false if the same byte (for example, the first byte) of the input string was invalid in all candidate encodings. More generally, it would eliminate candidate encodings from consideration when an invalid byte was seen, and if the same input byte eliminated all remaining encodings still under consideration, it would return false. On the other hand, if all candidate encodings but one were eliminated from consideration, it would return the last remaining one without regard for how many encoding errors might be encountered later in the string. This is different from the behavior described in the documentation, which says: "If strict is set to false, the closest matching encoding will be returned." (Alex Dowad)
- mb_strtolower, mb_strtotitle, and mb_convert_case implement conditional casing rules for the Greek letter sigma. For mb_convert_case, conditional casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE.
- mb_detect_encoding is better able to identify UTF-8 and UTF-16 strings with a byte-order mark.
- mb_decode_mimeheader interprets underscores in QPrint-encoded MIME encoded words as required by RFC 2047; they are converted to spaces. Underscores must be encoded as "=5F" in such MIME encoded words.
- mb_encode_mimeheader no longer drops NUL (zero) bytes when QPrint-encoding the input string. This previously caused strings in certain text encodings, especially UTF-16 and UTF-32, to be corrupted by mb_encode_mimeheader.
- Implement mb_str_pad() RFC.
- Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled).
- Fix use-after-free of mb_list_encodings() return value.
- Fixed bug GH-11992 (utf_encodings.phpt fails on Windows 32-bit).
- mysqli:
- mysqli_fetch_object raises a ValueError instead of an Exception.
- Opcache:
- Added start, restart and force restart time to opcache's phpinfo section.
- Fix GH-9139: Allow FFI in opcache.preload when opcache.preload_user=root.
- Made opcache.preload_user always optional in the cli and phpdbg SAPIs.
- Allows W/X bits on page creation on FreeBSD despite system settings.
- Added memfd api usage, on Linux, for zend_shared_alloc_create_lock() to create an abstract anonymous file for the opcache's lock.
- Avoid resetting JIT counter handlers from multiple processes/threads.
- Fixed COPY_TMP type inference for references.
- OpenSSL:
- Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch between mime content types.
- Fixed GH-11054: Reset OpenSSL errors when using a PEM public key.
- Added support for additional EC parameters in openssl_pkey_new.
- PCNTL:
- SA_ONSTACK is now set for pcntl_signal.
- Added SIGINFO constant.
- PCRE:
- Update bundled libpcre2 to 10.42.
- PGSQL:
- pg_fetch_object raises a ValueError instead of an Exception.
- pg_cancel use thread safe PQcancel api instead.
- pg_trace new PGSQL_TRACE_SUPPRESS_TIMESTAMPS/PGSQL_TRACE_REGRESS_MODE contants support.
- pg_set_error_verbosity adding PGSQL_ERRORS_STATE constant.
- pg_convert/pg_insert E_WARNING on type errors had been converted to ValueError/TypeError exceptions.
- Added pg_set_error_context_visibility to set the context's visibility within the error messages.
- Phar:
- Fix memory leak in phar_rename_archive().
- POSIX:
- Added posix_sysconf.
- Added posix_pathconf.
- Added posix_fpathconf.
- Fixed zend_parse_arg_long's bool pointer argument assignment.
- Added posix_eaccess.
- Random:
- Added Randomizer::getBytesFromString().
- Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary.
- Enable getrandom() for NetBSD (from 10.x).
- Deprecate MT_RAND_PHP.
- Fix Randomizer::getFloat() returning incorrect results under certain circumstances.
- Reflection:
- Fix GH-9470 (ReflectionMethod constructor should not find private parent method).
- Fix GH-10259 (ReflectionClass::getStaticProperties doesn't need null return type).
- SAPI:
- Fixed GH-11141 (Could not open input file: should be sent to stderr).
- Session:
- Fixed bug GH-11529 (Crash after dealing with an Apache request).
- SimpleXML:
- Fixed bug GH-12192 (SimpleXML infinite loop when getName() is called within foreach).
- Fixed bug GH-12208 (SimpleXML infinite loop when a cast is used inside a foreach).
- Fixed bug #55098 (SimpleXML iteration produces infinite loop).
- Sockets:
- Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control over socket binding for a cpu core.
- Added SKF_AD_QUEUE for cbpf filters.
- Added socket_atmark if send/recv needs using MSG_OOB.
- Added TCP_QUICKACK constant, to give tigher control over ACK delays.
- Added DONTFRAGMENT support for path MTU discovery purpose.
- Added AF_DIVERT for raw socket for divert ports.
- Added SOL_UPDLITE, UDPLITE_RECV_CSCOV and UDPLITE_SEND_CSCOV for updlite protocol support.
- Added SO_RERROR, SO_ZEROIZE and SO_SPLICE netbsd and openbsd constants.
- Added TCP_REPAIR for quietly close a connection.
- Added SO_REUSEPORT_LB freebsd constant.
- Added IP_BIND_ADDRESS_NO_PORT.
- SPL:
- Fixed GH-11573 (RecursiveDirectoryIterator::hasChildren is slow).
- Standard:
- E_NOTICEs emitted by unserialize() have been promoted to E_WARNING.
- unserialize() now emits a new E_WARNING if the input contains unconsumed bytes.
- Make array_pad's $length warning less confusing.
- E_WARNING emitted by strtok in the caase both arguments are not provided when starting tokenisation.
- password_hash() will now chain the original RandomException to the ValueError on salt generation failure.
- Fix GH-10239 (proc_close after proc_get_status always returns -1).
- Improve the warning message for unpack() in case not enough values were provided.
- Fix GH-11010 (parse_ini_string() now preserves formatting of unquoted strings starting with numbers when the INI_SCANNER_TYPED flag is specified).
- Fix GH-10742 (http_response_code emits no error when headers were already sent).
- Added support for rounding negative places in number_format().
- Prevent precision loss on formatting decimal integers in number_format().
- Added usage of posix_spawn for proc_open when supported by OS.
- Added $before_needle argument to strrchr().
- Fixed GH-11982 (str_getcsv returns null byte for unterminated enclosure).
- Fixed str_decrement() on "1".
- Streams:
- Fixed bug #51056: blocking fread() will block even if data is available.
- Added storing of the original path used to open xport stream.
- Implement GH-8641 (STREAM_NOTIFY_COMPLETED over HTTP never emitted).
- Fix bug GH-10406 (fgets on a redis socket connection fails on PHP 8.3).
- Implemented GH-11242 (_php_stream_copy_to_mem: Allow specifying a maximum length without allocating a buffer of that size).
- Fixed bug #52335 (fseek() on memory stream behavior different than file).
- Fixed bug #76857 (Can read "non-existant" files).
- XSLTProcessor:
- Fixed bug #69168 (DomNode::getNodePath() returns invalid path).
- ZIP:
- zip extension version 1.22.0 for libzip 1.10.0.
- add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED).
- add new archive global flags (ER_AFL_*).
- add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods.
New in PHP 8.2.13 (Nov 26, 2023)
- Core:
- Fixed double-free of non-interned enum case name.
- Fixed bug GH-12457 (Incorrect result of stripos with single character needle).
- Fixed bug GH-12468 (Double-free of doc_comment when overriding static property via trait).
- Fixed segfault caused by weak references to FFI objects.
- Fixed max_execution_time: don't delete an unitialized timer.
- Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type if the class name starts with N).
- DOM:
- Fix registerNodeClass with abstract class crashing.
- Add missing NULL pointer error check.
- Fix validation logic of php:function() callbacks.
- Fiber:
- Fixed bug GH-11121 (ReflectionFiber segfault).
- FPM:
- Fixed bug GH-9921 (Loading ext in FPM config does not register module handlers).
- Fixed bug GH-12232 (FPM: segfault dynamically loading extension without opcache).
- Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES).
- Intl:
- Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.
- Opcache:
- Added warning when JIT cannot be enabled.
- Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache).
- OpenSSL:
- Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
- PCRE:
- Fixed bug GH-11374 (Backport upstream fix, Different preg_match result with -d pcre.jit=0).
- SOAP:
- Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
- Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation Fault).
- Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC).
- Fix incorrect uri check in SOAP caching.
- Fix segfault and assertion failure with refcounted props and arrays.
- Fix potential crash with an edge case of persistent encoders.
- Fixed bug #75306 (Memleak in SoapClient).
- Streams:
- Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers).
- XMLReader:
- Add missing NULL pointer error check.
- XMLWriter:
- Add missing NULL pointer error check.
- XSL:
- Add missing module dependency.
- Fix validation logic of php:function() callbacks.
New in PHP 8.1.26 (Nov 26, 2023)
- Core:
- Fixed bug GH-12468 (Double-free of doc_comment when overriding static property via trait).
- Fixed segfault caused by weak references to FFI objects.
- Fixed max_execution_time: don't delete an unitialized timer.
- DOM:
- Fix registerNodeClass with abstract class crashing.
- Add missing NULL pointer error check.
- Fix validation logic of php:function() callbacks.
- Fiber:
- Fixed bug GH-11121 (ReflectionFiber segfault).
- FPM:
- Fixed bug GH-9921 (Loading ext in FPM config does not register module handlers).
- Fixed bug GH-12232 (FPM: segfault dynamically loading extension without opcache).
- Intl:
- Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.
- Opcache:
- Added warning when JIT cannot be enabled.
- Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache).
- OpenSSL:
- Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
- PCRE:
- Fixed bug GH-11374 (Backport upstream fix, Different preg_match result with -d pcre.jit=0).
- SOAP:
- Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
- Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation Fault).
- Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC).
- Fix incorrect uri check in SOAP caching.
- Fix segfault and assertion failure with refcounted props and arrays.
- Fix potential crash with an edge case of persistent encoders.
- Fixed bug #75306 (Memleak in SoapClient).
- Streams:
- Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers).
- XMLReader:
- Add missing NULL pointer error check.
- XMLWriter:
- Add missing NULL pointer error check.
- XSL:
- Add missing module dependency.
- Fix validation logic of php:function() callbacks.
New in PHP 8.1.25 (Oct 27, 2023)
- Core:
- Fixed bug GH-12207 (memory leak when class using trait with doc block).
- Fixed bug GH-12215 (Module entry being overwritten causes type errors in ext/dom).
- Fixed bug GH-12273 (__builtin_cpu_init check).
- Fixed bug #80092 (ZTS + preload = segfault on shutdown).
- CLI:
- Ensure a single Date header is present.
- CType:
- Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
- DOM:
- Restore old namespace reconciliation behaviour.
- Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1).
- Fileinfo:
- Fixed bug GH-11891 (fileinfo returns text/xml for some svg files).
- Filter:
- Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
- Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
- Intl:
- Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
- Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception on an invalid locale).
- MySQLnd:
- Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line).
- Opcache:
- Fixed opcache_invalidate() on deleted file.
- Fixed bug GH-12380 (JIT+private array property access inside closure accesses private property in child class).
- PCRE:
- Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result).
- SimpleXML:
- Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML).
- Fixed bug GH-12223 (Entity reference produces infinite loop in var_dump/print_r).
- Fixed bug GH-12167 (Unable to get processing instruction contents in SimpleXML).
- Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
- Streams:
- Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
- XML:
- Fix return type of stub of xml_parse_into_struct().
- Fix memory leak when calling xml_parse_into_struct() twice.
- XSL:
- Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML.
- Sockets:
- Fix socket_export_stream() with wrong protocol (twosee)
New in PHP 8.2.12 (Oct 26, 2023)
- Core:
- Fixed bug GH-12207 (memory leak when class using trait with doc block).
- Fixed bug GH-12215 (Module entry being overwritten causes type errors in ext/dom).
- Fixed bug GH-12273 (__builtin_cpu_init check).
- Fixed bug #80092 (ZTS + preload = segfault on shutdown).
- CLI:
- Ensure a single Date header is present.
- CType:
- Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
- DOM:
- Restore old namespace reconciliation behaviour.
- Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1).
- Fileinfo:
- Fixed bug GH-11891 (fileinfo returns text/xml for some svg files).
- Filter:
- Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
- Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
- Intl:
- Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
- Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception on an invalid locale).
- MySQLnd:
- Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line).
- Opcache:
- Fixed opcache_invalidate() on deleted file.
- Fixed bug GH-12380 (JIT+private array property access inside closure accesses private property in child class).
- PCRE:
- Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result).
- SimpleXML:
- Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML).
- Fixed bug GH-12223 (Entity reference produces infinite loop in var_dump/print_r).
- Fixed bug GH-12167 (Unable to get processing instruction contents in SimpleXML).
- Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
- Streams:
- Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
- XML:
- Fix return type of stub of xml_parse_into_struct().
- Fix memory leak when calling xml_parse_into_struct() twice.
- XSL:
- Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML.
New in PHP 8.2.11 (Sep 29, 2023)
- Core:
- Fixed bug GH-11937 (Constant ASTs containing objects).
- Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
- Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities.
- Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures).
- Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
- Fixed bug GH-12102 (Incorrect compile error when using array access on TMP value in function call).
- DOM:
- Fix memory leak when setting an invalid DOMDocument encoding.
- Iconv:
- Fixed build for NetBSD which still uses the old iconv signature.
- Intl:
- Fixed bug GH-12020 (intl_get_error_message() broken after MessageFormatter::formatMessage() fails).
- MySQLnd:
- Fixed bug GH-10270 (Invalid error message when connection via SSL fails: "trying to connect via (null)").
- ODBC:
- Fixed memory leak with failed SQLPrepare.
- Fixed persistent procedural ODBC connections not getting closed.
- SimpleXML:
- Fixed bug #52751 (XPath processing-instruction() function is not supported).
- SPL:
- Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
- SQLite3:
- Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with a callable array).
New in PHP 8.1.24 (Sep 29, 2023)
- Core:
- Fixed bug GH-11937 (Constant ASTs containing objects).
- Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
- Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures).
- Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
- Fixed bug GH-12102 (Incorrect compile error when using array access on TMP value in function call).
- DOM:
- Fix memory leak when setting an invalid DOMDocument encoding.
- Iconv:
- Fixed build for NetBSD which still uses the old iconv signature.
- Intl:
- Fixed bug GH-12020 (intl_get_error_message() broken after MessageFormatter::formatMessage() fails).
- MySQLnd:
- Fixed bug GH-10270 (Invalid error message when connection via SSL fails: "trying to connect via (null)").
- ODBC:
- Fixed memory leak with failed SQLPrepare.
- Fixed persistent procedural ODBC connections not getting closed.
- SimpleXML:
- Fixed bug #52751 (XPath processing-instruction() function is not supported).
- SPL:
- Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
- SQLite3:
- Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with a callable array).
New in PHP 8.1.23 (Sep 3, 2023)
- CLI:
- Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1).
- Fixed bug GH-10964 (Improve man page about the built-in server).
- Core:
- Fixed strerror_r detection at configuration time.
- Date:
- Fixed bug GH-11416: Crash with DatePeriod when uninitialised objects are passed in.
- DOM:
- Fix DOMEntity field getter bugs.
- Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
- Fix DOMCharacterData::replaceWith() with itself.
- Fix empty argument cases for DOMParentNode methods.
- Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
- Fix json_encode result on DOMDocument.
- Fix manually calling __construct() on DOM classes.
- Fixed bug GH-11830 (ParentNode methods should perform their checks upfront).
- Fix segfault when DOMParentNode::prepend() is called when the child disappears.
- FFI:
- Fix leaking definitions when using FFI::cdef()->new(...).
- MySQLnd:
- Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL).
- Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters).
- Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault).
- Fixed invalid error message "Malformed packet" when connection is dropped.
- Opcache:
- Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong).
- Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress.
- PCNTL:
- Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22.
- SPL:
- Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
- Standard:
- Prevent int overflow on $decimals in number_format.
- Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro)
New in PHP 8.2.10 (Aug 31, 2023)
- CLI:
- Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1).
- Fixed bug GH-10964 (Improve man page about the built-in server).
- Date:
- Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are passed in).
- Core:
- Fixed strerror_r detection at configuration time.
- Fixed trait typed properties using a DNF type not being correctly bound.
- Fixed trait property types not being arena allocated if copied from an internal trait.
- Fixed deep copy of property DNF type during lazy class load.
- Fixed memory freeing of DNF types for non arena allocated types.
- DOM:
- Fix DOMEntity field getter bugs.
- Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
- Fix DOMCharacterData::replaceWith() with itself.
- Fix empty argument cases for DOMParentNode methods.
- Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
- Fix json_encode result on DOMDocument.
- Fix manually calling __construct() on DOM classes.
- Fixed bug GH-11830 (ParentNode methods should perform their checks upfront).
- Fix viable next sibling search for replaceWith.
- Fix segfault when DOMParentNode::prepend() is called when the child disappears.
- FFI:
- Fix leaking definitions when using FFI::cdef()->new(...).
- Hash:
- Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.
- MySQLnd:
- Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL).
- Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters).
- Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault).
- Fixed invalid error message "Malformed packet" when connection is dropped.
- Opcache:
- Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong).
- Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress.
- PCNTL:
- Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22.
- SPL:
- Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
- Standard:
- Prevent int overflow on $decimals in number_format.
- Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro)
New in PHP 8.2.9 (Aug 17, 2023)
- Build:
- Fixed bug GH-11522 (PHP version check fails with '-' separator).
- CLI:
- Fix interrupted CLI output causing the process to exit.
- Core:
- Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
- Fixed line number of JMP instruction over else block.
- Fixed use-of-uninitialized-value with ??= on assert.
- Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).
- Fixed build for FreeBSD before the 11.0 releases.
- Curl:
- Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.
- Date:
- Fixed bug GH-11368 (Date modify returns invalid datetime).
- Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters).
- Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with extra space).
- DOM:
- Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping depending on libxml2 version).
- Fileinfo:
- Fixed bug GH-11298 (finfo returns wrong mime type for xz files).
- FTP:
- Fix context option check for "overwrite".
- Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget).
- GD:
- Fix most of the external libgd test failures.
- Intl:
- Fix memory leak in MessageFormatter::format() on failure.
- Libxml:
- Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
- MBString:
- Fix GH-11300 (license issue: restricted unicode license headers).
- Opcache:
- Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault).
- Prevent potential deadlock if accelerated globals cannot be allocated.
- PCNTL:
- Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
- PDO:
- Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).
- PDO SQLite:
- Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
- Phar:
- Add missing check on EVP_VerifyUpdate() in phar util.
- Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
- PHPDBG:
- Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option).
- Session:
- Removed broken url support for transferring session ID.
- Standard:
- Fix serialization of RC1 objects appearing in object graph twice.
- Streams:
- Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself).
- SQLite3:
- Fix replaced error handling in SQLite3Stmt::__construct.
- XMLReader:
- Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active).
New in PHP 8.0.30 (Aug 6, 2023)
- Libxml:
- Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
- Phar:
- Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
New in PHP 8.1.22 (Aug 3, 2023)
- Build:
- Fixed bug GH-11522 (PHP version check fails with '-' separator).
- CLI:
- Fix interrupted CLI output causing the process to exit.
- Core:
- Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
- Fixed use-of-uninitialized-value with ??= on assert.
- Fixed build for FreeBSD before the 11.0 releases.
- Curl:
- Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.
- Date:
- Fixed bug GH-11368 (Date modify returns invalid datetime).
- DOM:
- Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping depending on libxml2 version).
- Fileinfo:
- Fixed bug GH-11298 (finfo returns wrong mime type for xz files).
- FTP:
- Fix context option check for "overwrite".
- Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget).
- GD:
- Fix most of the external libgd test failures.
- Hash:
- Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.
- Intl:
- Fix memory leak in MessageFormatter::format() on failure.
- Libxml:
- Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
- MBString:
- Fix GH-11300 (license issue: restricted unicode license headers).
- Opcache:
- Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault).
- Prevent potential deadlock if accelerated globals cannot be allocated.
- PCNTL:
- Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
- PCRE:
- Mangle PCRE regex cache key with JIT option.
- PDO:
- Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).
- PDO SQLite:
- Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
- Phar:
- Add missing check on EVP_VerifyUpdate() in phar util.
- Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
- PHPDBG:
- Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option).
- Session:
- Removed broken url support for transferring session ID.
- Standard:
- Fix serialization of RC1 objects appearing in object graph twice.
- SQLite3:
- Fix replaced error handling in SQLite3Stmt::__construct.
New in PHP 8.1.21 (Jul 7, 2023)
- CLI:
- Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
- Core:
- Fixed build for the riscv64 architecture/GCC 12.
- Curl:
- Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
- DOM:
- Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith).
- Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value).
- Fix return value in stub file for DOMNodeList::item.
- Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS.
- Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
- Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query).
- Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces).
- Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself).
- Fixed bug #77686 (Removed elements are still returned by getElementById).
- Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()).
- Fixed bug #78577 (Crash in DOMNameSpace debug info handlers).
- Fix lifetime issue with getAttributeNodeNS().
- Fix "invalid state error" with cloned namespace declarations.
- Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues).
- Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap).
- Opcache:
- Fix allocation loop in zend_shared_alloc_startup().
- Access violation on smm_shared_globals with ALLOC_FALLBACK.
- Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked).
- OpenSSL:
- Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka).
- PGSQL:
- Fixed intermittent segfault with pg_trace.
- Phar:
- Fix cross-compilation check in phar generation for FreeBSD.
- SPL:
- Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash).
- Standard:
- Fix access on NULL pointer in array_merge_recursive().
- Fix exception handling in array_multisort().
New in PHP 8.2.8 (Jul 6, 2023)
- CLI:
- Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
- Core:
- Fixed build for the riscv64 architecture/GCC 12.
- Curl:
- Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
- Date:
- Fixed bug GH-11455 (Segmentation fault with custom object date properties).
- DOM:
- Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith).
- Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value).
- Fix return value in stub file for DOMNodeList::item.
- Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS.
- Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
- Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query).
- Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces).
- Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself).
- Fixed bug #77686 (Removed elements are still returned by getElementById).
- Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()).
- Fixed bug #78577 (Crash in DOMNameSpace debug info handlers).
- Fix lifetime issue with getAttributeNodeNS().
- Fix "invalid state error" with cloned namespace declarations.
- Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues).
- Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap).
- Opcache:
- Fix allocation loop in zend_shared_alloc_startup().
- Access violation on smm_shared_globals with ALLOC_FALLBACK.
- Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked).
- OpenSSL:
- Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka).
- PCRE:
- Fix preg_replace_callback_array() pattern validation.
- PGSQL:
- Fixed intermittent segfault with pg_trace.
- Phar:
- Fix cross-compilation check in phar generation for FreeBSD.
- SPL:
- Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash).
- Standard:
- Fix access on NULL pointer in array_merge_recursive().
- Fix exception handling in array_multisort().
- SQLite3:
- Fixed bug GH-11451 (Invalid associative array containing duplicate keys).
New in PHP 8.2.7 (Jun 9, 2023)
- Core:
- Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names).
- Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)).
- Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state).
- Fixed bug GH-11063 (Compilation error on old GCC versions).
- Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
- Date:
- Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset).
- Exif:
- Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes).
- FPM:
- Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)).
- Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
- Fixed memory leak for invalid primary script file handle.
- Hash:
- Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
- LibXML:
- Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
- MBString:
- Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding).
- Opcache:
- Fixed bug GH-11134 (Incorrect match default branch optimization).
- Fixed too wide OR and AND range inference.
- Fixed missing class redeclaration error with OPcache enabled.
- Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault).
- PCNTL:
- Fixed maximum argument count of pcntl_forkx().
- PGSQL:
- Fixed parameter parsing of pg_lo_export().
- Phar:
- Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done).
- Soap:
- Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP).
- Fixed bug GH-8426 (make test fail while soap extension build).
- SPL:
- Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)).
- Standard:
- Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file).
- Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect).
- Streams:
- Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).
- Fixed bug GH-11175 (Stream Socket Timeout).
- Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client).
New in PHP 8.1.20 (Jun 9, 2023)
- Core:
- Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)).
- Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state).
- Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
- Date:
- Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset).
- Exif:
- Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes).
- FPM:
- Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)).
- Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
- Fixed memory leak for invalid primary script file handle.
- Hash:
- Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
- LibXML:
- Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
- Opcache:
- Fixed bug GH-11134 (Incorrect match default branch optimization).
- Fixed too wide OR and AND range inference.
- Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault).
- PGSQL:
- Fixed parameter parsing of pg_lo_export().
- Phar:
- Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done).
- Soap:
- Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP).
- Fixed bug GH-8426 (make test fail while soap extension build).
- SPL:
- Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)).
- Standard:
- Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file).
- Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect).
- Streams:
- Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).
- Fixed bug GH-11175 (Stream Socket Timeout).
- Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client).
New in PHP 8.0.29 (Jun 8, 2023)
- Soap:
- Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP).
New in PHP 8.1.19 (May 12, 2023)
- Core:
- Fix inconsistent float negation in constant expressions.
- Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
- Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c).
- Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.).
- Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
- DOM:
- Fixed bug #80602 (Segfault when using DOMChildNode::before()).
- Fixed incorrect error handling in dom_zvals_to_fragment().
- Exif:
- Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index).
- Intl:
- Fixed bug GH-11071 (TZData version not displayed anymore).
- PCRE:
- Fixed bug GH-10968 (Segfault in preg_replace_callback_array()).
- Standard:
- Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference).
- Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).
New in PHP 8.2.6 (May 11, 2023)
- Core:
- Fix inconsistent float negation in constant expressions.
- Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
- Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c).
- Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.).
- Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
- Date:
- Fixed bug where the diff() method would not return the right result around DST changeover for date/times associated with a timezone identifier.
- Fixed out-of-range bug when converting to/from around the LONG_MIN unix timestamp.
- DOM:
- Fixed bug #80602 (Segfault when using DOMChildNode::before()).
- Fixed incorrect error handling in dom_zvals_to_fragment().
- Exif:
- Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index).
- Intl:
- Fixed bug GH-11071 (TZData version not displayed anymore).
- PCRE:
- Fixed bug GH-10968 (Segfault in preg_replace_callback_array()).
- Reflection:
- Fixed bug GH-10983 (State-dependant segfault in ReflectionObject::getProperties).
- SPL:
- Handle indirect zvals and use up-to-date properties in SplFixedArray::__serialize.
- Standard:
- Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference).
- Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).
- Streams:
- Fixed bug GH-10406 (feof() behavior change for UNIX based socket resources).
New in PHP 8.2.5 (Apr 18, 2023)
- Core:
- Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas)
- Fixed use-after-free in recursive AST evaluation.
- Fixed bug GH-8646 (Memory leak PHP FPM 8.1).
- Re-add some CTE functions that were removed from being CTE by a mistake.
- Remove CTE flag from array_diff_ukey(), which was added by mistake.
- Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
- Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).
- Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
- Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
- Fix potential memory corruption when mixing __callStatic() and FFI.
- Date:
- Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw).
- FPM:
- Fixed bug GH-10611 (fpm_env_init_main leaks environ).
- Destroy file_handle in fpm_main.
- Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path).
- FTP:
- Propagate success status of ftp_close().
- Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
- IMAP:
- Fix build failure with Clang 16.
- MySQLnd:
- Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections).
- Opcache:
- Fixed build for macOS to cater with pkg-config settings.
- Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context).
- OpenSSL:
- Add missing error checks on file writing functions.
- PDO Firebird:
- Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland).
- Phar:
- Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)).
- Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
- PDO ODBC:
- Fixed missing and inconsistent error checks on SQLAllocHandle.
- PGSQL:
- Fixed typo in the array returned from pg_meta_data (extended mode).
- SPL:
- Fixed bug GH-10519 (Array Data Address Reference Issue).
- Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in PHP 8.2.4).
- Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
- Standard:
- Fixed bug GH-10885 (stream_socket_server context leaks).
- Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)).
- Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with delimiter and enclosure).
- Fixed undefined behaviour in unpack().
New in PHP 8.1.18 (Apr 18, 2023)
- Core:
- Added optional support for max_execution_time in ZTS/Linux builds.
- Fixed use-after-free in recursive AST evaluation.
- Fixed bug GH-8646 (Memory leak PHP FPM 8.1).
- Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
- Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).
- Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
- Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
- Fix potential memory corruption when mixing __callStatic() and FFI.
- Date:
- Fixed bug GH-10583 (DateTime modify with tz pattern should not update linked timezone).
- FPM:
- Fixed bug GH-10611 (fpm_env_init_main leaks environ).
- Destroy file_handle in fpm_main.
- Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path).
- FTP:
- Propagate success status of ftp_close().
- Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
- IMAP:
- Fix build failure with Clang 16.
- MySQLnd:
- Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections).
- Opcache:
- Fixed build for macOS to cater with pkg-config settings.
- Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context).
- OpenSSL:
- Add missing error checks on file writing functions.
- PDO Firebird:
- Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland).
- PDO ODBC:
- Fixed missing and inconsistent error checks on SQLAllocHandle.
- Phar:
- Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)).
- Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
- PGSQL:
- Fixed typo in the array returned from pg_meta_data (extended mode).
- SPL:
- Fixed bug GH-10519 (Array Data Address Reference Issue).
- Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
- Standard:
- Fixed bug GH-10885 (stream_socket_server context leaks).
- Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)).
- Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with delimiter and enclosure).
- Fixed undefined behaviour in unpack().
New in PHP 8.2.4 (Mar 16, 2023)
- Core:
- Fixed incorrect check condition in ZEND_YIELD.
- Fixed incorrect check condition in type inference.
- Fix incorrect check in zend_internal_call_should_throw().
- Fixed overflow check in OnUpdateMemoryConsumption.
- Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes).
- Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout).
- Fixed SSA object type update for compound assignment opcodes.
- Fixed language scanner generation build.
- Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type.
- Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name).
- Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized.
- Curl:
- Fixed deprecation warning at compile time.
- Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback).
- Date:
- Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00).
- Fix GH-10152 (Custom properties of Date's child classes are not serialised).
- Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw).
- FFI:
- Fixed incorrect bitshifting and masking in ffi bitfield.
- Fiber:
- Fixed assembly on alpine x86.
- Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber).
- FPM:
- Fixed bug GH-10315 (FPM unknown child alert not valid).
- Fixed bug GH-10385 (FPM successful config test early exit).
- GMP:
- Properly implement GMP::__construct().
- Intl:
- Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0.
- JSON:
- Fixed JSON scanner and parser generation build.
- MBString:
- ext/mbstring: fix new_value length check.
- Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows).
- Opcache:
- Fix incorrect page_size check.
- OpenSSL:
- Fixed php_openssl_set_server_dh_param() DH params errors handling.
- PDO OCI:
- Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
- PHPDBG:
- Fixed bug GH-10715 (heap buffer overflow on --run option misuse).
- PGSQL:
- Fix GH-10672 (pg_lo_open segfaults in the strict_types mode).
- Phar:
- Fix incorrect check in phar tar parsing.
- Random:
- Fix GH-10390 (Do not trust arc4random_buf() on glibc).
- Fix GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown).
- Reflection:
- Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments).
- Fix Segfault when using ReflectionFiber suspended by an internal function.
- Session:
- Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos).
- Standard:
- Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI).
- Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown).
- Fix incorrect check in cs_8559_5 in map_from_unicode().
- Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes
- Fix incorrect error check in browsecap for pcre2_match().
- Streams:
- Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when using copy_file_range).
- Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect copy_file_range() len).
- Tidy:
- Fix memory leaks when attempting to open a non-existing file or a file over 4GB.
- Add missing error check on tidyLoadConfig.
- Zlib:
- Fixed output_handler directive value's length which counted the string terminator.
New in PHP 8.1.17 (Mar 16, 2023)
- Core:
- Fixed incorrect check condition in ZEND_YIELD.
- Fixed incorrect check condition in type inference.
- Fixed overflow check in OnUpdateMemoryConsumption.
- Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes).
- Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout).
- Fixed SSA object type update for compound assignment opcodes.
- Fixed language scanner generation build.
- Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type.
- Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name).
- Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized.
- Curl:
- Fixed deprecation warning at compile time.
- Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback).
- Date:
- Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00).
- FFI:
- Fixed incorrect bitshifting and masking in ffi bitfield.
- Fiber:
- Fixed assembly on alpine x86.
- Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber).
- FPM:
- Fixed bug GH-10315 (FPM unknown child alert not valid).
- Fixed bug GH-10385 (FPM successful config test early exit).
- Intl:
- Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0.
- JSON:
- Fixed JSON scanner and parser generation build.
- MBString:
- ext/mbstring: fix new_value length check.
- Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows).
- Opcache:
- Fix incorrect page_size check.
- OpenSSL:
- Fixed php_openssl_set_server_dh_param() DH params errors handling.
- PDO OCI:
- Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
- PHPDBG:
- Fixed bug GH-10715 (heap buffer overflow on --run option misuse).
- PGSQL:
- Fix GH-10672 (pg_lo_open segfaults in the strict_types mode).
- Phar:
- Fix incorrect check in phar tar parsing.
- Reflection:
- Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments).
- Fix Segfault when using ReflectionFiber suspended by an internal function.
- Session:
- Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos).
- Standard:
- Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown).
- Fix incorrect check in cs_8559_5 in map_from_unicode().
- Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes
- Fix incorrect error check in browsecap for pcre2_match().
- Tidy:
- Fix memory leaks when attempting to open a non-existing file or a file over 4GB.
- Add missing error check on tidyLoadConfig.
- Zlib:
- Fixed output_handler directive value's length which counted the string terminator.
New in PHP 8.2.3 (Feb 15, 2023)
- Core:
- Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)
- Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
- SAPI:
- Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
New in PHP 8.1.16 (Feb 15, 2023)
- Core:
- Fixed bug #81744 (Password_verify() always return true with some hash).
- Fixed bug #81746 (1-byte array overrun in common path resolve code).
- SAPI:
- Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
New in PHP 8.0.28 (Feb 14, 2023)
- Core:
- Fixed bug #81744 (Password_verify() always return true with some hash).
- Fixed bug #81746 (1-byte array overrun in common path resolve code).
- SAPI:
- Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
New in PHP 8.1.15 (Feb 3, 2023)
- Apache:
- Fixed bug GH-9949 (Partial content on incomplete POST request).
- Core:
- Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code).
- Fix GH-10251 (Assertion `(flag & (1
New in PHP 8.2.2 (Feb 2, 2023)
- Core:
- Fixed bug GH-10200 (zif_get_object_vars: Assertion `!(((__ht)->u.flags & (1
New in PHP 8.2.1 (Jan 6, 2023)
- Core:
- Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
- Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
- Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
- Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
- Fixed potentially undefined behavior in Windows ftok(3) emulation.
- Fixed GH-9769 (Misleading error message for unpacking of objects).
- Apache:
- Fixed bug GH-9949 (Partial content on incomplete POST request).
- FPM:
- Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
- Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
- Fixed bug #80669 (FPM numeric user fails to set groups).
- Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
- Imap:
- Fixed bug GH-10051 (IMAP: there's no way to check if a IMAPConnection is still open).
- MBString:
- Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
- Opcache:
- Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
- OpenSSL:
- Fixed bug GH-9997 (OpenSSL engine clean up segfault).
- Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
- Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
- Pcntl:
- Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
- PDO_Firebird:
- Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
- PDO/SQLite:
- Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
- Session:
- Fixed GH-9932 (session name silently fails with . and [).
- SPL:
- Fixed GH-9883 (SplFileObject::__toString() reads next line).
- Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
- SQLite3:
- Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
- TSRM:
- Fixed Windows shmget() wrt. IPC_PRIVATE.
New in PHP 8.1.14 (Jan 6, 2023)
- Core:
- Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
- Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
- Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
- Fixed potentially undefined behavior in Windows ftok(3) emulation.
- Date:
- Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related).
- Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy).
- Fixed bug GH-9866 (Time zone bug with DateTimeInterface::diff()).
- Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone).
- FPM:
- Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
- Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
- Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
- MBString:
- Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
- Opcache:
- Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
- OpenSSL:
- Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
- Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
- Pcntl:
- Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
- PDO_Firebird:
- Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
- PDO/SQLite:
- Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
- Session:
- Fixed GH-9932 (session name silently fails with . and [).
- SPL:
- Fixed GH-9883 (SplFileObject::__toString() reads next line).
- Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
- SQLite3:
- Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
New in PHP 8.0.27 (Jan 6, 2023)
- PDO/SQLite:
- Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
New in PHP 8.2.0 (Dec 8, 2022)
- CLI:
- Fixed bug #81496 (Server logs incorrect request method).
- Updated the mime-type table for the builtin-server.
- Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
- Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource destruction.
- Implement built-in web server responding without body to HEAD request on a static resource.
- Implement built-in web server responding with HTTP status 405 to DELETE/PUT/PATCH request on a static resource.
- Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
- COM:
- Fixed bug GH-8750 (Can not create VT_ERROR variant type).
- Core:
- Fixed bug #81380 (Observer may not be initialized properly).
- Fixed bug GH-7771 (Fix filename/lineno of constant expressions).
- Fixed bug GH-7792 (Improve class type in error messages).
- Support huge pages on MacOS.
- Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references).
- Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable warning).
- Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed enums).
- Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function calls).
- Optimised code path for newly created file with the stream plain wrapper.
- Uses safe_perealloc instead of perealloc for the ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows.
- Reduced the memory footprint of strings returned by var_export(), json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(), http_build_query(), strstr(), Reflection*::__toString().
- Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
- Added error_log_mode ini setting.
- Updated request startup messages.
- Fixed bug GH-7900 (Arrow function with never return type compile-time errors).
- Fixed incorrect double to long casting in latest clang.
- Added support for defining constants in traits.
- Stop incorrectly emitting false positive deprecation notice alongside unsupported syntax fatal error for `"{$g{'h'}}"`.
- Fix unexpected deprecated dynamic property warning, which occurred when exit() in finally block after an exception was thrown without catching.
- Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
- Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored).
- Fixed bug GH-9285 (Traits cannot be used in readonly classes).
- Fixed bug GH-9186 (@strict-properties can be bypassed using unserialization).
- Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword results in a parse error).
- Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A).
- Fixed observer class notify with Opcache file_cache_only=1.
- Fixes segfault with Fiber on FreeBSD i386 architecture.
- Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable) (Girgias)
- Fixed bug GH-9589 (dl() segfaults when module is already loaded).
- Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
- Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
- Fixed a bug with preloaded enums possibly segfaulting.
- Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler).
- Fixed potential NULL pointer dereference Windows shm*() functions.
- Fix target validation for internal attributes with constructor property promotion.
- Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.
- Move observer_declared_function_notify until after pass_two().
- Do not report MINIT stage internal class aliases in extensions.
- Curl:
- Added support for CURLOPT_XFERINFOFUNCTION.
- Added support for CURLOPT_MAXFILESIZE_LARGE.
- Added new constants from cURL 7.62 to 7.80.
- New function curl_upkeep().
- Date:
- Fixed GH-8458 (DateInterval::createFromDateString does not throw if non-relative items are present).
- Fixed bug #52015 (Allow including end date in DatePeriod iterations) (Daniel Egeberg, Derick)
- idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO Year).
- Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type).
- Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second).
- Fixed bug GH-9106 (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).
- Fixed bug #75035 (Datetime fails to unserialize "extreme" dates).
- Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized).
- Fixed bug #81263 (Wrong result from DateTimeImmutable::diff).
- Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no errors/warnings).
- Fixed bug with parsing large negative numbers with the @ notation.
- DBA:
- Fixed LMDB driver hanging when attempting to delete a non-existing key (Girgias)
- Fixed LMDB driver memory leak on DB creation failure (Girgias)
- Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag).
- FFI:
- Fixed bug GH-9090 (Support assigning function pointers in FFI).
- Fileinfo:
- Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
- Filter:
- Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs.
- FPM:
- Emit error for invalid port setting.
- Added extra check for FPM proc dumpable on SELinux based systems.
- Added support for listening queue on macOS.
- Changed default for listen.backlog on Linux to -1.
- Added listen.setfib pool option to set route FIB on FreeBSD.
- Added access.suppress_path pool option to filter access log entries.
- Fixed on fpm scoreboard occasional warning on acquisition failure.
- Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
- FTP:
- Fix datetime format string to follow POSIX spec in ftp_mdtm().
- GD:
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
- GMP:
- Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
- Hash:
- Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
- Intl:
- Update all grandfathered language tags with preferred values
- Fixed GH-7939 (Cannot unserialize IntlTimeZone objects).
- Fixed build for ICU 69.x and onwards.
- Declared Transliterator::$id as readonly to unlock subclassing it.
- Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
- MBString:
- Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()).
- mysqli:
- Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).
- MySQLnd:
- Fixed potential heap corruption due to alignment mismatch.
- OCI8:
- Added oci8.prefetch_lob_size directive to tune LOB query performance
- Support for building against Oracle Client libraries 10.1 and 10.2 has been dropped. Oracle Client libraries 11.2 or newer are now required.
- ODBC:
- Fixed bug GH-8300 (User input not escaped when building connection string).
- Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate).
- Opcache:
- Allocate JIT buffer close to PHP .text segemnt to allow using direct IP-relative calls and jumps.
- Added initial support for JIT performance profiling generation for macOs Instrument.
- Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
- Added JIT support improvement for macOs for segments and executable permission bit handling.
- Added JIT buffer allocation near the .text section on FreeNSD.
- Fixed bug GH-9371 (Crash with JIT on mac arm64) (jdp1024/David Carlier)
- Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer overflow).
- Added indirect call reduction for jit on x86 architectures.
- Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
- Fix opcache preload with observers enabled.
- OpenSSL:
- Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.
- Fixed bug GH-9310 (SSL local_cert and local_pk do not respect open_basedir).
- Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like AEAD).
- Added openssl_cipher_key_length function.
- Fixed bug GH-9517 (Compilation error openssl extension related to PR GH-9366).
- Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620.
- Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
- PCNTL:
- Fixed pcntl_(get|set)priority error handling for MacOS.
- PCRE:
- Implemented FR #77726 (Allow null character in regex patterns).
- Updated bundled libpcre to 10.40.
- PDO:
- Fixed bug GH-9818 (Initialize run time cache in PDO methods).
- PDO_Firebird:
- Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8).
- PDO_ODBC:
- Fixed bug #80909 (crash with persistent connections in PDO_ODBC).
- Fixed bug GH-8300 (User input not escaped when building connection string).
- Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate).
- Fixed bug GH-9372 (HY010 when binding overlong parameter).
- PDO_PGSQL:
- Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
- Random:
- Added new random extension.
- Fixed bug GH-9067 (random extension is not thread safe).
- Fixed bug GH-9055 (segmentation fault if user engine throws).
- Fixed bug GH-9066 (signed integer overflow).
- Fixed bug GH-9083 (undefined behavior during shifting).
- Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when generating uniform integers within a given range).
- Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct() call twice).
- Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative $advance).
- Changed Mt19937 to throw a ValueError instead of InvalidArgumentException for invalid $mode.
- Splitted RandomRandomizer::getInt() (without arguments) to RandomRandomizer::nextInt().
- Fixed bug GH-9235 (non-existant $sequence parameter in stub for PcgOneseq128XslRr64::__construct()).
- Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when handling large ranges).
- Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid all-zero state).
- Removed redundant RuntimeExceptions from Randomizer methods. The exceptions thrown by the engines will be exposed directly.
- Added extension specific Exceptions/Errors (RandomException, RandomError, BrokenRandomEngineError).
- Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937 always returns 1).
- Fixed Randomizer::getInt() consistency for 32-bit engines.
- Fixed bug GH-9464 (build on older macOs releases).
- Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand() functions for MT_RAND_PHP).
- Reflection:
- Added ReflectionFunction::isAnonymous().
- Added ReflectionMethod::hasPrototype().
- Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.
- Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
- Session:
- Fixed bug GH-7787 (Improve session write failure message for user error handlers).
- Fixed GH-9200 (setcookie has an obsolete expires date format).
- Fixed GH-9584 (Avoid memory corruption when not unregistering custom session handler).
- Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
- SOAP:
- Fixed bug GH-9720 (Null pointer dereference while serializing the response).
- Sockets:
- Added TCP_NOTSENT_LOWAT socket option.
- Added SO_MEMINFO socket option.
- Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).
- Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket options.
- Added ancillary data support for FreeBSD.
- Added ancillary data support for NetBSD.
- Added SO_BPF_EXTENSIONS socket option.
- Added SO_SETFIB socket option.
- Added TCP_CONGESTION socket option.
- Added SO_ZEROCOPY/MSG_ZEROCOPY options.
- Added SOL_FILTER socket option for Solaris.
- Fixed socket constants regression as of PHP 8.2.0beta3.
- Sodium:
- Added sodium_crypto_stream_xchacha20_xor_ic().
- SPL:
- Uses safe_erealloc instead of erealloc to handle heap growth for the SplHeap::insert method to avoid possible overflows.
- Widen iterator_to_array() and iterator_count()'s $iterator parameter to iterable.
- Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields).
- Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check).
- SQLite3:
- Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER.
- Standard:
- net_get_interfaces() also reports wireless network interfaces on Windows.
- Finished AVIF support in getimagesize().
- Fixed bug GH-7847 (stripos with large haystack has bad performance).
- New function memory_reset_peak_usage().
- Fixed parse_url(): can not recognize port without scheme.
- Deprecated utf8_encode() and utf8_decode().
- Fixed the crypt_sha256/512 api build with clang > 12.
- Uses safe_erealloc instead of erealloc to handle options in getopt to avoid possible overflows.
- Implemented FR GH-8924 (str_split should return empty array for empty string).
- Added ini_parse_quantity function to convert ini quantities shorthand notation to int.
- Enable arc4random_buf for Linux glibc 2.36 and onwards for the random_bytes.
- Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
- Fixed bug #65489 (glob() basedir check is inconsistent).
- Fixed GH-9200 (setcookie has an obsolete expires date format).
- Fixed GH-9244 (Segfault with array_multisort + array_shift).
- Fixed bug GH-9296 (`ksort` behaves incorrectly on arrays with mixed keys).
- Marked crypt()'s $string parameter as #[SensitiveParameter].
- Fixed bug GH-9464 (build on older macOs releases).
- Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants).
- Revert "Fixed parse_url(): can not recognize port without scheme." (andypost)
- Fix crash reading module_entry after DL_UNLOAD() when module already loaded.
- Streams:
- Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.
- Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory).
- Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.
- Fixed bug GH-9316 ($http_response_header is wrong for long status line).
- Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
- Fixed bug GH-9653 (file copy between different filesystems).
- Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode).
- Windows:
- Added preliminary support for (cross-)building for ARM64.
- XML:
- Added libxml_get_external_entity_loader() function.
- Zip:
- add ZipArchive::clearError() method
- add ZipArchive::getStreamName() method
- add ZipArchive::getStreamIndex() method
- On Windows, the Zip extension is now built as shared library (DLL) by default.
- Implement fseek for zip stream when possible with libzip 1.9.1.
New in PHP 8.1.13 (Nov 27, 2022)
- CLI:
- Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
- Core:
- Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
- Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
- Fixed potential NULL pointer dereference Windows shm*() functions.
- Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.
- Date:
- Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).
- FPM:
- Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
- mysqli:
- Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).
- MySQLnd:
- Fixed potential heap corruption due to alignment mismatch.
- OpenSSL:
- Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
- SOAP:
- Fixed GH-9720 (Null pointer dereference while serializing the response).
New in PHP 8.0.26 (Nov 27, 2022)
- CLI:
- Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
- Core:
- Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
- Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
- Fixed potential NULL pointer dereference in Windows shm*() functions.
- Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.
- Date:
- Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).
- FPM:
- Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
- mysqli:
- Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).
- OpenSSL:
- Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
- SOAP:
- Fixed GH-9720 (Null pointer dereference while serializing the response).
New in PHP 7.4.33 (Nov 4, 2022)
- GD:
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
- Hash:
- Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
New in PHP 8.1.12 (Oct 30, 2022)
- Core:
- Fixes segfault with Fiber on FreeBSD i386 architecture.
- Fileinfo:
- Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
- GD:
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
- Hash:
- Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
- MBString:
- Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader).
- Opcache:
- Added indirect call reduction for jit on x86 architectures.
- Session:
- Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
- Streams:
- Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
New in PHP 8.0.25 (Oct 28, 2022)
- GD:
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
- Hash:
- Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
- Session:
- Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
- Streams:
- Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
New in PHP 8.0.24 (Sep 30, 2022)
- Core:
- Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
- Fixed bug GH-9361 (Segmentation fault on script exit #9379).
- Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static type).
