CINXE.COM

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>PHP: PHP 8 ChangeLog</title> <link rel="icon" type="image/svg+xml" sizes="any" href="https://www.php.net/favicon.svg?v=2"> <link rel="icon" type="image/png" sizes="196x196" href="https://www.php.net/favicon-196x196.png?v=2"> <link rel="icon" type="image/png" sizes="32x32" href="https://www.php.net/favicon-32x32.png?v=2"> <link rel="icon" type="image/png" sizes="16x16" href="https://www.php.net/favicon-16x16.png?v=2"> <link rel="shortcut icon" href="https://www.php.net/favicon.ico?v=2"> <link rel="search" type="application/opensearchdescription+xml" href="http://php.net/phpnetimprovedsearch.src" title="Add PHP.net search"> <link rel="alternate" type="application/atom+xml" href="https://www.php.net/releases/feed.php" title="PHP Release feed"> <link rel="alternate" type="application/atom+xml" href="https://www.php.net/feed.atom" title="PHP: Hypertext Preprocessor"> <link rel="canonical" href="https://www.php.net/ChangeLog-8.php"> <link rel="shorturl" href="https://www.php.net/ChangeLog-8"> <link rel="alternate" href="https://www.php.net/ChangeLog-8" hreflang="x-default"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&f=/fonts/Fira/fira.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&f=/fonts/Font-Awesome/css/fontello.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1732428602&f=/styles/theme-base.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1730558402&f=/styles/theme-medium.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&f=/styles/changelog.css" media="screen"> <base href="https://www.php.net/ChangeLog-8.php"> <meta name="Description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@official_php" /> <meta name="twitter:title" content="PHP: Hypertext Preprocessor" /> <meta name="twitter:description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta name="twitter:creator" content="@official_php" /> <meta name="twitter:image:src" content="https://www.php.net/images/meta-image.png" /> <meta itemprop="name" content="PHP: Hypertext Preprocessor" /> <meta itemprop="description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta itemprop="image" content="https://www.php.net/images/meta-image.png" /> <meta property="og:image" content="https://www.php.net/images/meta-image.png" /> <meta property="og:description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <link href="https://fosstodon.org/@php" rel="me" />  <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(["setDoNotTrack", true]); _paq.push(["disableCookies"]); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="https://analytics.php.net/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script>  </head> <body class="docs "> <nav class="navbar navbar-fixed-top"> <div class="navbar__inner"> <a href="/" aria-label="PHP Home" class="navbar__brand"> <img src="/images/logos/php-logo-white.svg" aria-hidden="true" width="80" height="40" > </a> <div id="navbar__offcanvas" tabindex="-1" class="navbar__offcanvas" aria-label="Menu" > <button id="navbar__close-button" class="navbar__icon-item navbar_icon-item--visually-aligned navbar__close-button" > <svg xmlns="http://www.w3.org/2000/svg" width="24" viewBox="0 0 24 24" fill="currentColor"><path d="M19,6.41L17.59,5L12,10.59L6.41,5L5,6.41L10.59,12L5,17.59L6.41,19L12,13.41L17.59,19L19,17.59L13.41,12L19,6.41Z" /></svg> </button> <ul class="navbar__nav"> <li class="navbar__item"> <a href="/downloads.php" class="navbar__link " > Downloads </a> </li> <li class="navbar__item"> <a href="/docs.php" aria-current="page" class="navbar__link navbar__link--active " > Documentation </a> </li> <li class="navbar__item"> <a href="/get-involved.php" class="navbar__link " > Get Involved </a> </li> <li class="navbar__item"> <a href="/support.php" class="navbar__link " > Help </a> </li> <li class="navbar__item"> <a href="/releases/8.4/index.php" class="navbar__link navbar__release" > <img src="/images/php8/logo_php8_4.svg" alt="PHP 8.4"> </a> </li> </ul> </div> <div class="navbar__right">  <form action="/manual-lookup.php" class="navbar__search-form" > <label for="navbar__search-input" aria-label="Search docs"> <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </label> <input type="search" name="pattern" id="navbar__search-input" class="navbar__search-input" placeholder="Search docs" accesskey="s" > <input type="hidden" name="scope" value="quickref"> </form>  <button id="navbar__search-button" class="navbar__search-button" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> Search docs </button>  <a id="navbar__search-link" href="/lookup-form.php" aria-label="Search docs" class="navbar__icon-item navbar__search-link" > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </a> <a id="navbar__menu-link" href="/menu.php" aria-label="Menu" class="navbar__icon-item navbar_icon-item--visually-aligned navbar_menu-link" > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="currentColor" > <path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" /> </svg> </a>  <button id="navbar__search-button-mobile" aria-label="Search docs" class="navbar__icon-item navbar__search-button-mobile" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </button> <button id="navbar__menu-button" aria-label="Menu" class="navbar__icon-item navbar_icon-item--visually-aligned" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="currentColor" > <path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" /> </svg> </button> </div> <div id="navbar__backdrop" class="navbar__backdrop" ></div> </div> <div id="flash-message"></div> </nav> <div class="headsup"><a href='/conferences/index.php#2024-12-09-1'>ConFoo 2025</a></div> <nav id="trick"><div><dl> <dt><a href='/manual/en/getting-started.php'>Getting Started</a></dt> <dd><a href='/manual/en/introduction.php'>Introduction</a></dd> <dd><a href='/manual/en/tutorial.php'>A simple tutorial</a></dd> <dt><a href='/manual/en/langref.php'>Language Reference</a></dt> <dd><a href='/manual/en/language.basic-syntax.php'>Basic syntax</a></dd> <dd><a href='/manual/en/language.types.php'>Types</a></dd> <dd><a href='/manual/en/language.variables.php'>Variables</a></dd> <dd><a href='/manual/en/language.constants.php'>Constants</a></dd> <dd><a href='/manual/en/language.expressions.php'>Expressions</a></dd> <dd><a href='/manual/en/language.operators.php'>Operators</a></dd> <dd><a href='/manual/en/language.control-structures.php'>Control Structures</a></dd> <dd><a href='/manual/en/language.functions.php'>Functions</a></dd> <dd><a href='/manual/en/language.oop5.php'>Classes and Objects</a></dd> <dd><a href='/manual/en/language.namespaces.php'>Namespaces</a></dd> <dd><a href='/manual/en/language.enumerations.php'>Enumerations</a></dd> <dd><a href='/manual/en/language.errors.php'>Errors</a></dd> <dd><a href='/manual/en/language.exceptions.php'>Exceptions</a></dd> <dd><a href='/manual/en/language.fibers.php'>Fibers</a></dd> <dd><a href='/manual/en/language.generators.php'>Generators</a></dd> <dd><a href='/manual/en/language.attributes.php'>Attributes</a></dd> <dd><a href='/manual/en/language.references.php'>References Explained</a></dd> <dd><a href='/manual/en/reserved.variables.php'>Predefined Variables</a></dd> <dd><a href='/manual/en/reserved.exceptions.php'>Predefined Exceptions</a></dd> <dd><a href='/manual/en/reserved.interfaces.php'>Predefined Interfaces and Classes</a></dd> <dd><a href='/manual/en/reserved.attributes.php'>Predefined Attributes</a></dd> <dd><a href='/manual/en/context.php'>Context options and parameters</a></dd> <dd><a href='/manual/en/wrappers.php'>Supported Protocols and Wrappers</a></dd> </dl> <dl> <dt><a href='/manual/en/security.php'>Security</a></dt> <dd><a href='/manual/en/security.intro.php'>Introduction</a></dd> <dd><a href='/manual/en/security.general.php'>General considerations</a></dd> <dd><a href='/manual/en/security.cgi-bin.php'>Installed as CGI binary</a></dd> <dd><a href='/manual/en/security.apache.php'>Installed as an Apache module</a></dd> <dd><a href='/manual/en/security.sessions.php'>Session Security</a></dd> <dd><a href='/manual/en/security.filesystem.php'>Filesystem Security</a></dd> <dd><a href='/manual/en/security.database.php'>Database Security</a></dd> <dd><a href='/manual/en/security.errors.php'>Error Reporting</a></dd> <dd><a href='/manual/en/security.variables.php'>User Submitted Data</a></dd> <dd><a href='/manual/en/security.hiding.php'>Hiding PHP</a></dd> <dd><a href='/manual/en/security.current.php'>Keeping Current</a></dd> <dt><a href='/manual/en/features.php'>Features</a></dt> <dd><a href='/manual/en/features.http-auth.php'>HTTP authentication with PHP</a></dd> <dd><a href='/manual/en/features.cookies.php'>Cookies</a></dd> <dd><a href='/manual/en/features.sessions.php'>Sessions</a></dd> <dd><a href='/manual/en/features.file-upload.php'>Handling file uploads</a></dd> <dd><a href='/manual/en/features.remote-files.php'>Using remote files</a></dd> <dd><a href='/manual/en/features.connection-handling.php'>Connection handling</a></dd> <dd><a href='/manual/en/features.persistent-connections.php'>Persistent Database Connections</a></dd> <dd><a href='/manual/en/features.commandline.php'>Command line usage</a></dd> <dd><a href='/manual/en/features.gc.php'>Garbage Collection</a></dd> <dd><a href='/manual/en/features.dtrace.php'>DTrace Dynamic Tracing</a></dd> </dl> <dl> <dt><a href='/manual/en/funcref.php'>Function Reference</a></dt> <dd><a href='/manual/en/refs.basic.php.php'>Affecting PHP's Behaviour</a></dd> <dd><a href='/manual/en/refs.utilspec.audio.php'>Audio Formats Manipulation</a></dd> <dd><a href='/manual/en/refs.remote.auth.php'>Authentication Services</a></dd> <dd><a href='/manual/en/refs.utilspec.cmdline.php'>Command Line Specific Extensions</a></dd> <dd><a href='/manual/en/refs.compression.php'>Compression and Archive Extensions</a></dd> <dd><a href='/manual/en/refs.crypto.php'>Cryptography Extensions</a></dd> <dd><a href='/manual/en/refs.database.php'>Database Extensions</a></dd> <dd><a href='/manual/en/refs.calendar.php'>Date and Time Related Extensions</a></dd> <dd><a href='/manual/en/refs.fileprocess.file.php'>File System Related Extensions</a></dd> <dd><a href='/manual/en/refs.international.php'>Human Language and Character Encoding Support</a></dd> <dd><a href='/manual/en/refs.utilspec.image.php'>Image Processing and Generation</a></dd> <dd><a href='/manual/en/refs.remote.mail.php'>Mail Related Extensions</a></dd> <dd><a href='/manual/en/refs.math.php'>Mathematical Extensions</a></dd> <dd><a href='/manual/en/refs.utilspec.nontext.php'>Non-Text MIME Output</a></dd> <dd><a href='/manual/en/refs.fileprocess.process.php'>Process Control Extensions</a></dd> <dd><a href='/manual/en/refs.basic.other.php'>Other Basic Extensions</a></dd> <dd><a href='/manual/en/refs.remote.other.php'>Other Services</a></dd> <dd><a href='/manual/en/refs.search.php'>Search Engine Extensions</a></dd> <dd><a href='/manual/en/refs.utilspec.server.php'>Server Specific Extensions</a></dd> <dd><a href='/manual/en/refs.basic.session.php'>Session Extensions</a></dd> <dd><a href='/manual/en/refs.basic.text.php'>Text Processing</a></dd> <dd><a href='/manual/en/refs.basic.vartype.php'>Variable and Type Related Extensions</a></dd> <dd><a href='/manual/en/refs.webservice.php'>Web Services</a></dd> <dd><a href='/manual/en/refs.utilspec.windows.php'>Windows Only Extensions</a></dd> <dd><a href='/manual/en/refs.xml.php'>XML Manipulation</a></dd> <dd><a href='/manual/en/refs.ui.php'>GUI Extensions</a></dd> </dl> <dl> <dt>Keyboard Shortcuts</dt><dt>?</dt> <dd>This help</dd> <dt>j</dt> <dd>Next menu item</dd> <dt>k</dt> <dd>Previous menu item</dd> <dt>g p</dt> <dd>Previous man page</dd> <dt>g n</dt> <dd>Next man page</dd> <dt>G</dt> <dd>Scroll to bottom</dd> <dt>g g</dt> <dd>Scroll to top</dd> <dt>g h</dt> <dd>Goto homepage</dd> <dt>g s</dt> <dd>Goto search<br>(current page)</dd> <dt>/</dt> <dd>Focus search box</dd> </dl></div></nav> <div id="goto"> <div class="search"> <div class="text"></div> <div class="results"><ul></ul></div> </div> </div> <div id="layout" class="clearfix"> <section id="layout-content"> <h1>PHP 8 ChangeLog</h1> <a href="#PHP_8_4">8.4</a> | <a href="#PHP_8_3">8.3</a> | <a href="#PHP_8_2">8.2</a> | <a href="#PHP_8_1">8.1</a> | <a href="#PHP_8_0">8.0</a> <a id="PHP_8_4"></a> <section class="version" id="8.4.1"> <h3>Version 8.4.1</h3> <b><time class='releasedate' datetime='2024-11-21'>21 Nov 2024</time></b> <ul><li>BcMath: <ul> <li>[RFC] Add bcfloor, bcceil and bcround to BCMath.</li> <li>Improve performance.</li> <li>Adjust bcround()'s $mode parameter to only accept the RoundingMode enum.</li> <li>Fixed LONG_MAX in BCMath ext.</li> <li>Fixed bcdiv() div by one.</li> <li>[RFC] Support object types in BCMath.</li> <li>bcpow() performance improvement.</li> <li>ext/bcmath: Check for scale overflow.</li> <li>[RFC] ext/bcmath: Added bcdivmod.</li> <li>Fix <a href="https://github.com/php/php-src/issues/15968">GH-15968</a> (Avoid converting objects to strings in operator calculations).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16265">GH-16265</a> (Added early return case when result is 0) (Saki Takamachi).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16262">GH-16262</a> (Fixed a bug where size_t underflows) (Saki Takamachi).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16236">GH-16236</a> (Fixed a bug in BcMath\Number::pow() and bcpow() when raising negative powers of 0) (Saki Takamachi).</li> </ul></li> <li>Core: <ul> <li>Added zend_call_stack_get implementation for NetBSD, DragonFlyBSD, Solaris and Haiku.</li> <li>Enabled ifunc checks on FreeBSD from the 12.x releases.</li> <li>Changed the type of PHP_DEBUG and PHP_ZTS constants to bool.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13142">GH-13142</a> (Undefined variable name is shortened when contains \0).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13178">GH-13178</a> (Iterator positions incorrect when converting packed array to hashed).</li> <li>Fixed zend fiber build for solaris default mode (32 bits).</li> <li>Fixed zend call stack size for macOs/arm64.</li> <li>Added support for Zend Max Execution Timers on FreeBSD.</li> <li>Ensure fiber stack is not backed by THP.</li> <li>Implement <a href="https://github.com/php/php-src/issues/13609">GH-13609</a> (Dump wrapped object in WeakReference class).</li> <li>Added sparc64 arch assembly support for zend fiber.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/13581">GH-13581</a> no space available for TLS on NetBSD.</li> <li>Added fiber Sys-V loongarch64 support.</li> <li>Adjusted closure names to include the parent function's name.</li> <li>Improve randomness of uploaded file names and files created by tempnam().</li> <li>Added gc and shutdown callbacks to zend_mm custom handlers.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14650">GH-14650</a> (Compute the size of pages before allocating memory).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11928">GH-11928</a> (The --enable-re2c-cgoto doesn't add the -g flag).</li> <li>Added the #[\Deprecated] attribute.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/11389">GH-11389</a> (Allow suspending fibers in destructors).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14801">GH-14801</a> (Fix build for armv7).</li> <li>Implemented property hooks RFC.</li> <li>Fix <a href="https://github.com/php/php-src/issues/14978">GH-14978</a> (The xmlreader extension phpize build).</li> <li>Throw Error exception when encountering recursion during comparison, rather than fatal error.</li> <li>Added missing cstddef include for C++ builds.</li> <li>Updated build system scripts config.guess to 2024-07-27 and config.sub to 2024-05-27.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15240">GH-15240</a> (Infinite recursion in trait hook).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15140">GH-15140</a> (Missing variance check for abstract set with asymmetric type).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15181">GH-15181</a> (Disabled output handler is flushed again).</li> <li>Passing E_USER_ERROR to trigger_error() is now deprecated.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15292">GH-15292</a> (Dynamic AVX detection is broken for MSVC).</li> <li>Using "_" as a class name is now deprecated.</li> <li>Exiting a namespace now clears seen symbols.</li> <li>The exit (and die) language constructs now behave more like a function. They can be passed liked callables, are affected by the strict_types declare statement, and now perform the usual type coercions instead of casting any non-integer value to a string. As such, passing invalid types to exit/die may now result in a TypeError being thrown.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15438">GH-15438</a> (Hooks on constructor promoted properties without visibility are ignored).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15419">GH-15419</a> (Missing readonly+hook incompatibility check for readonly classes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15187">GH-15187</a> (Various hooked object iterator issues).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15456">GH-15456</a> (Crash in get_class_vars() on virtual properties).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15501">GH-15501</a> (Windows HAVE_<header>_H macros defined to 1 or undefined).</li> <li>Implemented asymmetric visibility for properties.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15644">GH-15644</a> (Asymmetric visibility doesn't work with hooks).</li> <li>Implemented lazy objects RFC.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15686">GH-15686</a> (Building shared iconv with external iconv library).</li> <li>Fixed missing error when adding asymmetric visibility to unilateral virtual property.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15693">GH-15693</a> (Unnecessary include in main.c bloats binary).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15731">GH-15731</a> (AllowDynamicProperties validation should error on enums).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16040">GH-16040</a> (Use-after-free of object released in hook).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16026">GH-16026</a> (Reuse of dtor fiber during shutdown).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15999">GH-15999</a> (zend_std_write_property() assertion failure with lazy objects).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15960">GH-15960</a> (Foreach edge cases with lazy objects).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16185">GH-16185</a> (Various hooked object iterator issues).</li> <li>Fixed bug OSS-Fuzz #371445205 (Heap-use-after-free in attr_free).</li> <li>Fixed missing error when adding asymmetric visibility to static properties.</li> <li>Fixed bug OSS-Fuzz #71407 (Null-dereference WRITE in zend_lazy_object_clone).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16574">GH-16574</a> (Incorrect error "undefined method" messages).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16577">GH-16577</a> (EG(strtod_state).freelist leaks with opcache.preload).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16615">GH-16615</a> (Assertion failure in zend_std_read_property).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16342">GH-16342</a> (Added ReflectionProperty::isLazy()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16725">GH-16725</a> (Incorrect access check for non-hooked props in hooked object iterator).</li> </ul></li> <li>Curl: <ul> <li>Deprecated the CURLOPT_BINARYTRANSFER constant.</li> <li>Bumped required libcurl version to 7.61.0.</li> <li>Added feature_list key to the curl_version() return value.</li> <li>Added constants CURL_HTTP_VERSION_3 (libcurl 7.66) and CURL_HTTP_VERSION_3ONLY (libcurl 7.88) as options for CURLOPT_HTTP_VERSION (Ayesh Karunaratne)</li> <li>Added CURLOPT_TCP_KEEPCNT to set the number of probes to send before dropping the connection.</li> <li>Added CURLOPT_PREREQFUNCTION Curl option to set a custom callback after the connection is established, but before the request is performed.</li> <li>Added CURLOPT_SERVER_RESPONSE_TIMEOUT, which was formerly known as CURLOPT_FTP_RESPONSE_TIMEOUT.</li> <li>The CURLOPT_DNS_USE_GLOBAL_CACHE option is now silently ignored.</li> <li>Added CURLOPT_DEBUGFUNCTION as a Curl option.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16359">GH-16359</a> (crash with curl_setopt* CURLOPT_WRITEFUNCTION without null callback).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16723">GH-16723</a> (CURLMOPT_PUSHFUNCTION issues).</li> </ul></li> <li>Date: <ul> <li>Added DateTime[Immutable]::createFromTimestamp.</li> <li>Added DateTime[Immutable]::[get|set]Microsecond.</li> <li>Constants SUNFUNCS_RET_TIMESTAMP, SUNFUNCS_RET_STRING, and SUNFUNCS_RET_DOUBLE are now deprecated.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13773">GH-13773</a> (DatePeriod not taking into account microseconds for end date).</li> </ul></li> <li>DBA: <ul> <li>Passing null or false to dba_key_split() is deprecated.</li> </ul></li> <li>Debugging: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15923">GH-15923</a> (GDB: Python Exception <class 'TypeError'>: exceptions must derive from BaseException).</li> </ul></li> <li>DOM: <ul> <li>Added DOMNode::compareDocumentPosition().</li> <li>Implement #53655 (Improve speed of DOMNode::C14N() on large XML documents).</li> <li>Fix cloning attribute with namespace disappearing namespace.</li> <li>Implement DOM HTML5 parsing and serialization RFC.</li> <li>Fix DOMElement->prefix with empty string creates bogus prefix.</li> <li>Handle OOM more consistently.</li> <li>Implemented "Improve callbacks in ext/dom and ext/xsl" RFC.</li> <li>Added DOMXPath::quote() static method.</li> <li>Implemented opt-in ext/dom spec compliance RFC.</li> <li>Fixed bug <a href="http://bugs.php.net/79701">#79701</a> (getElementById does not correctly work with duplicate definitions).</li> <li>Implemented "New ext-dom features in PHP 8.4" RFC.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/14698">GH-14698</a> (segfault on DOM node dereference).</li> <li>Improve support for template elements.</li> <li>Fix trampoline leak in xpath callables.</li> <li>Throw instead of silently failing when creating a too long text node in (DOM)ParentNode and (DOM)ChildNode.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15192">GH-15192</a> (Segmentation fault in dom extension (html5_serializer)).</li> <li>Deprecated DOM_PHP_ERR constant.</li> <li>Removed DOMImplementation::getFeature().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15331">GH-15331</a> (Element::$substitutedNodeValue test failed).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15570">GH-15570</a> (Segmentation fault (access null pointer) in ext/dom/html5_serializer.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13988">GH-13988</a> (Storing DOMElement consume 4 times more memory in PHP 8.1 than in PHP 8.0).</li> <li>Fix XML serializer errata: xmlns="" serialization should be allowed.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15910">GH-15910</a> (Assertion failure in ext/dom/element.c).</li> <li>Fix unsetting DOM properties.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16190">GH-16190</a> (Using reflection to call Dom\Node::__construct causes assertion failure).</li> <li>Fix edge-case in DOM parsing decoding.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16465">GH-16465</a> (Heap buffer overflow in DOMNode->getElementByTagName).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16594">GH-16594</a> (Assertion failure in DOM -> before).</li> </ul></li> <li>Fileinfo: <ul> <li>Update to libmagic 5.45.</li> <li>Fixed bug <a href="http://bugs.php.net/65106">#65106</a> (PHP fails to compile ext/fileinfo).</li> </ul></li> <li>FPM: <ul> <li>Implement <a href="https://github.com/php/php-src/issues/12385">GH-12385</a> (flush headers without body when calling flush()).</li> <li>Added DragonFlyBSD system to the list which set FPM_BACKLOG_DEFAULT to SOMAXCONN.</li> <li>/dev/poll events.mechanism for Solaris/Illumos setting had been retired.</li> <li>Added memory peak to the scoreboard / status page.</li> </ul></li> <li>FTP: <ul> <li>Removed the deprecated inet_ntoa call support.</li> <li>Fixed bug <a href="http://bugs.php.net/63937">#63937</a> (Upload speed 10 times slower with PHP).</li> </ul></li> <li>GD: <ul> <li>Fix parameter numbers and missing alpha check for imagecolorset().</li> <li>imagepng/imagejpeg/imagewep/imageavif now throw an exception on invalid quality parameter.</li> <li>Check overflow/underflow for imagescale/imagefilter.</li> <li>Added gdImageClone to bundled libgd.</li> </ul></li> <li>Gettext: <ul> <li>bind_textdomain_codeset, textdomain and d(*)gettext functions now throw an exception on empty domain.</li> </ul></li> <li>GMP: <ul> <li>The GMP class is now final and cannot be extended anymore.</li> <li>RFC: Change GMP bool cast behavior.</li> </ul></li> <li>Hash: <ul> <li>Changed return type of hash_update() to true.</li> <li>Added HashContext::__debugInfo().</li> <li>Deprecated passing incorrect data types for options to ext/hash functions.</li> <li>Added SSE2 and SHA-NI implementation of SHA-256.</li> <li>Fix <a href="https://github.com/php/php-src/issues/15384">GH-15384</a> (Build fails on Alpine / Musl for amd64).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15742">GH-15742</a> (php_hash_sha.h incompatible with C++).</li> </ul></li> <li>IMAP: <ul> <li>Moved to PECL.</li> </ul></li> <li>Intl: <ul> <li>Added IntlDateFormatter::PATTERN constant.</li> <li>Fixed Numberformatter::__construct when the locale is invalid, now throws an exception.</li> <li>Added NumberFormatter::ROUND_TOWARD_ZERO and ::ROUND_AWAY_FROM_ZERO as aliases for ::ROUND_DOWN and ::ROUND_UP.</li> <li>Added NumberFormatter::ROUND_HALFODD.</li> <li>Added PROPERTY_IDS_UNARY_OPERATOR, PROPERTY_ID_COMPAT_MATH_START and PROPERTY_ID_COMPAT_MATH_CONTINUE constants.</li> <li>Added IntlDateFormatter::getIanaID/intltz_get_iana_id method/function.</li> <li>Set to C++17 standard for icu 74 and onwards.</li> <li>resourcebundle_get(), ResourceBundle::get(), and accessing offsets on a ResourceBundle object now throw: - TypeError for invalid offset types - ValueError for an empty string - ValueError if the integer index does not fit in a signed 32 bit integer</li> <li>ResourceBundle::get() now has a tentative return type of: ResourceBundle|array|string|int|null</li> <li>Added the new Grapheme function grapheme_str_split.</li> <li>Added IntlDateFormatter::parseToCalendar.</li> <li>Added SpoofChecker::setAllowedChars to set unicode chars ranges.</li> </ul></li> <li>LDAP: <ul> <li>Added LDAP_OPT_X_TLS_PROTOCOL_MAX/LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 constants.</li> </ul></li> <li>LibXML: <ul> <li>Added LIBXML_RECOVER constant.</li> <li>libxml_set_streams_context() now throws immediately on an invalid context instead of at the use-site.</li> <li>Added LIBXML_NO_XXE constant.</li> </ul></li> <li>MBString: <ul> <li>Added mb_trim, mb_ltrim and mb_rtrim.</li> <li>Added mb_ucfirst and mb_lcfirst.</li> <li>Updated Unicode data tables to Unicode 15.1.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15824">GH-15824</a> (mb_detect_encoding(): Argument $encodings contains invalid encoding "UTF8").</li> <li>Updated Unicode data tables to Unicode 16.0.</li> </ul></li> <li>Mysqli: <ul> <li>The mysqli_ping() function and mysqli::ping() method are now deprecated, as the reconnect feature was removed in PHP 8.2.</li> <li>The mysqli_kill() function and mysqli::kill() method are now deprecated. If this functionality is needed a SQL "KILL" command can be used instead.</li> <li>The mysqli_refresh() function and mysqli::refresh() method are now deprecated. If this functionality is needed a SQL "FLUSH" command can be used instead.</li> <li>Passing explicitly the $mode parameter to mysqli_store_result() has been deprecated. As the MYSQLI_STORE_RESULT_COPY_DATA constant was only used in conjunction with this function it has also been deprecated.</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13440">GH-13440</a> (PDO quote bottleneck).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10599">GH-10599</a> (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection).</li> </ul></li> <li>Opcache: <ul> <li>Added large shared segments support for FreeBSD.</li> <li>If JIT is enabled, PHP will now exit with a fatal error on startup in case of JIT startup initialization issues.</li> <li>Increased the maximum value of opcache.interned_strings_buffer to 32767 on 64bit archs.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13834">GH-13834</a> (Applying non-zero offset 36 to null pointer in zend_jit.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14361">GH-14361</a> (Deep recursion in zend_cfg.c causes segfault).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14873">GH-14873</a> (PHP 8.4 min function fails on typed integer).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15490">GH-15490</a> (Building of callgraph modifies preloaded symbols).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15178">GH-15178</a> (Assertion in tracing JIT on hooks).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15657">GH-15657</a> (Segmentation fault in dasm_x86.h).</li> <li>Added opcache_jit_blacklist() function.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16009">GH-16009</a> (Segmentation fault with frameless functions and undefined CVs).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16186">GH-16186</a> (Assertion failure in Zend/zend_operators.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16572">GH-16572</a> (Incorrect result with reflection in low-trigger JIT).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16839">GH-16839</a> (Error on building Opcache JIT for Windows ARM64).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80269">#80269</a> (OpenSSL sets Subject wrong with extraattribs parameter).</li> <li>Implement request #48520 (openssl_csr_new - allow multiple values in DN).</li> <li>Introduced new serial_hex parameter to openssl_csr_sign.</li> <li>Added X509_PURPOSE_OCSP_HELPER and X509_PURPOSE_TIMESTAMP_SIGN constants.</li> <li>Bumped minimum required OpenSSL version to 1.1.1.</li> <li>Added compile-time option --with-openssl-legacy-provider to enable legacy provider.</li> <li>Added support for Curve25519 + Curve448 based keys.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13343">GH-13343</a> (openssl_x509_parse should not allow omitted seconds in UTCTimes).</li> <li>Bumped minimum required OpenSSL version to 1.1.0.</li> <li>Implement <a href="https://github.com/php/php-src/issues/13514">GH-13514</a> PASSWORD_ARGON2 from OpenSSL 3.2.</li> </ul></li> <li>Output: <ul> <li>Clear output handler status flags during handler initialization.</li> <li>Fixed bug with url_rewriter.hosts not used by output_add_rewrite_var().</li> </ul></li> <li>PCNTL: <ul> <li>Added pcntl_setns for Linux.</li> <li>Added pcntl_getcpuaffinity/pcntl_setcpuaffinity.</li> <li>Updated pcntl_get_signal_handler signal id upper limit to be more in line with platforms limits.</li> <li>Added pcntl_getcpu for Linux/FreeBSD/Solaris/Illumos.</li> <li>Added pcntl_getqos_class/pcntl_setqos_class for macOs.</li> <li>Added SIGCKPT/SIGCKPTEXIT constants for DragonFlyBSD.</li> <li>Added FreeBSD's SIGTRAP handling to pcntl_siginfo_to_zval.</li> <li>Added POSIX pcntl_waitid.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16769">GH-16769</a>: (pcntl_sigwaitinfo aborts on signal value as reference).</li> </ul></li> <li>PCRE: <ul> <li>Upgrade bundled pcre2lib to version 10.43.</li> <li>Add "/r" modifier.</li> <li>Upgrade bundled pcre2lib to version 10.44.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16189">GH-16189</a> (underflow on offset argument).</li> <li>Fix UAF issues with PCRE after request shutdown.</li> </ul></li> <li>PDO: <ul> <li>Fixed setAttribute and getAttribute.</li> <li>Implemented PDO driver-specific subclasses RFC.</li> <li>Added support for PDO driver-specific SQL parsers.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14792">GH-14792</a> (Compilation failure on pdo_* extensions).</li> <li>mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT.</li> <li>The internal header php_pdo_int.h is no longer installed; it is not supposed to be used by PDO drivers.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16167">GH-16167</a> (Prevent mixing PDO sub-classes with different DSN).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16314">GH-16314</a> ("Pdo\Mysql object is uninitialized" when opening a persistent connection).</li> </ul></li> <li>PDO_DBLIB: <ul> <li>Fixed setAttribute and getAttribute.</li> <li>Added class Pdo\DbLib.</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed setAttribute and getAttribute.</li> <li>Feature: Add transaction isolation level and mode settings to pdo_firebird.</li> <li>Added class Pdo\Firebird.</li> <li>Added Pdo\Firebird::ATTR_API_VERSION.</li> <li>Added getApiVersion() and removed from getAttribute().</li> <li>Supported Firebird 4.0 datatypes.</li> <li>Support proper formatting of time zone types.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/15604">GH-15604</a> (Always make input parameters nullable).</li> </ul></li> <li>PDO_MYSQL: <ul> <li>Fixed setAttribute and getAttribute.</li> <li>Added class Pdo\Mysql.</li> <li>Added custom SQL parser.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/15949">GH-15949</a> (PDO_MySQL not properly quoting PDO_PARAM_LOB binary data).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Added class Pdo\Odbc.</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/12423">GH-12423</a>, DSN credentials being prioritized over the user/password PDO constructor arguments.</li> <li>Fixed native float support with pdo_pgsql query results.</li> <li>Added class Pdo\Pgsql.</li> <li>Retrieve the memory usage of the query result resource.</li> <li>Added Pdo\Pgsql::setNoticeCallBack method to receive DB notices.</li> <li>Added custom SQL parser.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/15986">GH-15986</a> (Double-free due to Pdo\Pgsql::setNoticeCallback()).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/12940">GH-12940</a> (Using PQclosePrepared when available instead of the DEALLOCATE command to free statements resources).</li> <li>Remove PGSQL_ATTR_RESULT_MEMORY_SIZE constant as it is provided by the new PDO Subclass as Pdo\Pgsql::ATTR_RESULT_MEMORY_SIZE.</li> </ul></li> <li>PDO_SQLITE: <ul> <li>Added class Pdo\Sqlite.</li> <li>Fixed bug <a href="http://bugs.php.net/81227">#81227</a> (PDO::inTransaction reports false when in transaction).</li> <li>Added custom SQL parser.</li> </ul></li> <li>PHPDBG: <ul> <li>array out of bounds, stack overflow handled for segfault handler on windows.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16041">GH-16041</a> (Support stack limit in phpdbg).</li> </ul></li> <li>PGSQL: <ul> <li>Added the possibility to have no conditions for pg_select.</li> <li>Persistent connections support the PGSQL_CONNECT_FORCE_RENEW flag.</li> <li>Added pg_result_memory_size to get the query result memory usage.</li> <li>Added pg_change_password to alter an user's password.</li> <li>Added pg_put_copy_data/pg_put_copy_end to send COPY commands and signal the end of the COPY.</li> <li>Added pg_socket_poll to poll on the connection.</li> <li>Added pg_jit to get infos on server JIT support.</li> <li>Added pg_set_chunked_rows_size to fetch results per chunk.</li> <li>pg_convert/pg_insert/pg_update/pg_delete ; regexes are now cached.</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12532">GH-12532</a> (PharData created from zip has incorrect timestamp).</li> </ul></li> <li>POSIX: <ul> <li>Added POSIX_SC_CHILD_MAX and POSIX_SC_CLK_TCK constants.</li> <li>Updated posix_isatty to set the error number on file descriptors.</li> </ul></li> <li>PSpell: <ul> <li>Moved to PECL.</li> </ul></li> <li>Random: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15094">GH-15094</a> (php_random_default_engine() is not C++ conforming).</li> <li>lcg_value() is now deprecated.</li> </ul></li> <li>Readline: <ul> <li>Fixed readline_info, rl_line_buffer_length/rl_len globals on update.</li> <li>Fixed bug <a href="http://bugs.php.net/51558">#51558</a> (Shared readline build fails).</li> <li>Fixed UAF with readline_info().</li> </ul></li> <li>Reflection: <ul> <li>Implement <a href="https://github.com/php/php-src/issues/12908">GH-12908</a> (Show attribute name/class in ReflectionAttribute dump).</li> <li>Make ReflectionGenerator::getFunction() legal after generator termination.</li> <li>Added ReflectionGenerator::isClosed().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15718">GH-15718</a> (Segfault on ReflectionProperty::get{Hook,Hooks}() on dynamic properties).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15694">GH-15694</a> (ReflectionProperty::isInitialized() is incorrect for hooked properties).</li> <li>Add missing ReflectionProperty::hasHook[s]() methods.</li> <li>Add missing ReflectionProperty::isFinal() method.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16122">GH-16122</a> (The return value of ReflectionFunction::getNamespaceName() and ReflectionFunction::inNamespace() for closures is incorrect).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16162">GH-16162</a> (No ReflectionProperty::IS_VIRTUAL) (DanielEScherzer)</li> <li>Fixed the name of the second parameter of ReflectionClass::resetAsLazyGhost().</li> </ul></li> <li>Session: <ul> <li>INI settings session.sid_length and session.sid_bits_per_character are now deprecated.</li> <li>Emit warnings for non-positive values of session.gc_divisor and negative values of session.gc_probability.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16590">GH-16590</a> (UAF in session_encode()).</li> </ul></li> <li>SimpleXML: <ul> <li>Fix signature of simplexml_import_dom().</li> </ul></li> <li>SNMP: <ul> <li>Removed the deprecated inet_ntoa call support.</li> </ul></li> <li>SOAP: <ul> <li>Add support for clark notation for namespaces in class map.</li> <li>Mitigate #51561 (SoapServer with a extented class and using sessions, lost the setPersistence()).</li> <li>Fixed bug <a href="http://bugs.php.net/49278">#49278</a> (SoapClient::__getLastResponseHeaders returns NULL if wsdl operation !has output).</li> <li>Fixed bug <a href="http://bugs.php.net/44383">#44383</a> (PHP DateTime not converted to xsd:datetime).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11941">GH-11941</a> (soap with session persistence will silently fail when "session" built as a shared object).</li> <li>Passing an int to SoapServer::addFunction() is now deprecated. If all PHP functions need to be provided flatten the array returned by get_defined_functions().</li> <li>The SOAP_FUNCTIONS_ALL constant is now deprecated.</li> <li>Fixed bug <a href="http://bugs.php.net/61525">#61525</a> (SOAP functions require at least one space after HTTP header colon).</li> <li>Implement request #47317 (SoapServer::__getLastResponse()).</li> </ul></li> <li>Sockets: <ul> <li>Removed the deprecated inet_ntoa call support.</li> <li>Added the SO_EXECLUSIVEADDRUSE windows constant.</li> <li>Added the SOCK_CONN_DGRAM/SOCK_DCCP netbsd constants.</li> <li>Added multicast group support for ipv4 on FreeBSD.</li> <li>Added the TCP_SYNCNT constant for Linux to set number of attempts to send SYN packets from the client.</li> <li>Added the SO_EXCLBIND constant for exclusive socket binding on illumos/solaris.</li> <li>Updated the socket_create_listen backlog argument default value to SOMAXCONN.</li> <li>Added the SO_NOSIGPIPE constant to control the generation of SIGPIPE for macOs and FreeBSD.</li> <li>Added SO_LINGER_SEC for macOs, true equivalent of SO_LINGER in other platforms.</li> <li>Add close-on-exec on socket created with socket_accept on unixes.</li> <li>Added IP_PORTRANGE* constants for BSD systems to control ephemeral port ranges.</li> <li>Added SOCK_NONBLOCK/SOCK_CLOEXEC constants for socket_create and socket_create_pair to apply O_NONBLOCK/O_CLOEXEC flags to the newly created sockets.</li> <li>Added SO_BINDTOIFINDEX to bind a socket to an interface index.</li> </ul></li> <li>Sodium: <ul> <li>Add support for AEGIS-128L and AEGIS-256.</li> <li>Enable AES-GCM on aarch64 with the ARM crypto extensions.</li> </ul></li> <li>SPL: <ul> <li>Implement SeekableIterator for SplObjectStorage.</li> <li>The SplFixedArray::__wakeup() method has been deprecated as it implements __serialize() and __unserialize() which need to be overwritten instead.</li> <li>Passing a non-empty string for the $escape parameter of: - SplFileObject::setCsvControl() - SplFileObject::fputcsv() - SplFileObject::fgetcsv() is now deprecated.</li> </ul></li> <li>Standard: <ul> <li>Implement <a href="https://github.com/php/php-src/issues/12188">GH-12188</a> (Indication for the int size in phpinfo()).</li> <li>Partly fix <a href="https://github.com/php/php-src/issues/12143">GH-12143</a> (Incorrect round() result for 0.49999999999999994).</li> <li>Fix <a href="https://github.com/php/php-src/issues/12252">GH-12252</a> (round(): Validate the rounding mode).</li> <li>Increase the default BCrypt cost to 12.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12592">GH-12592</a> (strcspn() odd behaviour with NUL bytes and empty mask).</li> <li>Removed the deprecated inet_ntoa call support.</li> <li>Cast large floats that are within int range to int in number_format so the precision is not lost.</li> <li>Add support for 4 new rounding modes to the round() function.</li> <li>debug_zval_dump() now indicates whether an array is packed.</li> <li>Fix <a href="https://github.com/php/php-src/issues/12143">GH-12143</a> (Optimize round).</li> <li>Changed return type of long2ip to string from string|false.</li> <li>Fix <a href="https://github.com/php/php-src/issues/12143">GH-12143</a> (Extend the maximum precision round can handle by one digit).</li> <li>Added the http_get_last_response_headers() and http_clear_last_response_headers() that allows retrieving the same content as the magic $http_response_header variable.</li> <li>Add php_base64_encode_ex() API.</li> <li>Implemented "Raising zero to the power of negative number" RFC.</li> <li>Added array_find(), array_find_key(), array_all(), and array_any().</li> <li>Change highlight_string() and print_r() return type to string|true.</li> <li>Fix references in request_parse_body() options array.</li> <li>Add RoundingMode enum.</li> <li>Unserializing the uppercase 'S' tag is now deprecated.</li> <li>Enables crc32 auxiliary detection on OpenBSD.</li> <li>Passing a non-empty string for the $escape parameter of: - fputcsv() - fgetcsv() - str_getcsv() is now deprecated.</li> <li>The str_getcsv() function now throws ValueErrors when the $separator and $enclosure arguments are not one byte long, or if the $escape is not one byte long or the empty string. This aligns the behaviour to be identical to that of fputcsv() and fgetcsv().</li> <li>php_uname() now throws ValueErrors on invalid inputs.</li> <li>The "allowed_classes" option for unserialize() now throws TypeErrors and ValueErrors if it is not an array of class names.</li> <li>Implemented <a href="https://github.com/php/php-src/issues/15685">GH-15685</a> (improve proc_open error reporting on Windows).</li> <li>Add support for backed enums in http_build_query().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15982">GH-15982</a> (Assertion failure with array_find when references are involved).</li> <li>Fixed parameter names of fpow() to be identical to pow().</li> </ul></li> <li>Streams: <ul> <li>Implemented <a href="https://github.com/php/php-src/issues/15155">GH-15155</a> (Stream context is lost when custom stream wrapper is being filtered).</li> </ul></li> <li>Tidy: <ul> <li>Failures in the constructor now throw exceptions rather than emitting warnings and having a broken object.</li> <li>Add tidyNode::getNextSibling() and tidyNode::getPreviousSibling().</li> </ul></li> <li>Windows: <ul> <li>Update the icon of the Windows executables, e.g. php.exe.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16199">GH-16199</a> (GREP_HEADER() is broken).</li> </ul></li> <li>XML: <ul> <li>Added XML_OPTION_PARSE_HUGE parser option.</li> <li>Fixed bug <a href="http://bugs.php.net/81481">#81481</a> (xml_get_current_byte_index limited to 32-bit numbers on 64-bit builds).</li> <li>The xml_set_object() function has been deprecated.</li> <li>Passing non-callable strings to the xml_set_*_handler() functions is now deprecated.</li> </ul></li> <li>XMLReader: <ul> <li>Declares class constant types.</li> <li>Add XMLReader::fromStream(), XMLReader::fromUri(), XMLReader::fromString().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15123">GH-15123</a> (var_dump doesn't actually work on XMLReader).</li> </ul></li> <li>XMLWriter: <ul> <li>Add XMLWriter::toStream(), XMLWriter::toUri(), XMLWriter::toMemory().</li> </ul></li> <li>XSL: <ul> <li>Implement request #64137 (XSLTProcessor::setParameter() should allow both quotes to be used).</li> <li>Implemented "Improve callbacks in ext/dom and ext/xsl" RFC.</li> <li>Added XSLTProcessor::$maxTemplateDepth and XSLTProcessor::$maxTemplateVars.</li> <li>Fix trampoline leak in xpath callables.</li> </ul></li> <li>Zip: <ul> <li>Added ZipArchive::ER_TRUNCATED_ZIP added in libzip 1.11.</li> </ul></li> </ul> </section> <a id="PHP_8_3"></a> <section class="version" id="8.3.14"> <h3>Version 8.3.14</h3> <b><time class='releasedate' datetime='2024-11-21'>21 Nov 2024</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16373">GH-16373</a> (Shebang is not skipped for router script in cli-server started through shebang).</li> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-4w77-75f9-2c8w">GHSA-4w77-75f9-2c8w</a> (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).</li> </ul></li> <li>COM: <ul> <li>Fixed out of bound writes to SafeArray data.</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16168">GH-16168</a> (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16371">GH-16371</a> (Assertion failure in Zend/zend_weakrefs.c:646).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16515">GH-16515</a> (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16509">GH-16509</a> (Incorrect line number in function redeclaration error).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16508">GH-16508</a> (Incorrect line number in inheritance errors of delayed early bound classes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16648">GH-16648</a> (Use-after-free during array sorting).</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16302">GH-16302</a> (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16454">GH-16454</a> (Unhandled INF in date_sunset() with tiny $utcOffset).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14732">GH-14732</a> (date_sun_info() fails for non-finite values).</li> </ul></li> <li>DBA: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16390">GH-16390</a> (dba_open() can segfault for "pathless" streams).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16316">GH-16316</a> (DOMXPath breaks when not initialized properly).</li> <li>Add missing hierarchy checks to replaceChild.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16336">GH-16336</a> (Attribute intern document mismanagement).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16338">GH-16338</a> (Null-dereference in ext/dom/node.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16473">GH-16473</a> (dom_import_simplexml stub is wrong).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16533">GH-16533</a> (Segfault when adding attribute to parent that is not an element).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16535">GH-16535</a> (UAF when using document as a child).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16593">GH-16593</a> (Assertion failure in DOM->replaceChild).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16595">GH-16595</a> (Another UAF in DOM -> cloneNode).</li> </ul></li> <li>EXIF: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16409">GH-16409</a> (Segfault in exif_thumbnail when not dealing with a real file).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16397">GH-16397</a> (Segmentation fault when comparing FFI object).</li> </ul></li> <li>Filter: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16523">GH-16523</a> (FILTER_FLAG_HOSTNAME accepts ending hyphen).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16628">GH-16628</a> (FPM logs are getting corrupted with this log statement).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16334">GH-16334</a> (imageaffine overflow on matrix elements).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16427">GH-16427</a> (Unchecked libavif return values).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16559">GH-16559</a> (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).</li> </ul></li> <li>GMP: <ul> <li>Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16411">GH-16411</a> (gmp_export() can cause overflow).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16501">GH-16501</a> (gmp_random_bits() can cause overflow).</li> <li>Fixed gmp_pow() overflow bug with large base/exponents.</li> <li>Fixed segfaults and other issues related to operator overloading with GMP objects.</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff">GHSA-g665-fm4p-vhff</a> (OOB access in ldap_escape). (CVE-2024-8932)</li> </ul></li> <li>MBstring: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16361">GH-16361</a> (mb_substr overflow on start/length arguments).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678">GHSA-h35g-vwh6-m678</a> (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16408">GH-16408</a> (Array to string conversion warning emitted in optimizer).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16357">GH-16357</a> (openssl may modify member types of certificate arrays).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16433">GH-16433</a> (Large values for openssl_csr_sign() $days overflow).</li> <li>Fix various memory leaks on error conditions in openssl_x509_parse().</li> </ul></li> <li>PDO DBLIB: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv">GHSA-5hqh-c84r-qjcv</a> (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)</li> </ul></li> <li>PDO Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv">GHSA-5hqh-c84r-qjcv</a> (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)</li> </ul></li> <li>PDO ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16450">GH-16450</a> (PDO_ODBC can inject garbage into field values).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16406">GH-16406</a> (Assertion failure in ext/phar/phar.c:2808).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16174">GH-16174</a> (Empty string is an invalid expression for ev).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16601">GH-16601</a> (Memory leak in Reflection constructors).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16385">GH-16385</a> (Unexpected null returned by session_set_cookie_params).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16290">GH-16290</a> (overflow on cookie_lifetime ini value).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16318">GH-16318</a> (Recursive array segfaults soap encoding).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16429">GH-16429</a> (Segmentation fault access null pointer in SoapClient).</li> </ul></li> <li>Sockets: <ul> <li>Fixed bug with overflow socket_recvfrom $length argument.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16337">GH-16337</a> (Use-after-free in SplHeap).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16464">GH-16464</a> (Use-after-free in SplDoublyLinkedList::offsetSet()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16479">GH-16479</a> (Use-after-free in SplObjectStorage::setInfo()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16478">GH-16478</a> (Use-after-free in SplFixedArray::unset()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16588">GH-16588</a> (UAF in Observer->serialize).</li> <li>Fix <a href="https://github.com/php/php-src/issues/16477">GH-16477</a> (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16589">GH-16589</a> (UAF in SplDoublyLinked->serialize()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14687">GH-14687</a> (segfault on SplObjectIterator instance).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16604">GH-16604</a> (Memory leaks in SPL constructors).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16646">GH-16646</a> (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16293">GH-16293</a> (Failed assertion when throwing in assert() callback with bail enabled).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2">GHSA-c5f2-jwm7-mmq2</a> (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)</li> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43">GHSA-r977-prxv-hc43</a> (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)</li> </ul></li> <li>SysVMsg: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16592">GH-16592</a> (msg_send() crashes when a type does not properly serialized).</li> </ul></li> <li>SysVShm: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16591">GH-16591</a> (Assertion error in shm_put_var).</li> </ul></li> <li>XMLReader: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16292">GH-16292</a> (Segmentation fault in ext/xmlreader/php_xmlreader.c).