- Fix #81727 (Don't mangle semantically meaningful HTTP var names).
- DOM:
- Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
- FPM:
- Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload).
- Fixed bug #77780 ("Headers already sent..." when previous connection was aborted).
- GMP:
- Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
- Intl:
- Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
- Phar:
- Fix #81726 (DOS when using quine gzip file).
- PDO_PGSQL:
- Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
- Reflection:
- Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
- Fixed bug GH-9409 (Private method is incorrectly dumped as "overwrites").
- Streams:
- Fixed bug GH-9316 ($http_response_header is wrong for long status line).
New in PHP 8.1.11 (Sep 29, 2022)
- Core:
- Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
- Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
- Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
- Fixed bug GH-9361 (Segmentation fault on script exit #9379).
- Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions).
- DOM:
- Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
- FPM:
- Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload).
- Fixed bug #77780 ("Headers already sent..." when previous connection was aborted).
- GMP:
- Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
- Intl:
- Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
- PCRE:
- Fixed pcre.jit on Apple Silicon.
- PDO_PGSQL:
- Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
- Reflection:
- Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
- Streams:
- Fixed bug GH-9316 ($http_response_header is wrong for long status line).
New in PHP 7.4.32 (Sep 29, 2022)
- Core:
- Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
- Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
New in PHP 8.0.23 (Sep 2, 2022)
- Core:
- Fixed incorrect double to long casting in latest clang.
- DBA:
- Fixed LMDB driver memory leak on DB creation failure (Girgias)
- Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults).
- Intl:
- Fixed IntlDateFormatter::formatObject() parameter type.
- OPcache:
- Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
- PDO_SQLite:
- Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
- SQLite3:
- Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
- Standard:
- Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
- Streams:
- Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata).
- Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging).
New in PHP 8.1.10 (Sep 1, 2022)
- Core:
- Fixed --CGI-- support of run-tests.php.
- Fixed incorrect double to long casting in latest clang.
- Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present).
- Date:
- Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type).
- Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second).
- Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).
- Fixed bug #81263 (Wrong result from DateTimeImmutable::diff).
- DBA:
- Fixed LMDB driver memory leak on DB creation failure (Girgias)
- Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults) (cmb)
- IMAP:
- Fixed bug GH-9309 (Segfault when connection is used after imap_close()).
- Intl:
- Fixed IntlDateFormatter::formatObject() parameter type.
- MBString:
- Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings).
- OPcache:
- Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
- Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
- PDO_SQLite:
- Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
- SQLite3:
- Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
- Streams:
- Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata).
- Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging).
New in PHP 8.1.9 (Aug 5, 2022)
- CLI:
- Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
- Fixed GH-8952 (Intentionally closing std handles no longer possible).
- Core:
- Fixed bug GH-8923 (error_log on Windows can hold the file write lock).
- Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
- Date:
- Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
- FPM:
- Fixed zlog message prepend, free on incorrect address.
- Fixed possible double free on configuration loading failure. (Heiko Weber).
- GD:
- Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
- Intl:
- Fixed build for ICU 69.x and onwards.
- OPcache:
- Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).
- Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
- Reflection:
- Fixed bug GH-8943 (Fixed Reflection::getModifiersNames() with readonly modifier).
- Standard:
- Fixed the crypt_sha256/512 api build with clang > 12.
- Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
- Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
New in PHP 8.0.22 (Aug 5, 2022)
- CLI:
- Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
- Core:
- Fixed bug GH-8923 (error_log on Windows can hold the file write lock).
- Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
- Date:
- Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
- DBA:
- Fixed LMDB driver hanging when attempting to delete a non-existing key.
- FPM:
- Fixed zlog message prepend, free on incorrect address.
- Fixed possible double free on configuration loading failure.
- GD:
- Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
- Intl:
- Fixed build for ICU 69.x and onwards.
- OPcache:
- Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).
- Standard:
- Fixed the crypt_sha256/512 api build with clang > 12.
- Uses CCRandomGenerateBytes instead of arc4random_buf on macOs.
New in PHP 8.1.8 (Jul 8, 2022)
- Core:
- Fixed bug #8338 (Intel CET is disabled unintentionally).
- Fixed leak in Enum::from/tryFrom for internal enums when using JIT
- Fixed calling internal methods with a static return type from extension code.
- Fixed bug #8655 (Casting an object to array does not unwrap refcount=1 references).
- Fixed potential use after free in php_binary_init().
- CLI:
- Fixed #8827 (Intentionally closing std handles no longer possible).
- COM:
- Fixed bug #8778 (Integer arithmethic with large number variants fails).
- Curl:
- Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
- Date:
- Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions).
- Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
- Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
- Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
- Fileinfo:
- Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
- FPM:
- Fixed bug #67764 (fpm: syslog.ident don't work).
- GD:
- Fixed imagecreatefromavif() memory leak.
- MBString:
- mb_detect_encoding recognizes all letters in Czech alphabet
- mb_detect_encoding recognizes all letters in Hungarian alphabet
- Fixed bug #8685 (pcre not ready at mbstring startup).
- Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
- ODBC:
- Fixed handling of single-key connection strings.
- OPcache:
- Fixed bug #8591 (tracing JIT crash after private instance method change).
- OpenSSL:
- Fixed bug #50293 (Several openssl functions ignore the VCWD).
- Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
- PDO_ODBC:
- Fixed handling of single-key connection strings.
- Zip:
- Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).
New in PHP 8.0.21 (Jul 7, 2022)
- Core:
- Fixed potential use after free in php_binary_init().
- CLI:
- Fixed #8827 (Intentionally closing std handles no longer possible).
- COM:
- Fixed bug #8778 (Integer arithmethic with large number variants fails).
- Curl:
- Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
- Date:
- Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
- Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
- Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
- FPM:
- Fixed bug #67764 (fpm: syslog.ident don't work).
- MBString:
- Fixed bug #8685 (pcre not ready at mbstring startup).
- ODBC:
- Fixed handling of single-key connection strings.
- OpenSSL:
- Fixed bug #50293 (Several openssl functions ignore the VCWD).
- Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
- PDO_ODBC:
- Fixed errorInfo() result on successful PDOStatement->execute().
- Fixed handling of single-key connection strings.
- Zip:
- Fixed bug #8781 (ZipArchive::close deletes zip file without updating stat cache).
New in PHP 8.1.7 (Jun 11, 2022)
- CLI:
- Fixed bug #8575 (CLI closes standard streams too early).
- Date:
- Fixed bug #51934 (strtotime plurals / incorrect time).
- Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)).
- Fixed bug #66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH)
- Fixed bug #68549 (Timezones and offsets are not properly used when working with dates)
- Fixed bug #81565 (date parsing fails when provided with timezones including seconds).
- Fixed bug #7758 (Problems with negative timestamps and fractions).
- FPM:
- Fixed ACL build check on MacOS.
- Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
- mysqlnd:
- Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- OPcache:
- Fixed bug #8461 (tracing JIT crash after function/method change).
- OpenSSL:
- Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading).
- Pcntl:
- Fixed Haiku build.
- pgsql:
- Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
- Soap:
- Fixed bug #8578 (Error on wrong parameter on SoapHeader constructor).
- Fixed bug #8538 (SoapClient may strip parts of nmtokens).
- SPL:
- Fixed bug #8235 (iterator_count() may run indefinitely).
- Standard:
- Fixed bug #8185 (Crash during unloading of extension after dl() in ZTS).
- Zip:
- Fixed type for index in ZipArchive::replaceFile.
New in PHP 8.0.20 (Jun 11, 2022)
- CLI:
- Fixed bug #8575 (CLI closes standard streams too early).
- Core:
- Fixed Haiku ZTS builds.
- Date:
- Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection).
- FPM:
- Fixed ACL build check on MacOS.
- Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
- Mysqlnd:
- Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- OPcache:
- Fixed bug #8466 (ini_get() is optimized out when the option does not exist).
- Pcntl:
- Fixed Haiku build.
- Pgsql:
- Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
- Soap:
- Fixed bug #8578 (Error on wrong parameter on SoapHeader constructor).
- Fixed bug #8538 (SoapClient may strip parts of nmtokens).
- SPL:
- Fixed bug #8235 (iterator_count() may run indefinitely).
- Zip:
- Fixed type for index in ZipArchive::replaceFile.
New in PHP 7.4.30 (Jun 11, 2022)
- mysqlnd:
- Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- pgsql:
- Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
New in PHP 8.1.6 (May 13, 2022)
- Core:
- Fixed bug #8310 (Registry settings are no longer recognized).
- Fixed potential race condition during resource ID allocation.
- Fixed bug #8133 (Preloading of constants containing arrays with enums segfaults).
- Fixed Haiku ZTS builds.
- Date:
- Fixed bug #7752 (DateTimeZone::getTransitions() returns insufficient data).
- Fixed bug #8108 (Timezone doesn't work as intended).
- Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
- Fixed bug #8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
- FFI:
- Fixed bug #8433 (Assigning function pointers to structs in FFI leaks).
- FPM:
- Fixed bug #76003 (FPM /status reports wrong number of active processe).
- Fixed bug #77023 (FPM cannot shutdown processes).
- Fixed comment in kqueue remove callback log message.
- Hash:
- Fixed bug #81714 (segfault when serializing finalized HashContext).
- Iconv:
- Fixed bug #8218 (ob_end_clean does not reset Content-Encoding header).
- Intl:
- Fixed bug #8364 (msgfmt_format $values may not support references).
- MBString:
- Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier.
- MySQLi:
- Fixed bug #8267 (MySQLi uses unsupported format specifier on Windows).
- SPL:
- Fixed bug #8366 (ArrayIterator may leak when calling __construct()).
- Fixed bug #8273 (SplFileObject: key() returns wrong value).
- Streams:
- Fixed php://temp does not preserve file-position when switched to temporary file.
- zlib:
- Fixed bug #8218 (ob_end_clean does not reset Content-Encoding header).
New in PHP 8.0.19 (May 13, 2022)
- Core:
- Fixed bug #8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
- Date:
- Fixed bug #7979 (DatePeriod iterator advances when checking if valid).
- FFI:
- Fixed bug #8433 (Assigning function pointers to structs in FFI leaks).
- FPM:
- Fixed bug #76003 (FPM /status reports wrong number of active processe).
- Fixed bug #77023 (FPM cannot shutdown processes).
- Fixed comment in kqueue remove callback log message.
- Iconv:
- Fixed bug #8218 (ob_end_clean does not reset Content-Encoding header).
- Intl:
- Fixed bug #8364 (msgfmt_format $values may not support references).
- MySQLi:
- Fixed bug #8267 (MySQLi uses unsupported format specifier on Windows).
- SPL:
- Fixed bug #8366 (ArrayIterator may leak when calling __construct()).
- Fixed bug #8273 (SplFileObject: key() returns wrong value).
- Streams:
- Fixed php://temp does not preserve file-position when switched to temporary file.
- zlib:
- Fixed bug #8218 (ob_end_clean does not reset Content-Encoding header).
New in PHP 8.0.18 (Apr 15, 2022)
- Core:
- Fixed freeing of internal attribute arguments.
- Fixed bug #8070 (memory leak of internal function attribute hash).
- Fixed bug #8160 (ZTS support on Alpine is broken).
- Filter:
- Fixed signedness confusion in php_filter_validate_domain().
- Intl:
- Fixed bug #8142 (Compilation error on cygwin).
- MBString:
- Fixed bug #8208 (mb_encode_mimeheader: $indent functionality broken).
- MySQLi:
- Fixed bug #8068 (mysqli_fetch_object creates inaccessible properties).
- Pcntl:
- Fixed bug #8142 (Compilation error on cygwin).
- PgSQL:
- Fixed result_type related stack corruption on LLP64 architectures.
- Fixed bug #8253 (pg_insert() fails for references).
- Sockets:
- Fixed Solaris builds.
- SPL:
- Fixed bug #8121 (SplFileObject - seek and key with csv file inconsistent).
- Standard:
- Fixed bug #8048 (Force macOS to use statfs).
New in PHP 8.1.5 (Apr 14, 2022)
- Core:
- Fixed bug #8176 (Enum values in property initializers leak).
- Fixed freeing of internal attribute arguments.
- Fixed bug #8070 (memory leak of internal function attribute hash).
- Fixed bug #8160 (ZTS support on Alpine is broken).
- Filter:
- Fixed signedness confusion in php_filter_validate_domain().
- Intl:
- Fixed bug #8115 (Can't catch arg type deprecation when instantiating Intl classes).
- Fixed bug #8142 (Compilation error on cygwin).
- Fixed bug #7734 (Fix IntlPartsIterator key off-by-one error and first key).
- MBString:
- Fixed bug #8208 (mb_encode_mimeheader: $indent functionality broken).
- MySQLi:
- Fixed bug #8068 (mysqli_fetch_object creates inaccessible properties).
- Pcntl:
- Fixed bug #8142 (Compilation error on cygwin).
- PgSQL:
- Fixed result_type related stack corruption on LLP64 architectures.
- Fixed bug #8253 (pg_insert() fails for references).
- Sockets:
- Fixed Solaris builds.
- SPL:
- Fixed bug #8121 (SplFileObject - seek and key with csv file inconsistent).
- Fixed bug #8192 (Cannot override DirectoryIterator::current() without return typehint in 8.1).
- Standard:
- Fixed bug #8048 (Force macOS to use statfs).
New in PHP 7.4.29 (Apr 14, 2022)
- Core:
- No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates.
- Date:
- Updated to latest IANA timezone database (2022a).
New in PHP 8.1.4 (Mar 18, 2022)
- Core:
- Fixed Haiku ZTS build.
- Fixed bug #8059 arginfo not regenerated for extension.
- Fixed bug #8083 Segfault when dumping uncalled fake closure with static variables.
- Fixed bug #7958 (Nested CallbackFilterIterator is leaking memory).
- Fixed bug #8074 (Wrong type inference of range() result).
- Fixed bug #8140 (Wrong first class callable by name optimization).
- Fixed bug #8082 (op_arrays with temporary run_time_cache leak memory when observed).
- GD:
- Fixed libpng warning when loading interlaced images.
- FPM:
- Fixed bug #76109 (Unsafe access to fpm scoreboard).
- Iconv:
- Fixed bug #7953 (ob_clean() only does not set Content-Encoding).
- Fixed bug #7980 (Unexpected result for iconv_mime_decode).
- MBString:
- Fixed bug #8128 (mb_check_encoding wrong result for 7bit).
- MySQLnd:
- Fixed bug #8058 (NULL pointer dereference in mysqlnd package).
- Reflection:
- Fixed bug #8080 (ReflectionClass::getConstants() depends on def. order).
- Zlib:
- Fixed bug #7953 (ob_clean() only does not set Content-Encoding).
New in PHP 8.0.17 (Mar 17, 2022)
- Core:
- Fixed Haiku ZTS build.
- GD:
- Fixed libpng warning when loading interlaced images.
- FPM:
- Fixed bug #76109 (Unsafe access to fpm scoreboard).
- Iconv:
- Fixed bug #7953 (ob_clean() only does not set Content-Encoding).
- Fixed bug #7980 (Unexpected result for iconv_mime_decode).
- MySQLnd:
- Fixed bug #8058 (NULL pointer dereference in mysqlnd package).
- OPcache:
- Fixed bug #8074 (Wrong type inference of range() result).
- Reflection:
- Fixed bug #8080 (ReflectionClass::getConstants() depends on def. order).
- Zlib:
- Fixed bug #7953 (ob_clean() only does not set Content-Encoding).
New in PHP 8.1.3 (Feb 18, 2022)
- Core:
- Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
- Fixed bug #7896 (Environment vars may be mangled on Windows).
- Fixed bug #7883 (Segfault when INI file is not readable).
- FFI:
- Fixed bug #7867 (FFI::cast() from pointer to array is broken).
- Filter:
- Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)
- FPM:
- Fixed memory leak on invalid port.
- Fixed bug #7842 (Invalid OpenMetrics response format returned by FPM status page.
- MBString:
- Fixed bug #7902 (mb_send_mail may delimit headers with LF only).
- MySQLnd:
- Fixed bug #7972 (MariaDB version prefix 5.5.5- is not stripped).
- pcntl:
- Fixed pcntl_rfork build for DragonFlyBSD.
- Sockets:
- Fixed bug #7978 (sockets extension compilation errors).
- Standard:
- Fixed bug #7899 (Regression in unpack for negative int value).
- Fixed bug #7875 (mails are sent even if failure to log throws exception).
New in PHP 8.0.16 (Feb 18, 2022)
- Core:
- Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
- Fixed bug #7896 (Environment vars may be mangled on Windows).
- FFI:
- Fixed bug #7867 (FFI::cast() from pointer to array is broken).
- Filter:
- Fix #81708: UAF due to php_filter_float() failing for ints.
- FPM:
- Fixed memory leak on invalid port.
- MBString:
- Fixed bug #7902 (mb_send_mail may delimit headers with LF only).
- MySQLnd:
- Fixed bug #7972 (MariaDB version prefix 5.5.5- is not stripped).
- Sockets:
- Fixed ext/sockets build on Haiku.
- Fixed bug #7978 (sockets extension compilation errors).
- Standard:
- Fixed bug #7875 (mails are sent even if failure to log throws exception).
New in PHP 7.4.28 (Feb 18, 2022)
- Filter:
- Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)
New in PHP 8.1.2 (Jan 21, 2022)
- Core:
- Fixed bug #81216 (Nullsafe operator leaks dynamic property name).
- Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error).
- Fixed bug #81656 (GCC-11 silently ignores -R).
- Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods).
- Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
- Fixed bug #7757 (Multi-inherited final constant causes fatal error).
- Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT.
- Added riscv64 support for fibers.
- Filter:
- Fixed FILTER_FLAG_NO_RES_RANGE flag.
- Hash:
- Fixed bug #7759 (Incorrect return types for hash() and hash_hmac()).
- Fixed bug #7826 (Inconsistent argument name in hash_hmac_file and hash_file).
- MBString:
- Fixed bug #81693 (mb_check_encoding(7bit) segfaults).
- MySQLi:
- Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
- Introduced MYSQLI_IS_MARIADB.
- Fixed bug #7746 (mysqli_sql_exception->getSqlState()).
- MySQLnd:
- Fixed bug where large bigints may be truncated.
- OCI8:
- Fixed bug #7765 (php_oci_cleanup_global_handles segfaults at second call).
- OPcache:
- Fixed bug #81679 (Tracing JIT crashes on reattaching).
- Readline:
- Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive shell).
- Reflection:
- Fixed bug #81681 (ReflectionEnum throwing exceptions).
- PDO_PGSQL:
- Fixed error message allocation of PDO PgSQL.
- Sockets:
- Avoid void* arithmetic in sockets/multicast.c on NetBSD.
- Fixed ext/sockets build on Haiku.
- Spl:
- Fixed bug #75917 (SplFileObject::seek broken with CSV flags).
- Fixed bug #7809 (Cloning a faked SplFileInfo object may segfault).
- Standard:
- Fixed bug #7748 (gethostbyaddr outputs binary string).
- Fixed bug #7815 (php_uname doesn't recognise latest Windows versions).
New in PHP 8.0.15 (Jan 21, 2022)
- Core:
- Fixed bug #81656 (GCC-11 silently ignores -R).
- Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
- Filter:
- Fixed FILTER_FLAG_NO_RES_RANGE flag.
- Hash:
- Fixed bug #7759 (Incorrect return types for hash() and hash_hmac()).
- Fixed bug #7826 (Inconsistent argument name in hash_hmac_file and hash_file).
- MySQLnd:
- Fixed bug where large bigints may be truncated.
- OCI8:
- Fixed bug #7765 (php_oci_cleanup_global_handles segfaults at second call).
- OPcache:
- Fixed bug #81679 (Tracing JIT crashes on reattaching).
- PDO_PGSQL:
- Fixed error message allocation of PDO PgSQL.
- Sockets:
- Avoid void* arithmetic in sockets/multicast.c on NetBSD.
- Spl:
- Fixed bug #75917 (SplFileObject::seek broken with CSV flags).
New in PHP 8.0.13 (Nov 24, 2021)
- Core:
- Fixed bug #81518 (Header injection via default_mimetype / default_charset).
- Date:
- Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
- DBA:
- Fixed bug #81588 (TokyoCabinet driver leaks memory).
- MBString:
- Fixed bug #76167 (mbstring may use pointer from some previous request).
- Opcache:
- Fixed bug #81512 (Unexpected behavior with arrays and JIT).
- PCRE:
- Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
- XML:
- Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
- XMLReader:
- Fixed bug #81521 (XMLReader::getParserProperty may throw with a valid property).
New in PHP 7.4.26 (Nov 18, 2021)
- Core:
- Fixed bug #81518 (Header injection via default_mimetype / default_charset).
- Date:
- Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
- MBString:
- Fixed bug #76167 (mbstring may use pointer from some previous request).
- MySQLi:
- Fixed bug #81494 (Stopped unbuffered query does not throw error).
- PCRE:
- Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
- Streams:
- Fixed bug #54340 (Memory corruption with user_filter).
- XML:
- Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
New in PHP 7.3.33 (Nov 18, 2021)
- XML:
- Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
New in PHP 8.0.12 (Nov 2, 2021)
- CLI:
- Fixed bug #81496 (Server logs incorrect request method).
- Core:
- Fixed bug #81435 (Observer current_observed_frame may point to an old (overwritten) frame).
- Fixed bug #81380 (Observer may not be initialized properly).
- DOM:
- Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
- FFI:
- Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
- FPM:
- Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
- Fileinfo:
- Fixed bug #78987 (High memory usage during encoding detection).
- Filter:
- Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
- Opcache:
- Fixed bug #81472 (Cannot support large linux major/minor device number when read /proc/self/maps).
- Reflection:
- ReflectionAttribute is no longer final.
- SPL:
- Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
- Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1).
- Standard:
- Fixed bug #69751 (Change Error message of sprintf/printf for missing/typo position specifier).
- Streams:
- Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
- XML:
- Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
- Zip:
- Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
- Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).
New in PHP 7.4.25 (Nov 2, 2021)
- DOM:
- Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
- FFI:
- Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
- Fileinfo:
- Fixed bug #78987 (High memory usage during encoding detection).
- Filter:
- Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
- FPM:
- Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
- SPL:
- Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
- Streams:
- Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
- XML:
- Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
- Zip:
- Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
- Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).
New in PHP 7.3.32 (Nov 2, 2021)
- FPM:
- Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation). (CVE-2021-21703)
New in PHP 8.0.11 (Sep 30, 2021)
- Core:
- Fixed bug #81302 (Stream position after stream filter removed).
- Fixed bug #81346 (Non-seekable streams don't update position after write).
- Fixed bug #73122 (Integer Overflow when concatenating strings).
- GD:
- Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
- Opcache:
- Fixed bug #81353 (segfault with preloading and statically bound closure).
- Shmop:
- Fixed bug #81407 (shmop_open won't attach and causes php to crash).
- Standard:
- Fixed bug #71542 (disk_total_space does not work with relative paths).
- Fixed bug #81400 (Unterminated string in dns_get_record() results).
- SysVMsg:
- Fixed bug #78819 (Heap Overflow in msg_send).
- XML:
- Fixed bug #81351 (xml_parse may fail, but has no error code).
- Zip:
- Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword).
- Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).
New in PHP 7.4.24 (Sep 30, 2021)
- Core:
- Fixed bug #81302 (Stream position after stream filter removed).
- Fixed bug #81346 (Non-seekable streams don't update position after write).
- Fixed bug #73122 (Integer Overflow when concatenating strings).
- GD:
- Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
- Opcache:
- Fixed bug #81353 (segfault with preloading and statically bound closure).
- Shmop:
- Fixed bug #81407 (shmop_open won't attach and causes php to crash).
- Standard:
- Fixed bug #71542 (disk_total_space does not work with relative paths).
- Fixed bug #81400 (Unterminated string in dns_get_record() results).
- SysVMsg:
- Fixed bug #78819 (Heap Overflow in msg_send).
- XML:
- Fixed bug #81351 (xml_parse may fail, but has no error code).
- Zip:
- Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)
New in PHP 7.3.31 (Sep 23, 2021)
- Zip:
- Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)
New in PHP 8.0.10 (Sep 1, 2021)
- Core:
- Fixed bug #72595 (php_output_handler_append illegal write access).