</li> </ul></li> <li>Zlib: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16326">GH-16326</a> (Memory management is broken for bad dictionaries.) (cmb)</li> </ul></li> </ul> </section> <section class="version" id="8.3.13"> <h3>Version 8.3.13</h3> <b><time class='releasedate' datetime='2024-10-24'>24 Oct 2024</time></b> <ul><li>Calendar: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/16240">GH-16240</a>: jdtounix overflow on argument value.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16241">GH-16241</a>: easter_days/easter_date overflow on year argument.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16263">GH-16263</a>: jddayofweek overflow.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16234">GH-16234</a>: jewishtojd overflow.</li> </ul></li> <li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16137">GH-16137</a>: duplicate http headers when set several times by the client.</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16054">GH-16054</a> (Segmentation fault when resizing hash table iterator list while adding).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15905">GH-15905</a> (Assertion failure for TRACK_VARS_SERVER).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15907">GH-15907</a> (Failed assertion when promoting Serialize deprecation to exception).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15851">GH-15851</a> (Segfault when printing backtrace during cleanup of nested generator frame).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15866">GH-15866</a> (Core dumped in Zend/zend_generators.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16188">GH-16188</a> (Assertion failure in Zend/zend_exceptions.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16233">GH-16233</a> (Observer segfault when calling user function in internal function via trampoline).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16039">GH-16039</a> (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16149">GH-16149</a> (Null pointer dereference in DOMElement->getAttributeNames()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16151">GH-16151</a> (Assertion failure in ext/dom/parentnode/tree.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16150">GH-16150</a> (Use after free in php_dom.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16152">GH-16152</a> (Memory leak in DOMProcessingInstruction/DOMDocument).</li> </ul></li> <li>JSON: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15168">GH-15168</a> (stack overflow in json_encode()).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16232">GH-16232</a> (bitshift overflow on wbmp file content reading / fix backport from upstream).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12264">GH-12264</a> (overflow/underflow on imagerotate degrees value) (David Carlier)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16274">GH-16274</a> (imagescale underflow on RBG channels / fix backport from upstream).</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16032">GH-16032</a> (Various NULL pointer dereferencements in ldap_modify_batch()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16101">GH-16101</a> (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list).</li> <li>Fix <a href="https://github.com/php/php-src/issues/16132">GH-16132</a> (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.).</li> <li>Fix <a href="https://github.com/php/php-src/issues/16136">GH-16136</a> (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16261">GH-16261</a> (Reference invariant broken in mb_convert_variables()).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed stub for openssl_csr_new.</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16189">GH-16189</a> (underflow on offset argument).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16184">GH-16184</a> (UBSan address overflowed in ext/pcre/php_pcre.c).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15901">GH-15901</a> (phpdbg: Assertion failure on i funcs).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16181">GH-16181</a> (phpdbg: exit in exception handler reports fatal error).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16187">GH-16187</a> (Assertion failure in ext/reflection/php_reflection.c).</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15395">GH-15395</a> (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15837">GH-15837</a> (Segmentation fault in ext/simplexml/simplexml.c).</li> </ul></li> <li>Sockets: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16267">GH-16267</a> (socket_strerror overflow on errno argument).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/73182">#73182</a> (PHP SOAPClient does not support stream context HTTP headers in array form).</li> <li>Fixed bug <a href="http://bugs.php.net/62900">#62900</a> (Wrong namespace on xsd import error message).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15711">GH-15711</a> (SoapClient can't convert BackedEnum to scalar value).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16237">GH-16237</a> (Segmentation fault when cloning SoapServer).</li> <li>Fix Soap leaking http_msg on error.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16256">GH-16256</a> (Assertion failure in ext/soap/php_encoding.c:460).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16259">GH-16259</a> (Soap segfault when classmap instantiation fails).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15918">GH-15918</a> (Assertion failure in ext/spl/spl_fixedarray.c).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16053">GH-16053</a> (Assertion failure in Zend/zend_hash.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15169">GH-15169</a> (stack overflow when var serialization in ext/standard/var).</li> </ul></li> <li>Streams: <ul> <li>Fixed bugs <a href="https://github.com/php/php-src/issues/15908">GH-15908</a> and <a href="https://github.com/php/php-src/issues/15026">GH-15026</a> (leak / assertion failure in streams.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15980">GH-15980</a> (Signed integer overflow in main/streams/streams.c).</li> </ul></li> <li>TSRM: <ul> <li>Prevent closing of unrelated handles.</li> </ul></li> <li>Windows: <ul> <li>Fixed minimal Windows version.</li> </ul></li> </ul> </section> <section class="version" id="8.3.12"> <h3>Version 8.3.12</h3> <b><time class='releasedate' datetime='2024-09-26'>26 Sep 2024</time></b> <ul><li>CGI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq">GHSA-p99j-rfp4-xqvq</a> (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)</li> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp">GHSA-94p6-54jq-9mwp</a> (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15408">GH-15408</a> (MSan false-positve on zend_max_execution_timer).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15515">GH-15515</a> (Configure error grep illegal option q).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15514">GH-15514</a> (Configure error: genif.sh: syntax error).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15565">GH-15565</a> (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15587">GH-15587</a> (CRC32 API build error on arm 32-bit).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15330">GH-15330</a> (Do not scan generator frames more than once).</li> <li>Fixed uninitialized lineno in constant AST of internal enums.</li> </ul></li> <li>Curl: <ul> <li>FIxed bug <a href="https://github.com/php/php-src/issues/15547">GH-15547</a> (curl_multi_select overflow on timeout argument).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15551">GH-15551</a> (Segmentation fault (access null pointer) in ext/dom/xml_common.h).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15654">GH-15654</a> (Signed integer overflow in ext/dom/nodelist.c).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15752">GH-15752</a> (Incorrect error message for finfo_file with an empty filename argument).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5">GHSA-865w-9rf3-2wh5</a> (Logs from childrens may be altered). (CVE-2024-9026)</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15432">GH-15432</a> (Heap corruption when querying a vector).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15661">GH-15661</a> (Access null pointer in Zend/Optimizer/zend_inference.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15658">GH-15658</a> (Segmentation fault in Zend/zend_vm_execute.h).</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32">GHSA-9pqp-7h25-4f32</a> (Erroneous parsing of multipart form data). (CVE-2024-8925)</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15552">GH-15552</a> (Signed integer overflow in ext/standard/scanf.c).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15628">GH-15628</a> (php_stream_memory_get_buffer() not zero-terminated).</li> </ul></li> </ul> </section> <section class="version" id="8.3.11"> <h3>Version 8.3.11</h3> <b><time class='releasedate' datetime='2024-08-29'>29 Aug 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15020">GH-15020</a> (Memory leak in Zend/Optimizer/escape_analysis.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15023">GH-15023</a> (Memory leak in Zend/zend_ini.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13330">GH-13330</a> (Append -Wno-implicit-fallthrough flag conditionally).</li> <li>Fix uninitialized memory in network.c.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15108">GH-15108</a> (Segfault when destroying generator during shutdown).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15275">GH-15275</a> (Crash during GC of suspended generator delegate).</li> </ul></li> <li>Curl: <ul> <li>Fixed case when curl_error returns an empty string.</li> </ul></li> <li>DOM: <ul> <li>Fix UAF when removing doctype and using foreach iteration.</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14286">GH-14286</a> (ffi enum type (when enum has no name) make memory leak).</li> </ul></li> <li>Hash: <ul> <li>Fix crash when converting array data for array in shm in xxh3.</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15087">GH-15087</a> (IntlChar::foldCase()'s $option is not optional).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13817">GH-13817</a> (Segmentation fault for enabled observers after pass 4).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13775">GH-13775</a> (Memory leak possibly related to opcache SHM placement).</li> </ul></li> <li>Output: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15179">GH-15179</a> (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fix bogus fallthrough path in firebird_handle_get_attribute().</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13199">GH-13199</a> (EOF emits redundant prompt in phpdbg local console mode with libedit/readline).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15268">GH-15268</a> (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15210">GH-15210</a> use-after-free on watchpoint allocations.</li> </ul></li> <li>Soap: <ul> <li>Fixed bug <a href="http://bugs.php.net/55639">#55639</a> (Digest autentication dont work).</li> <li>Fix SoapFault property destruction.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15252">GH-15252</a> (SOAP XML broken since PHP 8.3.9 when using classmap constructor option).</li> </ul></li> <li>Standard: <ul> <li>Fix passing non-finite timeout values in stream functions.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/14780">GH-14780</a> p(f)sockopen timeout overflow.</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15028">GH-15028</a> (Memory leak in ext/phar/stream.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15034">GH-15034</a> (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB).</li> <li>Reverted fix for <a href="https://github.com/php/php-src/issues/14930">GH-14930</a> (Custom stream wrapper dir_readdir output truncated to 255 characters).</li> </ul></li> <li>Tidy: <ul> <li>Fix memory leaks in ext/tidy basedir restriction code.</li> </ul></li> </ul> </section> <section class="version" id="8.3.10"> <h3>Version 8.3.10</h3> <b><time class='releasedate' datetime='2024-08-01'>01 Aug 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13922">GH-13922</a> (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14626">GH-14626</a> (Fix is_zend_ptr() for huge blocks).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14590">GH-14590</a> (Memory leak in FPM test gh13563-conf-bool-env.phpt.</li> <li>Fixed OSS-Fuzz #69765.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14741">GH-14741</a> (Segmentation fault in Zend/zend_types.h).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14969">GH-14969</a> (Use-after-free in property coercion with __toString()).</li> </ul></li> <li>Dom: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14702">GH-14702</a> (DOMDocument::xinclude() crash).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14888">GH-14888</a> (README.REDIST.BINS refers to non-existing LICENSE).</li> </ul></li> <li>Gd: <ul> <li>ext/gd/tests/gh10614.phpt: skip if no PNG support.</li> <li>restored warning instead of fata error.</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14563">GH-14563</a> (Build failure with libxml2 v2.13.0).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14550">GH-14550</a> (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled).</li> </ul></li> <li>Output: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14808">GH-14808</a> (Unexpected null pointer in Zend/zend_string.h with empty output buffer).</li> </ul></li> <li>PDO: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14712">GH-14712</a> (Crash with PDORow access to null property).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14603">GH-14603</a> (null string from zip entry).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14596">GH-14596</a> (crashes with ASAN and ZEND_RC_DEBUG=1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14553">GH-14553</a> (echo output trimmed at NULL byte).</li> </ul></li> <li>Shmop: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14537">GH-14537</a> (shmop Windows 11 crashes the process).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14639">GH-14639</a> (Member access within null pointer in ext/spl/spl_observer.c).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14775">GH-14775</a> (range function overflow with negative step argument).</li> <li>Fix 32-bit wordwrap test failures.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14774">GH-14774</a> (time_sleep_until overflow).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14930">GH-14930</a> (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3).</li> </ul></li> <li>Tidy: <ul> <li>Fix memory leak in tidy_repair_file().</li> </ul></li> <li>Treewide: <ul> <li>Fix compatibility with libxml2 2.13.2.</li> </ul></li> <li>XML: <ul> <li>Move away from to-be-deprecated libxml fields.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14834">GH-14834</a> (Error installing PHP when --with-pear is used).</li> </ul></li> </ul> </section> <section class="version" id="8.3.9"> <h3>Version 8.3.9</h3> <b><time class='releasedate' datetime='2024-07-04'>04 Jul 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14315">GH-14315</a> (Incompatible pointer type warnings).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12814">GH-12814</a> (max_execution_time reached too early on MacOS 14 when running on Apple Silicon).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14387">GH-14387</a> (Crash when stack walking in destructor of yielded from values during Generator->throw()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14456">GH-14456</a> (Attempting to initialize class with private constructor calls destructor).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14510">GH-14510</a> (memleak due to missing pthread_attr_destroy()-call).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14549">GH-14549</a> (Incompatible function pointer type for fclose).</li> </ul></li> <li>BCMatch: <ul> <li>Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0).</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14307">GH-14307</a> (Test curl_basic_024 fails with curl 8.8.0).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14343">GH-14343</a> (Memory leak in xml and dom).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14037">GH-14037</a> (PHP-FPM ping.path and ping.response config vars are ignored in status pool).</li> </ul></li> <li>GD: <ul> <li>Fix parameter numbers for imagecolorset().</li> </ul></li> <li>Intl: <ul> <li>Fix reference handling in SpoofChecker.</li> </ul></li> <li>MySQLnd: <ul> <li>Partially fix bug <a href="https://github.com/php/php-src/issues/10599">GH-10599</a> (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14267">GH-14267</a> (opcache.jit=off does not allow enabling JIT at runtime).</li> <li>Fixed TLS access in JIT on FreeBSD/amd64.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11188">GH-11188</a> (Error when building TSRM in ARM64).</li> </ul></li> <li>PDO ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14367">GH-14367</a> (incompatible SDWORD type with iODBC).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13681">GH-13681</a> (segfault on watchpoint addition failure).</li> </ul></li> <li>Soap: <ul> <li>Fixed bug <a href="http://bugs.php.net/47925">#47925</a> (PHPClient can't decompress response).</li> <li>Fix missing error restore code.</li> <li>Fix memory leak if calling SoapServer::setObject() twice.</li> <li>Fix memory leak if calling SoapServer::setClass() twice.</li> <li>Fix reading zlib ini settings in ext-soap.</li> <li>Fix memory leaks with string function name lookups.</li> <li>Fixed bug <a href="http://bugs.php.net/69280">#69280</a> (SoapClient classmap doesn't support fully qualified class name).</li> <li>Fixed bug <a href="http://bugs.php.net/76232">#76232</a> (SoapClient Cookie Header Semicolon).</li> <li>Fixed memory leaks when calling SoapFault::__construct() twice.</li> </ul></li> <li>Sodium: <ul> <li>Fix memory leaks in ext/sodium on failure of some functions.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14290">GH-14290</a> (Member access within null pointer in extension spl).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14483">GH-14483</a> (Fixed off-by-one error in checking length of abstract namespace Unix sockets).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11078">GH-11078</a> (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors).</li> </ul></li> </ul> </section> <section class="version" id="8.3.8"> <h3>Version 8.3.8</h3> <b><time class='releasedate' datetime='2024-06-06'>06 Jun 2024</time></b> <ul><li>CGI: <ul> <li>Fixed buffer limit on Windows, replacing read call usage by _read.</li> <li>Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)</li> </ul></li> <li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14189">GH-14189</a> (PHP Interactive shell input state incorrectly handles quoted heredoc literals.).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13970">GH-13970</a> (Incorrect validation of #[Attribute] flags type for non-compile-time expressions).</li> </ul></li> <li>DOM: <ul> <li>Fix crashes when entity declaration is removed while still having entity references.</li> <li>Fix references not handled correctly in C14N.</li> <li>Fix crash when calling childNodes next() when iterator is exhausted.</li> <li>Fix crash in ParentNode::append() when dealing with a fragment containing text nodes.</li> </ul></li> <li>Filter: <ul> <li>Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)</li> </ul></li> <li>FPM: <ul> <li>Fix bug <a href="https://github.com/php/php-src/issues/14175">GH-14175</a> (Show decimal number instead of scientific notation in systemd status).</li> </ul></li> <li>Hash: <ul> <li>ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi)</li> </ul></li> <li>Intl: <ul> <li>Fixed build regression on systems without C++17 compilers.</li> </ul></li> <li>MySQLnd: <ul> <li>Fix bug <a href="https://github.com/php/php-src/issues/14255">GH-14255</a> (mysqli_fetch_assoc reports error from nested query).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14109">GH-14109</a> (Fix accidental persisting of internal class constant in shm).</li> </ul></li> <li>OpenSSL: <ul> <li>The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.</li> </ul></li> <li>Standard: <ul> <li>Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14124">GH-14124</a> (Segmentation fault with XML extension under certain memory limit).</li> </ul></li> <li>XMLReader: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14183">GH-14183</a> (XMLReader::open() can't be overridden).</li> </ul></li> </ul> </section> <section class="version" id="8.3.7"> <h3>Version 8.3.7</h3> <b><time class='releasedate' datetime='2024-05-09'>09 May 2024</time></b> <ul><li>Core: <ul> <li>Fixed zend_call_stack build with Linux/uclibc-ng without thread support.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13772">GH-13772</a> (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13931">GH-13931</a> (Applying zero offset to null pointer in Zend/zend_opcode.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13942">GH-13942</a> (Align the behavior of zend-max-execution-timers with other timeout implementations).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14003">GH-14003</a> (Broken cleanup of unfinished calls with callable convert parameters).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14013">GH-14013</a> (Erroneous dnl appended in configure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10232">GH-10232</a> (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13727">GH-13727</a> (Missing void keyword).</li> </ul></li> <li>Fibers: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13903">GH-13903</a> (ASAN false positive underflow when executing copy()).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13795">GH-13795</a> (Test failing in ext/fileinfo/tests/bug78987.phpt on big-endian PPC).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13563">GH-13563</a> (Setting bool values via env in FPM config fails).</li> </ul></li> <li>Intl: <ul> <li>Fixed build for icu 74 and onwards.</li> </ul></li> <li>MySQLnd: <ul> <li>Fix shift out of bounds on 32-bit non-fast-path platforms.</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13433">GH-13433</a> (Segmentation Fault in zend_class_init_statics when using opcache.preload).</li> <li>Fixed incorrect assumptions across compilation units for static calls.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10495">GH-10495</a> (feof on OpenSSL stream hangs indefinitely).</li> </ul></li> <li>PDO SQLite: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/13984">GH-13984</a> (Buffer size is now checked before memcmp).</li> <li>Fix <a href="https://github.com/php/php-src/issues/13998">GH-13998</a> (Manage refcount of agg_context->val correctly).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13836">GH-13836</a> (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13833">GH-13833</a> (Applying zero offset to null pointer in zend_hash.c).</li> <li>Fix potential NULL pointer dereference before calling EVP_SignInit.</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13827">GH-13827</a> (Null pointer access of type 'zval' in phpdbg_frame).</li> </ul></li> <li>Posix: <ul> <li>Fix usage of reentrant functions in ext/posix.</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13856">GH-13856</a> (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13891">GH-13891</a> (memleak and segfault when using ini_set with session.trans_sid_hosts).</li> <li>Fixed buffer _read/_write size limit on windows for the file mode.</li> </ul></li> <li>Streams: <ul> <li>Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument".</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13264">GH-13264</a> (Part 1 - Memory leak on stream filter failure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13860">GH-13860</a> (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11678">GH-11678</a> (Build fails on musl 1.2.4 - lfs64).</li> </ul></li> <li>Treewide: <ul> <li>Fix gcc-14 Wcalloc-transposed-args warnings.</li> </ul></li> </ul> </section> <section class="version" id="8.3.6"> <h3>Version 8.3.6</h3> <b><time class='releasedate' datetime='2024-04-11'>11 Apr 2024</time></b> <ul><li>Core: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/13569">GH-13569</a> (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13612">GH-13612</a> (Corrupted memory in destructor with weak references).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13446">GH-13446</a> (Restore exception handler after it finishes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13784">GH-13784</a> (AX_GCC_FUNC_ATTRIBUTE failure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13670">GH-13670</a> (GC does not scale well with a lot of objects created in destructor).</li> </ul></li> <li>DOM: <ul> <li>Add some missing ZPP checks.</li> <li>Fix potential memory leak in XPath evaluation results.</li> </ul></li> <li>FPM: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/11086">GH-11086</a> (FPM: config test runs twice in daemonised mode).</li> <li>Fix incorrect check in fpm_shm_free().</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12019">GH-12019</a> (add GDLIB_CFLAGS in feature tests).</li> </ul></li> <li>Gettext: <ul> <li>Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.</li> </ul></li> <li>MySQLnd: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/13452">GH-13452</a> (Fixed handshake response [mysqlnd]).</li> <li>Fix incorrect charset length in check_mb_eucjpms().</li> </ul></li> <li>Opcache: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/13508">GH-13508</a> (JITed QM_ASSIGN may be optimized out when op1 is null).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/13712">GH-13712</a> (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).</li> </ul></li> <li>Random: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13544">GH-13544</a> (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13690">GH-13690</a> (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13680">GH-13680</a> (Segfault with session_decode and compilation error).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13685">GH-13685</a> (Unexpected null pointer in zend_string.h).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11808">GH-11808</a> (Live filesystem modified by tests).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/13402">GH-13402</a> (Added validation of `\n` in $additional_headers of mail()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13203">GH-13203</a> (file_put_contents fail on strings over 4GB on Windows).</li> <li>Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)</li> <li>Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)</li> <li>Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)</li> <li>Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757)</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/13932">GH-13932</a> (Attempt to fix mbstring on windows build) (msvc).</li> </ul></li> </ul> </section> <section class="version" id="8.3.4"> <h3>Version 8.3.4</h3> <b><time class='releasedate' datetime='2024-03-14'>14 Mar 2024</time></b> <ul><li>Core: <ul> <li>Fix ZTS persistent resource crashes on shutdown.</li> </ul></li> <li>Curl: <ul> <li>Fix failing tests due to string changes in libcurl 8.6.0.</li> </ul></li> <li>DOM: <ul> <li>Fix unlikely memory leak in case of namespace removal with extremely deep trees.</li> <li>Fix reference access in dimensions for DOMNodeList and DOMNodeMap.</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13344">GH-13344</a> (finfo::buffer(): Failed identify data 0:(null), backport).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/75712">#75712</a> (getenv in php-fpm should not read $_ENV, $_SERVER).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12019">GH-12019</a> (detection of image formats in system gd library).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11950">GH-11950</a> ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error if CR_SERVER_GONE_ERROR is already set).</li> </ul></li> <li>PDO: <ul> <li>Fix various PDORow bugs.</li> </ul></li> <li>PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13354">GH-13354</a> (pg_execute/pg_send_query_params/pg_send_execute with null value passed by reference).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13531">GH-13531</a> (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13279">GH-13279</a> (Instable array during in-place modification in uksort).</li> <li>Fixed array key as hash to string (case insensitive) comparison typo for the second operand buffer size (albeit unused for now).</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13517">GH-13517</a> (Multiple test failures when building with --with-expat).</li> </ul></li> </ul> </section> <section class="version" id="8.3.3"> <h3>Version 8.3.3</h3> <b><time class='releasedate' datetime='2024-02-15'>15 Feb 2024</time></b> <ul><li>Core: <ul> <li>Fixed timer leak in zend-max-execution-timers builds.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12349">GH-12349</a> (linking failure on ARM with mold).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13097">GH-13097</a> (Anonymous class reference in trigger_error / thrown Exception).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13177">GH-13177</a> (PHP 8.3.2: final private constructor not allowed when used in trait).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13215">GH-13215</a> (GCC 14 build failure).</li> </ul></li> <li>Curl: <ul> <li>Fix missing error check in curl_multi_init().</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12996">GH-12996</a> (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10344">GH-10344</a> (imagettfbbox(): Could not find/open font UNC path).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10614">GH-10614</a> (imagerotate will turn the picture all black, when rotated 90).</li> </ul></li> <li>LibXML: <ul> <li>Fix crashes with entity references and predefined entities.</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12107">GH-12107</a> (When running a stored procedure (that returns a result set) twice, PHP crashes).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13145">GH-13145</a> (strtok() is not comptime).</li> <li>Fixed type inference of range().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13232">GH-13232</a> (Segmentation fault will be reported when JIT is off but JIT_debug is still on).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/13119">GH-13119</a> (Changed to convert float and double values into strings using `H` format).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/71465">#71465</a> (PHAR doesn't know about litespeed).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13037">GH-13037</a> (PharData incorrectly extracts zip file).</li> </ul></li> <li>Random: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13138">GH-13138</a> (Randomizer::pickArrayKeys() does not detect broken engines).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12504">GH-12504</a> (Corrupted session written when there's a fatal error in autoloader).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13094">GH-13094</a> (range(9.9, '0') causes segmentation fault).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13071">GH-13071</a> (Copying large files using mmap-able source streams may exhaust available memory and fail).</li> </ul></li> </ul> </section> <section class="version" id="8.3.2"> <h3>Version 8.3.2</h3> <b><time class='releasedate' datetime='2024-01-18'>18 Jan 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12953">GH-12953</a> (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12999">GH-12999</a> (zend_strnlen build when strnlen is unsupported).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12966">GH-12966</a> (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12854">GH-12854</a> (8.3 - as final trait-used method does not correctly report visibility in Reflection).</li> </ul></li> <li>Cli: <ul> <li>Fix incorrect timeout in built-in web server when using router script and max_input_time.</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12870">GH-12870</a> (Creating an xmlns attribute results in a DOMException).</li> <li>Fix crash when toggleAttribute() is used without a document.</li> <li>Fix crash in adoptNode with attribute references.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13012">GH-13012</a> (DOMNode::isEqualNode() is incorrect when attribute order is different).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9698">GH-9698</a> (stream_wrapper_register crashes with FFI\CData).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12905">GH-12905</a> (FFI::new interacts badly with observers).</li> </ul></li> <li>Intl: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/12943">GH-12943</a> (IntlDateFormatter::__construct accepts 'C' as valid locale).</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12936">GH-12936</a> (hash() function hangs endlessly if using sha512 on strings >= 4GiB).</li> </ul></li> <li>ODBC: <ul> <li>Fix crash on Apache shutdown with persistent connections.</li> </ul></li> <li>Opcache: <ul> <li>Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result).</li> <li>Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12987">GH-12987</a> (openssl_csr_sign might leak new cert on error).</li> </ul></li> <li>PDO: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/12969">GH-12969</a> (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12767">GH-12767</a> (Unable to turn on autocommit mode with setAttribute()).</li> </ul></li> <li>PGSQL: <ul> <li>Fixed auto_reset_persistent handling and allow_persistent type.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12974">GH-12974</a> (Apache crashes on shutdown when using pg_pconnect()).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/77432">#77432</a> (Segmentation fault on including phar file).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12962">GH-12962</a> (Double free of init_file in phpdbg_prompt.c).</li> </ul></li> <li>SimpleXML: <ul> <li>Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12929">GH-12929</a> (SimpleXMLElement with stream_wrapper_register can segfault).</li> </ul></li> <li>Tidy: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12980">GH-12980</a> (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes).</li> </ul></li> </ul> </section> <section class="version" id="8.3.1"> <h3>Version 8.3.1</h3> <b><time class='releasedate' datetime='2023-12-21'>21 Dec 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12758">GH-12758</a> / <a href="https://github.com/php/php-src/issues/12768">GH-12768</a> (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).</li> <li>Fix various missing NULL checks.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12835">GH-12835</a> (Leak of call->extra_named_params on internal __call).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12826">GH-12826</a> (Weird pointers issue in nested loops).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12705">GH-12705</a> (Segmentation fault in fpm_status_export_to_zval).</li> </ul></li> <li>FTP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9348">GH-9348</a> (FTP & SSL session reuse).</li> </ul></li> <li>LibXML: <ul> <li>Fixed test failures for libxml2 2.12.0.</li> </ul></li> <li>MySQLnd: <ul> <li>Avoid using uninitialised struct.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12791">GH-12791</a> (Possible dereference of NULL in MySQLnd debug code).</li> </ul></li> <li>Opcache: <ul> <li>Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error).</li> <li>Fixed JIT bug (JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown).</li> </ul></li> <li>PDO PGSQL: <ul> <li>Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12838">GH-12838</a> ([SOAP] Temporary WSDL cache files not being deleted).</li> </ul></li> <li>Standard: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/12745">GH-12745</a> (http_build_query() default null argument for $arg_separator is implicitly coerced to string).</li> </ul></li> </ul> </section> <section class="version" id="8.3.0"> <h3>Version 8.3.0</h3> <b><time class='releasedate' datetime='2023-11-23'>23 Nov 2023</time></b> <ul><li>Bcmath: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/11761">GH-11761</a> (removing trailing zeros from numbers) (jorgsowa)</li> </ul></li> <li>CLI: <ul> <li>Added pdeathsig to builtin server to terminate workers when the master process is killed.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11104">GH-11104</a> (STDIN/STDOUT/STDERR is not available for CLI without a script).</li> <li>Implement <a href="https://github.com/php/php-src/issues/10024">GH-10024</a> (support linting multiple files at once using php -l).</li> </ul></li> <li>Core: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11388">GH-11388</a> (Allow "final" modifier when importing a method from a trait).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11406">GH-11406</a> (segfault with unpacking and magic method closure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9388">GH-9388</a> (Improve unset property and __get type incompatibility error message).</li> <li>SA_ONSTACK is now set for signal handlers to be friendlier to other in-process code such as Go's cgo.</li> <li>SA_ONSTACK is now set when signals are disabled.</li> <li>Fix <a href="https://github.com/php/php-src/issues/9649">GH-9649</a>: Signal handlers now do a no-op instead of crashing when executed on threads not managed by TSRM.</li> <li>Added shadow stack support for fibers.</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/9965">GH-9965</a> (Fix accidental caching of default arguments with side effects).</li> <li>Implement <a href="https://github.com/php/php-src/issues/10217">GH-10217</a> (Use strlen() for determining the class_name length).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/8821">GH-8821</a> (Improve line numbers for errors in constant expressions).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10083">GH-10083</a> (Allow comments between & and parameter).</li> <li>Zend Max Execution Timers is now enabled by default for ZTS builds on Linux.</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10469">GH-10469</a> (Disallow .. in open_basedir paths set at runtime).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10168">GH-10168</a>, <a href="https://github.com/php/php-src/issues/10582">GH-10582</a> (Various segfaults with destructors and VM return values).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10935">GH-10935</a> (Use of trait doesn't redeclare static property if class has inherited it from its parent).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/11154">GH-11154</a> (Negative indices on empty array don't affect next chosen index).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/8846">GH-8846</a> (Implement delayed early binding for classes without parents).</li> <li>Fix bug #79836 (Segfault in concat_function).</li> <li>Fix bug #81705 (type confusion/UAF on set_error_handler with concat operation).</li> <li>Fix <a href="https://github.com/php/php-src/issues/11348">GH-11348</a> (Closure created from magic method does not accept named arguments).</li> <li>Fix <a href="https://github.com/php/php-src/issues/11388">GH-11388</a> (Allow "final" modifier when importing a method from a trait).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11406">GH-11406</a> (segfault with unpacking and magic method closure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11507">GH-11507</a> (String concatenation performance regression in 8.3).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/11488">GH-11488</a> (Missing "Optional parameter before required" deprecation on union null type).</li> <li>Implement the #[\Override] attribute RFC.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11601">GH-11601</a> (Incorrect handling of unwind and graceful exit exceptions).</li> <li>Added zend_call_stack_get implementation for OpenBSD.</li> <li>Add stack limit check in zend_eval_const_expr().</li> <li>Expose time spent collecting cycles in gc_status().</li> <li>Remove WeakMap entries whose key is only reachable through the entry value.</li> <li>Resolve open_basedir paths on INI update.</li> <li>Fixed oss-fuzz #60741 (Leak in open_basedir).</li> <li>Fixed segfault during freeing of some incompletely initialized objects due to OOM error (PDO, SPL, XSL).</li> <li>Introduced Zend guard recursion protection to fix __debugInfo issue.</li> <li>Fixed oss-fuzz #61712 (assertion failure with error handler during binary op).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/11847">GH-11847</a> (DTrace enabled build is broken).</li> <li>Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property that is unset in error handler).</li> <li>Fixed warning emitted when checking if a user stream is castable.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12123">GH-12123</a> (Compile error on MacOS with C++ extension when using ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12189">GH-12189</a> (#[Override] attribute in trait does not check for parent class implementations).</li> <li>Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable warning).</li> <li>Fixed buffer underflow when compiling memoized expression.</li> <li>Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec).</li> </ul></li> <li>Curl: <ul> <li>Added Curl options and constants up to (including) version 7.87.</li> </ul></li> <li>Date: <ul> <li>Implement More Appropriate Date/Time Exceptions RFC.</li> </ul></li> <li>DOM: <ul> <li>Fix bug <a href="https://github.com/php/php-src/issues/8388">GH-8388</a> (DOMAttr unescapes character reference).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/11308">GH-11308</a> (getElementsByTagName() is O(N^2)).</li> <li>Fix #79700 (wrong use of libxml oldNs leads to performance problem).</li> <li>Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after normalisation).</li> <li>Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11500">GH-11500</a> (Namespace reuse in createElementNS() generates wrong output).</li> <li>Implemented DOMDocument::adoptNode(). Previously this always threw a "not yet implemented" exception.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9628">GH-9628</a> (Implicitly removing nodes from \DOMDocument breaks existing references).</li> <li>Added DOMNode::contains() and DOMNameSpaceNode::contains().</li> <li>Added DOMElement::getAttributeNames().</li> <li>Added DOMNode::getRootNode().</li> <li>Added DOMElement::className and DOMElement::id.</li> <li>Added DOMParentNode::replaceChildren().</li> <li>Added DOMNode::isConnected and DOMNameSpaceNode::isConnected.</li> <li>Added DOMNode::parentElement and DOMNameSpaceNode::parentElement.</li> <li>Added DOMNode::isEqualNode().</li> <li>Added DOMElement::insertAdjacentElement() and DOMElement::insertAdjacentText().</li> <li>Added DOMElement::toggleAttribute().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11792">GH-11792</a> (LIBXML_NOXMLDECL is not implemented or broken).</li> <li>adoptNode now respects the strict error checking property.</li> <li>Align DOMChildNode parent checks with spec.</li> <li>Fixed bug <a href="http://bugs.php.net/80927">#80927</a> (Removing documentElement after creating attribute node: possible use-after-free).</li> <li>Fix various namespace prefix conflict resolution bugs.</li> <li>Fix calling createAttributeNS() without prefix causing the default namespace of the element to change.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/11952">GH-11952</a> (Confusing warning when blocking entity loading via libxml_set_external_entity_loader).</li> <li>Fix broken cache invalidation with deallocated and reallocated document node.</li> <li>Fix compile error when php_libxml.h header is included in C++.</li> <li>Fixed bug <a href="http://bugs.php.net/47531">#47531</a> (No way of removing redundant xmlns: declarations).</li> </ul></li> <li>Exif: <ul> <li>Removed unneeded codepaths in exif_process_TIFF_in_JPEG().</li> </ul></li> <li>FFI: <ul> <li>Implement <a href="https://github.com/php/php-src/issues/11934">GH-11934</a> (Allow to pass CData into struct and/or union fields).</li> </ul></li> <li>Fileinfo: <ul> <li>Upgrade bundled libmagic to 5.43.</li> <li>Fix <a href="https://github.com/php/php-src/issues/11408">GH-11408</a> (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension).</li> </ul></li> <li>FPM: <ul> <li>The status.listen shared pool now uses the same php_values (including expose_php) and php_admin_value as the pool it is shared with.</li> <li>Added warning to log when fpm socket was not registered on the expected path.</li> <li>Fixed bug <a href="http://bugs.php.net/76067">#76067</a> (system() function call leaks php-fpm listening sockets).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/12077">GH-12077</a> (PHP 8.3.0RC1 borked socket-close-on-exec.phpt).</li> </ul></li> <li>GD: <ul> <li>Removed imagerotate "ignore_transparent" argument since it has no effect.</li> </ul></li> <li>Intl: <ul> <li>Added pattern format error infos for numfmt_set_pattern.</li> <li>Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for the Spoofchecker's class.</li> <li>Updated datefmt_set_timezone/IntlDateformatter::setTimezone returns type. (David Carlier).</li> <li>Updated IntlBreakInterator::setText return type.</li> <li>Updated IntlChar::enumCharNames return type.</li> <li>Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.</li> </ul></li> <li>JSON: <ul> <li>Added json_validate().</li> </ul></li> <li>LDAP: <ul> <li>Deprecate calling ldap_connect() with separate hostname and port.</li> </ul></li> <li>LibXML: <ul> <li>Fix compile error with -Werror=incompatible-function-pointer-types and old libxml2.</li> </ul></li> <li>MBString: <ul> <li>mb_detect_encoding is better able to identify the correct encoding for Turkish text.</li> <li>mb_detect_encoding's "non-strict" mode now behaves as described in the documentation. Previously, it would return false if the same byte (for example, the first byte) of the input string was invalid in all candidate encodings. More generally, it would eliminate candidate encodings from consideration when an invalid byte was seen, and if the same input byte eliminated all remaining encodings still under consideration, it would return false. On the other hand, if all candidate encodings but one were eliminated from consideration, it would return the last remaining one without regard for how many encoding errors might be encountered later in the string. This is different from the behavior described in the documentation, which says: "If strict is set to false, the closest matching encoding will be returned." (Alex Dowad)</li> <li>mb_strtolower, mb_strtotitle, and mb_convert_case implement conditional casing rules for the Greek letter sigma. For mb_convert_case, conditional casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE.</li> <li>mb_detect_encoding is better able to identify UTF-8 and UTF-16 strings with a byte-order mark.</li> <li>mb_decode_mimeheader interprets underscores in QPrint-encoded MIME encoded words as required by RFC 2047; they are converted to spaces. Underscores must be encoded as "=5F" in such MIME encoded words.</li> <li>mb_encode_mimeheader no longer drops NUL (zero) bytes when QPrint-encoding the input string. This previously caused strings in certain text encodings, especially UTF-16 and UTF-32, to be corrupted by mb_encode_mimeheader.</li> <li>Implement mb_str_pad() RFC.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11514">GH-11514</a> (PHP 8.3 build fails with --enable-mbstring enabled).</li> <li>Fix use-after-free of mb_list_encodings() return value.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11992">GH-11992</a> (utf_encodings.phpt fails on Windows 32-bit).</li> </ul></li> <li>mysqli: <ul> <li>mysqli_fetch_object raises a ValueError instead of an Exception.</li> </ul></li> <li>Opcache: <ul> <li>Added start, restart and force restart time to opcache's phpinfo section.</li> <li>Fix <a href="https://github.com/php/php-src/issues/9139">GH-9139</a>: Allow FFI in opcache.preload when opcache.preload_user=root.</li> <li>Made opcache.preload_user always optional in the cli and phpdbg SAPIs.</li> <li>Allows W/X bits on page creation on FreeBSD despite system settings.</li> <li>Added memfd api usage, on Linux, for zend_shared_alloc_create_lock() to create an abstract anonymous file for the opcache's lock.</li> <li>Avoid resetting JIT counter handlers from multiple processes/threads.</li> <li>Fixed COPY_TMP type inference for references.</li> </ul></li> <li>OpenSSL: <ul> <li>Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch between mime content types.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/11054">GH-11054</a>: Reset OpenSSL errors when using a PEM public key.</li> <li>Added support for additional EC parameters in openssl_pkey_new.</li> </ul></li> <li>PCNTL: <ul> <li>SA_ONSTACK is now set for pcntl_signal.</li> <li>Added SIGINFO constant.</li> </ul></li> <li>PCRE: <ul> <li>Update bundled libpcre2 to 10.42.</li> </ul></li> <li>PGSQL: <ul> <li>pg_fetch_object raises a ValueError instead of an Exception.</li> <li>pg_cancel use thread safe PQcancel api instead.</li> <li>pg_trace new PGSQL_TRACE_SUPPRESS_TIMESTAMPS/PGSQL_TRACE_REGRESS_MODE contants support.</li> <li>pg_set_error_verbosity adding PGSQL_ERRORS_STATE constant.</li> <li>pg_convert/pg_insert E_WARNING on type errors had been converted to ValueError/TypeError exceptions.</li> <li>Added pg_set_error_context_visibility to set the context's visibility within the error messages.</li> </ul></li> <li>Phar: <ul> <li>Fix memory leak in phar_rename_archive().</li> </ul></li> <li>POSIX: <ul> <li>Added posix_sysconf.</li> <li>Added posix_pathconf.</li> <li>Added posix_fpathconf.</li> <li>Fixed zend_parse_arg_long's bool pointer argument assignment.</li> <li>Added posix_eaccess.</li> </ul></li> <li>Random: <ul> <li>Added Randomizer::getBytesFromString().</li> <li>Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary.</li> <li>Enable getrandom() for NetBSD (from 10.x).</li> <li>Deprecate MT_RAND_PHP.</li> <li>Fix Randomizer::getFloat() returning incorrect results under certain circumstances.</li> </ul></li> <li>Reflection: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/9470">GH-9470</a> (ReflectionMethod constructor should not find private parent method).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10259">GH-10259</a> (ReflectionClass::getStaticProperties doesn't need null return type).</li> </ul></li> <li>SAPI: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/11141">GH-11141</a> (Could not open input file: should be sent to stderr).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11529">GH-11529</a> (Crash after dealing with an Apache request).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12192">GH-12192</a> (SimpleXML infinite loop when getName() is called within foreach).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12208">GH-12208</a> (SimpleXML infinite loop when a cast is used inside a foreach).</li> <li>Fixed bug <a href="http://bugs.php.net/55098">#55098</a> (SimpleXML iteration produces infinite loop).</li> </ul></li> <li>Sockets: <ul> <li>Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control over socket binding for a cpu core.</li> <li>Added SKF_AD_QUEUE for cbpf filters.</li> <li>Added socket_atmark if send/recv needs using MSG_OOB.</li> <li>Added TCP_QUICKACK constant, to give tigher control over ACK delays.</li> <li>Added DONTFRAGMENT support for path MTU discovery purpose.</li> <li>Added AF_DIVERT for raw socket for divert ports.</li> <li>Added SOL_UPDLITE, UDPLITE_RECV_CSCOV and UDPLITE_SEND_CSCOV for updlite protocol support.</li> <li>Added SO_RERROR, SO_ZEROIZE and SO_SPLICE netbsd and openbsd constants.</li> <li>Added TCP_REPAIR for quietly close a connection.</li> <li>Added SO_REUSEPORT_LB freebsd constant.</li> <li>Added IP_BIND_ADDRESS_NO_PORT.</li> </ul></li> <li>SPL: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/11573">GH-11573</a> (RecursiveDirectoryIterator::hasChildren is slow).</li> </ul></li> <li>Standard: <ul> <li>E_NOTICEs emitted by unserialize() have been promoted to E_WARNING.</li> <li>unserialize() now emits a new E_WARNING if the input contains unconsumed bytes.</li> <li>Make array_pad's $length warning less confusing.</li> <li>E_WARNING emitted by strtok in the caase both arguments are not provided when starting tokenisation.</li> <li>password_hash() will now chain the original RandomException to the ValueError on salt generation failure.</li> <li>Fix <a href="https://github.com/php/php-src/issues/10239">GH-10239</a> (proc_close after proc_get_status always returns -1).</li> <li>Improve the warning message for unpack() in case not enough values were provided.</li> <li>Fix <a href="https://github.com/php/php-src/issues/11010">GH-11010</a> (parse_ini_string() now preserves formatting of unquoted strings starting with numbers when the INI_SCANNER_TYPED flag is specified).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10742">GH-10742</a> (http_response_code emits no error when headers were already sent).</li> <li>Added support for rounding negative places in number_format().</li> <li>Prevent precision loss on formatting decimal integers in number_format().