- Fixed bug #66719 (Weird behaviour when using get_called_class() with call_user_func()).
- Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
- BCMath:
- Fixed bug #78238 (BCMath returns "-0").
- CGI:
- Fixed bug #80849 (HTTP Status header truncation).
- Date:
- Fixed bug #64975 (Error parsing when AM/PM not at the end).
- Fixed bug #78984 (DateTimeZone accepting invalid UTC timezones).
- Fixed bug #79580 (date_create_from_format misses leap year).
- Fixed bug #80409 (DateTime::modify() loses time with 'weekday' parameter).
- GD:
- Fixed bug #51498 (imagefilledellipse does not work for large circles).
- MySQLi:
- Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()).
- Opcache:
- Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
- Fixed bug #81249 (Intermittent property assignment failure with JIT enabled).
- Fixed bug #81206 (Multiple PHP processes crash with JIT enabled).
- Fixed bug #81272 (Segfault in var[] after array_slice with JIT).
- Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
- Fixed bug #80959 (Infinite loop in building cfg during JIT compilation) (Nikita, Dmitry)
- Fixed bug #81226 (Integer overflow behavior is different with JIT enabled).
- OpenSSL:
- Fixed bug #81327 (Error build openssl extension on php 7.4.22).
- PDO_ODBC:
- Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL).
- Phar:
- Fixed bug #81211: Symlinks are followed when creating PHAR archive (cmb)
- Shmop:
- Fixed bug #81283 (shmop can't read beyond 2147483647 bytes).
- SimpleXML:
- Fixed bug #81325 (Segfault in zif_simplexml_import_dom).
- Standard:
- Fixed bug #72146 (Integer overflow on substr_replace).
- Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
- Fixed bug #74960 (Heap buffer overflow via str_repeat).
- Streams:
- Fixed bug #81294 (Segfault when removing a filter).
New in PHP 7.4.23 (Sep 1, 2021)
- Core:
- Fixed bug #72595 (php_output_handler_append illegal write access).
- Fixed bug #66719 (Weird behaviour when using get_called_class() with call_user_func()).
- Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
- BCMath:
- Fixed bug #78238 (BCMath returns "-0").
- CGI:
- Fixed bug #80849 (HTTP Status header truncation).
- GD:
- Fixed bug #51498 (imagefilledellipse does not work for large circles).
- MySQLi:
- Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()).
- OpenSSL:
- Fixed bug #81327 (Error build openssl extension on php 7.4.22).
- PDO_ODBC:
- Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL).
- Phar:
- Fixed bug #81211: Symlinks are followed when creating PHAR archive.(cmb)
- Shmop:
- Fixed bug #81283 (shmop can't read beyond 2147483647 bytes).
- Standard:
- Fixed bug #72146 (Integer overflow on substr_replace).
- Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
- Fixed bug #74960 (Heap buffer overflow via str_repeat).
- Streams:
- Fixed bug #81294 (Segfault when removing a filter).
New in PHP 7.3.30 (Sep 1, 2021)
- Phar:
- Fixed bug #81211: Symlinks are followed when creating PHAR archive.
New in PHP 8.0.9 (Jul 30, 2021)
- Core:
- Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
- Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
- Fixed bug #81159 (Object to int warning when using an object as a string offset).
- Fixed bug #80728 (PHP built-in web server resets timeout when it can kill the process).
- Fixed bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri']).
- Fixed bug #80173 (Using return value of zend_assign_to_variable() is not safe).
- Fixed bug #73226 (--r[fcez] always return zero exit code).
- Intl:
- Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
- Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone).
- Fixed bug #74264 (grapheme_strrpos() broken for negative offsets).
- OpenSSL:
- Fixed bug #52093 (openssl_csr_sign truncates $serial).
- PCRE:
- Fixed bug #81101 (PCRE2 10.37 shows unexpected result).
- Fixed bug #81243 (Too much memory is allocated for preg_replace()).
- Reflection:
- Fixed bug #81208 (Segmentation fault while create newInstance from attribute).
- Standard:
- Fixed bug #81223 (flock() only locks first byte of file).
New in PHP 7.4.22 (Jul 30, 2021)
- Core:
- Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
- Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
- Fixed bug #80728 (PHP built-in web server resets timeout when it can kill the process).
- Fixed bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri']).
- Fixed bug #80173 (Using return value of zend_assign_to_variable() is not safe).
- Fixed bug #73226 (--r[fcez] always return zero exit code).
- Intl:
- Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
- Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone).
- Fixed bug #74264 (grapheme_strrpos() broken for negative offsets).
- OpenSSL:
- Fixed bug #52093 (openssl_csr_sign truncates $serial).
- PCRE:
- Fixed bug #81101 (PCRE2 10.37 shows unexpected result).
- Fixed bug #81243 (Too much memory is allocated for preg_replace()).
- Standard:
- Fixed bug #81223 (flock() only locks first byte of file).
New in PHP 8.0.8 (Jul 7, 2021)
- Core:
- Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
- Fixed bug #81068 (Double free in realpath_cache_clean()).
- Fixed bug #76359 (open_basedir bypass through adding "..").
- Fixed bug #81090 (Typed property performance degradation with .= operator).
- Fixed bug #81070 (Integer underflow in memory limit comparison).
- Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
- Bzip2:
- Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
- Fileinfo:
- Fixed bug #80197 (implicit declaration of function 'magic_stream' is invalid).
- GMP:
- Fixed bug #81119 (GMP operators throw errors with wrong parameter names).
- OCI8:
- Fixed bug #81088 (error in regression test for oci_fetch_object() and oci_fetch_array()).
- Opcache:
- Fixed bug #81051 (Broken property type handling after incrementing reference).
- Fixed bug #80968 (JIT segfault with return from required file).
- OpenSSL:
- Fixed bug #76694 (native Windows cert verification uses CN as sever name).
- MySQLnd:
- Fixed bug #80761 (PDO uses too much memory).
- PDO_Firebird:
- Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
- Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
- Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
- Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
- readline:
- Fixed bug #72998 (invalid read in readline completion).
- Standard:
- Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
- Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
- Windows:
- Fixed bug #81120 (PGO data for main PHP DLL are not used).
New in PHP 7.4.21 (Jul 7, 2021)
- Core:
- Fixed bug #81068 (Double free in realpath_cache_clean()).
- Fixed bug #76359 (open_basedir bypass through adding "..").
- Fixed bug #81090 (Typed property performance degradation with .= operator).
- Fixed bug #81070 (Integer underflow in memory limit comparison).
- Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
- Bzip2:
- Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
- OpenSSL:
- Fixed bug #76694 (native Windows cert verification uses CN as sever name).
- PDO_Firebird:
- Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
- Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
- Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
- Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
- Standard:
- Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
New in PHP 7.3.29 (Jul 7, 2021)
- Core:
- Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)
- PDO_Firebird:
- Fixed bug #76448: Stack buffer overflow in firebird_info_cb. (CVE-2021-21704)
- Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)
- Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)
- Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob. (CVE-2021-21704)
New in PHP 8.0.7 (Jun 15, 2021)
- Core:
- Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
- Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
- Fixed bug #80972 (Memory exhaustion on invalid string offset).
- FPM:
- Fixed bug #65800 (Events port mechanism).
- FTP:
- Fixed bug #80901 (Info leak in ftp extension).
- Fixed bug #79100 (Wrong FTP error messages).
- GD:
- Fixed bug #81032 (GD install is affected by external libgd installation).
- Intl:
- Fixed bug #81019 (Unable to clone NumberFormatter after failed parse()).
- MBString:
- Fixed bug #81011 (mb_convert_encoding removes references from arrays).
- ODBC:
- Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator).
- Opcache:
- Fixed bug #81007 (JIT "not supported" on 32-bit x86 -- build problem?).
- Fixed bug #81015 (Opcache optimization assumes wrong part of ternary operator in if-condition).
- Fixed bug #81046 (Literal compaction merges non-equal related literals).
- PDO_MySQL:
- Fixed bug #81037 (PDO discards error message text from prepared statement).
- PDO_ODBC:
- Fixed bug #44643 (bound parameters ignore explicit type definitions).
- pgsql:
- Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().
- SPL:
- Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
- XMLReader:
- Fixed bug #73246 (XMLReader: encoding length not checked).
- Zip:
- Fixed bug #80863 (ZipArchive::extractTo() ignores references).
New in PHP 7.4.20 (Jun 15, 2021)
- Core:
- Fixed bug #80929 (Method name corruption related to repeated calls to call_user_func_array).
- Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
- Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
- Fixed bug #80972 (Memory exhaustion on invalid string offset).
- FPM:
- Fixed bug #65800 (Events port mechanism).
- FTP:
- Fixed bug #80901 (Info leak in ftp extension).
- Fixed bug #79100 (Wrong FTP error messages).
- GD:
- Fixed bug #81032 (GD install is affected by external libgd installation).
- MBString:
- Fixed bug #81011 (mb_convert_encoding removes references from arrays).
- ODBC:
- Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator).
- PDO_MySQL:
- Fixed bug #81037 (PDO discards error message text from prepared statement).
- PDO_ODBC:
- Fixed bug #44643 (bound parameters ignore explicit type definitions).
- pgsql:
- Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().
- SPL:
- Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
- Opcache:
- Fixed bug #80900 (switch statement behavior inside function).
- Fixed bug #81015 (Opcache optimization assumes wrong part of ternary operator in if-condition).
- XMLReader:
- Fixed bug #73246 (XMLReader: encoding length not checked).
- Zip:
- Fixed bug #80863 (ZipArchive::extractTo() ignores references).
New in PHP 8.0.6 (May 18, 2021)
- PDO_pgsql:
- Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"
New in PHP 7.4.19 (May 6, 2021)
- PDO_pgsql:
- Reverted bug fix for #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
New in PHP 8.0.5 (May 4, 2021)
- Core:
- Fixed bug #75776 (Flushing streams with compression filter is broken).
- Fixed bug #80811 (Function exec without $output but with $restult_code parameter crashes).
- Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage).
- Changed PowerPC CPU registers used by Zend VM to work around GCC bug. Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.
- Dba:
- Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
- DOM:
- Fixed bug #66783 (UAF when appending DOMDocument to element).
- FFI:
- Fixed bug #80847 (CData structs with fields of type struct can't be passed as C function argument).
- FPM:
- Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
- FTP:
- Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
- IMAP:
- Fixed bug #80800 (imap_open() fails when the flags parameter includes CL_EXPUNGE).
- Fixed bug #80710 (imap_mail_compose() header injection).
- Intl:
- Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
- LibXML:
- Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
- Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
- MySQLnd:
- Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
- Opcache:
- Fixed bug #80839 (PHP problem with JIT).
- Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
- Fixed bug #80786 (PHP crash using JIT).
- Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1).
- Pcntl:
- Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
- PCRE:
- Fixed bug #80866 (preg_split ignores limit flag when pattern with K has 0-width fullstring match).
- PDO_ODBC:
- Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
- PDO_pgsql:
- Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
- Session:
- Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
- Fixed bug #80774 (session_name() problem with backslash).
- SOAP:
- Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
- Standard:
- Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
- Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
- Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
- Fixed bug #78719 (http wrapper silently ignores long Location headers).
- Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
- Zip:
- Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).
New in PHP 7.4.18 (May 4, 2021)
- Core:
- Fixed bug #80781 (Error handler that throws ErrorException infinite loop).
- Fixed bug #75776 (Flushing streams with compression filter is broken). (cmb) 04 Mar 2021, php 7.4.16
- Fixed #80706 (mail(): Headers after Bcc headers may be ignored).
- Dba:
- Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
- DOM:
- Fixed bug #66783 (UAF when appending DOMDocument to element).
- FPM:
- Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
- FTP:
- Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
- Imap:
- Fixed bug #80710 (imap_mail_compose() header injection).
- Intl:
- Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
- LibXML:
- Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
- Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
- MySQLnd:
- Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
- Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
- Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
- Opcache:
- Fixed bug #80805 (create simple class and get error in opcache.so).
- Fixed bug #80950 (Variables become null in if statements).
- Pcntl:
- Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
- PCRE:
- Fixed bug #80866 (preg_split ignores limit flag when pattern with K has 0-width fullstring match).
- PDO_ODBC:
- Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
- PDO_pgsql:
- Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
- phpdbg:
- Fixed bug #80757 (Exit code is 0 when could not open file).
- Session:
- Fixed bug #80774 (session_name() problem with backslash).
- Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
- SOAP:
- Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
- Standard:
- Fixed bug #78719 (http wrapper silently ignores long Location headers).
- Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
- Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
- Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
- Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
- MySQLi:
- Fixed bug #74779 (x() and y() truncating floats to integers).
- OPcache:
- Fixed bug #80682 (opcache doesn't honour pcre.jit option).
- OpenSSL:
- Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
- Phar:
- Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)
- Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
- Fixed bug #53467 (Phar cannot compress large archives).
- SPL:
- Fixed bug#80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
- Zip:
- Fixed bug #80648 (Fix for bug 79296 should be based on runtime version).
New in PHP 7.3.28 (May 4, 2021)
- Imap:
- Fixed bug #80710 (imap_mail_compose() header injection).
New in PHP 7.3.27 (May 4, 2021)
- SOAP:
- Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
New in PHP 8.0.3 (Mar 17, 2021)
- Core:
- Fixed #80706 (mail(): Headers after Bcc headers may be ignored).
- DOM:
- Fixed bug #80600 (DOMChildNode::remove() doesn't work on CharacterData nodes).
- Gettext:
- Fixed bug #53251 (bindtextdomain with null dir doesn't return old value).
- MySQLnd:
- Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
- Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
- MySQLi:
- Fixed bug #74779 (x() and y() truncating floats to integers).
- Opcache:
- Fixed bug #80634 (write_property handler of internal classes is skipped on preloaded JITted code).
- Fixed bug #80682 (opcache doesn't honour pcre.jit option).
- Fixed bug #80742 (Opcache JIT makes some boolean logic unexpectedly be true).
- Fixed bug #80745 (JIT produces Assert failure and UNKNOWN:0 var_dumps in code involving bitshifts).
- OpenSSL:
- Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
- Phar:
- Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)
- Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
- Fixed bug #53467 (Phar cannot compress large archives).
- Socket:
- Fixed bug #80723 (Different sockets compare as equal (regression in 8.0)).
- SPL:
- Fixed bug#80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
- Standard:
- Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
- Fixed bug #80718 (ext/standard/dl.c fallback code path with syntax error).
New in PHP 7.4.16 (Mar 17, 2021)
- Core:
- Fixed #80706 (mail(): Headers after Bcc headers may be ignored).
- MySQLnd:
- Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
- MySQLi:
- Fixed bug #74779 (x() and y() truncating floats to integers).
- OPcache:
- Fixed bug #80682 (opcache doesn't honour pcre.jit option).
- OpenSSL:
- Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
- Phar:
- Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)
- Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
- Fixed bug #53467 (Phar cannot compress large archives).
- SPL:
- Fixed bug#80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
- Standard:
- Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
- Zip:
- Fixed bug #80648 (Fix for bug 79296 should be based on runtime version).
New in PHP 8.0.2 (Feb 4, 2021)
- Core:
- Fixed bug #80523 (bogus parse error on >4GB source code).
- Fixed bug #80384 (filter buffers entire read until file closed).
- Fixed bug #80596 (Invalid union type TypeError in anonymous classes).
- Fixed bug #80617 (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).
- BCMath:
- Fixed bug #80545 (bcadd('a', 'a') doesn't throw an exception).
- Curl:
- Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
- Date:
- Fixed bug #80376 (last day of the month causes runway cpu usage).
- DOM:
- Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode stub).
- Filter:
- Fixed bug #80584 (0x and 0X are considered valid hex numbers by filter_var()).
- GMP:
- Fixed bug #80560 (Strings containing only a base prefix return 0 object).
- Intl:
- Fixed bug #80644 (Missing resource causes subsequent get() calls to fail).
- MySQLi:
- Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
- Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
- Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
- Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
- ODBC:
- Fixed bug #80592 (all floats are the same in ODBC parameters).
- Opcache:
- Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT).
- PDO_Firebird:
- Fixed bug #80521 (Parameters with underscores no longer recognized).
- Phar:
- Fixed bug #76929 (zip-based phar does not respect phar.require_hash).
- Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
- Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
- Phpdbg:
- Reverted fix for bug #76813 (Access violation near NULL on source operand).
- SOAP:
- Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
New in PHP 7.4.15 (Feb 4, 2021)
- Core:
- Fixed bug #80523 (bogus parse error on >4GB source code).
- Fixed bug #80384 (filter buffers entire read until file closed).
- Curl:
- Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
- Date:
- Fixed bug #80376 (last day of the month causes runway cpu usage.
- MySQLi:
- Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
- Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
- Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
- Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
- Phar:
- Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
- Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
- SOAP:
- Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
New in PHP 7.3.27 (Feb 4, 2021)
- SOAP:
- Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
New in PHP 8.0.1 (Jan 19, 2021)
- Core:
- Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
- Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
- Fixed bug #80391 (Iterable not covariant to mixed).
- Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
- Fixed bug #77069 (stream filter loses final block of data).
- Fileinfo:
- Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
- FPM:
- Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
- IMAP:
- Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
- Fix a regression with valid UIDs in imap_savebody().
- Make warnings for invalid message numbers/UIDs between functions consistent.
- Intl:
- Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
- Opcache:
- Fixed bug #80404 (Incorrect range inference result when division results in float).
- Fixed bug #80377 (Opcache misses executor_globals).
- Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).
- Fixed bug #80447 (Strange out of memory error when running with JIT).
- Fixed bug #80480 (Segmentation fault with JIT enabled).
- Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
- OpenSSL:
- Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
- PDO MySQL:
- Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
- Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
- Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
- Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).
- Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
- Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
- Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
- Fixed bug #79872 (Can't execute query with pending result sets).
- Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).
- Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).
- Fixed bug #62889 (LOAD DATA INFILE broken).
- Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).
- Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).
- Phar:
- Fixed bug #73809 (Phar Zip parse crash - mmap fail).
- Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
- Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
- Phpdbg:
- Fixed bug #76813 (Access violation near NULL on source operand).
- SPL:
- Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).
- Standard:
- Fixed bug #80366 (Return Value of zend_fstat() not Checked).
- Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
- Tidy:
- Fixed bug #77594 (ob_tidyhandler is never reset).
- Tokenizer:
- Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
- XML:
- XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
- Zlib:
- Fixed bug #48725 (Support for flushing in zlib stream).
New in PHP 7.4.14 (Jan 19, 2021)
- Core:
- Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).
- Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
- Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
- Fixed bug #80362 (Running dtrace scripts can cause php to crash).
- Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
- Fixed bug #80402 (configure filtering out -lpthread).
- Fixed bug #77069 (stream filter loses final block of data).
- Fileinfo:
- Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
- FPM:
- Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
- Intl:
- Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
- OpenSSL:
- Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
- Phar:
- Fixed bug #73809 (Phar Zip parse crash - mmap fail).
- Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
- Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
- PDO MySQL:
- Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
- Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
- Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
- Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
- Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
- Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
- Standard:
- Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
- Fixed bug #80366 (Return Value of zend_fstat() not Checked).
- Fixed bug #80411 (References to null-serialized object break serialize()).
- Tidy:
- Fixed bug #77594 (ob_tidyhandler is never reset).
- Zlib:
- Fixed #48725 (Support for flushing in zlib stream).
New in PHP 7.3.26 (Jan 19, 2021)
- Standard:
- Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
- Fixed bug #80457 (stream_get_contents() fails with maxlength=-1 or default).
New in PHP 7.4.13 (Dec 17, 2020)
- Core:
- Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
- Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
- COM:
- Fixed bug #62474 (com_event_sink crashes on certain arguments).
- DOM:
- Fixed bug #80268 (loadHTML() truncates at NUL bytes).
- FFI:
- Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback).
- IMAP:
- Fixed bug #64076 (imap_sort() does not return FALSE on failure).
- Fixed bug #76618 (segfault on imap_reopen).
- Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
- Fixed minor regression caused by fixing bug #80220.
- Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
- MySQLi:
- Fixed bug #79375 (mysqli_store_result does not report error from lock wait timeout).
- Fixed bug #76525 (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used).
- Fixed bug #72413 (mysqlnd segfault (fetch_row second parameter typemismatch)).
- ODBC:
- Fixed bug #44618 (Fetching may rely on uninitialized data).
- Opcache:
- Fixed bug #79643 (PHP with Opcache crashes when a file with specific name is included).
- Fixed run-time binding of preloaded dynamically declared function.
- OpenSSL:
- Fixed bug #79983 (openssl_encrypt / openssl_decrypt fail with OCB mode).
- PDO MySQL:
- Fixed bug #66528 (No PDOException or errorCode if database becomes unavailable before PDO::commit).
- Fixed bug #65825 (PDOStatement::fetch() does not throw exception on broken server connection).
- SNMP:
- Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
- Standard:
- Fixed bug #80266 (parse_url silently drops port number 0).
New in PHP 7.3.25 (Dec 17, 2020)
- Core:
- Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
- Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
- COM:
- Fixed bug #62474 (com_event_sink crashes on certain arguments).
- DOM:
- Fixed bug #80268 (loadHTML() truncates at NUL bytes).
- IMAP:
- Fixed bug #64076 (imap_sort() does not return FALSE on failure).
- Fixed bug #76618 (segfault on imap_reopen).
- Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
- Fixed minor regression caused by fixing bug #80220.
- Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
- Intl:
- Fixed bug #80310 (ext-intl with icu4c 68.1: use of undeclared identifier 'TRUE').
- ODBC:
- Fixed bug #44618 (Fetching may rely on uninitialized data).
- SNMP:
- Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
- Standard:
- Fixed bug #80266 (parse_url silently drops port number 0).
New in PHP 7.4.12 (Oct 30, 2020)
- Core:
- Fixed bug #80061 (Copying large files may have suboptimal performance).
- Fixed bug #79423 (copy command is limited to size of file it can copy).
- Fixed bug #80126 (Covariant return types failing compilation).
- Fixed bug #80186 (Segfault when iterating over FFI object).
- Calendar:
- Fixed bug #80185 (jdtounix() fails after 2037).
- IMAP:
- Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies).
- Fixed bug #80215 (imap_mail_compose() may modify by-val parameters).
- Fixed bug #80220 (imap_mail_compose() may leak memory).
- Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
- Fixed bug #80216 (imap_mail_compose() does not validate types/encodings).
- Fixed bug #80226 (imap_sort() leaks sortpgm memory).
- MySQLnd:
- Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with slashes).
- Fixed bug #80107 (mysqli_query() fails for ~16 MB long query when compression is enabled).
- ODBC:
- Fixed bug #78470 (odbc_specialcolumns() no longer accepts $nullable).
- Fixed bug #80147 (BINARY strings may not be properly zero-terminated).
- Fixed bug #80150 (Failure to fetch error message).
- Fixed bug #80152 (odbc_execute() moves internal pointer of $params).
- Fixed bug #46050 (odbc_next_result corrupts prepared resource).
- OPcache:
- Fixed bug #80083 (Optimizer pass 6 removes variables used for ibm_db2 data binding).
- Fixed bug #80194 (Assertion failure during block assembly of unreachable free with leading nop).
- PCRE:
- Updated to PCRE 10.35.
- Fixed bug #80118 (Erroneous whitespace match with JIT only).
- PDO_ODBC:
- Fixed bug #67465 (NULL Pointer dereference in odbc_handle_preparer).
- Standard:
- Fixed bug #80114 (parse_url does not accept URLs with port 0).
- Fixed bug #76943 (Inconsistent stream_wrapper_restore() errors).
- Fixed bug #76735 (Incorrect message in fopen on invalid mode).
- Tidy:
- Fixed bug #77040 (tidyNode::isHtml() is completely broken).
New in PHP 7.3.24 (Oct 29, 2020)
- Core:
- Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
- OpenSSL:
- Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
New in PHP 7.4.11 (Oct 13, 2020)
- Core:
- Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
- Fixed bug #79979 (passing value to by-ref param via CUFA crashes).
- Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared).
- Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
- Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
- Calendar:
- Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
- COM:
- Fixed bug #64130 (COM obj parameters passed by reference are not updated).
- OPcache:
- Fixed bug #80002 (calc free space for new interned string is wrong).
- Fixed bug #80046 (FREE for SWITCH_STRING optimized away).
- Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
- OpenSSL:
- Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
- PDO:
- Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
- SOAP:
- Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
- Standard:
- Fixed bug #79986 (str_ireplace bug with diacritics characters).
- Fixed bug #80077 (getmxrr test bug).
- Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
- Fixed bug #80067 (Omitting the port in bindto setting errors).
New in PHP 7.3.23 (Oct 13, 2020)
- Core:
- Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
- Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
- Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
- Calendar:
- Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
- COM:
- Fixed bug #64130 (COM obj parameters passed by reference are not updated).
- OPcache:
- Fixed bug #80002 (calc free space for new interned string is wrong).
- Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
- OpenSSL:
- Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
- PDO:
- Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
- SOAP:
- Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
- Standard:
- Fixed bug #79986 (str_ireplace bug with diacritics characters).
- Fixed bug #80077 (getmxrr test bug).
- Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
- Fixed bug #80067 (Omitting the port in bindto setting errors).
New in PHP 7.4.10 (Sep 6, 2020)
- Core:
- Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless).
- Fixed bug #77932 (File extensions are case-sensitive).
- Fixed bug #79806 (realpath() erroneously resolves link to link).
- Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
- Fixed bug #79919 (Stack use-after-scope in define()).
- Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
- Fixed bug #79947 (Memory leak on invalid offset type in compound assignment).
- COM:
- Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
- Exif:
- Fixed bug #75785 (Many errors from exif_read_data).
- Gettext:
- Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()).
- LDAP:
- Fixed memory leaks.
- OPcache:
- Fixed bug #73060 (php failed with error after temp folder cleaned up).
- Fixed bug #79917 (File cache segfault with a static variable in inherited method).
- PDO:
- Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails).
- Session:
- Fixed bug #79724 (Return type does not match in ext/session/mod_mm.c).
- Standard:
- Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference).
- Fixed bug #79944 (getmxrr always returns true on Alpine linux).
- Fixed bug #79951 (Memory leak in str_replace of empty string).
- XML:
- Fixed bug #79922 (Crash after multiple calls to xml_parser_free()).
New in PHP 7.3.22 (Sep 6, 2020)
- Core:
- Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless).
- Fixed bug #77932 (File extensions are case-sensitive).
- Fixed bug #79806 (realpath() erroneously resolves link to link).
- Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
- Fixed bug #79919 (Stack use-after-scope in define()).
- Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
- COM:
- Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
- Exif:
- Fixed bug #75785 (Many errors from exif_read_data).
- Gettext:
- Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()).
- LDAP:
- Fixed memory leaks.
- OPcache:
- Fixed bug #73060 (php failed with error after temp folder cleaned up).
- PDO:
- Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails).
- Standard:
- Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference).
- Fixed bug #79944 (getmxrr always returns true on Alpine linux).
- Fixed bug #79951 (Memory leak in str_replace of empty string).
- XML:
- Fixed bug #79922 (Crash after multiple calls to xml_parser_free()).
New in PHP 7.4.9 (Aug 6, 2020)
- Apache:
- Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
- COM:
- Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
- Fixed bug #63527 (DCOM does not work with Username, Password parameter).
- Core:
- Fixed bug #79740 (serialize() and unserialize() methods can not be called statically).
- Fixed bug #79783 (Segfault in php_str_replace_common).
- Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
- Fixed bug #79779 (Assertion failure when assigning property of string offset by reference).
- Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
- Fixed bug #78598 (Changing array during undef index RW error segfaults).
- Fixed bug #79784 (Use after free if changing array during undef var during array write fetch).
- Fixed bug #79793 (Use after free if string used in undefined index warning is changed).
- Fixed bug #79862 (Public non-static property in child should take priority over private static).
- Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
- Fileinfo:
- Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
- FTP:
- Fixed bug #55857 (ftp_size on large files).
- Mbstring:
- Fixed bug #79787 (mb_strimwidth does not trim string).
- Phar:
- Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
- Reflection:
- Fixed bug #79487 (::getStaticProperties() ignores property modifications).
- Fixed bug #69804 (::getStaticPropertyValue() throws on protected props).
- Fixed bug #79820 (Use after free when type duplicated into ReflectionProperty gets resolved).
- Standard:
- Fixed bug #70362 (Can't copy() large 'data://' with open_basedir).
- Fixed bug #78008 (dns_check_record() always return true on Alpine).
- Fixed bug #79839 (array_walk() does not respect property types).
New in PHP 7.3.21 (Aug 6, 2020)
- Apache:
- Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
- Core:
- Fixed bug #79877 (getimagesize function silently truncates after a null byte).
- Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
- Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
- COM:
- Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
- Fixed bug #63527 (DCOM does not work with Username, Password parameter).
- Curl:
- Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties).
- Fileinfo:
- Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
- FTP:
- Fixed bug #55857 (ftp_size on large files).
- Mbstring:
- Fixed bug #79787 (mb_strimwidth does not trim string).
- Phar:
- Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
- Standard:
- Fixed bug #70362 (Can't copy() large 'data://' with open_basedir).
- Fixed bug #79817 (str_replace() does not handle INDIRECT elements).
- Fixed bug #78008 (dns_check_record() always return true on Alpine).
New in PHP 7.2.33 (Aug 6, 2020)
- Core:
- Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
- Phar:
- Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
New in PHP 7.4.8 (Jul 21, 2020)
- Core:
- Fixed bug #79595 (zend_init_fpu() alters FPU precision).
- Fixed bug #79650 (php-win.exe 100% cpu lockup).
- Fixed bug #79668 (get_defined_functions(true) may miss functions).
- Fixed bug #79683 (Fake reflection scope affects __toString()).
- Fixed possibly unsupported timercmp() usage.
- Exif:
- Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes).
- Fileinfo:
- Fixed bug #79681 (mime_content_type/finfo returning incorrect mimetype).
- Filter:
- Fixed bug #73527 (Invalid memory access in php_filter_strip).
- GD:
- Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC).
- OpenSSL:
- Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout).
- PDO SQLite:
- Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set).
- phpdbg:
- Fixed bug #73926 (phpdbg will not accept input on restart execution).
- Fixed bug #73927 (phpdbg fails with windows error prompt at "watch array").
- Fixed several mostly Windows related phpdbg bugs.
- SPL:
- Fixed bug #79710 (Reproducible segfault in error_handler during GC involved an SplFileObject).
- Standard:
- Fixed bug #74267 (segfault with streams and invalid data).
New in PHP 7.3.20 (Jul 21, 2020)
- Core:
- Fixed bug #79650 (php-win.exe 100% cpu lockup).
- Fixed bug #79668 (get_defined_functions(true) may miss functions).
- Fixed possibly unsupported timercmp() usage.
- Exif:
- Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes).
- Filter:
- Fixed bug #73527 (Invalid memory access in php_filter_strip).
- GD:
- Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC).
- OpenSSL:
- Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout).
- PDO SQLite:
- Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set).
- SPL:
- Fixed bug #79710 (Reproducible segfault in error_handler during GC involved an SplFileObject).
- Standard:
- Fixed bug #74267 (segfault with streams and invalid data).
New in PHP 7.2.32 (Jul 21, 2020)
- Windows:
- Rebuild of official Windows binaries with patched libcurl. No PHP source changes.
New in PHP 7.4.7 (Jun 23, 2020)
- Core:
- Fixed bug #79599 (coredump in set_error_handler).
- Fixed bug #79566 (Private SHM is not private on Windows).
- Fixed bug #79489 (.user.ini does not inherit).
- Fixed bug #79600 (Regression in 7.4.6 when yielding an array based generator).
- Fixed bug #79657 ("yield from" hangs when invalid value encountered).
- FFI:
- Fixed bug #79571 (FFI: var_dumping unions may segfault).
- GD:
- Fixed bug #79615 (Wrong GIF header written in GD GIFEncode).
- MySQLnd:
- Fixed bug #79596 (MySQL FLOAT truncates to int some locales).
- Opcache:
- Fixed bug #79588 (Boolean opcache settings ignore on/off values).
- Fixed bug #79548 (Preloading segfault with inherited method using static variable).
- Fixed bug #79603 (RTD collision with opcache).
- Standard:
- Fixed bug #79561 (dns_get_record() fails with DNS_ALL).
New in PHP 7.3.19 (Jun 23, 2020)
- Core:
- Fixed bug #79566 (Private SHM is not private on Windows).
- Fixed bug #79489 (.user.ini does not inherit).
- GD:
- Fixed bug #79615 (Wrong GIF header written in GD GIFEncode).
- MySQLnd:
- Fixed bug #79596 (MySQL FLOAT truncates to int some locales).
- Opcache:
- Fixed bug #79535 (PHP crashes with specific opcache.optimization_level).
- Fixed bug #79588 (Boolean opcache settings ignore on/off values).
- Standard:
- Fixed bug #79561 (dns_get_record() fails with DNS_ALL).
New in PHP 7.4.6 (Jun 10, 2020)
- Core:
- Fixed bug #78434 (Generator yields no items after valid() call).
- Fixed bug #79477 (casting object into array creates references).
- Fixed bug #79514 (Memory leaks while including unexistent file).
- Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
- Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
- Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).
- Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).
- DOM:
- Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
- EXIF:
- Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
- FCGI:
- Fixed bug #79491 (Search for .user.ini extends up to root dir).
- MBString:
- Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
- OpenSSL:
- Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with
New in PHP 7.3.18 (Jun 10, 2020)
- Core:
- Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
- Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
- Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
- Fixed bug #79477 (casting object into array creates references).
- Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
- Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
- DOM:
- Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
- FCGI:
- Fixed bug #79491 (Search for .user.ini extends up to root dir).
- MBString:
- Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
- OpenSSL:
- Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with
New in PHP 7.2.31 (Jun 10, 2020)
- Core:
- Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
- Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
New in PHP 7.2.30 (Apr 19, 2020)
- Standard:
- Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
- Fixed bug #79330 (shell_exec() silently truncates after a null byte).
- Fixed bug #79465 (OOB Read in urldecode()).
New in PHP 7.4.5 (Apr 16, 2020)
- Core:
- Fixed bug #79364 (When copy empty array, next key is unspecified).
- Fixed bug #78210 (Invalid pointer address).
- CURL:
- Fixed bug #79199 (curl_copy_handle() memory leak).
- Date:
- Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
- Fixed bug #74940 (DateTimeZone loose comparison always true).
- FPM:
- Implement request #77062 (Allow numeric [UG]ID in FPM listen.{owner,group}) (Andre Nathan)
- Iconv:
- Fixed bug #79200 (Some iconv functions cut Windows-1258).
- OPcache:
- Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
- Session:
- Fixed bug #79413 (session_create_id() fails for active sessions).
- Shmop:
- Fixed bug #79427 (Integer Overflow in shmop_open()).
- SimpleXML:
- Fixed bug #61597 (SXE properties may lack attributes and content).
- SOAP:
- Fixed bug #79357 (SOAP request segfaults when any request parameter is missing).
- Spl:
- Fixed bug #75673 (SplStack::unserialize() behavior).
- Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
- Standard:
- Fixed bug #79330 (shell_exec() silently truncates after a null byte).
- Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
- Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
- Zip:
- Fixed bug #79296 (ZipArchive::open fails on empty file).
- Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
New in PHP 7.3.17 (Apr 16, 2020)
- Core:
- Fixed bug #79364 (When copy empty array, next key is unspecified).
- Fixed bug #78210 (Invalid pointer address).
- CURL:
- Fixed bug #79199 (curl_copy_handle() memory leak).
- Date:
- Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
- Iconv:
- Fixed bug #79200 (Some iconv functions cut Windows-1258).
- OPcache:
- Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
- Session:
- Fixed bug #79413 (session_create_id() fails for active sessions).
- Shmop:
- Fixed bug #79427 (Integer Overflow in shmop_open()).
- SimpleXML:
- Fixed bug #61597 (SXE properties may lack attributes and content).
- Spl:
- Fixed bug #75673 (SplStack::unserialize() behavior).
- Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
- Standard:
- Fixed bug #79330 (shell_exec() silently truncates after a null byte).
- Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
- Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
- Zip:
- Fixed bug #79296 (ZipArchive::open fails on empty file).
- Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
New in PHP 7.4.4 (Mar 19, 2020)
- Core:
- Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066)
- Fixed bug #79244 (php crashes during parsing INI file).
- Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
- COM:
- Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
- Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
- Fixed bug #79247 (Garbage collecting variant objects segfaults).
- Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
- Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
- Fixed bug #79332 (php_istreams are never freed).
- Fixed bug #79333 (com_print_typeinfo() leaks memory).
- CURL:
- Fixed bug #79019 (Copied cURL handles upload empty file).
- Fixed bug #79013 (Content-Length missing when posting a curlFile with curl).
- DOM:
- Fixed bug #77569: (Write Access Violation in DomImplementation).
- Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
- Enchant:
- Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
- EXIF:
- Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064).
- Fileinfo:
- Fixed bug #79283 (Segfault in libmagic patch contains a buffer overflow).
- FPM:
- Fixed bug #77653 (operator displayed instead of the real error message).
- Fixed bug #79014 (PHP-FPM & Primary script unknown).
- MBstring:
- Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065).
- MySQLi:
- Fixed bug #64032 (mysqli reports different client_version).
- MySQLnd:
- Implemented FR #79275 (Support auth_plugin_caching_sha2_password on Windows).
- Opcache:
- Fixed bug #79252 (preloading causes php-fpm to segfault during exit).
- PCRE:
- Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
- Fixed bug #79241 (Segmentation fault on preg_match()).
- Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even if not matched).
- PDO_ODBC:
- Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
- Reflection:
- Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
- SQLite3:
- Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
- Standard:
- Fixed bug #79254 (getenv() w/o arguments not showing changes).
- Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).
- Zip:
- Fixed bug #79315 (ZipArchive::addFile doesn't honor start/length parameters).
New in PHP 7.3.16 (Mar 19, 2020)
- Core:
- Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
- COM:
- Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
- Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
- Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
- Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
- Fixed bug #79332 (php_istreams are never freed).
- Fixed bug #79333 (com_print_typeinfo() leaks memory).
- DOM:
- Fixed bug #77569: (Write Access Violation in DomImplementation).
- Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
- Enchant:
- Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
- EXIF:
- Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
- MBstring:
- Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)
- MySQLi:
- Fixed bug #64032 (mysqli reports different client_version).
- PCRE:
- Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
- PDO_ODBC:
- Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
- Reflection:
- Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
- SQLite3:
- Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
- Standard:
- Fixed bug #79329 (get_headers() silently truncates after a null byte). (CVE-2020-7066)
- Fixed bug #79254 (getenv() w/o arguments not showing changes).
- Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).
New in PHP 7.2.29 (Mar 19, 2020)
- Core:
- Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)
- EXIF:
- Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)
New in PHP 7.4.3 (Feb 20, 2020)
- Core:
- Fixed bug #79146 (cscript can fail to run on some systems).
- Fixed bug #79155 (Property nullability lost when using multiple property definition).
- Fixed bug #78323 (Code 0 is returned on invalid options).
- Fixed bug #78989 (Delayed variance check involving trait segfaults).
- Fixed bug #79174 (cookie values with spaces fail to round-trip).
- Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
- COM:
- Fixed bug #79247 (Garbage collecting variant objects segfaults).
- CURL:
- Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
- FFI:
- Fixed bug #79096 (FFI Struct Segfault).
- IMAP:
- Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure time).
- Intl:
- Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
- Libxml:
- Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
- MBString:
- Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).
- MySQLi:
- Fixed bug #78666 (Properties may emit a warning on var_dump()).
- MySQLnd:
- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
- Fixed bug #79011 (MySQL caching_sha2_password Access denied for password with more than 20 chars).
- Opcache:
- Fixed bug #79114 (Eval class during preload causes class to be only half available).
- Fixed bug #79128 (Preloading segfaults if preload_user is used).
- Fixed bug #79193 (Incorrect type inference for self::$field =& $field).
- OpenSSL:
- Fixed bug #79145 (openssl memory leak).
- Phar:
- Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
- Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
- Fixed bug #76584 (PharFileInfo::decompress not working).
- Reflection:
- Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).
- Session:
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
- Standard:
- Fixed bug #78902 (Memory leak when using stream_filter_append).
- Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).
- Testing:
- Fixed bug #78090 (bug45161.phpt takes forever to finish).
- XSL:
- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
- Zip:
- Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0).
- Add ZipArchive::RDONLY (since libzip 1.0.0).
- Add ZipArchive::ER_* missing constants.
- Add ZipArchive::LIBZIP_VERSION constant.
- Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method).
New in PHP 7.3.15 (Feb 20, 2020)
- Core:
- Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported).
- Fixed bug #79146 (cscript can fail to run on some systems).
- Fixed bug #78323 (Code 0 is returned on invalid options).
- Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
- CURL:
- Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
- Intl:
- Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
- Libxml:
- Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
- MBString:
- Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding).
- MySQLnd:
- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
- OpenSSL:
- Fixed bug #79145 (openssl memory leak).
- Phar:
- Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
- Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
- Fixed bug #76584 (PharFileInfo::decompress not working).
- Reflection:
- Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).
- Session:
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
- SPL:
- Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward).
- Standard:
- Fixed bug #78902 (Memory leak when using stream_filter_append).
- Testing:
- Fixed bug #78090 (bug45161.phpt takes forever to finish).
- XSL:
- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
New in PHP 7.2.28 (Feb 20, 2020)
- DOM:
- Fixed bug #77569: (Write Access Violation in DomImplementation).
- Phar:
- Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
- Session:
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
New in PHP 7.3.14 (Jan 24, 2020)
- Core:
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- CURL:
- Fixed bug #79033 (Curl timeout error with specific url and post).
- Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
- DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
- Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
- GD:
- Fixed bug #78923 (Artifacts when convoluting image with transparency).
- Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
- Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
- Libxml:
- Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- OPcache:
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
- PDO_PgSQL:
- Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
- Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
- Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Shmop:
- Fixed bug #78538 (shmop memory leak).
- Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
- Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
New in PHP 7.2.27 (Jan 23, 2020)
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex).
New in PHP 7.4.2 (Jan 23, 2020)
- Core:
- Preloading support on Windows has been disabled.
- Fixed bug #79022 (class_exists returns True for classes that are not ready to be used).
- Fixed bug #78929 (plus signs in cookie values are converted to spaces).
- Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved).
- Fixed bug #78776 (Abstract method implementation from trait does not check "static").
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- Fixed bug #79008 (General performance regression with PHP 7.4 on Windows).
- Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw).
- CURL:
- Fixed bug #79033 (Curl timeout error with specific url and post).
- Fixed bug #79063 (curl openssl does not respect PKG_CONFIG_PATH).
- Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
- DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
- Exif:
- Fixed bug #79046 (NaN to int cast undefined behavior in exif).
- Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
- GD:
- Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
- Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
- Libxml:
- Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- OPcache:
- Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS).
- Fixed bug #78950 (Preloading trait method with static variables).
- Fixed bug #78903 (Conflict in RTD key for closures results in crash).
- Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class).
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Fixed bug #79055 (Typed property become unknown with OPcache file cache).
- Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
- PDO_PgSQL:
- Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
- Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
- Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Fixed bug #79031 (Session unserialization problem).
- Shmop:
- Fixed bug #78538 (shmop memory leak).
- Sqlite3:
- Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation).
- Spl:
- Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure).
- Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
- Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as error).
- Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
New in PHP 7.4.1 (Dec 18, 2019)
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
- Core:
- Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044).
- Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
- Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).
- Fixed bug #78810 (RW fetches do not throw "uninitialized property" exception).
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
- Fixed bug #78296 (is_file fails to detect file).
- Fixed bug #78883 (fgets(STDIN) fails on Windows).
- Fixed bug #78898 (call_user_func(['parent', ...]) fails while other succeed).
- Fixed bug #78904 (Uninitialized property triggers __get()).
- Fixed bug #78926 (Segmentation fault on Symfony cache:clear).
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- Fixed bug #78923 (Artifacts when convoluting image with transparency).
- EXIF:
- Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
- Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
- FPM:
- Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
- Fixed bug #78889 (php-fpm service fails to start).
- Fixed bug #78916 (php-fpm 7.4.0 don't send mail via mail()).
- Intl:
- Implemented FR #78912 (INTL Support for accounting format).
- Mysqlnd:
- Fixed bug #78823 (ZLIB_LIBS not added to EXTRA_LIBS).
- OPcache:
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- Fixed bug #78935 (Preloading removes classes that have dependencies).
- PCRE:
- Fixed bug #78853 (preg_match() may return integer > 1).
- Reflection:
- Fixed bug #78895 (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).
- Standard:
- Fixed bug #77638 (var_export'ing certain class instances segfaults).
- Fixed bug #78840 (imploding $GLOBALS crashes).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
New in PHP 7.3.13 (Dec 18, 2019)
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
- Core:
- Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
- Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
- Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
- Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
- Fixed bug #78296 (is_file fails to detect file).
- EXIF:
- Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
- Fixed bug #78910 (Heap-buffer-overflow READ in exif) (CVE-2019-11047).
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- MBString:
- Upgraded bundled Oniguruma to 6.9.4.
- OPcache:
- Fixed potential ASLR related invalid opline handler issues.
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- PCRE:
- Fixed bug #78853 (preg_match() may return integer > 1).
- Standard:
- Fixed bug #78759 (array_search in $GLOBALS).
- Fixed bug #77638 (var_export'ing certain class instances segfaults).
- Fixed bug #78840 (imploding $GLOBALS crashes).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
New in PHP 7.2.26 (Dec 18, 2019)
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
- Core:
- Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
- Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
- EXIF:
- Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
- Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- Intl:
- Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
- OPcache:
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- Standard:
- Fixed bug #78759 (array_search in $GLOBALS).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
New in PHP 7.4.0 (Nov 28, 2019)
- Core:
- Implemented RFC: Deprecate curly brace syntax for accessing array elements and string offsets.
- Implemented RFC: Deprecations for PHP 7.4.
- Fixed bug #52752 (Crash when lexing).
- Fixed bug #60677 (CGI doesn't properly validate shebang line contains #!).
- Fixed bug #71030 (Self-assignment in list() may have inconsistent behavior).
- Fixed bug #72530 (Use After Free in GC with Certain Destructors).
- Fixed bug #75921 (Inconsistent: No warning in some cases when stdObj is created on the fly).
- Implemented FR #76148 (Add array_key_exists() to the list of specially compiled functions).
- Fixed bug #76430 (__METHOD__ inconsistent outside of method).
- Fixed bug #76451 (Aliases during inheritance type checks affected by opcache).
- Implemented FR #77230 (Support custom CFLAGS and LDFLAGS from environment).
- Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
- Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
- Fixed bug #77877 (call_user_func() passes $this to static methods).
- Fixed bug #78066 (PHP eats the first byte of a program that comes from process substitution).
- Fixed bug #78151 (Segfault caused by indirect expressions in PHP 7.4a1).
- Fixed bug #78154 (SEND_VAR_NO_REF does not always send reference).
- Fixed bug #78182 (Segmentation fault during by-reference property assignment).
- Fixed bug #78212 (Segfault in built-in webserver).
- Fixed bug #78220 (Can't access OneDrive folder).
- Fixed bug #78226 (Unexpected __set behavior with typed properties).
- Fixed bug #78239 (Deprecation notice during string conversion converted to exception hangs).
- Fixed bug #78335 (Static properties/variables containing cycles report as leak).
- Fixed bug #78340 (Include of stream wrapper not reading whole file).
- Fixed bug #78344 (Segmentation fault on zend_check_protected).
- Fixed bug #78356 (Array returned from ArrayAccess is incorrectly unpacked as argument).
- Fixed bug #78379 (Cast to object confuses GC, causes crash).
- Fixed bug #78386 (fstat mode has unexpected value on PHP 7.4).
- Fixed bug #78396 (Second file_put_contents in Shutdown hangs script).
- Fixed bug #78406 (Broken file includes with user-defined stream filters).
- Fixed bug #78438 (Corruption when __unserializing deeply nested structures).
- Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
- Fixed bug #78454 (Consecutive numeric separators cause OOM error).
- Fixed bug #78460 (PEAR installation failure).
- Fixed bug #78531 (Crash when using undefined variable as object).
- Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
- Fixed bug #78604 (token_get_all() does not properly tokenize FOOstat modifies $dbc->affected_rows).
- Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
- Fixed bug #78179 (MariaDB server version incorrectly detected).
- Fixed bug #78213 (Empty row pocket).
- MySQLnd:
- Fixed connect_attr issues and added the _server_host connection attribute.
- Fixed bug #60594 (mysqlnd exposes 160 lines of stats in phpinfo).
- ODBC:
- Fixed bug #78473 (odbc_close() closes arbitrary resources).
- Opcache:
- Implemented preloading RFC.
- Add opcache.preload_user INI directive.
- Added new INI directive opcache.cache_id (Windows only).
- Fixed bug #78106 (Path resolution fails if opcache disabled during request).
- Fixed bug #78175 (Preloading segfaults at preload time and at runtime).
- Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
- Fixed bug #78271 (Invalid result of if-else).
- Fixed bug #78341 (Failure to detect smart branch in DFA pass).
- Fixed bug #78376 (Incorrect preloading of constant static properties).
- Fixed bug #78429 (opcache_compile_file(__FILE__); segfaults).
- Fixed bug #78512 (Cannot make preload work).
- Fixed bug #78514 (Preloading segfaults with inherited typed property).
- Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters).
- OpenSSL:
- Added TLS 1.3 support to streams including new tlsv1.3 stream.
- Added openssl_x509_verify function.
- openssl_random_pseudo_bytes() now throws in error conditions.
- Changed the default config path (Windows only).
- Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
- Fixed bug #78391 (Assertion failure in openssl_random_pseudo_bytes).
- Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted connections).
- Pcntl:
- Fixed bug #77335 (PHP is preventing SIGALRM from specifying SA_RESTART).
- PCRE:
- Implemented FR #77094 (Support flags in preg_replace_callback).
- Fixed bug #72685 (Repeated UTF-8 validation of same string in UTF-8 mode).
- Fixed bug #73948 (Preg_match_all should return NULLs on trailing optional capture groups).
- Fixed bug #78338 (Array cross-border reading in PCRE).
- Fixed bug #78349 (Bundled pcre2 library missing LICENCE file).
- PDO:
- Implemented FR #71885 (Allow escaping question mark placeholders). https://wiki.php.net/rfc/pdo_escape_placeholders
- Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
- Implemented FR #78033 (PDO - support username and password specified in DSN).
- PDO_Firebird:
- Implemented FR #65690 (PDO_Firebird should also support dialect 1).
- Implemented FR #77863 (PDO firebird support type Boolean in input parameters).
- PDO_MySQL:
- Fixed bug #41997 (SP call yields additional empty result set).
- Fixed bug #78623 (Regression caused by "SP call yields additional empty result set").
- PDO_OCI:
- Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
- Implemented FR #76908 (PDO_OCI getColumnMeta() not implemented).
- PDO_SQLite:
- Implemented sqlite_stmt_readonly in PDO_SQLite.
- Raised requirements to SQLite 3.5.0.
- Fixed bug #78192 (SegFault when reuse statement after schema has changed).
- Fixed bug #78348 (Remove -lrt from pdo_sqlite.so).
- Phar:
- Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
- phpdbg:
- Fixed bug #76596 (phpdbg support for display_errors=stderr).
- Fixed bug #76801 (too many open files).
- Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
- Fixed bug #77805 (phpdbg build fails when readline is shared).
- Recode:
- Unbundled the recode extension.
- Reflection:
- Fixed bug #76737 (Unserialized reflection objects are broken, they shouldn't be serializable).
- Fixed bug #78263 (ReflectionReference::fromArrayElement() returns null while item is a reference).
- Fixed bug #78410 (Cannot "manually" unserialize class that is final and extends an internal one).
- Fixed bug #78697 (ReflectionClass::implementsInterface - inaccurate error message with traits).
- Fixed bug #78774 (ReflectionNamedType on Typed Properties Crash).
- Session:
- Fixed bug #78624 (session_gc return value for user defined session handlers).
- SimpleXML:
- Implemented FR #65215 (SimpleXMLElement could register as implementing Countable).
- Fixed bug #75245 (Don't set content of elements with only whitespaces).
- Sockets:
- Fixed bug #67619 (Validate length on socket_write).
- Fixed bug #78665 (Multicasting may leak memory).
- sodium:
- Fixed bug #77646 (sign_detached() strings not terminated).
- Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
- Fixed bug #78516 (password_hash(): Memory cost is not in allowed range).
- SPL:
- Fixed bug #77518 (SeekableIterator::seek() should accept 'int' typehint as documented).
- Fixed bug #78409 (Segfault when creating instance of ArrayIterator without constructor).
- Fixed bug #78436 (Missing addref in SplPriorityQueue EXTR_BOTH mode).
- Fixed bug #78456 (Segfault when serializing SplDoublyLinkedList).
- SQLite3:
- Unbundled libsqlite.
- Raised requirements to SQLite 3.7.4.
- Forbid (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result.
- Added support for the SQLite @name notation.
- Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement.
- Implement FR ##70950 (Make SQLite3 Online Backup API available).
- Standard:
- Implemented RFC password hashing registry.
- Implemented RFC where password_hash() has argon2i(d) implementations from ext/sodium when PHP is built without libargon.
- Implemented FR #38301 (field enclosure behavior in fputcsv).
- Implemented FR #51496 (fgetcsv should take empty string as an escape).
- Fixed bug #73535 (php_sockop_write() returns 0 on error, can be used to trigger Denial of Service).
- Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
- Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
- Implemented FR #77377 (No way to handle CTRL+C in Windows).
- Fixed bug #77930 (stream_copy_to_stream should use mmap more often).
- Implemented FR #78177 (Make proc_open accept command array).
- Fixed bug #78208 (password_needs_rehash() with an unknown algo should always return true).
- Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
- Fixed bug #78282 (atime and mtime mismatch).
- Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer).
- Fixed bug #78346 (strip_tags no longer handling nested php tags).
- Fixed bug #78506 (Error in a php_user_filter::filter() is not reported).
- Fixed bug #78549 (Stack overflow due to nested serialized input).
- Fixed bug #78759 (array_search in $GLOBALS).
- Testing:
- Fixed bug #78684 (PCRE bug72463_2 test is sending emails on Linux).
- Tidy:
- Added TIDY_TAG_* constants for HTML5 elements.
- Fixed bug #76736 (wrong reflection for tidy_get_head, tidy_get_html, tidy_get_root, and tidy_getopt)
- WDDX:
- Deprecated and unbundled the WDDX extension.
- Zip:
- Fixed bug #78641 (addGlob can modify given remove_path value).
New in PHP 7.3.12 (Nov 22, 2019)
- Core:
- Fixed bug #78658 (Memory corruption using Closure::bindTo).
- Fixed bug #78656 (Parse errors classified as highest log-level).
- Fixed bug #78752 (Segfault if GC triggered while generator stack frame is being destroyed).
- Fixed bug #78689 (Closure::fromCallable() doesn't handle [Closure, '__invoke']).
- COM:
- Fixed bug #78694 (Appending to a variant array causes segfault).
- Date:
- Fixed bug #70153 (DateInterval incorrectly unserialized).
- Fixed bug #78751 (Serialising DatePeriod converts DateTimeImmutable).
- Iconv:
- Fixed bug #78642 (Wrong libiconv version displayed).
- OpCache:
- Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters).
- Fixed bug #78747 (OpCache corrupts custom extension result).
- OpenSSL:
- Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted connections).
- Reflection:
- Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error message with traits).
- Sockets:
- Fixed bug #78665 (Multicasting may leak memory).
New in PHP 7.3.11 (Oct 24, 2019)
- Core:
- Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
- Fixed bug #78620 (Out of memory error).
- Exif:
- Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)
- FPM:
- Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
- Fixed bug #78413 (request_terminate_timeout does not take effect after fastcgi_finish_request).
- MBString:
- Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi).
- Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
- Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
- MySQLi:
- Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
- Mysqlnd:
- Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements).
- PCRE:
- Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process).
- PDO_MySQL:
- Fixed bug #78623 (Regression caused by "SP call yields additional empty result set").
- Session:
- Fixed bug #78624 (session_gc return value for user defined session handlers).
- Standard:
- Fixed bug #76342 (file_get_contents waits twice specified timeout).
- Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter).
- Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
- Zip:
- Fixed bug #78641 (addGlob can modify given remove_path value).
New in PHP 7.2.24 (Oct 24, 2019)
- Core:
- Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
- Fixed bug #78620 (Out of memory error).
- Exif:
- Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)
- FPM:
- Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
- MBString:
- Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
- Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
- MySQLi:
- Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
- PDO_MySQL:
- Fixed bug #78623 (Regression caused by "SP call yields additional empty result set").
- Session:
- Fixed bug #78624 (session_gc return value for user defined session handlers).
- Standard:
- Fixed bug #76342 (file_get_contents waits twice specified timeout).
- Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter).
- Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
- Zip:
- Fixed bug #78641 (addGlob can modify given remove_path value).
New in PHP 7.2.23 (Sep 27, 2019)
- Core:
- Fixed bug #78220 (Can't access OneDrive folder).
- Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC child).
- FastCGI:
- Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows).
- MySQLnd:
- Fixed connect_attr issues and added the _server_host connection attribute.
- ODBC:
- Fixed bug #78473 (odbc_close() closes arbitrary resources).
- PDO_MySQL:
- Fixed bug #41997 (SP call yields additional empty result set).
- sodium:
- Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
- SPL:
- Fixed bug #72884 (SplObject isCloneable() returns true but errs on clone).
New in PHP 7.3.10 (Sep 26, 2019)
- Core:
- Fixed bug #78220 (Can't access OneDrive folder).
- Fixed bug #77922 (Double release of doc comment on inherited shadow property).
- Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
- Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
- FastCGI:
- Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows).
- FPM:
- Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr notation).
- Intl:
- Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested.
- MBString:
- Fixed bug #78559 (Heap buffer overflow in mb_eregi).
- MySQLnd:
- Fixed connect_attr issues and added the _server_host connection attribute.
- ODBC:
- Fixed bug #78473 (odbc_close() closes arbitrary resources).
- PDO_MySQL:
- Fixed bug #41997 (SP call yields additional empty result set).
- sodium:
- Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
New in PHP 7.1.32 (Aug 30, 2019)
- Mbstring:
- Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)
- Pcre:
- Fixed bug #75457 (heap use-after-free in pcrelib) (cmb)
New in PHP 7.2.22 (Aug 30, 2019)
- Core:
- Fixed bug #78363 (Buffer overflow in zendparse).
- Fixed bug #78379 (Cast to object confuses GC, causes crash).
- Curl:
- Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
- Exif:
- Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and invalid cast).
- Iconv:
- Fixed bug #78342 (Bus error in configure test for iconv //IGNORE).
- LiteSpeed:
- Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).
- MySQLnd:
- Fixed bug #78179 (MariaDB server version incorrectly detected).
- Opcache:
- Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is used).
- Standard:
- Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).
- Fixed bug #78282 (atime and mtime mismatch).
- Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer).
New in PHP 7.3.9 (Aug 29, 2019)
- Core:
- Fixed bug #78363 (Buffer overflow in zendparse).
- Fixed bug #78379 (Cast to object confuses GC, causes crash).
- Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC child).
- Curl:
- Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
- Exif:
- Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and invalid cast).
- FPM:
- Fixed bug #77185 (Use-after-free in FPM master event handling).
- Iconv:
- Fixed bug #78342 (Bus error in configure test for iconv //IGNORE).
- LiteSpeed:
- Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).
- MBString:
- Fixed bug #78380 (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224)
- MySQLnd:
- Fixed bug #78179 (MariaDB server version incorrectly detected).
- Fixed bug #78213 (Empty row pocket).
- Opcache:
- Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is used).
- Standard:
- Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).
- Fixed bug #78282 (atime and mtime mismatch).
- Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer).
- Fixed bug #78346 (strip_tags no longer handling nested php tags).
New in PHP 7.1.31 (Aug 2, 2019)
- SQLite:
- Upgraded to SQLite 3.28.0.
- EXIF:
- Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
- Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
- Phar:
- Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
New in PHP 7.3.8 (Aug 1, 2019)
- Core:
- Added syslog.filter=raw option.
- Fixed bug #78212 (Segfault in built-in webserver).
- Date:
- Fixed bug #69044 (discrepency between time and microtime).
- Updated timelib to 2018.02.
- EXIF:
- Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
- Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
- FTP:
- Fixed bug #78039 (FTP with SSL memory leak).
- Libxml:
- Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
- LiteSpeed:
- Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
- Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
- Openssl:
- Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
- Opcache:
- Fixed bug #78341 (Failure to detect smart branch in DFA pass).
- Fixed bug #78189 (file cache strips last character of uname hash).
- Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
- Fixed bug #78271 (Invalid result of if-else).
- Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
- PCRE:
- Fixed bug #78338 (Array cross-border reading in PCRE).
- Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx" version strings).
- PDO_Sqlite:
- Fixed bug #78192 (SegFault when reuse statement after schema has changed).
- Phar:
- Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
- Phpdbg:
- Fixed bug #78297 (Include unexistent file memory leak).
- SQLite:
- Upgraded to SQLite 3.28.0.
- Standard:
- Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
- Fixed bug #78269 (password_hash uses weak options for argon2).
New in PHP 7.2.21 (Aug 1, 2019)
- Date:
- Fixed bug #69044 (discrepency between time and microtime).
- EXIF:
- Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
- Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
- Fileinfo:
- Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
- FTP:
- Fixed bug #77124 (FTP with SSL memory leak).
- Libxml:
- Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
- LiteSpeed:
- Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
- Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
- Openssl:
- Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
- OPcache:
- Fixed bug #78189 (file cache strips last character of uname hash).
- Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
- Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
- Phar:
- Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
- Phpdbg:
- Fixed bug #78297 (Include unexistent file memory leak).
- PDO_Sqlite:
- Fixed bug #78192 (SegFault when reuse statement after schema has changed).
- SQLite:
- Upgraded to SQLite 3.28.0.
- Standard:
- Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
- Fixed bug #78269 (password_hash uses weak options for argon2).
- XMLRPC:
- Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
New in PHP 7.3.7 (Jul 4, 2019)
- Core:
- Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
- DOM:
- Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
- MySQLi:
- Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful error message).
- Fixed bug #38546 (bindParam incorrect processing of bool types).
- MySQLnd:
- Fixed bug #77955 (Random segmentation fault in mysqlnd from php-fpm).
- Opcache:
- Fixed bug #78015 (Incorrect evaluation of expressions involving partials arrays in SCCP).
- Fixed bug #78106 (Path resolution fails if opcache disabled during request).
- OpenSSL:
- Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
- phpdbg:
- Fixed bug #78050 (SegFault phpdbg + opcache on include file twice).
- Sockets:
- Fixed bug #78038 (Socket_select fails when resource array contains references).
- Sodium:
- Fixed bug #78114 (segfault when calling sodium_* functions from eval).
- Standard:
- Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
- Fixed bug ##77937 (preg_match failed).
- Zip:
- Fixed bug #76345 (zip.h not found).
New in PHP 7.2.20 (Jul 4, 2019)
- Core:
- Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
- DOM:
- Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
- MySQLi:
- Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful error message).
- Fixed bug #38546 (bindParam incorrect processing of bool types).
- Opcache:
- Fixed bug #78106 (Path resolution fails if opcache disabled during request).
- OpenSSL:
- Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
- Sockets:
- Fixed bug #78038 (Socket_select fails when resource array contains references).
- Standard:
- Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
- Fixed bug #77937 (preg_match failed).
- Zip:
- Fixed bug #76345 (zip.h not found).
New in PHP 7.1.30 (May 31, 2019)
- EXIF:
- Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
- GD:
- Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
- Iconv:
- Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
- SQLite:
- Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
New in PHP 7.2.19 (May 31, 2019)
- EXIF:
- Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
- FPM:
- Fixed bug #77934 (php-fpm kill -USR2 not working).
- Fixed bug #77921 (static.php.net doesn't work anymore).
- GD:
- Fixed bug #77943 (imageantialias($image, false); does not work).
- Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
- Iconv:
- Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
- JSON:
- Fixed bug #77843 (Use after free with json serializer).
- Opcache:
- Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
- PDO_MySQL:
- Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
- Reflection:
- Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
- Session:
- Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
- SPL:
- Fixed bug #77024 (SplFileObject::__toString() may return array).
- SQLite:
- Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
New in PHP 7.3.6 (May 30, 2019)
- cURL:
- Implemented FR #72189 (Add missing CURL_VERSION_* constants).
- EXIF:
- Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
- FPM:
- Fixed bug #77934 (php-fpm kill -USR2 not working).
- Fixed bug #77921 (static.php.net doesn't work anymore).
- GD:
- Fixed bug #77943 (imageantialias($image, false); does not work).
- Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
- Iconv:
- Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow).
- JSON:
- Fixed bug #77843 (Use after free with json serializer).
- Opcache:
- Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
- PDO_MySQL:
- Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
- Reflection:
- Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
- Session:
- Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
- SOAP:
- Fixed bug #77945 (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).
- SPL:
- Fixed bug #77024 (SplFileObject::__toString() may return array).
- SQLite:
- Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
- Standard:
- Fixed bug #77931 (Warning for array_map mentions wrong type).
- Fixed bug #78003 (strip_tags output change since PHP 7.3).
New in PHP 7.1.29 (May 3, 2019)
- EXIF:
- Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
- Mail:
- Fixed bug #77821 (Potential heap corruption in TSendMail()).
New in PHP 7.2.18 (May 2, 2019)
- CLI:
- Fixed bug #77794 (Incorrect Date header format in built-in server).
- EXIF:
- Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
- Interbase:
- Fixed bug #72175 (Impossibility of creating multiple connections to Interbase with php 7.x).
- Intl:
- Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale = null).
- litespeed:
- LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().
- Mail:
- Fixed bug #77821 (Potential heap corruption in TSendMail()).
- PCRE:
- Fixed bug #77827 (preg_match does not ignore r in regex flags).
- PDO:
- Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
- phpdbg:
- Fixed bug #76801 (too many open files).
- Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
- Fixed bug #77805 (phpdbg build fails when readline is shared).
- Reflection:
- Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work).
- Fixed bug #77882 (Different behavior: always calls destructor).
- Standard:
- Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect).
- Fixed bug #77844 (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).
- Fixed bug #77853 (Inconsistent substr_compare behaviour with empty haystack).
New in PHP 7.3.5 (May 2, 2019)
- Core:
- Fixed bug #77903 (ArrayIterator stops iterating after offsetSet call).
- CLI:
- Fixed bug #77794 (Incorrect Date header format in built-in server).
- EXIF:
- Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
- Interbase:
- Fixed bug #72175 (Impossibility of creating multiple connections to Interbase with php 7.x).
- Intl:
- Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale = null).
- litespeed:
- LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().
- LDAP:
- Fixed bug #77869 (Core dump when using server controls) (mcmic)
- Mail:
- Fixed bug #77821 (Potential heap corruption in TSendMail()).
- mbstring:
- Implemented FR #72777 (Implement regex stack limits for mbregex functions).
- MySQLi:
- Fixed bug #77773 (Unbuffered queries leak memory - MySQLi / mysqlnd).
- PCRE:
- Fixed bug #77827 (preg_match does not ignore r in regex flags).
- PDO:
- Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
- phpdbg:
- Fixed bug #76801 (too many open files).
- Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
- Fixed bug #77805 (phpdbg build fails when readline is shared).
- Reflection:
- Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work).
- Fixed bug #77882 (Different behavior: always calls destructor).
- Standard:
- Fixed bug #77793 (Segmentation fault in extract() when overwriting reference with itself).
- Fixed bug #77844 (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).
- Fixed bug #77853 (Inconsistent substr_compare behaviour with empty haystack).
New in PHP 7.1.28 (Apr 5, 2019)
- EXIF:
- Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
- Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
- SQLite3:
- Added sqlite3.defensive INI directive.
New in PHP 7.2.17 (Apr 5, 2019)
- Core:
- Fixed bug #77738 (Nullptr deref in zend_compile_expr).
- Fixed bug #77660 (Segmentation fault on break 2147483648).
- Fixed bug #77652 (Anonymous classes can lose their interface information).
- Fixed bug #77676 (Unable to run tests when building shared extension on AIX).
- Bcmath:
- Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
- COM:
- Fixed bug #77578 (Crash when php unload).
- Date:
- Fixed bug #50020 (DateInterval:createDateFromString() silently fails).
- Fixed bug #75113 (Added DatePeriod::getRecurrences() method).
- EXIF:
- Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
- Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
- FPM:
- Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
- GD:
- Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
- MySQLi:
- Fixed bug #77597 (mysqli_fetch_field hangs scripts).
- Opcache:
- Fixed bug #77691 (Opcache passes wrong value for inline array push assignments).
- Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
- phpdbg:
- Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
- sodium:
- Fixed bug #77646 (sign_detached() strings not terminated).
- SQLite3:
- Added sqlite3.defensive INI directive.
- Standard:
- Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
- Fixed bug #77669 (Crash in extract() when overwriting extracted array).
- Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
- Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
New in PHP 7.3.4 (Apr 4, 2019)
- Core:
- Fixed bug #77738 (Nullptr deref in zend_compile_expr).
- Fixed bug #77660 (Segmentation fault on break 2147483648).
- Fixed bug #77652 (Anonymous classes can lose their interface information).
- Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
- Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).
- Apache2Handler:
- Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c).
- Bcmath:
- Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
- CLI Server:
- Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).
- COM:
- Fixed bug #77578 (Crash when php unload).
- EXIF:
- Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
- Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
- FPM:
- Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
- GD:
- Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
- MySQLi:
- Fixed bug #77597 (mysqli_fetch_field hangs scripts).
- Opcache:
- Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
- PCRE:
- Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).
- Phar:
- Fixed bug #77697 (Crash on Big_Endian platform).
- phpdbg:
- Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
- sodium:
- Fixed bug #77646 (sign_detached() strings not terminated).
- SQLite3:
- Added sqlite3.defensive INI directive.
- Standard:
- Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
- Fixed bug #77669 (Crash in extract() when overwriting extracted array).
- Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
- Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
New in PHP 7.1.27 (Mar 7, 2019)
- Core:
- Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
- EXIF:
- Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
- Fixed bug #77540 (Invalid Read on exif_process_SOFn).
- Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- PHAR:
- Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
- Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
- SPL:
- Fixed bug #77431 (openFile() silently truncates after a null byte).
- in_MAKERNOTE).
- PDO_OCI:
- Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
- PHAR:
- Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
- SPL:
- Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
- Fixed bug #77431 (openFile() silently truncates after a null byte).
- Standard:
- Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
- MySQL:
- Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
New in PHP 7.2.16 (Mar 7, 2019)
- Core:
- Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
- Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
- COM:
- Fixed bug #77621 (Already defined constants are not properly reported).
- EXIF:
- Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
- Fixed bug #77540 (Invalid Read on exif_process_SOFn).
- Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- PDO_OCI:
- Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
- PHAR:
- Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
- SPL:
- Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
- Fixed bug #77431 (openFile() silently truncates after a null byte).
- Standard:
- Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
- MySQL:
- Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
New in PHP 7.3.3 (Mar 7, 2019)
- Core:
- Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
- Fixed bug #77329 (Buffer Overflow via overly long Error Messages).
- Fixed bug #77494 (Disabling class causes segfault on member access).
- Fixed bug #77498 (Custom extension Segmentation fault when declare static property).
- Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
- Fixed bug #77546 (iptcembed broken function).
- Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
- COM:
- Fixed bug #77621 (Already defined constants are not properly reported).
- Fixed bug #77626 (Persistence confusion in php_com_import_typelib()).
- EXIF:
- Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
- Fixed bug #77540 (Invalid Read on exif_process_SOFn).
- Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- Mbstring:
- Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte).
- MySQL:
- Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
- OpenSSL:
- Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
- PDO_OCI:
- Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
- PHAR:
- Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
- Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
- phpdbg:
- Fixed bug #76596 (phpdbg support for display_errors=stderr).
- SPL:
- Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
- Fixed bug #77431 (openFile() silently truncates after a null byte).
- Standard:
- Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
- Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its options filled).
New in PHP 7.2.15 (Feb 7, 2019)
- Core:
- Fixed bug #77339 (__callStatic may get incorrect arguments).
- Fixed bug #77494 (Disabling class causes segfault on member access).
- Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
- Curl:
- Fixed bug #76675 (Segfault with H2 server push).