</li> <li>Added usage of posix_spawn for proc_open when supported by OS.</li> <li>Added $before_needle argument to strrchr().</li> <li>Fixed <a href="https://github.com/php/php-src/issues/11982">GH-11982</a> (str_getcsv returns null byte for unterminated enclosure).</li> <li>Fixed str_decrement() on "1".</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/51056">#51056</a>: blocking fread() will block even if data is available.</li> <li>Added storing of the original path used to open xport stream.</li> <li>Implement <a href="https://github.com/php/php-src/issues/8641">GH-8641</a> (STREAM_NOTIFY_COMPLETED over HTTP never emitted).</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10406">GH-10406</a> (fgets on a redis socket connection fails on PHP 8.3).</li> <li>Implemented <a href="https://github.com/php/php-src/issues/11242">GH-11242</a> (_php_stream_copy_to_mem: Allow specifying a maximum length without allocating a buffer of that size).</li> <li>Fixed bug <a href="http://bugs.php.net/52335">#52335</a> (fseek() on memory stream behavior different than file).</li> <li>Fixed bug <a href="http://bugs.php.net/76857">#76857</a> (Can read "non-existant" files).</li> </ul></li> <li>XSLTProcessor: <ul> <li>Fixed bug <a href="http://bugs.php.net/69168">#69168</a> (DomNode::getNodePath() returns invalid path).</li> </ul></li> <li>ZIP: <ul> <li>zip extension version 1.22.0 for libzip 1.10.0.</li> <li>add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED).</li> <li>add new archive global flags (ER_AFL_*).</li> <li>add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods.</li> </ul></li> </ul> </section> <a id="PHP_8_2"></a> <section class="version" id="8.2.26"> <h3>Version 8.2.26</h3> <b><time class='releasedate' datetime='2024-11-21'>21 Nov 2024</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16373">GH-16373</a> (Shebang is not skipped for router script in cli-server started through shebang).</li> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-4w77-75f9-2c8w">GHSA-4w77-75f9-2c8w</a> (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).</li> </ul></li> <li>COM: <ul> <li>Fixed out of bound writes to SafeArray data.</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16168">GH-16168</a> (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16371">GH-16371</a> (Assertion failure in Zend/zend_weakrefs.c:646).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16515">GH-16515</a> (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16509">GH-16509</a> (Incorrect line number in function redeclaration error).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16508">GH-16508</a> (Incorrect line number in inheritance errors of delayed early bound classes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16648">GH-16648</a> (Use-after-free during array sorting).</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16302">GH-16302</a> (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16454">GH-16454</a> (Unhandled INF in date_sunset() with tiny $utcOffset).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16037">GH-16037</a> (Assertion failure in ext/date/php_date.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14732">GH-14732</a> (date_sun_info() fails for non-finite values).</li> </ul></li> <li>DBA: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16390">GH-16390</a> (dba_open() can segfault for "pathless" streams).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16316">GH-16316</a> (DOMXPath breaks when not initialized properly).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16473">GH-16473</a> (dom_import_simplexml stub is wrong).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16533">GH-16533</a> (Segfault when adding attribute to parent that is not an element).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16535">GH-16535</a> (UAF when using document as a child).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16593">GH-16593</a> (Assertion failure in DOM->replaceChild).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16595">GH-16595</a> (Another UAF in DOM -> cloneNode).</li> </ul></li> <li>EXIF: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16409">GH-16409</a> (Segfault in exif_thumbnail when not dealing with a real file).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16397">GH-16397</a> (Segmentation fault when comparing FFI object).</li> </ul></li> <li>Filter: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16523">GH-16523</a> (FILTER_FLAG_HOSTNAME accepts ending hyphen).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16628">GH-16628</a> (FPM logs are getting corrupted with this log statement).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16334">GH-16334</a> (imageaffine overflow on matrix elements).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16427">GH-16427</a> (Unchecked libavif return values).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16559">GH-16559</a> (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).</li> </ul></li> <li>GMP: <ul> <li>Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16411">GH-16411</a> (gmp_export() can cause overflow).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16501">GH-16501</a> (gmp_random_bits() can cause overflow).</li> <li>Fixed gmp_pow() overflow bug with large base/exponents.</li> <li>Fixed segfaults and other issues related to operator overloading with GMP objects.</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff">GHSA-g665-fm4p-vhff</a> (OOB access in ldap_escape). (CVE-2024-8932)</li> </ul></li> <li>MBstring: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16361">GH-16361</a> (mb_substr overflow on start/length arguments).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678">GHSA-h35g-vwh6-m678</a> (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16357">GH-16357</a> (openssl may modify member types of certificate arrays).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16433">GH-16433</a> (Large values for openssl_csr_sign() $days overflow).</li> <li>Fix various memory leaks on error conditions in openssl_x509_parse().</li> </ul></li> <li>PDO DBLIB: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv">GHSA-5hqh-c84r-qjcv</a> (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)</li> </ul></li> <li>PDO Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv">GHSA-5hqh-c84r-qjcv</a> (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)</li> </ul></li> <li>PDO ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16450">GH-16450</a> (PDO_ODBC can inject garbage into field values).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16406">GH-16406</a> (Assertion failure in ext/phar/phar.c:2808).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16174">GH-16174</a> (Empty string is an invalid expression for ev).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16601">GH-16601</a> (Memory leak in Reflection constructors).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16385">GH-16385</a> (Unexpected null returned by session_set_cookie_params).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16290">GH-16290</a> (overflow on cookie_lifetime ini value).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16429">GH-16429</a> (Segmentation fault access null pointer in SoapClient).</li> </ul></li> <li>Sockets: <ul> <li>Fixed bug with overflow socket_recvfrom $length argument.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16337">GH-16337</a> (Use-after-free in SplHeap).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16464">GH-16464</a> (Use-after-free in SplDoublyLinkedList::offsetSet()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16479">GH-16479</a> (Use-after-free in SplObjectStorage::setInfo()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16478">GH-16478</a> (Use-after-free in SplFixedArray::unset()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16588">GH-16588</a> (UAF in Observer->serialize).</li> <li>Fix <a href="https://github.com/php/php-src/issues/16477">GH-16477</a> (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16589">GH-16589</a> (UAF in SplDoublyLinked->serialize()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14687">GH-14687</a> (segfault on SplObjectIterator instance).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16604">GH-16604</a> (Memory leaks in SPL constructors).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16646">GH-16646</a> (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16293">GH-16293</a> (Failed assertion when throwing in assert() callback with bail enabled).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2">GHSA-c5f2-jwm7-mmq2</a> (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)</li> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43">GHSA-r977-prxv-hc43</a> (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)</li> </ul></li> <li>SysVMsg: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16592">GH-16592</a> (msg_send() crashes when a type does not properly serialized).</li> </ul></li> <li>SysVShm: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16591">GH-16591</a> (Assertion error in shm_put_var).</li> </ul></li> <li>XMLReader: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16292">GH-16292</a> (Segmentation fault in ext/xmlreader/php_xmlreader.c).</li> </ul></li> <li>Zlib: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16326">GH-16326</a> (Memory management is broken for bad dictionaries.) (cmb)</li> </ul></li> </ul> </section> <section class="version" id="8.2.25"> <h3>Version 8.2.25</h3> <b><time class='releasedate' datetime='2024-10-24'>24 Oct 2024</time></b> <ul><li>Calendar: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/16240">GH-16240</a>: jdtounix overflow on argument value.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16241">GH-16241</a>: easter_days/easter_date overflow on year argument.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16263">GH-16263</a>: jddayofweek overflow.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/16234">GH-16234</a>: jewishtojd overflow.</li> </ul></li> <li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16137">GH-16137</a>: duplicate http headers when set several times by the client.</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15712">GH-15712</a>: zend_strtod overflow with precision INI set on large value.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15905">GH-15905</a> (Assertion failure for TRACK_VARS_SERVER).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15907">GH-15907</a> (Failed assertion when promoting Serialize deprecation to exception).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15851">GH-15851</a> (Segfault when printing backtrace during cleanup of nested generator frame).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15866">GH-15866</a> (Core dumped in Zend/zend_generators.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16188">GH-16188</a> (Assertion failure in Zend/zend_exceptions.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16233">GH-16233</a> (Observer segfault when calling user function in internal function via trampoline).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15582">GH-15582</a>: Crash when not calling parent constructor of DateTimeZone.</li> <li>Fixed regression where signs after the first one were ignored while parsing a signed integer, with the DateTimeInterface::modify() function.</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16039">GH-16039</a> (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16151">GH-16151</a> (Assertion failure in ext/dom/parentnode/tree.c).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16232">GH-16232</a> (bitshift overflow on wbmp file content reading / fix backport from upstream).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12264">GH-12264</a> (overflow/underflow on imagerotate degrees value) (David Carlier)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16274">GH-16274</a> (imagescale underflow on RBG channels / fix backport from upstream).</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16032">GH-16032</a> (Various NULL pointer dereferencements in ldap_modify_batch()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16101">GH-16101</a> (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list).</li> <li>Fix <a href="https://github.com/php/php-src/issues/16132">GH-16132</a> (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.).</li> <li>Fix <a href="https://github.com/php/php-src/issues/16136">GH-16136</a> (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16261">GH-16261</a> (Reference invariant broken in mb_convert_variables()).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed stub for openssl_csr_new.</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16189">GH-16189</a> (underflow on offset argument).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16184">GH-16184</a> (UBSan address overflowed in ext/pcre/php_pcre.c).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15901">GH-15901</a> (phpdbg: Assertion failure on i funcs).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16181">GH-16181</a> (phpdbg: exit in exception handler reports fatal error).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16187">GH-16187</a> (Assertion failure in ext/reflection/php_reflection.c).</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15395">GH-15395</a> (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15837">GH-15837</a> (Segmentation fault in ext/simplexml/simplexml.c).</li> </ul></li> <li>Sockets: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16267">GH-16267</a> (socket_strerror overflow on errno argument).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/62900">#62900</a> (Wrong namespace on xsd import error message).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16237">GH-16237</a> (Segmentation fault when cloning SoapServer).</li> <li>Fix Soap leaking http_msg on error.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16256">GH-16256</a> (Assertion failure in ext/soap/php_encoding.c:460).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16259">GH-16259</a> (Soap segfault when classmap instantiation fails).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15613">GH-15613</a> (overflow on unpack call hex string repeater).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15937">GH-15937</a> (overflow on stream timeout option value).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/16053">GH-16053</a> (Assertion failure in Zend/zend_hash.c).</li> </ul></li> <li>Streams: <ul> <li>Fixed bugs <a href="https://github.com/php/php-src/issues/15908">GH-15908</a> and <a href="https://github.com/php/php-src/issues/15026">GH-15026</a> (leak / assertion failure in streams.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15980">GH-15980</a> (Signed integer overflow in main/streams/streams.c).</li> </ul></li> <li>TSRM: <ul> <li>Prevent closing of unrelated handles.</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15868">GH-15868</a> (Assertion failure in xml_parse_into_struct after exception).</li> </ul></li> </ul> </section> <section class="version" id="8.2.24"> <h3>Version 8.2.24</h3> <b><time class='releasedate' datetime='2024-09-26'>26 Sep 2024</time></b> <ul><li>CGI: <ul> <li>Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)</li> <li>Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15408">GH-15408</a> (MSan false-positve on zend_max_execution_timer).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15515">GH-15515</a> (Configure error grep illegal option q).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15514">GH-15514</a> (Configure error: genif.sh: syntax error).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15565">GH-15565</a> (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15587">GH-15587</a> (CRC32 API build error on arm 32-bit).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15330">GH-15330</a> (Do not scan generator frames more than once).</li> <li>Fixed uninitialized lineno in constant AST of internal enums.</li> </ul></li> <li>Curl: <ul> <li>FIxed bug <a href="https://github.com/php/php-src/issues/15547">GH-15547</a> (curl_multi_select overflow on timeout argument).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15551">GH-15551</a> (Segmentation fault (access null pointer) in ext/dom/xml_common.h).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15752">GH-15752</a> (Incorrect error message for finfo_file with an empty filename argument).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15432">GH-15432</a> (Heap corruption when querying a vector).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15661">GH-15661</a> (Access null pointer in Zend/Optimizer/zend_inference.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15658">GH-15658</a> (Segmentation fault in Zend/zend_vm_execute.h).</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/73182">#73182</a> (PHP SOAPClient does not support stream context HTTP headers in array form).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15552">GH-15552</a> (Signed integer overflow in ext/standard/scanf.c).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15628">GH-15628</a> (php_stream_memory_get_buffer() not zero-terminated).</li> </ul></li> </ul> </section> <section class="version" id="8.2.23"> <h3>Version 8.2.23</h3> <b><time class='releasedate' datetime='2024-08-29'>29 Aug 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15020">GH-15020</a> (Memory leak in Zend/Optimizer/escape_analysis.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15023">GH-15023</a> (Memory leak in Zend/zend_ini.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13330">GH-13330</a> (Append -Wno-implicit-fallthrough flag conditionally).</li> <li>Fix uninitialized memory in network.c.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15108">GH-15108</a> (Segfault when destroying generator during shutdown).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15275">GH-15275</a> (Crash during GC of suspended generator delegate).</li> </ul></li> <li>Curl: <ul> <li>Fixed case when curl_error returns an empty string.</li> </ul></li> <li>DOM: <ul> <li>Fix UAF when removing doctype and using foreach iteration.</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14286">GH-14286</a> (ffi enum type (when enum has no name) make memory leak).</li> </ul></li> <li>Hash: <ul> <li>Fix crash when converting array data for array in shm in xxh3.</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15087">GH-15087</a> (IntlChar::foldCase()'s $option is not optional).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13817">GH-13817</a> (Segmentation fault for enabled observers after pass 4).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13775">GH-13775</a> (Memory leak possibly related to opcache SHM placement).</li> </ul></li> <li>Output: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15179">GH-15179</a> (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fix bogus fallthrough path in firebird_handle_get_attribute().</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13199">GH-13199</a> (EOF emits redundant prompt in phpdbg local console mode with libedit/readline).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15268">GH-15268</a> (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15210">GH-15210</a> use-after-free on watchpoint allocations.</li> </ul></li> <li>Soap: <ul> <li>Fixed bug <a href="http://bugs.php.net/55639">#55639</a> (Digest autentication dont work).</li> <li>Fix SoapFault property destruction.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15252">GH-15252</a> (SOAP XML broken since PHP 8.3.9 when using classmap constructor option).</li> </ul></li> <li>Standard: <ul> <li>Fix passing non-finite timeout values in stream functions.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/14780">GH-14780</a> p(f)sockopen timeout overflow.</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15028">GH-15028</a> (Memory leak in ext/phar/stream.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/15034">GH-15034</a> (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB).</li> </ul></li> <li>Tidy: <ul> <li>Fix memory leaks in ext/tidy basedir restriction code.</li> </ul></li> </ul> </section> <section class="version" id="8.2.22"> <h3>Version 8.2.22</h3> <b><time class='releasedate' datetime='2024-08-01'>01 Aug 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13922">GH-13922</a> (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14626">GH-14626</a> (Fix is_zend_ptr() for huge blocks).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14590">GH-14590</a> (Memory leak in FPM test gh13563-conf-bool-env.phpt.</li> <li>Fixed OSS-Fuzz #69765.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14741">GH-14741</a> (Segmentation fault in Zend/zend_types.h).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14969">GH-14969</a> (Use-after-free in property coercion with __toString()).</li> </ul></li> <li>Dom: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14702">GH-14702</a> (DOMDocument::xinclude() crash).</li> </ul></li> <li>Gd: <ul> <li>ext/gd/tests/gh10614.phpt: skip if no PNG support.</li> <li>restored warning instead of fata error.</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14563">GH-14563</a> (Build failure with libxml2 v2.13.0).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14550">GH-14550</a> (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled).</li> </ul></li> <li>Output: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14808">GH-14808</a> (Unexpected null pointer in Zend/zend_string.h with empty output buffer).</li> </ul></li> <li>PDO: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14712">GH-14712</a> (Crash with PDORow access to null property).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14603">GH-14603</a> (null string from zip entry).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14596">GH-14596</a> (crashes with ASAN and ZEND_RC_DEBUG=1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14553">GH-14553</a> (echo output trimmed at NULL byte).</li> </ul></li> <li>Shmop: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14537">GH-14537</a> (shmop Windows 11 crashes the process).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14638">GH-14638</a> (null dereference after XML parsing failure).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14639">GH-14639</a> (Member access within null pointer in ext/spl/spl_observer.c).</li> </ul></li> <li>Standard: <ul> <li>Fix 32-bit wordwrap test failures.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14774">GH-14774</a> (time_sleep_until overflow).</li> </ul></li> <li>Tidy: <ul> <li>Fix memory leak in tidy_repair_file().</li> </ul></li> <li>Treewide: <ul> <li>Fix compatibility with libxml2 2.13.2.</li> </ul></li> <li>XML: <ul> <li>Move away from to-be-deprecated libxml fields.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14834">GH-14834</a> (Error installing PHP when --with-pear is used).</li> </ul></li> </ul> </section> <section class="version" id="8.2.21"> <h3>Version 8.2.21</h3> <b><time class='releasedate' datetime='2024-07-04'>04 Jul 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14315">GH-14315</a> (Incompatible pointer type warnings).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12814">GH-12814</a> (max_execution_time reached too early on MacOS 14 when running on Apple Silicon).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14387">GH-14387</a> (Crash when stack walking in destructor of yielded from values during Generator->throw()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14456">GH-14456</a> (Attempting to initialize class with private constructor calls destructor).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14549">GH-14549</a> (Incompatible function pointer type for fclose).</li> </ul></li> <li>BCMatch: <ul> <li>Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0).</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14307">GH-14307</a> (Test curl_basic_024 fails with curl 8.8.0).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14343">GH-14343</a> (Memory leak in xml and dom).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14037">GH-14037</a> (PHP-FPM ping.path and ping.response config vars are ignored in status pool).</li> </ul></li> <li>GD: <ul> <li>Fix parameter numbers for imagecolorset().</li> </ul></li> <li>Intl: <ul> <li>Fix reference handling in SpoofChecker.</li> </ul></li> <li>MySQLnd: <ul> <li>Partially fix bug <a href="https://github.com/php/php-src/issues/10599">GH-10599</a> (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14267">GH-14267</a> (opcache.jit=off does not allow enabling JIT at runtime).</li> <li>Fixed TLS access in JIT on FreeBSD/amd64.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11188">GH-11188</a> (Error when building TSRM in ARM64).</li> </ul></li> <li>PDO ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14367">GH-14367</a> (incompatible SDWORD type with iODBC).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13681">GH-13681</a> (segfault on watchpoint addition failure).</li> </ul></li> <li>Soap: <ul> <li>Fixed bug <a href="http://bugs.php.net/47925">#47925</a> (PHPClient can't decompress response).</li> <li>Fix missing error restore code.</li> <li>Fix memory leak if calling SoapServer::setObject() twice.</li> <li>Fix memory leak if calling SoapServer::setClass() twice.</li> <li>Fix reading zlib ini settings in ext-soap.</li> <li>Fix memory leaks with string function name lookups.</li> <li>Fixed bug <a href="http://bugs.php.net/69280">#69280</a> (SoapClient classmap doesn't support fully qualified class name).</li> <li>Fixed bug <a href="http://bugs.php.net/76232">#76232</a> (SoapClient Cookie Header Semicolon).</li> <li>Fixed memory leaks when calling SoapFault::__construct() twice.</li> </ul></li> <li>Sodium: <ul> <li>Fix memory leaks in ext/sodium on failure of some functions.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14290">GH-14290</a> (Member access within null pointer in extension spl).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14483">GH-14483</a> (Fixed off-by-one error in checking length of abstract namespace Unix sockets).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11078">GH-11078</a> (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors).</li> </ul></li> </ul> </section> <section class="version" id="8.2.20"> <h3>Version 8.2.20</h3> <b><time class='releasedate' datetime='2024-06-06'>06 Jun 2024</time></b> <ul><li>CGI: <ul> <li>Fixed buffer limit on Windows, replacing read call usage by _read.</li> <li>Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)</li> </ul></li> <li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14189">GH-14189</a> (PHP Interactive shell input state incorrectly handles quoted heredoc literals.).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13970">GH-13970</a> (Incorrect validation of #[Attribute] flags type for non-compile-time expressions).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14140">GH-14140</a> (Floating point bug in range operation on Apple Silicon hardware).</li> </ul></li> <li>DOM: <ul> <li>Fix crashes when entity declaration is removed while still having entity references.</li> <li>Fix references not handled correctly in C14N.</li> <li>Fix crash when calling childNodes next() when iterator is exhausted.</li> <li>Fix crash in ParentNode::append() when dealing with a fragment containing text nodes.</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14215">GH-14215</a> (Cannot use FFI::load on CRLF header file with apache2handler).</li> </ul></li> <li>Filter: <ul> <li>Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)</li> </ul></li> <li>FPM: <ul> <li>Fix bug <a href="https://github.com/php/php-src/issues/14175">GH-14175</a> (Show decimal number instead of scientific notation in systemd status).</li> </ul></li> <li>Hash: <ul> <li>ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi)</li> </ul></li> <li>Intl: <ul> <li>Fixed build regression on systems without C++17 compilers.</li> </ul></li> <li>Ini: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14100">GH-14100</a> (Corrected spelling mistake in php.ini files).</li> </ul></li> <li>MySQLnd: <ul> <li>Fix bug <a href="https://github.com/php/php-src/issues/14255">GH-14255</a> (mysqli_fetch_assoc reports error from nested query).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14109">GH-14109</a> (Fix accidental persisting of internal class constant in shm).</li> </ul></li> <li>OpenSSL: <ul> <li>The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.</li> </ul></li> <li>Standard: <ul> <li>Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14124">GH-14124</a> (Segmentation fault with XML extension under certain memory limit).</li> </ul></li> <li>XMLReader: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14183">GH-14183</a> (XMLReader::open() can't be overridden).</li> </ul></li> </ul> </section> <section class="version" id="8.2.19"> <h3>Version 8.2.19</h3> <b><time class='releasedate' datetime='2024-05-09'>09 May 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13772">GH-13772</a> (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13931">GH-13931</a> (Applying zero offset to null pointer in Zend/zend_opcode.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13942">GH-13942</a> (Align the behavior of zend-max-execution-timers with other timeout implementations).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14003">GH-14003</a> (Broken cleanup of unfinished calls with callable convert parameters).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/14013">GH-14013</a> (Erroneous dnl appended in configure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10232">GH-10232</a> (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13727">GH-13727</a> (Missing void keyword).</li> </ul></li> <li>Fibers: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13903">GH-13903</a> (ASAN false positive underflow when executing copy()).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13563">GH-13563</a> (Setting bool values via env in FPM config fails).</li> </ul></li> <li>Intl: <ul> <li>Fixed build for icu 74 and onwards.</li> </ul></li> <li>MySQLnd: <ul> <li>Fix shift out of bounds on 32-bit non-fast-path platforms.</li> </ul></li> <li>Opcache: <ul> <li>Fixed incorrect assumptions across compilation units for static calls.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10495">GH-10495</a> (feof on OpenSSL stream hangs indefinitely).</li> </ul></li> <li>PDO SQLite: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/13984">GH-13984</a> (Buffer size is now checked before memcmp).</li> <li>Fix <a href="https://github.com/php/php-src/issues/13998">GH-13998</a> (Manage refcount of agg_context->val correctly).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13836">GH-13836</a> (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13833">GH-13833</a> (Applying zero offset to null pointer in zend_hash.c).</li> <li>Fix potential NULL pointer dereference before calling EVP_SignInit.</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13827">GH-13827</a> (Null pointer access of type 'zval' in phpdbg_frame).</li> </ul></li> <li>Posix: <ul> <li>Fix usage of reentrant functions in ext/posix.</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13856">GH-13856</a> (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13891">GH-13891</a> (memleak and segfault when using ini_set with session.trans_sid_hosts).</li> <li>Fixed buffer _read/_write size limit on windows for the file mode.</li> </ul></li> <li>Streams: <ul> <li>Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument".</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13264">GH-13264</a> (Part 1 - Memory leak on stream filter failure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13860">GH-13860</a> (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11678">GH-11678</a> (Build fails on musl 1.2.4 - lfs64).</li> </ul></li> <li>Treewide: <ul> <li>Fix gcc-14 Wcalloc-transposed-args warnings.</li> </ul></li> </ul> </section> <section class="version" id="8.2.18"> <h3>Version 8.2.18</h3> <b><time class='releasedate' datetime='2024-04-11'>11 Apr 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13612">GH-13612</a> (Corrupted memory in destructor with weak references).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13784">GH-13784</a> (AX_GCC_FUNC_ATTRIBUTE failure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13670">GH-13670</a> (GC does not scale well with a lot of objects created in destructor).</li> </ul></li> <li>DOM: <ul> <li>Add some missing ZPP checks.</li> <li>Fix potential memory leak in XPath evaluation results.</li> <li>Fix phpdoc for DOMDocument load methods.</li> </ul></li> <li>FPM: <ul> <li>Fix incorrect check in fpm_shm_free().</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12019">GH-12019</a> (add GDLIB_CFLAGS in feature tests).</li> </ul></li> <li>Gettext: <ul> <li>Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.</li> </ul></li> <li>MySQLnd: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/13452">GH-13452</a> (Fixed handshake response [mysqlnd]).</li> <li>Fix incorrect charset length in check_mb_eucjpms().</li> </ul></li> <li>Opcache: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/13508">GH-13508</a> (JITed QM_ASSIGN may be optimized out when op1 is null).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/13712">GH-13712</a> (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).</li> </ul></li> <li>PDO: <ul> <li>Fix various PDORow bugs.</li> </ul></li> <li>Random: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13544">GH-13544</a> (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13690">GH-13690</a> (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13680">GH-13680</a> (Segfault with session_decode and compilation error).</li> </ul></li> <li>Sockets: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13604">GH-13604</a> (socket_getsockname returns random characters in the end of the socket name).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13531">GH-13531</a> (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13685">GH-13685</a> (Unexpected null pointer in zend_string.h).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11808">GH-11808</a> (Live filesystem modified by tests).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/13402">GH-13402</a> (Added validation of `\n` in $additional_headers of mail()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13203">GH-13203</a> (file_put_contents fail on strings over 4GB on Windows).</li> <li>Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)</li> <li>Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)</li> <li>Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13517">GH-13517</a> (Multiple test failures when building with --with-expat).</li> </ul></li> </ul> </section> <section class="version" id="8.2.17"> <h3>Version 8.2.17</h3> <b><time class='releasedate' datetime='2024-03-14'>14 Mar 2024</time></b> <ul><li>Core: <ul> <li>Fix ZTS persistent resource crashes on shutdown.</li> </ul></li> <li>Curl: <ul> <li>Fix failing tests due to string changes in libcurl 8.6.0.</li> </ul></li> <li>DOM: <ul> <li>Fix reference access in dimensions for DOMNodeList and DOMNodeMap.</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13344">GH-13344</a> (finfo::buffer(): Failed identify data 0:(null), backport).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/75712">#75712</a> (getenv in php-fpm should not read $_ENV, $_SERVER).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12019">GH-12019</a> (detection of image formats in system gd library).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11950">GH-11950</a> ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error if CR_SERVER_GONE_ERROR is already set).</li> </ul></li> <li>PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13354">GH-13354</a> (pg_execute/pg_send_query_params/pg_send_execute with null value passed by reference).</li> </ul></li> <li>Standard: <ul> <li>Fixed array key as hash to string (case insensitive) comparison typo for the second operand buffer size (albeit unused for now).</li> </ul></li> </ul> </section> <section class="version" id="8.2.16"> <h3>Version 8.2.16</h3> <b><time class='releasedate' datetime='2024-02-15'>15 Feb 2024</time></b> <ul><li>Core: <ul> <li>Fixed timer leak in zend-max-execution-timers builds.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12349">GH-12349</a> (linking failure on ARM with mold).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13097">GH-13097</a> (Anonymous class reference in trigger_error / thrown Exception).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13215">GH-13215</a> (GCC 14 build failure).</li> </ul></li> <li>Curl: <ul> <li>Fix missing error check in curl_multi_init().</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12996">GH-12996</a> (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10344">GH-10344</a> (imagettfbbox(): Could not find/open font UNC path).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10614">GH-10614</a> (imagerotate will turn the picture all black, when rotated 90).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12107">GH-12107</a> (When running a stored procedure (that returns a result set) twice, PHP crashes).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13232">GH-13232</a> (Segmentation fault will be reported when JIT is off but JIT_debug is still on).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/13119">GH-13119</a> (Changed to convert float and double values into strings using `H` format).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/71465">#71465</a> (PHAR doesn't know about litespeed).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13037">GH-13037</a> (PharData incorrectly extracts zip file).</li> </ul></li> <li>Random: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13138">GH-13138</a> (Randomizer::pickArrayKeys() does not detect broken engines).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12504">GH-12504</a> (Corrupted session written when there's a fatal error in autoloader).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/13071">GH-13071</a> (Copying large files using mmap-able source streams may exhaust available memory and fail).</li> </ul></li> </ul> </section> <section class="version" id="8.2.15"> <h3>Version 8.2.15</h3> <b><time class='releasedate' datetime='2024-01-18'>18 Jan 2024</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12953">GH-12953</a> (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12966">GH-12966</a> (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings).</li> </ul></li> <li>Cli: <ul> <li>Fix incorrect timeout in built-in web server when using router script and max_input_time.</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9698">GH-9698</a> (stream_wrapper_register crashes with FFI\CData).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12905">GH-12905</a> (FFI::new interacts badly with observers).</li> </ul></li> <li>Intl: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/12943">GH-12943</a> (IntlDateFormatter::__construct accepts 'C' as valid locale).</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12936">GH-12936</a> (hash() function hangs endlessly if using sha512 on strings >= 4GiB).</li> </ul></li> <li>ODBC: <ul> <li>Fix crash on Apache shutdown with persistent connections.</li> </ul></li> <li>Opcache: <ul> <li>Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result).</li> <li>Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12987">GH-12987</a> (openssl_csr_sign might leak new cert on error).</li> </ul></li> <li>PDO: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/12969">GH-12969</a> (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12767">GH-12767</a> (Unable to turn on autocommit mode with setAttribute()).</li> </ul></li> <li>PGSQL: <ul> <li>Fixed auto_reset_persistent handling and allow_persistent type.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12974">GH-12974</a> (Apache crashes on shutdown when using pg_pconnect()).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/77432">#77432</a> (Segmentation fault on including phar file).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12962">GH-12962</a> (Double free of init_file in phpdbg_prompt.c).</li> </ul></li> <li>SimpleXML: <ul> <li>Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash.</li> </ul></li> <li>Tidy: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12980">GH-12980</a> (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes).</li> </ul></li> </ul> </section> <section class="version" id="8.2.14"> <h3>Version 8.2.14</h3> <b><time class='releasedate' datetime='2023-12-21'>21 Dec 2023</time></b> <ul><li>Core: <ul> <li>Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).</li> <li>Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12758">GH-12758</a> / <a href="https://github.com/php/php-src/issues/12768">GH-12768</a> (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).</li> <li>Fix various missing NULL checks.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12835">GH-12835</a> (Leak of call->extra_named_params on internal __call).</li> </ul></li> <li>Date: <ul> <li>Fixed improbably integer overflow while parsing really large (or small) Unix timestamps.</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12616">GH-12616</a> (DOM: Removing XMLNS namespace node results in invalid default: prefix).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12705">GH-12705</a> (Segmentation fault in fpm_status_export_to_zval).</li> </ul></li> <li>FTP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9348">GH-9348</a> (FTP & SSL session reuse).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12635">GH-12635</a> (Test bug69398.phpt fails with ICU 74.1).</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12702">GH-12702</a> (libxml2 2.12.0 issue building from src).</li> <li>Fixed test failures for libxml2 2.12.0.</li> </ul></li> <li>MySQLnd: <ul> <li>Avoid using uninitialised struct.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12791">GH-12791</a> (Possible dereference of NULL in MySQLnd debug code).</li> </ul></li> <li>Opcache: <ul> <li>Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error).</li> <li>Fixed JIT bug (JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/50713">#50713</a> (openssl_pkcs7_verify() may ignore untrusted CAs).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12628">GH-12628</a> (The gh11374 test fails on Alpinelinux).</li> </ul></li> <li>PDO PGSQL: <ul> <li>Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)</li> </ul></li> <li>PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12763">GH-12763</a> wrong argument type for pg_untrace.</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12675">GH-12675</a> (MEMORY_LEAK in phpdbg_prompt.c).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12838">GH-12838</a> ([SOAP] Temporary WSDL cache files not being deleted).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12721">GH-12721</a> (SplFileInfo::getFilename() segfault in combination with GlobIterator and no directory separator).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12633">GH-12633</a> (sqlite3_defensive.phpt fails with sqlite 3.44.0).</li> </ul></li> <li>Standard: <ul> <li>Fix memory leak in syslog device handling.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12621">GH-12621</a> (browscap segmentation fault when configured in the vhost).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12655">GH-12655</a> (proc_open() does not take into account references in the descriptor array).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/79945">#79945</a> (Stream wrappers in imagecreatefrompng causes segfault).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12661">GH-12661</a> (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).</li> </ul></li> </ul> </section> <section class="version" id="8.2.13"> <h3>Version 8.2.13</h3> <b><time class='releasedate' datetime='2023-11-23'>23 Nov 2023</time></b> <ul><li>Core: <ul> <li>Fixed double-free of non-interned enum case name.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12457">GH-12457</a> (Incorrect result of stripos with single character needle).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12468">GH-12468</a> (Double-free of doc_comment when overriding static property via trait).</li> <li>Fixed segfault caused by weak references to FFI objects.</li> <li>Fixed max_execution_time: don't delete an unitialized timer.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12558">GH-12558</a> (Arginfo soft-breaks with namespaced class return type if the class name starts with N).</li> </ul></li> <li>DOM: <ul> <li>Fix registerNodeClass with abstract class crashing.</li> <li>Add missing NULL pointer error check.</li> <li>Fix validation logic of php:function() callbacks.</li> </ul></li> <li>Fiber: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11121">GH-11121</a> (ReflectionFiber segfault).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9921">GH-9921</a> (Loading ext in FPM config does not register module handlers).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12232">GH-12232</a> (FPM: segfault dynamically loading extension without opcache).</li> <li>Fixed bug <a href="http://bugs.php.net/76922">#76922</a> (FastCGI terminates conn after FCGI_GET_VALUES).</li> </ul></li> <li>Intl: <ul> <li>Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.</li> </ul></li> <li>Opcache: <ul> <li>Added warning when JIT cannot be enabled.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8143">GH-8143</a> (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12489">GH-12489</a> (Missing sigbio creation checking in openssl_cms_verify).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11374">GH-11374</a> (Backport upstream fix, Different preg_match result with -d pcre.jit=0).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12392">GH-12392</a> (Segmentation fault on SoapClient::__getTypes).</li> <li>Fixed bug <a href="http://bugs.php.net/66150">#66150</a> (SOAP WSDL cache race condition causes Segmentation Fault).</li> <li>Fixed bug <a href="http://bugs.php.net/67617">#67617</a> (SOAP leaves incomplete cache file on ENOSPC).</li> <li>Fix incorrect uri check in SOAP caching.</li> <li>Fix segfault and assertion failure with refcounted props and arrays.</li> <li>Fix potential crash with an edge case of persistent encoders.</li> <li>Fixed bug <a href="http://bugs.php.net/75306">#75306</a> (Memleak in SoapClient).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/75708">#75708</a> (getimagesize with "&$imageinfo" fails on StreamWrappers).</li> </ul></li> <li>XMLReader: <ul> <li>Add missing NULL pointer error check.</li> </ul></li> <li>XMLWriter: <ul> <li>Add missing NULL pointer error check.</li> </ul></li> <li>XSL: <ul> <li>Add missing module dependency.</li> <li>Fix validation logic of php:function() callbacks.</li> </ul></li> </ul> </section> <section class="version" id="8.2.12"> <h3>Version 8.2.12</h3> <b><time class='releasedate' datetime='2023-10-26'>26 Oct 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12207">GH-12207</a> (memory leak when class using trait with doc block).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12215">GH-12215</a> (Module entry being overwritten causes type errors in ext/dom).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12273">GH-12273</a> (__builtin_cpu_init check).</li> <li>Fixed bug <a href="http://bugs.php.net/80092">#80092</a> (ZTS + preload = segfault on shutdown).</li> </ul></li> <li>CLI: <ul> <li>Ensure a single Date header is present.</li> </ul></li> <li>CType: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11997">GH-11997</a> (ctype_alnum 5 times slower in PHP 8.1 or greater).</li> </ul></li> <li>DOM: <ul> <li>Restore old namespace reconciliation behaviour.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8996">GH-8996</a> (DOMNode serialization on PHP ^8.1).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11891">GH-11891</a> (fileinfo returns text/xml for some svg files).</li> </ul></li> <li>Filter: <ul> <li>Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12186">GH-12186</a> (segfault copying/cloning a finalized HashContext).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12243">GH-12243</a> (segfault on IntlDateFormatter::construct).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12282">GH-12282</a> (IntlDateFormatter::construct should throw an exception on an invalid locale).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12297">GH-12297</a> (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line).</li> </ul></li> <li>Opcache: <ul> <li>Fixed opcache_invalidate() on deleted file.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12380">GH-12380</a> (JIT+private array property access inside closure accesses private property in child class).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11956">GH-11956</a> (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12170">GH-12170</a> (Can't use xpath with comments in SimpleXML).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12223">GH-12223</a> (Entity reference produces infinite loop in var_dump/print_r).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12167">GH-12167</a> (Unable to get processing instruction contents in SimpleXML).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12169">GH-12169</a> (Unable to get comment contents in SimpleXML).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12190">GH-12190</a> (binding ipv4 address with both address and port at 0).</li> </ul></li> <li>XML: <ul> <li>Fix return type of stub of xml_parse_into_struct().</li> <li>Fix memory leak when calling xml_parse_into_struct() twice.</li> </ul></li> <li>XSL: <ul> <li>Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML.</li> </ul></li> </ul> </section> <section class="version" id="8.2.11"> <h3>Version 8.2.11</h3> <b><time class='releasedate' datetime='2023-09-28'>28 Sep 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11937">GH-11937</a> (Constant ASTs containing objects).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11790">GH-11790</a> (On riscv64 require libatomic if actually needed).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11876">GH-11876</a>: ini_parse_quantity() accepts invalid quantities.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12073">GH-12073</a> (Segfault when freeing incompletely initialized closures).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12060">GH-12060</a> (Internal iterator rewind handler is called twice).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12102">GH-12102</a> (Incorrect compile error when using array access on TMP value in function call).</li> </ul></li> <li>DOM: <ul> <li>Fix memory leak when setting an invalid DOMDocument encoding.</li> </ul></li> <li>Iconv: <ul> <li>Fixed build for NetBSD which still uses the old iconv signature.</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12020">GH-12020</a> (intl_get_error_message() broken after MessageFormatter::formatMessage() fails).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10270">GH-10270</a> (Invalid error message when connection via SSL fails: "trying to connect via (null)").</li> </ul></li> <li>ODBC: <ul> <li>Fixed memory leak with failed SQLPrepare.</li> <li>Fixed persistent procedural ODBC connections not getting closed.</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="http://bugs.php.net/52751">#52751</a> (XPath processing-instruction() function is not supported).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11972">GH-11972</a> (RecursiveCallbackFilterIterator regression in 8.1.18).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11878">GH-11878</a> (SQLite3 callback functions cause a memory leak with a callable array).</li> </ul></li> </ul> </section> <section class="version" id="8.2.10"> <h3>Version 8.2.10</h3> <b><time class='releasedate' datetime='2023-08-31'>31 Aug 2023</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11716">GH-11716</a> (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10964">GH-10964</a> (Improve man page about the built-in server).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11416">GH-11416</a> (Crash with DatePeriod when uninitialised objects are passed in).</li> </ul></li> <li>Core: <ul> <li>Fixed strerror_r detection at configuration time.</li> <li>Fixed trait typed properties using a DNF type not being correctly bound.</li> <li>Fixed trait property types not being arena allocated if copied from an internal trait.</li> <li>Fixed deep copy of property DNF type during lazy class load.</li> <li>Fixed memory freeing of DNF types for non arena allocated types.</li> </ul></li> <li>DOM: <ul> <li>Fix DOMEntity field getter bugs.</li> <li>Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.</li> <li>Fix DOMCharacterData::replaceWith() with itself.</li> <li>Fix empty argument cases for DOMParentNode methods.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11791">GH-11791</a> (Wrong default value of DOMDocument::xmlStandalone).</li> <li>Fix json_encode result on DOMDocument.</li> <li>Fix manually calling __construct() on DOM classes.