- GD:
- Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
- Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
- Fixed bug #77272 (imagescale() may return image resource on failure).
- Fixed bug #77391 (1bpp BMPs may fail to be loaded).
- Fixed bug #77479 (imagewbmp() segfaults with very large images).
- ldap:
- Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
- Mbstring:
- Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
- MySQLnd:
- Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
- Opcache:
- Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
- OpenSSL:
- Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
- PDO:
- Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
- Sockets:
- Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
- Standard:
- Fixed bug #77395 (segfault about array_multisort).
- Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
New in PHP 7.3.2 (Feb 7, 2019)
- Core:
- Fixed bug #77369 (memcpy with negative length via crafted DNS response).
- Fixed bug #77387 (Recursion detection broken when printing GLOBALS).
- Fixed bug #77376 ("undefined function" message no longer includes namespace).
- Fixed bug #77357 (base64_encode / base64_decode doest not work on nested VM).
- Fixed bug #77339 (__callStatic may get incorrect arguments).
- Fixed bug #77317 (__DIR__, __FILE__, realpath() reveal physical path for subst virtual drive).
- Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator).
- Fixed bug #77447 (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).
- Fixed bug #77484 (Zend engine crashes when calling realpath in invalid working dir).
- Curl:
- Fixed bug #76675 (Segfault with H2 server push).
- Fileinfo:
- Fixed bug #77346 (webm files incorrectly detected as application/octet-stream).
- FPM:
- Fixed bug #77430 (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).
- GD:
- Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
- Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
- Fixed bug #77272 (imagescale() may return image resource on failure).
- Fixed bug #77391 (1bpp BMPs may fail to be loaded).
- Fixed bug #77479 (imagewbmp() segfaults with very large images).
- ldap:
- Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
- Mbstring:
- Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution variable).
- Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
- MySQLnd:
- Fixed bug #77308 (Unbuffered queries memory leak).
- Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
- Opcache:
- Fixed bug #77266 (Assertion failed in dce_live_ranges).
- Fixed bug #77257 (value of variable assigned in a switch() construct gets lost).
- Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
- Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
- Fixed bug #77287 (Opcache literal compaction is incompatible with EXT opcodes).
- PCRE:
- Fixed bug #77338 (get_browser with empty string).
- PDO:
- Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
- PDO MySQL:
- Fixed bug #77289 (PDO MySQL segfaults with persistent connection).
- SOAP:
- Fixed bug #77410 (Segmentation Fault when executing method with an empty parameter).
- Sockets:
- Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
- SPL:
- Fixed bug #77298 (segfault occurs when add property to unserialized empty ArrayObject).
- Standard:
- Fixed bug #77395 (segfault about array_multisort).
- Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
New in PHP 7.1.26 (Jan 11, 2019)
- Core:
- Fixed bug #77369 (memcpy with negative length via crafted DNS response).
- GD:
- Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
- Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
- IMAP:
- Fixed bug #77020 (null pointer dereference in imap_mail).
- Mbstring:
- Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
- Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
- Fixed bug #77381 (heap buffer overflow in multibyte match_at).
- Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
- Fixed bug #77385 (buffer overflow in fetch_token).
- Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
- Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
- Phar:
- Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
- Xmlrpc:
- Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
- Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
New in PHP 7.3.1 (Jan 10, 2019)
- Core:
- Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel).
- Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
- Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
- Fixed bug #77291 (magic methods inherited from a trait may be ignored).
- CURL:
- Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
- COM:
- Fixed bug #77177 (Serializing or unserializing COM objects crashes).
- Exif:
- Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
- GD:
- Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
- Fixed bug #77198 (auto cropping has insufficient precision).
- Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
- Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
- Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
- MBString:
- Fixed bug #77367 (Negative size parameter in mb_split).
- Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
- Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
- Fixed bug #77381 (heap buffer overflow in multibyte match_at).
- Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
- Fixed bug #77385 (buffer overflow in fetch_token).
- Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
- Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
- OCI8:
- Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
- Added oci_set_call_timeout() for call timeouts.
- Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
- Opcache:
- Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
- Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
- PCRE:
- Fixed bug #77193 (Infinite loop in preg_replace_callback).
- PDO:
- Handle invalid index passed to PDOStatement::fetchColumn() as error.
- Phar:
- Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
- Soap:
- Fixed bug #77088 (Segfault when using SoapClient with null options).
- Sockets:
- Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
- Sodium:
- Fixed bug #77297 (SodiumException segfaults on PHP 7.3).
- SPL:
- Fixed bug #77359 (spl_autoload causes segfault).
- Fixed bug #77360 (class_uses causes segfault).
- SQLite3:
- Fixed bug #77051 (Issue with re-binding on SQLite3).
- Xmlrpc:
- Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
- Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
New in PHP 7.2.14 (Jan 10, 2019)
- Core:
- Fixed bug #77369 (memcpy with negative length via crafted DNS response).
- Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
- Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
- COM:
- Fixed bug #77177 (Serializing or unserializing COM objects crashes).
- Date:
- Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
- Exif:
- Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
- GD:
- Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
- Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
- Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
- Fixed bug #77198 (auto cropping has insufficient precision).
- Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
- IMAP:
- Fixed bug #77020 (null pointer dereference in imap_mail).
- Mbstring:
- Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
- Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
- Fixed bug #77381 (heap buffer overflow in multibyte match_at).
- Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
- Fixed bug #77385 (buffer overflow in fetch_token).
- Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
- Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
- OCI8:
- Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
- Added oci_set_call_timeout() for call timeouts.
- Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
- Opcache:
- Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
- PDO:
- Handle invalid index passed to PDOStatement::fetchColumn() as error.
- Phar:
- Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
- Sockets:
- Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
- SQLite3:
- Fixed bug #77051 (Issue with re-binding on SQLite3).
- Xmlrpc:
- Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
- Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
New in PHP 7.0.33 (Dec 7, 2018)
- Core:
- Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
- IMAP:
- Fixed bug #77020 (null pointer dereference in imap_mail).
- Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
- Phar:
- Fixed bug #77022 (PharData always creates new files with mode 0666).
- Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
New in PHP 7.3.0 (Dec 7, 2018)
- Core:
- Improved PHP GC.
- Redesigned the old ext_skel program written in PHP, run: 'php ext_skel.php' for all options. This means there are no dependencies, thus making it work on Windows out of the box.
- Removed support for BeOS.
- Add PHP_VERSION to phpinfo() .
- Add net_get_interfaces().
- Implemented flexible heredoc and nowdoc syntax, per RFC https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes.
- Added support for references in list() and array destructuring, per RFC https://wiki.php.net/rfc/list_reference_assignment.
- Improved effectiveness of ZEND_SECURE_ZERO for NetBSD and systems without native similar feature.
- Added syslog.facility and syslog.ident INI entries for customizing syslog logging.
- Fixed bug #75683 (Memory leak in zend_register_functions() in ZTS mode).
- Fixed bug #75031 (support append mode in temp/memory streams).
- Fixed bug #74860 (Uncaught exceptions not being formatted properly when error_log set to "syslog").
- Fixed bug #75220 (Segfault when calling is_callable on parent).
- Fixed bug #69954 (broken links and unused config items in distributed ini files).
- Fixed bug #74922 (Composed class has fatal error with duplicate, equal const properties).
- Fixed bug #63911 (identical trait methods raise errors during composition).
- Fixed bug #75677 (Clang ignores fastcall calling convention on variadic function).
- Fixed bug #54043 (Remove inconsitency of internal exceptions and user defined exceptions).
- Fixed bug #53033 (Mathematical operations convert objects to integers).
- Fixed bug #73108 (Internal class cast handler uses integer instead of float).
- Fixed bug #75765 (Fatal error instead of Error exception when base class is not found).
- Fixed bug #76198 (Wording: "iterable" is not a scalar type).
- Fixed bug #76137 (config.guess/config.sub do not recognize RISC-V).
- Fixed bug #76427 (Segfault in zend_objects_store_put).
- Fixed bug #76422 (ftruncate fails on files > 2GB).
- Fixed bug #76509 (Inherited static properties can be desynchronized from their parent by ref).
- Fixed bug #76439 (Changed behaviour in unclosed HereDoc).
- Fixed bug #63217 (Constant numeric strings become integers when used as ArrayAccess offset).
- Fixed bug #33502 (Some nullary functions don't check the number of arguments).
- Fixed bug #76392 (Error relocating sapi/cli/php: unsupported relocation type 37).
- The declaration and use of case-insensitive constants has been deprecated.
- Added syslog.filter INI entry for syslog filtering.
- Fixed bug #76667 (Segfault with divide-assign op and __get + __set).
- Fixed bug #76030 (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)
- Fixed broken zend_read_static_property (Laruence)
- Fixed bug #76773 (Traits used on the parent are ignored for child classes).
- Fixed bug #76767 (‘asm’ operand has impossible constraints in zend_operators.h).
- Fixed bug #76752 (Crash in ZEND_COALESCE_SPEC_TMP_HANDLER - assertion in _get_zval_ptr_tmp failed).
- Fixed bug #76820 (Z_COPYABLE invalid definition).
- Fixed bug #76510 (file_exists() stopped working for phar://).
- Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
- Fixed bug #72635 (Undefined class used by class constant in constexpr generates fatal error).
- Fixed bug #76947 (file_put_contents() blocks the directory of the file (__DIR__)).
- Fixed bug #76979 (define() error message does not mention resources as valid values).
- Fixed bug #76825 (Undefined symbols ___cpuid_count).
- Fixed bug #77110 (undefined symbol zend_string_equal_val in C++ build).
- Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
- BCMath:
- Implemented FR #67855 (No way to get current scale in use).
- Fixed bug #66364 (BCMath bcmul ignores scale parameter).
- Fixed bug #75164 (split_bc_num() is pointless).
- Fixed bug #75169 (BCMath errors/warnings bypass PHP's error handling).
- CLI:
- Fixed bug #44217 (Output after stdout/stderr closed cause immediate exit with status 0).
- Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters).
- cURL:
- Expose curl constants from curl 7.50 to 7.61.
- Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
- Date:
- Implemented FR #74668: Add DateTime::createFromImmutable() method.
- Fixed bug #75222 (DateInterval microseconds property always 0).
- Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
- Fixed bug #76131 (mismatch arginfo for date_create).
- Updated timelib to 2018.01RC1 to address several bugs:
- Fixed bug #75577 (DateTime::createFromFormat does not accept 'v' format specifier).
- Fixed bug #75642 (Wrap around behaviour for microseconds is not working).
- Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
- DBA:
- Fixed bug #75264 (compiler warnings emitted).
- DOM:
- Fixed bug #76285 (DOMDocument::formatOutput attribute sometimes ignored).
- Fileinfo:
- Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
- Filter:
- Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).
- FPM:
- Added fpm_get_status function.
- Fixed bug #62596 (getallheaders() missing with PHP-FPM).
- Fixed bug #69031 (Long messages into stdout/stderr are truncated incorrectly) - added new log related FPM configuration options: log_limit, log_buffering and decorate_workers_output.
- ftp:
- Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
- GD:
- Added support for WebP in imagecreatefromstring().
- GMP:
- Export internal structures and accessor helpers for GMP object.
- Added gmp_binomial(n, k).
- Added gmp_lcm(a, b).
- Added gmp_perfect_power(a).
- Added gmp_kronecker(a, b).
- iconv:
- Fixed bug #53891 (iconv_mime_encode() fails to Q-encode UTF-8 string).
- Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
- IMAP:
- Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
- Fixed bug #77020 (null pointer dereference in imap_mail).
- Interbase:
- Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
- Fixed bug #76443 (php+php_interbase.dll crash on module_shutdown).
- intl:
- Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
- Fixed bug #76829 (Incorrect validation of domain on idn_to_utf8() function).
- JSON:
- Added JSON_THROW_ON_ERROR flag.
- LDAP:
- Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay.
- Added full support for sending and parsing ldap controls.
- Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
- libxml2:
- Fixed bug #75871 (use pkg-config where available).
- litespeed:
- Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
- Fixed bug #75251 (Missing program prefix and suffix).
- MBstring:
- Updated to Oniguruma 6.9.0.
- Fixed bug #65544 (mb title case conversion-first word in quotation isn't capitalized).
- Fixed bug #71298 (MB_CASE_TITLE misbehaves with curled apostrophe/quote).
- Fixed bug #73528 (Crash in zif_mb_send_mail).
- Fixed bug #74929 (mbstring functions version 7.1.1 are slow compared to 5.3 on Windows).
- Fixed bug #76319 (mb_strtolower with invalid UTF-8 causes segmentation fault).
- Fixed bug #76574 (use of undeclared identifiers INT_MAX and LONG_MAX).
- Fixed bug #76594 (Bus Error due to unaligned access in zend_ini.c OnUpdateLong).
- Fixed bug #76706 (mbstring.http_output_conv_mimetypes is ignored).
- Fixed bug #76958 (Broken UTF7-IMAP conversion).
- Fixed bug #77025 (mb_strpos throws Unknown encoding or conversion error).
- Fixed bug #77165 (mb_check_encoding crashes when argument given an empty array).
- Mysqlnd:
- Fixed bug #76386 (Prepared Statement formatter truncates fractional seconds from date/time column).
- ODBC:
- Removed support for ODBCRouter.
- Removed support for Birdstep.
- Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
- Opcache:
- Fixed bug #76466 (Loop variable confusion).
- Fixed bug #76463 (var has array key type but not value type).
- Fixed bug #76446 (zend_variables.c:73: zend_string_destroy: Assertion `!(zval_gc_flags((str)->gc)).
- Fixed bug #76711 (OPcache enabled triggers false-positive "Illegal string offset").
- Fixed bug #77058 (Type inference in opcache causes side effects).
- Fixed bug #77092 (array_diff_key() - segmentation fault).
- OpenSSL:
- Added openssl_pkey_derive function.
- Add min_proto_version and max_proto_version ssl stream options as well as related constants for possible TLS protocol values.
- PCRE:
- Implemented https://wiki.php.net/rfc/pcre2-migration.
- Upgrade PCRE2 to 10.32.
- Fixed bug #75355 (preg_quote() does not quote # control character).
- Fixed bug #76512 (w no longer includes unicode characters).
- Fixed bug #76514 (Regression in preg_match makes it fail with PREG_JIT_STACKLIMIT_ERROR).
- Fixed bug #76909 (preg_match difference between 7.3 and < 7.3).
- PDO_DBlib:
- Implemented FR #69592 (allow 0-column rowsets to be skipped automatically).
- Expose TDS version as PDO::DBLIB_ATTR_TDS_VERSION attribute on PDO instance.
- Treat DATETIME2 columns like DATETIME.
- Fixed bug #74243 (allow locales.conf to drive datetime format).
- PDO_Firebird:
- Fixed bug #74462 (PDO_Firebird returns only NULLs for results with boolean for FIREBIRD >= 3.0).
- PDO_OCI:
- Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
- PDO SQLite:
- Add support for additional open flags
- pgsql:
- Added new error constants for pg_result_error(): PGSQL_DIAG_SCHEMA_NAME, PGSQL_DIAG_TABLE_NAME, PGSQL_DIAG_COLUMN_NAME, PGSQL_DIAG_DATATYPE_NAME, PGSQL_DIAG_CONSTRAINT_NAME and PGSQL_DIAG_SEVERITY_NONLOCALIZED.
- Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
- phar:
- Fixed bug #74991 (include_path has a 4096 char limit in some cases).
- Fixed bug #65414 (deal with leading slash when adding files correctly).
- Fixed bug #77022 (PharData always creates new files with mode 0666).
- Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
- readline:
- Added completion_append_character and completion_suppress_append options to readline_info() if linked against libreadline.
- Session:
- Fixed bug #74941 (session fails to start after having headers sent).
- SimpleXML:
- Fixed bug #54973 (SimpleXML casts integers wrong).
- Fixed bug #76712 (Assignment of empty string creates extraneous text node).
- Sockets:
- Fixed bug #67619 (Validate length on socket_write).
- SOAP:
- Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
- Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
- Fixed bug #50675 (SoapClient can't handle object references correctly).
- Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
- Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
- SPL:
- Fixed bug #74977 (Appending AppendIterator leads to segfault).
- Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
- Fixed bug #74372 (autoloading file with syntax error uses next autoloader, may hide parse error).
- Fixed bug #75878 (RecursiveTreeIterator::setPostfix has wrong signature).
- Fixed bug #74519 (strange behavior of AppendIterator).
- Fixed bug #76131 (mismatch arginfo for splarray constructor).
- SQLite3:
- Updated bundled libsqlite to 3.24.0.
- Standard:
- Added is_countable() function.
- Added support for the SameSite cookie directive, including an alternative signature for setcookie(), setrawcookie() and session_set_cookie_params().
- Remove superfluous warnings from inet_ntop()/inet_pton().
- Fixed bug #75916 (DNS_CAA record results contain garbage).
- Fixed unserialize(), to disable creation of unsupported data structures through manually crafted strings.
- Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
- Fixed bug #74719 (fopen() should accept NULL as context).
- Fixed bug #69948 (path/domain are not sanitized in setcookie).
- Fixed bug #75996 (incorrect url in header for mt_rand).
- Added hrtime() function, to get high resolution time.
- Fixed bug #48016 (stdClass::__setState is not defined although var_export() uses it).
- Fixed bug #76136 (stream_socket_get_name should enclose IPv6 in brackets).
- Fixed bug #76688 (Disallow excessive parameters after options array).
- Fixed bug #76713 (Segmentation fault caused by property corruption).
- Fixed bug #76755 (setcookie does not accept "double" type for expire time).
- Fixed bug #76674 (improve array_* failure messages exposing what was passed instead of an array).
- Fixed bug #76803 (ftruncate changes file pointer).
- Fixed bug #76818 (Memory corruption and segfault).
- Fixed bug #77081 (ftruncate() changes seek pointer in c mode).
- Testing:
- Implemented FR #62055 (Make run-tests.php support --CGI-- sections).
- Tidy:
- Support using tidyp instead of tidy.
- Fixed bug #74707 (Tidy has incorrect ReflectionFunction param counts for functions taking tidy).
- Fixed arginfo for tidy::__construct().
- Tokenizer:
- Fixed bug #76437 (token_get_all with TOKEN_PARSE flag fails to recognise close tag).
- Fixed bug #75218 (Change remaining uncatchable fatal errors for parsing into ParseError).
- Fixed bug #76538 (token_get_all with TOKEN_PARSE flag fails to recognise close tag with newline).
- Fixed bug #76991 (Incorrect tokenization of multiple invalid flexible heredoc strings).
- XML:
- Fixed bug #71592 (External entity processing never fails).
- Zlib:
- Added zlib/level context option for compress.zlib wrapper.
New in PHP 7.1.24 (Nov 9, 2018)
- Core:
- Fixed bug #76946 (Cyclic reference in generator not detected).
- Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
- Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana)
- Date:
- Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y").
- FCGI:
- Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
- Fixed bug #76954 (apache_response_headers removes last character from header name).
- FTP:
- Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
- intl:
- Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH).
- Standard:
- Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
- Tidy:
- Fixed bug #77027 (tidy::getOptDoc() not available on Windows).
- XML:
- Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
- Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
New in PHP 7.2.12 (Nov 8, 2018)
- Core:
- Fixed bug #76846 (Segfault in shutdown function after memory limit error).
- Fixed bug #76946 (Cyclic reference in generator not detected).
- Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
- Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana)
- Date:
- Upgraded timelib to 2017.08.
- Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y").
- Fixed bug #77007 (fractions in `diff()` are not correctly normalized).
- FCGI:
- Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
- Fixed bug #76954 (apache_response_headers removes last character from header name).
- FTP:
- Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
- intl:
- Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH).
- Reflection:
- Fixed bug #76936 (Objects cannot access their private attributes while handling reflection errors).
- Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with object scope).
- Sodium:
- Some base64 outputs were truncated; this is not the case any more.
- block sizes >= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed.
- Fixed bug #77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input).
- Standard:
- Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
- Tidy:
- Fixed bug #77027 (tidy::getOptDoc() not available on Windows).
- XML:
- Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
- Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
- XMLRPC:
- Fixed bug #75282 (xmlrpc_encode_request() crashes).
New in PHP 7.2.11 (Oct 16, 2018)
- Core:
- Fixed bug #76800 (foreach inconsistent if array modified during loop).
- Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory).
- CURL:
- Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
- iconv:
- Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
- Opcache:
- Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
- Fixed bug #76796 (Compile-time evaluation of disabled function in opcache causes segfault).
- POSIX:
- Fixed bug #75696 (posix_getgrnam fails to print details of group).
- Reflection:
- Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
- Standard:
- Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
- Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
- Fixed bug #75533 (array_reduce is slow when $carry is large array).
- XMLRPC:
- Fixed bug #76886 (Can't build xmlrpc with expat).
- Zlib:
- Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
New in PHP 7.1.23 (Oct 16, 2018)
- Core:
- Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory).
- Fixed bug #76846 (Segfault in shutdown function after memory limit error).
- CURL:
- Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
- iconv:
- Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
- Opcache:
- Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
- POSIX:
- Fixed bug #75696 (posix_getgrnam fails to print details of group).
- Reflection:
- Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
- Standard:
- Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
- Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
- Fixed bug #75533 (array_reduce is slow when $carry is large array).
- Zlib:
- Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
New in PHP 7.3.0 RC 2 (Sep 28, 2018)
- CURL:
- Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected). (Pierrick)
- Core:
- Fixed bug #76869 (Incorrect bypassing protected method accessibilty check). (Dmitry)
- Fixed bug #76800 (foreach inconsistent if array modified during loop). (Dmitry)
- Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory). (Nikita)
- iconv:
- Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be). (cmb)
- Opcache:
- Fixed bug #76711 (OPcache enabled triggers false-positive "Illegal string offset"). (Dmitry)
- PCRE:
- Upgrade PCRE2 to 10.32. (Anatol)
- Fixed bug #76909 (preg_match difference between 7.3 and < 7.3). (Anatol)
- Standard:
- Fixed bug #75533 (array_reduce is slow when $carry is large array). (Manabu Matsui)
- XMLRPC:
- Fixed bug #76886 (Can't build xmlrpc with expat). (Thomas Petazzoni, cmb)
New in PHP 7.3.0 RC 1 (Sep 14, 2018)
- Core:
- Fixed bug #76825 (Undefined symbols ___cpuid_count). (Laruence)
- Fixed bug #76820 (Z_COPYABLE invalid definition). (mvdwerve, cmb)
- Fixed bug #76510 (file_exists() stopped working for phar://). (cmb)
- intl:
- Fixed bug #76829 (Incorrect validation of domain on idn_to_utf8() function). (Anatol)
- MBString:
- Updated to Oniguruma 6.9.0. (cmb)
- Opcache:
- Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS). (Anatol)
- Fixed bug #76796 (Compile-time evaluation of disabled function in opcache causes segfault). (Nikita)
- POSIX:
- Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
- Reflection:
- Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod). (cmb)
- Standard:
- Fixed bug #76803 (ftruncate changes file pointer). (Anatol)
- Fixed bug #76818 (Memory corruption and segfault). (Remi)
- Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection). (Ville Hukkamäki)
- Zlib:
- Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed). (Martin Burke, cmb)
New in PHP 7.2.10 (Sep 14, 2018)
- Core:
- Fixed bug #76754 (parent private constant in extends class memory leak).
- Fixed bug #72443 (Generate enabled extension).
- Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode).
- Apache2:
- Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid).
- Bz2:
- Fixed arginfo for bzcompress.
- gettext:
- Fixed bug #76517 (incorrect restoring of LDFLAGS).
- iconv:
- Fixed bug #68180 (iconv_mime_decode can return extra characters in a header).
- Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
- Fixed bug #60494 (iconv_mime_decode does ignore special characters).
- Fixed bug #55146 (iconv_mime_decode_headers() skips some headers).
- intl:
- Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
- libxml:
- Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).
- mbstring:
- Fixed bug #76704 (mb_detect_order return value varies based on argument type).
- Opcache:
- Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
- OpenSSL:
- Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()).
- phpdbg:
- Fixed bug #76595 (phpdbg man page contains outdated information).
- SPL:
- Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
- Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0).
- Standard:
- Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
- zlib:
- Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
- Fixed bug #76709 (Minimal required zlib library is 1.2.0.4).