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11830">GH-11830</a> (ParentNode methods should perform their checks upfront).</li> <li>Fix viable next sibling search for replaceWith.</li> <li>Fix segfault when DOMParentNode::prepend() is called when the child disappears.</li> </ul></li> <li>FFI: <ul> <li>Fix leaking definitions when using FFI::cdef()->new(...).</li> </ul></li> <li>Hash: <ul> <li>Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11440">GH-11440</a> (authentication to a sha256_password account fails over SSL).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11438">GH-11438</a> (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11550">GH-11550</a> (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault).</li> <li>Fixed invalid error message "Malformed packet" when connection is dropped.</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11715">GH-11715</a> (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong).</li> <li>Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress.</li> </ul></li> <li>PCNTL: <ul> <li>Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81992">#81992</a> (SplFixedArray::setSize() causes use-after-free).</li> </ul></li> <li>Standard: <ul> <li>Prevent int overflow on $decimals in number_format.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11870">GH-11870</a> (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro)</li> </ul></li> </ul> </section> <section class="version" id="8.2.9"> <h3>Version 8.2.9</h3> <b><time class='releasedate' datetime='2023-08-03'>03 Aug 2023</time></b> <ul><li>Build: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11522">GH-11522</a> (PHP version check fails with '-' separator).</li> </ul></li> <li>CLI: <ul> <li>Fix interrupted CLI output causing the process to exit.</li> </ul></li> <li>Core: <ul> <li>Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).</li> <li>Fixed line number of JMP instruction over else block.</li> <li>Fixed use-of-uninitialized-value with ??= on assert.</li> <li>Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).</li> <li>Fixed build for FreeBSD before the 11.0 releases.</li> </ul></li> <li>Curl: <ul> <li>Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11368">GH-11368</a> (Date modify returns invalid datetime).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11600">GH-11600</a> (Can't parse time strings which include (narrow) non-breaking space characters).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11854">GH-11854</a> (DateTime:createFromFormat stopped parsing datetime with extra space).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11625">GH-11625</a> (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11298">GH-11298</a> (finfo returns wrong mime type for xz files).</li> </ul></li> <li>FTP: <ul> <li>Fix context option check for "overwrite".</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10562">GH-10562</a> (Memory leak and invalid state with consecutive ftp_nb_fget).</li> </ul></li> <li>GD: <ul> <li>Fix most of the external libgd test failures.</li> </ul></li> <li>Intl: <ul> <li>Fix memory leak in MessageFormatter::format() on failure.</li> </ul></li> <li>Libxml: <ul> <li>Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)</li> </ul></li> <li>MBString: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11300">GH-11300</a> (license issue: restricted unicode license headers).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10914">GH-10914</a> (OPCache with Enum and Callback functions results in segmentation fault).</li> <li>Prevent potential deadlock if accelerated globals cannot be allocated.</li> </ul></li> <li>PCNTL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11498">GH-11498</a> (SIGCHLD is not always returned from proc_open).</li> </ul></li> <li>PDO: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11587">GH-11587</a> (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).</li> </ul></li> <li>PDO SQLite: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11492">GH-11492</a> (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).</li> </ul></li> <li>Phar: <ul> <li>Add missing check on EVP_VerifyUpdate() in phar util.</li> <li>Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9669">GH-9669</a> (phpdbg -h options doesn't list the -z option).</li> </ul></li> <li>Session: <ul> <li>Removed broken url support for transferring session ID.</li> </ul></li> <li>Standard: <ul> <li>Fix serialization of RC1 objects appearing in object graph twice.</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11735">GH-11735</a> (Use-after-free when unregistering user stream wrapper from itself).</li> </ul></li> <li>SQLite3: <ul> <li>Fix replaced error handling in SQLite3Stmt::__construct.</li> </ul></li> <li>XMLReader: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11548">GH-11548</a> (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active).</li> </ul></li> </ul> </section> <section class="version" id="8.2.8"> <h3>Version 8.2.8</h3> <b><time class='releasedate' datetime='2023-07-06'>06 Jul 2023</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11246">GH-11246</a> (cli/get_set_process_title fails on MacOS).</li> </ul></li> <li>Core: <ul> <li>Fixed build for the riscv64 architecture/GCC 12.</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11433">GH-11433</a> (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11455">GH-11455</a> (Segmentation fault with custom object date properties).</li> </ul></li> <li>DOM: <ul> <li>Fixed bugs <a href="https://github.com/php/php-src/issues/11288">GH-11288</a> and <a href="https://github.com/php/php-src/issues/11289">GH-11289</a> and <a href="https://github.com/php/php-src/issues/11290">GH-11290</a> and <a href="https://github.com/php/php-src/issues/9142">GH-9142</a> (DOMExceptions and segfaults with replaceWith).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10234">GH-10234</a> (Setting DOMAttr::textContent results in an empty attribute value).</li> <li>Fix return value in stub file for DOMNodeList::item.</li> <li>Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS.</li> <li>Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11347">GH-11347</a> (Memory leak when calling a static method inside an xpath query).</li> <li>Fixed bug <a href="http://bugs.php.net/67440">#67440</a> (append_node of a DOMDocumentFragment does not reconcile namespaces).</li> <li>Fixed bug <a href="http://bugs.php.net/81642">#81642</a> (DOMChildNode::replaceWith() bug when replacing a node with itself).</li> <li>Fixed bug <a href="http://bugs.php.net/77686">#77686</a> (Removed elements are still returned by getElementById).</li> <li>Fixed bug <a href="http://bugs.php.net/70359">#70359</a> (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()).</li> <li>Fixed bug <a href="http://bugs.php.net/78577">#78577</a> (Crash in DOMNameSpace debug info handlers).</li> <li>Fix lifetime issue with getAttributeNodeNS().</li> <li>Fix "invalid state error" with cloned namespace declarations.</li> <li>Fixed bug <a href="http://bugs.php.net/55294">#55294</a> and #47530 and #47847 (various namespace reconciliation issues).</li> <li>Fixed bug <a href="http://bugs.php.net/80332">#80332</a> (Completely broken array access functionality with DOMNamedNodeMap).</li> </ul></li> <li>Opcache: <ul> <li>Fix allocation loop in zend_shared_alloc_startup().</li> <li>Access violation on smm_shared_globals with ALLOC_FALLBACK.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11336">GH-11336</a> (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9356">GH-9356</a> Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka).</li> </ul></li> <li>PCRE: <ul> <li>Fix preg_replace_callback_array() pattern validation.</li> </ul></li> <li>PGSQL: <ul> <li>Fixed intermittent segfault with pg_trace.</li> </ul></li> <li>Phar: <ul> <li>Fix cross-compilation check in phar generation for FreeBSD.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11338">GH-11338</a> (SplFileInfo empty getBasename with more than one slash).</li> </ul></li> <li>Standard: <ul> <li>Fix access on NULL pointer in array_merge_recursive().</li> <li>Fix exception handling in array_multisort().</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11451">GH-11451</a> (Invalid associative array containing duplicate keys).</li> </ul></li> </ul> </section> <section class="version" id="8.2.7"> <h3>Version 8.2.7</h3> <b><time class='releasedate' datetime='2023-06-08'>08 Jun 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11152">GH-11152</a> (Unable to alias namespaces containing reserved class names).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9068">GH-9068</a> (Conditional jump or move depends on uninitialised value(s)).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11189">GH-11189</a> (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11063">GH-11063</a> (Compilation error on old GCC versions).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11222">GH-11222</a> (foreach by-ref may jump over keys during a rehash).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11281">GH-11281</a> (DateTimeZone::getName() does not include seconds in offset).</li> </ul></li> <li>Exif: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10834">GH-10834</a> (exif_read_data() cannot read smaller stream wrapper chunk sizes).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10461">GH-10461</a> (PHP-FPM segfault due to after free usage of child->ev_std(out|err)).</li> <li>Fixed bug <a href="http://bugs.php.net/64539">#64539</a> (FPM status page: query_string not properly JSON encoded).</li> <li>Fixed memory leak for invalid primary script file handle.</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11180">GH-11180</a> (hash_file() appears to be restricted to 3 arguments).</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11160">GH-11160</a> (Few tests failed building with new libxml 2.11.0).</li> </ul></li> <li>MBString: <ul> <li>Fix bug <a href="https://github.com/php/php-src/issues/11217">GH-11217</a> (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11134">GH-11134</a> (Incorrect match default branch optimization).</li> <li>Fixed too wide OR and AND range inference.</li> <li>Fixed missing class redeclaration error with OPcache enabled.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11245">GH-11245</a> (In some specific cases SWITCH with one default statement will cause segfault).</li> </ul></li> <li>PCNTL: <ul> <li>Fixed maximum argument count of pcntl_forkx().</li> </ul></li> <li>PGSQL: <ul> <li>Fixed parameter parsing of pg_lo_export().</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11099">GH-11099</a> (Generating phar.php during cross-compile can't be done).</li> </ul></li> <li>Soap: <ul> <li>Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8426">GH-8426</a> (make test fail while soap extension build).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11178">GH-11178</a> (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11138">GH-11138</a> (move_uploaded_file() emits open_basedir warning for source file).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11274">GH-11274</a> (POST/PATCH request switches to GET after a HTTP 308 redirect).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10031">GH-10031</a> ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11175">GH-11175</a> (Stream Socket Timeout).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11177">GH-11177</a> (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client).</li> </ul></li> </ul> </section> <section class="version" id="8.2.6"> <h3>Version 8.2.6</h3> <b><time class='releasedate' datetime='2023-05-11'>11 May 2023</time></b> <ul><li>Core: <ul> <li>Fix inconsistent float negation in constant expressions.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8841">GH-8841</a> (php-cli core dump calling a badly formed function).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10737">GH-10737</a> (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11028">GH-11028</a> (Heap Buffer Overflow in zval_undefined_cv.).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11108">GH-11108</a> (Incorrect CG(memoize_mode) state after bailout in ??=).</li> </ul></li> <li>Date: <ul> <li>Fixed bug where the diff() method would not return the right result around DST changeover for date/times associated with a timezone identifier.</li> <li>Fixed out-of-range bug when converting to/from around the LONG_MIN unix timestamp.</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/80602">#80602</a> (Segfault when using DOMChildNode::before()).</li> <li>Fixed incorrect error handling in dom_zvals_to_fragment().</li> </ul></li> <li>Exif: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9397">GH-9397</a> (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11071">GH-11071</a> (TZData version not displayed anymore).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10968">GH-10968</a> (Segfault in preg_replace_callback_array()).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10983">GH-10983</a> (State-dependant segfault in ReflectionObject::getProperties).</li> </ul></li> <li>SPL: <ul> <li>Handle indirect zvals and use up-to-date properties in SplFixedArray::__serialize.</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10990">GH-10990</a> (mail() throws TypeError after iterating over $additional_headers array by reference).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9775">GH-9775</a> (Duplicates returned by array_unique when using enums).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10406">GH-10406</a> (feof() behavior change for UNIX based socket resources).</li> </ul></li> </ul> </section> <section class="version" id="8.2.5"> <h3>Version 8.2.5</h3> <b><time class='releasedate' datetime='2023-04-13'>13 Apr 2023</time></b> <ul><li>Core: <ul> <li>Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas)</li> <li>Fixed use-after-free in recursive AST evaluation.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8646">GH-8646</a> (Memory leak PHP FPM 8.1).</li> <li>Re-add some CTE functions that were removed from being CTE by a mistake.</li> <li>Remove CTE flag from array_diff_ukey(), which was added by mistake.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10801">GH-10801</a> (Named arguments in CTE functions cause a segfault).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8789">GH-8789</a> (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10015">GH-10015</a> (zend_signal_handler_defer crashes on apache shutdown).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10810">GH-10810</a> (Fix NUL byte terminating Exception::__toString()).</li> <li>Fix potential memory corruption when mixing __callStatic() and FFI.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10747">GH-10747</a> (Private and protected properties in serialized Date* objects throw).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10611">GH-10611</a> (fpm_env_init_main leaks environ).</li> <li>Destroy file_handle in fpm_main.</li> <li>Fixed bug <a href="http://bugs.php.net/74129">#74129</a> (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path).</li> </ul></li> <li>FTP: <ul> <li>Propagate success status of ftp_close().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10521">GH-10521</a> (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).</li> </ul></li> <li>IMAP: <ul> <li>Fix build failure with Clang 16.</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8979">GH-8979</a> (Possible Memory Leak with SSL-enabled MySQL connections).</li> </ul></li> <li>Opcache: <ul> <li>Fixed build for macOS to cater with pkg-config settings.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8065">GH-8065</a> (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context).</li> </ul></li> <li>OpenSSL: <ul> <li>Add missing error checks on file writing functions.</li> </ul></li> <li>PDO Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10908">GH-10908</a> (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10766">GH-10766</a> (PharData archive created with Phar::Zip format does not keep files metadata (datetime)).</li> <li>Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().</li> </ul></li> <li>PDO ODBC: <ul> <li>Fixed missing and inconsistent error checks on SQLAllocHandle.</li> </ul></li> <li>PGSQL: <ul> <li>Fixed typo in the array returned from pg_meta_data (extended mode).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10519">GH-10519</a> (Array Data Address Reference Issue).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10907">GH-10907</a> (Unable to serialize processed SplFixedArrays in PHP 8.2.4).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10844">GH-10844</a> (ArrayIterator allows modification of readonly props).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10885">GH-10885</a> (stream_socket_server context leaks).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10052">GH-10052</a> (Browscap crashes PHP 8.1.12 on request shutdown (apache2)).</li> <li>Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure).</li> <li>Fixed undefined behaviour in unpack().</li> </ul></li> </ul> </section> <section class="version" id="8.2.4"> <h3>Version 8.2.4</h3> <b><time class='releasedate' datetime='2023-03-16'>16 Mar 2023</time></b> <ul><li>Core: <ul> <li>Fixed incorrect check condition in ZEND_YIELD.</li> <li>Fixed incorrect check condition in type inference.</li> <li>Fix incorrect check in zend_internal_call_should_throw().</li> <li>Fixed overflow check in OnUpdateMemoryConsumption.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9916">GH-9916</a> (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10437">GH-10437</a> (Segfault/assertion when using fibers in shutdown function after bailout).</li> <li>Fixed SSA object type update for compound assignment opcodes.</li> <li>Fixed language scanner generation build.</li> <li>Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type.</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10570">GH-10570</a> (Fixed unknown string hash on property fetch with integer constant name).</li> <li>Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized.</li> </ul></li> <li>Curl: <ul> <li>Fixed deprecation warning at compile time.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10270">GH-10270</a> (Unable to return CURL_READFUNC_PAUSE in readfunc callback).</li> </ul></li> <li>Date: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10447">GH-10447</a> ('p' format specifier does not yield 'Z' for 00:00).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10152">GH-10152</a> (Custom properties of Date's child classes are not serialised).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10747">GH-10747</a> (Private and protected properties in serialized Date* objects throw).</li> </ul></li> <li>FFI: <ul> <li>Fixed incorrect bitshifting and masking in ffi bitfield.</li> </ul></li> <li>Fiber: <ul> <li>Fixed assembly on alpine x86.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10496">GH-10496</a> (segfault when garbage collector is invoked inside of fiber).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10315">GH-10315</a> (FPM unknown child alert not valid).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10385">GH-10385</a> (FPM successful config test early exit).</li> </ul></li> <li>GMP: <ul> <li>Properly implement GMP::__construct().</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10647">GH-10647</a> (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0.</li> </ul></li> <li>JSON: <ul> <li>Fixed JSON scanner and parser generation build.</li> </ul></li> <li>MBString: <ul> <li>ext/mbstring: fix new_value length check.</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10627">GH-10627</a> (mb_convert_encoding crashes PHP on Windows).</li> </ul></li> <li>Opcache: <ul> <li>Fix incorrect page_size check.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed php_openssl_set_server_dh_param() DH params errors handling.</li> </ul></li> <li>PDO OCI: <ul> <li>Fixed bug <a href="http://bugs.php.net/60994">#60994</a> (Reading a multibyte CLOB caps at 8192 chars).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10715">GH-10715</a> (heap buffer overflow on --run option misuse).</li> </ul></li> <li>PGSQL: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10672">GH-10672</a> (pg_lo_open segfaults in the strict_types mode).</li> </ul></li> <li>Phar: <ul> <li>Fix incorrect check in phar tar parsing.</li> </ul></li> <li>Random: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10390">GH-10390</a> (Do not trust arc4random_buf() on glibc).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10292">GH-10292</a> (Made the default value of the first param of srand() and mt_srand() unknown).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10623">GH-10623</a> (Reflection::getClosureUsedVariables opcode fix with variadic arguments).</li> <li>Fix Segfault when using ReflectionFiber suspended by an internal function.</li> </ul></li> <li>Session: <ul> <li>Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8086">GH-8086</a> (Introduce mail.mixed_lf_and_crlf INI).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10292">GH-10292</a> (Made the default value of the first param of srand() and mt_srand() unknown).</li> <li>Fix incorrect check in cs_8559_5 in map_from_unicode().</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/9697">GH-9697</a> for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes</li> <li>Fix incorrect error check in browsecap for pcre2_match().</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10370">GH-10370</a> (File corruption in _php_stream_copy_to_stream_ex when using copy_file_range).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10548">GH-10548</a> (copy() fails on cifs mounts because of incorrect copy_file_range() len).</li> </ul></li> <li>Tidy: <ul> <li>Fix memory leaks when attempting to open a non-existing file or a file over 4GB.</li> <li>Add missing error check on tidyLoadConfig.</li> </ul></li> <li>Zlib: <ul> <li>Fixed output_handler directive value's length which counted the string terminator.</li> </ul></li> </ul> </section> <section class="version" id="8.2.3"> <h3>Version 8.2.3</h3> <b><time class='releasedate' datetime='2023-02-14'>14 Feb 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81744">#81744</a> (Password_verify() always return true with some hash). (CVE-2023-0567)</li> <li>Fixed bug <a href="http://bugs.php.net/81746">#81746</a> (1-byte array overrun in common path resolve code). (CVE-2023-0568)</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)</li> </ul></li> </ul> </section> <section class="version" id="8.2.2"> <h3>Version 8.2.2</h3> <b><time class='releasedate' datetime='2023-02-02'>02 Feb 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10200">GH-10200</a> (zif_get_object_vars: Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10251">GH-10251</a> (Assertion `(flag & (1<<3)) == 0' failed).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10240">GH-10240</a> (Assertion failure when adding more than 2**30 elements to an unpacked array).</li> <li>Fix <a href="https://github.com/php/php-src/issues/9735">GH-9735</a> (Fiber stack variables do not participate in cycle collector).</li> <li>Fix <a href="https://github.com/php/php-src/issues/9675">GH-9675</a> (Broken run_time_cache init for internal enum methods).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/77106">#77106</a> (Missing separator in FPM FastCGI errors).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9981">GH-9981</a> (FPM does not reset fastcgi.error_header).</li> <li>Fixed bug <a href="http://bugs.php.net/68591">#68591</a> (Configuration test does not perform UID lookups).</li> <li>Fixed memory leak when running FPM config test.</li> <li>Fixed bug <a href="http://bugs.php.net/67244">#67244</a> (Wrong owner:group for listening unix socket).</li> </ul></li> <li>Hash: <ul> <li>Handle exceptions from __toString in XXH3's initialization (nielsdos)</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10112">GH-10112</a> (LDAP\Connection::__construct() refers to ldap_create()).</li> </ul></li> <li>Opcache: <ul> <li>Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).</li> <li>Fix access to uninitialized variable in accel_preload().</li> <li>Fix zend_jit_find_trace() crashes.</li> <li>Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit.</li> </ul></li> <li>Phar: <ul> <li>Fix wrong flags check for compression method in phar_object.c (nielsdos)</li> </ul></li> <li>PHPDBG: <ul> <li>Fix undefined behaviour in phpdbg_load_module_or_extension().</li> <li>Fix NULL pointer dereference in phpdbg_create_conditional_breal().</li> <li>Fix <a href="https://github.com/php/php-src/issues/9710">GH-9710</a>: phpdbg memory leaks by option "-h" (nielsdos)</li> <li>Fix phpdbg segmentation fault in case of malformed input (nielsdos)</li> </ul></li> <li>Posix: <ul> <li>Fix memory leak in posix_ttyname() (girgias)</li> </ul></li> <li>Random: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10247">GH-10247</a> (Theoretical file descriptor leak for /dev/urandom).</li> </ul></li> <li>Standard: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10187">GH-10187</a> (Segfault in stripslashes() with arm64).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10214">GH-10214</a> (Incomplete validation of object syntax during unserialize()).</li> <li>Fix substr_replace with slots in repl_ht being UNDEF.</li> </ul></li> <li>XMLWriter: <ul> <li>Fix missing check for xmlTextWriterEndElement (nielsdos)</li> </ul></li> </ul> </section> <section class="version" id="8.2.1"> <h3>Version 8.2.1</h3> <b><time class='releasedate' datetime='2023-01-05'>05 Jan 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9905">GH-9905</a> (constant() behaves inconsistent when class is undefined).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9918">GH-9918</a> (License information for xxHash is not included in README.REDIST.BINS file).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9890">GH-9890</a> (OpenSSL legacy providers not available on Windows).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9650">GH-9650</a> (Can't initialize heap: [0x000001e7]).</li> <li>Fixed potentially undefined behavior in Windows ftok(3) emulation.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/9769">GH-9769</a> (Misleading error message for unpacking of objects).</li> </ul></li> <li>Apache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9949">GH-9949</a> (Partial content on incomplete POST request).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9959">GH-9959</a> (Solaris port event mechanism is still broken after bug #66694).