New in PHP 7.1.22 (Sep 14, 2018)
- Core:
- Fixed bug #76754 (parent private constant in extends class memory leak).
- Fixed bug #72443 (Generate enabled extension).
- Apache2:
- Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid).
- Bz2:
- Fixed arginfo for bzcompress.
- gettext:
- Fixed bug #76517 (incorrect restoring of LDFLAGS).
- iconv:
- Fixed bug #68180 (iconv_mime_decode can return extra characters in a header).
- Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
- Fixed bug #60494 (iconv_mime_decode does ignore special characters).
- Fixed bug #55146 (iconv_mime_decode_headers() skips some headers).
- intl:
- Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
- libxml:
- Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).
- mbstring:
- Fixed bug #76704 (mb_detect_order return value varies based on argument type).
- Opcache:
- Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
- OpenSSL:
- Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()).
- phpdbg:
- Fixed bug #76595 (phpdbg man page contains outdated information).
- SPL:
- Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
- Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0).
- Standard:
- Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
- zlib:
- Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
- Fixed bug #76709 (Minimal required zlib library is 1.2.0.4).
New in PHP 7.0.32 (Sep 14, 2018)
- Apache2:
- Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked).
New in PHP 7.2.9 (Aug 15, 2018)
- Calendar:
- Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset). (cmb)
- Filter:
- Fixed bug #76366 (References in sub-array for filtering breaks the filter). (ZiHang Gao)
- PDO_Firebird:
- Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis)
- PDO_PgSQL:
- Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option). (Anatol)
- SQLite3:
- Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle). (cmb)
- Standard:
- Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb)
- Fixed bug #68553 (array_column: null values in $index_key become incrementing keys in result). (Laruence)
- Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`). (cmb)
- Zip:
- Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)). (Timur Ibragimov)
New in PHP 7.3.0 Beta 2 (Aug 14, 2018)
- Core:
- Fixed bug #76030 (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)
- Bz2:
- Fixed arginfo for bzcompress. (Tyson Andre)
- DOM:
- Reverted fix for bug #76285 (DOMDocument::formatOutput attribute sometimes ignored). (cmb)
- gettext:
- Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)
- intl:
- Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders). (Anatol)
- mbstring:
- Fixed bug #76704 (mb_detect_order return value varies based on argument type). (cmb)
- Fixed bug #76706 (mbstring.http_output_conv_mimetypes is ignored). (cmb)
- phpdbg:
- Fixed bug #76595 (phpdbg man page contains outdated information). (Kevin Abel)
- Standard:
- Fixed bug #76688 (Disallow excessive parameters after options array). (pmmaga)
- Fixed bug #76713 (Segmentation fault caused by property corruption). (Laruence)
- Tidy:
- Fixed arginfo for tidy::__construct(). (Tyson Andre)
- zlib:
- Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option). (Jay Bonci)
- Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)
New in PHP 7.2.8 (Jul 17, 2018)
- Core:
- Fixed bug #76534 (PHP hangs on 'illegal string offset on string references with an error handler). (Laruence)
- Fixed bug #76520 (Object creation leaks memory when executed over HTTP). (Nikita)
- Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize properly). (Nikita)
- Date:
- Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
- EXIF:
- Fixed bug #76409 (heap use after free in _php_stream_free). (cmb)
- Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (Stas)
- Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (Stas)
- FPM:
- Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking). (Nikita)
- GMP:
- Fixed bug #74670 (Integer Underflow when unserializing GMP and possible other classes). (Nikita)
- intl:
- Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong type). (cmb)
- mbstring:
- Fixed bug #76532 (Integer overflow and excessive memory usage in mb_strimwidth). (MarcusSchwarz)
- Opcache:
- Fixed bug #76477 (Opcache causes empty return value). (Nikita, Laruence)
- PGSQL:
- Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
- phpdbg:
- Fix arginfo wrt. optional/required parameters. (cmb)
- Reflection:
- Fixed bug #76536 (PHP crashes with core dump when throwing exception in error handler). (Laruence)
- Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with inherited classes). (Nikita)
- Standard:
- Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys). (Laruence)
- Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
- Win32:
- Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
- ZIP:
- Fixed bug #76461 (OPSYS_Z_CPM defined instead of OPSYS_CPM). (Dennis Birkholz, Remi)
New in PHP 7.2.6 (May 25, 2018)
- EXIF:
- Fixed bug #76164 (exif_read_data zend_mm_heap corrupted).
- FPM:
- Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
- intl:
- Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
- Opcache:
- Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp).
- Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array).
- Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
- Reflection:
- Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).
- Session:
- Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
New in PHP 7.2.6 RC 1 (May 11, 2018)
- EXIF:
- Fixed bug #76164 (exif_read_data zend_mm_heap corrupted). (cmb)
- FPM:
- Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD. (mgorny)
- intl:
- Fixed bug #74385 (Locale::parseLocale() broken with some arguments). (Anatol)
- Opcache:
- Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry)
- Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array). (Nikita)
- Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors). (Nikita)
- Reflection:
- Fixed arginfo of array_replace(_recursive) and array_merge(_recursive). (carusogabriel)
- Session:
- Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#"). (Andrew Nester)
New in PHP 7.2.5 (Apr 25, 2018)
- Core:
- Fixed bug #75722 (Convert valgrind detection to configure option). (Michael Heimpold)
- Date:
- Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)
- Exif:
- Fixed bug#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas)
- FPM:
- Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long). (Jacob Hipps)
- Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)
- GD:
- Fixed bug #52070 (imagedashedline() dashed line sometimes is not visible). (cmb)
- intl:
- Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)
- iconv:
- Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (Stas)
- ldap:
- Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)
- mbstring:
- Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
- Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1). (chrullrich, cmb)
- ODBC:
- Fixed bug #76088 (ODBC functions are not available by default on Windows). (cmb)
- Opcache:
- Fixed bug #76094 (Access violation when using opcache). (Laruence)
- Phar:
- Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
- phpdbg:
- Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)
- SPL:
- Fixed bug #76131 (mismatch arginfo for splarray constructor). (carusogabriel)
- standard:
- Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
- Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)
New in PHP 7.2.4 RC 1 (Mar 16, 2018)
- Core:
- Fixed bug #76025 (Segfault while throwing exception in error_handler). (Dmitry, Laruence)
- Fixed bug #76044 ('date: illegal option --' in ./configure on FreeBSD). (Anatol)
- FTP:
- Fixed ftp_pasv arginfo. (carusogabriel)
- -GD:
- Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)
- Fixed bug #76041 (null pointer access crashed php). (cmb)
- Fixed imagesetinterpolation arginfo. (Gabriel Caruso)
- iconv:
- Fixed bug #75867 (Freeing uninitialized pointer). (Philip Prindeville)
- Mbstring:
- Fixed bug #62545 (wrong unicode mapping in some charsets). (cmb)
- Opcache:
- Fixed bug #75969 (Assertion failure in live range DCE due to block pass misoptimization). (Nikita)
- OpenSSL:
- Fixed openssl_* arginfos. (carusogabriel)
- PCNTL:
- Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)). (Sam Ding)
- Phar:
- Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a n). (Laruence)
- Standard:
- Fixed bug #75961 (Strange references behavior). (Laruence)
- Fixed some arginfos. (carusogabriel)
- Fixed bug #76068 (parse_ini_string fails to parse "[foo]nbar=1|>baz" with segfault). (Anatol)
New in PHP 7.2.3 (Mar 1, 2018)
- Core:
- Fixed bug #75864 ("stream_isatty" returns wrong value on s390x). (Sam Ding)
- Apache2Handler:
- Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol)
- Date:
- Fixed bug #75857 (Timezone gets truncated when formatted). (carusogabriel)
- Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda)
- Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr)
- LDAP:
- Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)
- libxml2:
- Fixed bug #75871 (use pkg-config where available). (pmmaga)
- PGSQL:
- Fixed bug #75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru)
- Phar:
- Fixed bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). (bishop)
- Fixed bug #65414 (deal with leading slash while adding files correctly). (bishopb)
- Fixed bug #65414 (deal with leading slash when adding files correctly). (bishopb)
- ODBC:
- Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol)
- Opcache:
- Fixed bug #75729 (opcache segfault when installing Bitrix). (Nikita)
- Fixed bug #75893 (file_get_contents $http_response_header variable bugged with opcache). (Nikita)
- Fixed bug #75938 (Modulus value not stored in variable). (Nikita)
- SPL:
- Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr)
- Standard:
- Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike, Philip Sharp)
- Fixed bug #75981 (Prevent reading beyond buffer start in http wrapper). (Stas)
New in PHP 7.2.2 (Feb 1, 2018)
- Core:
- Fixed bug #75742 (potential memleak in internal classes's static members).
- Fixed bug #75679 (Path 260 character problem).
- Fixed bug #75614 (Some non-portable == in shell scripts).
- Fixed bug #75786 (segfault when using spread operator on generator passed by reference).
- Fixed bug #75799 (arg of get_defined_functions is optional).
- Fixed bug #75396 (Exit inside generator finally results in fatal error).
- FCGI:
- Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).
- IMAP:
- Fixed bug #75774 (imap_append HeapCorruction).
- Opcache:
- Fixed bug #75720 (File cache not populated after SHM runs full).
- Fixed bug #75687 (var 8 (TMP) has array key type but not value type).
- Fixed bug #75698 (Using @ crashes php7.2-fpm).
- Fixed bug #75579 (Interned strings buffer overflow may cause crash).
- PDO:
- Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin).
- PDO MySQL:
- Fixed bug #75615 (PDO Mysql module can't be built as module).
- PGSQL:
- Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
- Readline:
- Fixed bug #75775 (readline_read_history segfaults with empty file).
- SAPI:
- Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry).
- SOAP:
- Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
- Fixed bug #75502 (Segmentation fault in zend_string_release).
- SPL:
- Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference).
- Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class).
- Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties).
- Standard:
- Fixed bug #75781 (substr_count incorrect result).
- Fixed bug #75653 (array_values don't work on empty array).
- Zip:
- Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1).
New in PHP 7.2.2 RC 1 (Jan 16, 2018)
- Core:
- Fixed bug #75742 (potential memleak in internal classes's static members). (Laruence)
- Fixed bug #75679 (Path 260 character problem). (Anatol)
- Fixed bug #75614 (Some non-portable == in shell scripts). (jdolecek)
- Fixed bug #75786 (segfault when using spread operator on generator passed by reference). (Nikita)
- Fixed bug #75799 (arg of get_defined_functions is optional). (carusogabriel)
- Fixed bug #75396 (Exit inside generator finally results in fatal error). (Nikita)
- FCGI:
- Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false). (Anatol)
- IMAP:
- Fixed bug #75774 (imap_append HeapCorruction). (Anatol)
- Opcache:
- Fixed bug #75687 (var 8 (TMP) has array key type but not value type). (Nikita, Laruence)
- Fixed bug #75698 (Using @ crashes php7.2-fpm). (Nikita)
- PDO:
- Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin). (jdolecek)
- PDO MySQL:
- Fixed bug #75615 (PDO Mysql module can't be built as module). (jdolecek)
- Opcache:
- Fixed bug #75720 (File cache not populated after SHM runs full). (Dmitry)
- Fixed bug #75579 (Interned strings buffer overflow may cause crash). (Dmitry)
- PGSQL:
- Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach). (magicaltux at gmail dot com)
- Readline:
- Fixed bug #75775 (readline_read_history segfaults with empty file). (Anatol)
- SAPI:
- Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry). (Laruence)
- SOAP:
- Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used). (Anton Artamonov)
- Fixed bug #75502 (Segmentation fault in zend_string_release). (Nikita)
- SPL:
- Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference). (Nikita)
- Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class). (Nikita)
- Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties). (Nikita)
- Standard:
- Fixed bug #75781 (substr_count incorrect result). (Laruence)
- Fixed bug #75653 (array_values don't work on empty array). (Nikita)
- Zip:
- Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1). (Remi)
New in PHP 7.2.1 (Jan 5, 2018)
- Core:
- Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
- Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
- Fixed bug #75525 (Access Violation in vcruntime140.dll).
- Fixed bug #74862 (Unable to clone instance when private __clone defined).
- Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
- CLI server:
- Fixed bug #73830 (Directory does not exist).
- FPM:
- Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
- GD:
- Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
- Opcache:
- Fixed bug #75608 ("Narrowing occurred during type inference" error).
- Fixed bug #75579 (Interned strings buffer overflow may cause crash).
- Fixed bug #75570 ("Narrowing occurred during type inference" error).
- Fixed bug #75556 (Invalid opcode 138/1/1).
- PCRE:
- Fixed bug #74183 (preg_last_error not returning error code after error).
- Phar:
- Fixed bug #74782 (remove file name from output to avoid XSS).
- Standard:
- Fixed bug #75511 (fread not free unused buffer).
- Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
- Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
- Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
- Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
- Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
- Zip:
- Fixed bug #75540 (Segfault with libzip 1.3.1).
New in PHP 7.2.1 RC 1 (Dec 15, 2017)
- Core:
- Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
- Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand). (Anatol)
- Fixed bug #75525 (Access Violation in vcruntime140.dll). (Anatol)
- Fixed bug #74862 (Unable to clone instance when private __clone defined). (Daniel Ciochiu)
- Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars). (Anatol)
- CLI server:
- Fixed bug #73830 (Directory does not exist). (Anatol)
- FPM:
- Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests). (Remi)
- Opcache:
- Fixed bug #75608 ("Narrowing occurred during type inference" error). (Laruence, Dmitry)
- Fixed bug #75570 ("Narrowing occurred during type inference" error). (Dmitry)
- Fixed bug #75556 (Invalid opcode 138/1/1). (Laruence)
- PCRE:
- Fixed bug #74183 (preg_last_error not returning error code after error). (Andrew Nester)
- Standard:
- Fixed bug #75511 (fread not free unused buffer). (Laruence)
- Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
- Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (Nikita)
- Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing). (sarciszewski)
- Fixed bug #73124 (php_ini_scanned_files() not reporting correctly). (John Stevenson)
- Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character). (Anatol)
- Zip:
- Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)
New in PHP 7.2.0 (Dec 4, 2017)
- Numerous improvements and new features such as:
- Convert numeric keys in object/array casts
- Counting of non-countable objects
- Object typehint
- HashContext as Object
- Argon2 in password hash
- Improve TLS constants to sane values
- Mcrypt extension removed
- New sodium extension
New in PHP 7.1.12 (Nov 24, 2017)
- Core:
- Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).
- Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).
- CLI:
- Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).
- Enchant:
- Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).
- Fixed bug #75365 (Enchant still reports version 1.1.0).
- Exif:
- Fixed bug #75301 (Exif extension has built in revision version).
- GD:
- Fixed bug #65148 (imagerotate may alter image dimensions).
- Fixed bug #75437 (Wrong reflection on imagewebp).
- intl:
- Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
- interbase:
- Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
- Mysqli:
- Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).
- OCI8:
- Fixed valgrind issue.
- OpenSSL:
- Fixed bug #75363 (openssl_x509_parse leaks memory).
- Fixed bug #75307 (Wrong reflection for openssl_open function).
- Opcache:
- Fixed bug #75373 (Warning Internal error: wrong size calculation).
- PGSQL:
- Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).
- SOAP:
- Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
- Zlib:
- Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).
New in PHP 7.2.0 RC 6 (Nov 21, 2017)
- Core:
- Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS). (Laruence)
- GD:
- Fixed bug #75437 (Wrong reflection on imagewebp). (Fabien Villepinte)
- interbase:
- Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa)
- Mysqli:
- Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function). (Fabien Villepinte)
- SOAP:
- Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders). (villfa)
New in PHP 7.2.0 RC 5 (Oct 29, 2017)
- Core:
- Fixed bug #75368 (mmap/munmap trashing on unlucky allocations). (Nikita, Dmitry)
- CLI:
- Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function). (Laruence)
- Date:
- Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)
- Enchant:
- Fixed bug #53070 (enchant_broker_get_path crashes if no path is set). (jelle van der Waa, cmb)
- Fixed bug #75365 (Enchant still reports version 1.1.0). (cmb)
- Exif:
- Fixed bug #75301 (Exif extension has built in revision version). (Peter Kokot)
- Fileinfo:
- Upgrade bundled libmagic to 5.31. (Anatol)
- GD:
- Fixed bug #65148 (imagerotate may alter image dimensions). (cmb)
- Intl:
- Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change $position argument). (Laruence)
- Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination). (andrewnester)
- JSON:
- Fixed bug #68567 (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key). (Jakub Zelenka)
- OCI8:
- Fixed valgrind issue. (Tianfang Yang)
- Opcache:
- Fixed bug (assertion fails with extended info generated). (Laruence)
- Fixed bug (Phi sources removel). (Laruence)
- Fixed bug #75370 (Webserver hangs on valid PHP text). (Laruence)
- Fixed bug #75357 (segfault loading WordPress wp-admin). (Laruence)
- Fixed bug #75373 (Warning Internal error: wrong size calculation). (Laruence, Dmitry)
- Openssl:
- Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob)
- PCRE:
- Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
- PGSQL:
- Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()). (Sara)
- Standard:
- Fixed bug #75221 (Argon2i always throws NUL at the end). (cmb)
- Zlib:
- Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien Villepinte)
New in PHP 7.1.11 (Oct 25, 2017)
- Core:
- Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence)
- Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
- Fixed bug #75252 (Incorrect token formatting on two parse errors in one request). (Nikita)
- Fixed bug #75220 (Segfault when calling is_callable on parent). (andrewnester)
- Fixed bug #75290 (debug info of Closures of internal functions contain garbage argument names). (Andrea)
- Date:
- Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)
- Apache2Handler:
- Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler). (mcarbonneaux)
- Hash:
- Fixed bug #75303 (sha3 hangs on bigendian). (Remi)
- Intl:
- Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional). (cmb)
- litespeed:
- Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI). (petk)
- Fixed bug #75251 (Missing program prefix and suffix). (petk)
- mcrypt:
- Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)
- MySQLi:
- Fixed bug #75018 (Data corruption when reading fields of bit type). (Anatol)
- OCI8:
- Fixed incorrect reference counting. (Dmitry, Tianfang Yang)
- Opcache
- Fixed bug #75255 (Request hangs and not finish). (Dmitry)
- PCRE:
- Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
- PDO_mysql:
- Fixed bug #75177 (Type 'bit' is fetched as unexpected string). (Anatol)
- SPL:
- Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb)
New in PHP 7.1.10 (Sep 29, 2017)
- Core:
- Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
- BCMath:
- Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
- Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
- Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
- Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
- CLI server:
- Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets). (bouk)
- CURL:
- Fixed bug #75093 (OpenSSL support not detected). (Remi)
- GD:
- Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
- Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
- Gettext:
- Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
- Intl:
- Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class). (tpunt)
- Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
- PDO_OCI:
- Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up). (Ingmar Runge)
- SPL:
- Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator). (Nikita)
- Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). (jhdxr)
- Standard:
- Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
- Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
New in PHP 7.1.10 RC 1 (Sep 17, 2017)
- Core:
- Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
- BCMath:
- Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
- Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
- Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
- Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
- CLI server:
- Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets). (bouk)
- CURL:
- Fixed bug #75093 (OpenSSL support not detected). (Remi)
- GD:
- Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
- Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
- Gettext:
- Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
- Intl:
- Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class). (tpunt)
- Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
- PDO_OCI:
- Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up). (Ingmar Runge)
- SPL:
- Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator). (Nikita)
- Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). (jhdxr)
- Standard:
- Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
- Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
New in PHP 7.2.0 RC 2 (Sep 17, 2017)
- Core:
- Fixed Bug #75142 (buildcheck.sh check for autoconf version needs to be updated for v2.64). (zizzy at zizzy dot net, Remi)
- BCMath:
- Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
- Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
- Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
- Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
- CLI server:
- Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets). (bouk)
- Date:
- Fixed bug #75149 (redefinition of typedefs ttinfo and t1info). (Remi)
- GD:
- Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
- Intl:
- Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
- Gettext:
- Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
- Opcache
- Fixed incorect constant conditional jump elimination. (Dmitry)
- OpenSSL
- Automatically load OpenSSL configuration file. (Jakub Zelenka)
- SPL:
- Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator). (Nikita)
- Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). (jhdxr)
- Standard:
- Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
- Fixed bug #75170 (mt_rand() bias on 64-bit machines). (Nikita)
- ZIP:
- Fixed bug #75143 (new method setEncryptionName() seems not to exist in ZipArchive). (Anatol)
New in PHP 7.1.9 (Sep 1, 2017)
- Core:
- Fixed bug #74947 (Segfault in scanner on INF number).
- Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
- Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
- Fixed bug #75063 (Main CWD initialized with wrong codepage).
- cURL:
- Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
- Date:
- Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
- Intl:
- Fixed bug #74993 (Wrong reflection on some locale_* functions).
- Mbstring:
- Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
- Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
- Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
- MySQLi:
- Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
- OCI8:
- Expose oci_unregister_taf_callback() (Tianfang Yang)
- Opcache:
- Fixed bug #74980 (Narrowing occurred during type inference).
- phar:
- Fixed bug #74991 (include_path has a 4096 char limit in some cases).
- Reflection:
- Fixed bug #74949 (null pointer dereference in _function_string).
- Session:
- Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
- Fixed bug #74833 (SID constant created with wrong module number).
- SimpleXML:
- Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
- SPL:
- Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
- Fixed bug #74669 (Unserialize ArrayIterator broken).
- Fixed bug #74977 (Appending AppendIterator leads to segfault).
- Fixed bug #75015 (Crash in recursive iterator destructors).
- Standard:
- Fixed bug #75075 (unpack with X* causes infinity loop).
- Fixed bug #74103 (heap-use-after-free when unserializing invalid array size).
- Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
- WDDX:
- Fixed bug #73793 (WDDX uses wrong decimal seperator).
- XMLRPC:
- Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties)
New in PHP 7.1.8 (Aug 2, 2017)
- Core:
- Fixed bug #74832 (Loading PHP extension with already registered function name leads to a crash). (jpauli)
- Fixed bug #74780 (parse_url() broken when query string contains colon). (jhdxr)
- Fixed bug #74761 (Unary operator expected error on some systems). (petk)
- Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic)
- Fixed bug #74923 (Crash when crawling through network share). (Anatol)
- Fixed bug #74913 (fixed incorrect poll.h include). (petk)
- Fixed bug #74906 (fixed incorrect errno.h include). (petk)
- Date:
- Fixed bug #74852 (property_exists returns true on unknown DateInterval property). (jhdxr)
- OCI8:
- Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)
- Opcache:
- Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier). (nikic)
- OpenSSL:
- Fixed bug #74798 (pkcs7_en/decrypt does not work if x0a is used in content). (Anatol)
- Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug #71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362 (OpenSSL Blowfish encryption is incorrect for short keys). (Jakub Zelenka)
- PDO:
- Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam Baratz)
- SPL:
- Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)
- SQLite3:
- Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags). (Anatol)
- Wddx:
- Fixed bug #73173 (huge memleak when wddx_unserialize). (tloi at fortinet dot com)
- zlib:
- Fixed bug #73944 (dictionary option of inflate_init() does not work). (wapmorgan)
New in PHP 7.1.7 (Jul 5, 2017)
- Core:
- Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz)
- Fixed bug #74658 (Undefined constants in array properties result in broken properties). (Laruence)
- Fixed misparsing of abstract unix domain socket names. (Sara)
- Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita)
- Date:
- Fixed bug #74639 (implement clone for DatePeriod and DateInterval). (andrewnester)
- DOM:
- Fixed bug #69373 (References to deleted XPath query results). (ttoohey)
- Intl:
- Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
- Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi)
- Mbstring:
- Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
- OCI8:
- Add TAF callback (PR #2459). (KoenigsKind)
- Opcache:
- Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence)
- Revert opcache.enable_cli to default disabled. (Nikita)
- OpenSSL:
- Fixed bug #74720 (pkcs7_en/decrypt does not work if x1a is used in content). (Anatol)
- PDO_OCI:
- Support Instant Client 12.2 in --with-pdo-oci configure option. (Tianfang Yang)
- Reflection:
- Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence)
- SPL:
- Fixed bug #74478 (null coalescing operator failing with SplFixedArray). (jhdxr)
- FTP:
- Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)
- PHAR:
- Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)
- SOAP
- Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry)
- Streams:
- Fixed bug #74556 (stream_socket_get_name() returns '