</li> <li>Fixed bug <a href="http://bugs.php.net/68207">#68207</a> (Setting fastcgi.error_header can result in a WARNING).</li> <li>Fixed bug <a href="http://bugs.php.net/80669">#80669</a> (FPM numeric user fails to set groups).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8517">GH-8517</a> (Random crash of FPM master process in fpm_stdio_child_said).</li> </ul></li> <li>Imap: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10051">GH-10051</a> (IMAP: there's no way to check if a IMAP\Connection is still open).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9535">GH-9535</a> (The behavior of mb_strcut in mbstring has been changed in PHP8.1).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9968">GH-9968</a> (Segmentation Fault during OPCache Preload).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9997">GH-9997</a> (OpenSSL engine clean up segfault).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9064">GH-9064</a> (PHP fails to build if openssl was built with --no-ec).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10000">GH-10000</a> (OpenSSL test failures when OpenSSL compiled with no-dsa).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9298">GH-9298</a> (Signal handler called after rshutdown leads to crash).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9971">GH-9971</a> (Incorrect NUMERIC value returned from PDO_Firebird).</li> </ul></li> <li>PDO/SQLite: <ul> <li>Fixed bug <a href="http://bugs.php.net/81740">#81740</a> (PDO::quote() may return unquoted string). (CVE-2022-31631)</li> </ul></li> <li>Session: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/9932">GH-9932</a> (session name silently fails with . and [).</li> </ul></li> <li>SPL: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/9883">GH-9883</a> (SplFileObject::__toString() reads next line).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/10011">GH-10011</a> (Trampoline autoloader will get reregistered and cannot be unregistered).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="http://bugs.php.net/81742">#81742</a> (open_basedir bypass in SQLite3 by using file URI).</li> </ul></li> <li>TSRM: <ul> <li>Fixed Windows shmget() wrt. IPC_PRIVATE.</li> </ul></li> </ul> </section> <section class="version" id="8.2.0"> <h3>Version 8.2.0</h3> <b><time class='releasedate' datetime='2022-12-08'>08 Dec 2022</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="http://bugs.php.net/81496">#81496</a> (Server logs incorrect request method).</li> <li>Updated the mime-type table for the builtin-server.</li> <li>Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/8575">GH-8575</a> by changing STDOUT, STDERR and STDIN to not close on resource destruction.</li> <li>Implement built-in web server responding without body to HEAD request on a static resource.</li> <li>Implement built-in web server responding with HTTP status 405 to DELETE/PUT/PATCH request on a static resource.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9709">GH-9709</a> (Null pointer dereference with -w/-s options).</li> </ul></li> <li>COM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8750">GH-8750</a> (Can not create VT_ERROR variant type).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81380">#81380</a> (Observer may not be initialized properly).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7771">GH-7771</a> (Fix filename/lineno of constant expressions).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7792">GH-7792</a> (Improve class type in error messages).</li> <li>Support huge pages on MacOS.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8655">GH-8655</a> (Casting an object to array does not unwrap refcount=1 references).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8661">GH-8661</a> (Nullsafe in coalesce triggers undefined variable warning).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7821">GH-7821</a> and <a href="https://github.com/php/php-src/issues/8418">GH-8418</a> (Allow arbitrary const expressions in backed enums).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8810">GH-8810</a> (Incorrect lineno in backtrace of multi-line function calls).</li> <li>Optimised code path for newly created file with the stream plain wrapper.</li> <li>Uses safe_perealloc instead of perealloc for the ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows.</li> <li>Reduced the memory footprint of strings returned by var_export(), json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(), http_build_query(), strstr(), Reflection*::__toString().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8995">GH-8995</a> (WeakMap object reference offset causing TypeError).</li> <li>Added error_log_mode ini setting.</li> <li>Updated request startup messages.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7900">GH-7900</a> (Arrow function with never return type compile-time errors).</li> <li>Fixed incorrect double to long casting in latest clang.</li> <li>Added support for defining constants in traits.</li> <li>Stop incorrectly emitting false positive deprecation notice alongside unsupported syntax fatal error for `"{$g{'h'}}"`.</li> <li>Fix unexpected deprecated dynamic property warning, which occurred when exit() in finally block after an exception was thrown without catching.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9323">GH-9323</a> (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9227">GH-9227</a> (Trailing dots and spaces in filenames are ignored).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9285">GH-9285</a> (Traits cannot be used in readonly classes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9186">GH-9186</a> (@strict-properties can be bypassed using unserialization).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9500">GH-9500</a> (Using dnf type with parentheses after readonly keyword results in a parse error).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9516">GH-9516</a> ((A&B)|D as a param should allow AB or D. Not just A).</li> <li>Fixed observer class notify with Opcache file_cache_only=1.</li> <li>Fixes segfault with Fiber on FreeBSD i386 architecture.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9655">GH-9655</a> (Pure intersection types cannot be implicitly nullable) (Girgias)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9589">GH-9589</a> (dl() segfaults when module is already loaded).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9752">GH-9752</a> (Generator crashes when interrupted during argument evaluation with extra named params).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9801">GH-9801</a> (Generator crashes when memory limit is exceeded during initialization).</li> <li>Fixed a bug with preloaded enums possibly segfaulting.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9823">GH-9823</a> (Don’t reset func in zend_closure_internal_handler).</li> <li>Fixed potential NULL pointer dereference Windows shm*() functions.</li> <li>Fix target validation for internal attributes with constructor property promotion.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9750">GH-9750</a> (Generator memory leak when interrupted during argument evaluation.</li> <li>Move observer_declared_function_notify until after pass_two().</li> <li>Do not report MINIT stage internal class aliases in extensions.</li> </ul></li> <li>Curl: <ul> <li>Added support for CURLOPT_XFERINFOFUNCTION.</li> <li>Added support for CURLOPT_MAXFILESIZE_LARGE.</li> <li>Added new constants from cURL 7.62 to 7.80.</li> <li>New function curl_upkeep().</li> </ul></li> <li>Date: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/8458">GH-8458</a> (DateInterval::createFromDateString does not throw if non-relative items are present).</li> <li>Fixed bug <a href="http://bugs.php.net/52015">#52015</a> (Allow including end date in DatePeriod iterations) (Daniel Egeberg, Derick)</li> <li>idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO Year).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8730">GH-8730</a> (DateTime::diff miscalculation is same time zone of different type).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8964">GH-8964</a> (DateTime object comparison after applying delta less than 1 second).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9106">GH-9106</a> (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).</li> <li>Fixed bug <a href="http://bugs.php.net/75035">#75035</a> (Datetime fails to unserialize "extreme" dates).</li> <li>Fixed bug <a href="http://bugs.php.net/80483">#80483</a> (DateTime Object with 5-digit year can't unserialized).</li> <li>Fixed bug <a href="http://bugs.php.net/81263">#81263</a> (Wrong result from DateTimeImmutable::diff).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9431">GH-9431</a> (DateTime::getLastErrors() not returning false when no errors/warnings).</li> <li>Fixed bug with parsing large negative numbers with the @ notation.</li> </ul></li> <li>DBA: <ul> <li>Fixed LMDB driver hanging when attempting to delete a non-existing key (Girgias)</li> <li>Fixed LMDB driver memory leak on DB creation failure (Girgias)</li> <li>Fixed <a href="https://github.com/php/php-src/issues/8856">GH-8856</a> (dba: lmdb: allow to override the MDB_NOSUBDIR flag).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9090">GH-9090</a> (Support assigning function pointers in FFI).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8805">GH-8805</a> (finfo returns wrong mime type for woff/woff2 files).</li> </ul></li> <li>Filter: <ul> <li>Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs.</li> </ul></li> <li>FPM: <ul> <li>Emit error for invalid port setting.</li> <li>Added extra check for FPM proc dumpable on SELinux based systems.</li> <li>Added support for listening queue on macOS.</li> <li>Changed default for listen.backlog on Linux to -1.</li> <li>Added listen.setfib pool option to set route FIB on FreeBSD.</li> <li>Added access.suppress_path pool option to filter access log entries.</li> <li>Fixed on fpm scoreboard occasional warning on acquisition failure.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9754">GH-9754</a> (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).</li> </ul></li> <li>FTP: <ul> <li>Fix datetime format string to follow POSIX spec in ftp_mdtm().</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/81739">#81739</a>: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)</li> </ul></li> <li>GMP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9308">GH-9308</a> (GMP throws the wrong error when a GMP object is passed to gmp_init()).</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="http://bugs.php.net/81738">#81738</a>: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)</li> </ul></li> <li>Intl: <ul> <li>Update all grandfathered language tags with preferred values</li> <li>Fixed <a href="https://github.com/php/php-src/issues/7939">GH-7939</a> (Cannot unserialize IntlTimeZone objects).</li> <li>Fixed build for ICU 69.x and onwards.</li> <li>Declared Transliterator::$id as readonly to unlock subclassing it.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9421">GH-9421</a> (Incorrect argument number for ValueError in NumberFormatter).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9248">GH-9248</a> (Segmentation fault in mb_strimwidth()).</li> </ul></li> <li>mysqli: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9841">GH-9841</a> (mysqli_query throws warning despite using silenced error mode).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed potential heap corruption due to alignment mismatch.</li> </ul></li> <li>OCI8: <ul> <li>Added oci8.prefetch_lob_size directive to tune LOB query performance</li> <li>Support for building against Oracle Client libraries 10.1 and 10.2 has been dropped. Oracle Client libraries 11.2 or newer are now required.</li> </ul></li> <li>ODBC: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8300">GH-8300</a> (User input not escaped when building connection string).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9347">GH-9347</a> (Current ODBC liveness checks may be inadequate).</li> </ul></li> <li>Opcache: <ul> <li>Allocate JIT buffer close to PHP .text segemnt to allow using direct IP-relative calls and jumps.</li> <li>Added initial support for JIT performance profiling generation for macOs Instrument.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8030">GH-8030</a> (Segfault with JIT and large match/switch statements).</li> <li>Added JIT support improvement for macOs for segments and executable permission bit handling.</li> <li>Added JIT buffer allocation near the .text section on FreeNSD.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9371">GH-9371</a> (Crash with JIT on mac arm64) (jdp1024/David Carlier)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9259">GH-9259</a> (opcache.interned_strings_buffer setting integer overflow).</li> <li>Added indirect call reduction for jit on x86 architectures.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9164">GH-9164</a> (Segfault in zend_accel_class_hash_copy).</li> <li>Fix opcache preload with observers enabled.</li> </ul></li> <li>OpenSSL: <ul> <li>Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9310">GH-9310</a> (SSL local_cert and local_pk do not respect open_basedir).</li> <li>Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like AEAD).</li> <li>Added openssl_cipher_key_length function.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9517">GH-9517</a> (Compilation error openssl extension related to PR <a href="https://github.com/php/php-src/issues/9366">GH-9366</a>).</li> <li>Fixed missing clean up of OpenSSL engine list - attempt to fix <a href="https://github.com/php/php-src/issues/8620">GH-8620</a>.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8430">GH-8430</a> (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).</li> </ul></li> <li>PCNTL: <ul> <li>Fixed pcntl_(get|set)priority error handling for MacOS.</li> </ul></li> <li>PCRE: <ul> <li>Implemented FR <a href="http://bugs.php.net/77726">#77726</a> (Allow null character in regex patterns).</li> <li>Updated bundled libpcre to 10.40.</li> </ul></li> <li>PDO: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9818">GH-9818</a> (Initialize run time cache in PDO methods).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8576">GH-8576</a> (Bad interpretation of length when char is UTF-8).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/80909">#80909</a> (crash with persistent connections in PDO_ODBC).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8300">GH-8300</a> (User input not escaped when building connection string).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9347">GH-9347</a> (Current ODBC liveness checks may be inadequate).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9372">GH-9372</a> (HY010 when binding overlong parameter).</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9411">GH-9411</a> (PgSQL large object resource is incorrectly closed).</li> </ul></li> <li>Random: <ul> <li>Added new random extension.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9067">GH-9067</a> (random extension is not thread safe).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9055">GH-9055</a> (segmentation fault if user engine throws).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9066">GH-9066</a> (signed integer overflow).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9083">GH-9083</a> (undefined behavior during shifting).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9088">GH-9088</a>, <a href="https://github.com/php/php-src/issues/9056">GH-9056</a> (incorrect expansion of bytes when generating uniform integers within a given range).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9089">GH-9089</a> (Fix memory leak on Randomizer::__construct() call twice).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9212">GH-9212</a> (PcgOneseq128XslRr64::jump() should not allow negative $advance).</li> <li>Changed Mt19937 to throw a ValueError instead of InvalidArgumentException for invalid $mode.</li> <li>Splitted Random\Randomizer::getInt() (without arguments) to Random\Randomizer::nextInt().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9235">GH-9235</a> (non-existant $sequence parameter in stub for PcgOneseq128XslRr64::__construct()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9190">GH-9190</a>, <a href="https://github.com/php/php-src/issues/9191">GH-9191</a> (undefined behavior for MT_RAND_PHP when handling large ranges).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9249">GH-9249</a> (Xoshiro256StarStar does not reject the invalid all-zero state).</li> <li>Removed redundant RuntimeExceptions from Randomizer methods. The exceptions thrown by the engines will be exposed directly.</li> <li>Added extension specific Exceptions/Errors (RandomException, RandomError, BrokenRandomEngineError).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9415">GH-9415</a> (Randomizer::getInt(0, 2**32 - 1) with Mt19937 always returns 1).</li> <li>Fixed Randomizer::getInt() consistency for 32-bit engines.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9464">GH-9464</a> (build on older macOs releases).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9839">GH-9839</a> (Pre-PHP 8.2 output compatibility for non-mt_rand() functions for MT_RAND_PHP).</li> </ul></li> <li>Reflection: <ul> <li>Added ReflectionFunction::isAnonymous().</li> <li>Added ReflectionMethod::hasPrototype().</li> <li>Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8932">GH-8932</a> (ReflectionFunction provides no way to get the called class of a Closure).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7787">GH-7787</a> (Improve session write failure message for user error handlers).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/9200">GH-9200</a> (setcookie has an obsolete expires date format).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/9584">GH-9584</a> (Avoid memory corruption when not unregistering custom session handler).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9583">GH-9583</a> (session_create_id() fails with user defined save handler that doesn't have a validateId() method).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9720">GH-9720</a> (Null pointer dereference while serializing the response).</li> </ul></li> <li>Sockets: <ul> <li>Added TCP_NOTSENT_LOWAT socket option.</li> <li>Added SO_MEMINFO socket option.</li> <li>Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).</li> <li>Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket options.</li> <li>Added ancillary data support for FreeBSD.</li> <li>Added ancillary data support for NetBSD.</li> <li>Added SO_BPF_EXTENSIONS socket option.</li> <li>Added SO_SETFIB socket option.</li> <li>Added TCP_CONGESTION socket option.</li> <li>Added SO_ZEROCOPY/MSG_ZEROCOPY options.</li> <li>Added SOL_FILTER socket option for Solaris.</li> <li>Fixed socket constants regression as of PHP 8.2.0beta3.</li> </ul></li> <li>Sodium: <ul> <li>Added sodium_crypto_stream_xchacha20_xor_ic().</li> </ul></li> <li>SPL: <ul> <li>Uses safe_erealloc instead of erealloc to handle heap growth for the SplHeap::insert method to avoid possible overflows.</li> <li>Widen iterator_to_array() and iterator_count()'s $iterator parameter to iterable.</li> <li>Fixed bug <a href="http://bugs.php.net/69181">#69181</a> (READ_CSV|DROP_NEW_LINE drops newlines within fields).</li> <li>Fixed bug <a href="http://bugs.php.net/65069">#65069</a> (GlobIterator incorrect handling of open_basedir check).</li> </ul></li> <li>SQLite3: <ul> <li>Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER.</li> </ul></li> <li>Standard: <ul> <li>net_get_interfaces() also reports wireless network interfaces on Windows.</li> <li>Finished AVIF support in getimagesize().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7847">GH-7847</a> (stripos with large haystack has bad performance).</li> <li>New function memory_reset_peak_usage().</li> <li>Fixed parse_url(): can not recognize port without scheme.</li> <li>Deprecated utf8_encode() and utf8_decode().</li> <li>Fixed the crypt_sha256/512 api build with clang > 12.</li> <li>Uses safe_erealloc instead of erealloc to handle options in getopt to avoid possible overflows.</li> <li>Implemented FR <a href="https://github.com/php/php-src/issues/8924">GH-8924</a> (str_split should return empty array for empty string).</li> <li>Added ini_parse_quantity function to convert ini quantities shorthand notation to int.</li> <li>Enable arc4random_buf for Linux glibc 2.36 and onwards for the random_bytes.</li> <li>Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).</li> <li>Fixed bug <a href="http://bugs.php.net/65489">#65489</a> (glob() basedir check is inconsistent).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/9200">GH-9200</a> (setcookie has an obsolete expires date format).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/9244">GH-9244</a> (Segfault with array_multisort + array_shift).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9296">GH-9296</a> (`ksort` behaves incorrectly on arrays with mixed keys).</li> <li>Marked crypt()'s $string parameter as #[\SensitiveParameter].</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9464">GH-9464</a> (build on older macOs releases).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9518">GH-9518</a> (Disabling IPv6 support disables unrelated constants).</li> <li>Revert "Fixed parse_url(): can not recognize port without scheme." (andypost)</li> <li>Fix crash reading module_entry after DL_UNLOAD() when module already loaded.</li> </ul></li> <li>Streams: <ul> <li>Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8548">GH-8548</a> (stream_wrapper_unregister() leaks memory).</li> <li>Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9316">GH-9316</a> ($http_response_header is wrong for long status line).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9590">GH-9590</a> (stream_select does not abort upon exception or empty valid fd set).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9653">GH-9653</a> (file copy between different filesystems).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9779">GH-9779</a> (stream_copy_to_stream fails if dest in append mode).</li> </ul></li> <li>Windows: <ul> <li>Added preliminary support for (cross-)building for ARM64.</li> </ul></li> <li>XML: <ul> <li>Added libxml_get_external_entity_loader() function.</li> </ul></li> <li>Zip: <ul> <li>add ZipArchive::clearError() method</li> <li>add ZipArchive::getStreamName() method</li> <li>add ZipArchive::getStreamIndex() method</li> <li>On Windows, the Zip extension is now built as shared library (DLL) by default.</li> <li>Implement fseek for zip stream when possible with libzip 1.9.1.</li> </ul></li> </ul> </section> <a id="PHP_8_1"></a> <section class="version" id="8.1.31"> <h3>Version 8.1.31</h3> <b><time class='releasedate' datetime='2024-11-21'>21 Nov 2024</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-4w77-75f9-2c8w">GHSA-4w77-75f9-2c8w</a> (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff">GHSA-g665-fm4p-vhff</a> (OOB access in ldap_escape). (CVE-2024-8932)</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678">GHSA-h35g-vwh6-m678</a> (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)</li> </ul></li> <li>PDO DBLIB: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv">GHSA-5hqh-c84r-qjcv</a> (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)</li> </ul></li> <li>PDO Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv">GHSA-5hqh-c84r-qjcv</a> (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2">GHSA-c5f2-jwm7-mmq2</a> (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)</li> <li>Fixed bug <a href="https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43">GHSA-r977-prxv-hc43</a> (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)</li> </ul></li> </ul> </section> <section class="version" id="8.1.30"> <h3>Version 8.1.30</h3> <b><time class='releasedate' datetime='2024-09-26'>26 Sep 2024</time></b> <ul><li>CGI: <ul> <li>Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)</li> <li>Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)</li> </ul></li> <li>FPM: <ul> <li>Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)</li> </ul></li> </ul> </section> <section class="version" id="8.1.29"> <h3>Version 8.1.29</h3> <b><time class='releasedate' datetime='2024-06-06'>06 Jun 2024</time></b> <ul><li>CGI: <ul> <li>Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)</li> </ul></li> <li>Filter: <ul> <li>Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)</li> </ul></li> <li>OpenSSL: <ul> <li>The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.</li> </ul></li> <li>Standard: <ul> <li>Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)</li> </ul></li> </ul> </section> <section class="version" id="8.1.28"> <h3>Version 8.1.28</h3> <b><time class='releasedate' datetime='2024-04-11'>11 Apr 2024</time></b> <ul><li>Standard: <ul> <li>Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)</li> <li>Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)</li> <li>Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)</li> </ul></li> </ul> </section> <section class="version" id="8.1.27"> <h3>Version 8.1.27</h3> <b><time class='releasedate' datetime='2023-12-21'>21 Dec 2023</time></b> <ul><li>Core: <ul> <li>Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler).</li> <li>Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12758">GH-12758</a> / <a href="https://github.com/php/php-src/issues/12768">GH-12768</a> (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12616">GH-12616</a> (DOM: Removing XMLNS namespace node results in invalid default: prefix).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12705">GH-12705</a> (Segmentation fault in fpm_status_export_to_zval).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12635">GH-12635</a> (Test bug69398.phpt fails with ICU 74.1).</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12702">GH-12702</a> (libxml2 2.12.0 issue building from src).</li> </ul></li> <li>MySQLnd: <ul> <li>Avoid using uninitialised struct.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/50713">#50713</a> (openssl_pkcs7_verify() may ignore untrusted CAs).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12628">GH-12628</a> (The gh11374 test fails on Alpinelinux).</li> </ul></li> <li>PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12763">GH-12763</a> wrong argument type for pg_untrace.</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12675">GH-12675</a> (MEMORY_LEAK in phpdbg_prompt.c).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12633">GH-12633</a> (sqlite3_defensive.phpt fails with sqlite 3.44.0).</li> </ul></li> <li>Standard: <ul> <li>Fix memory leak in syslog device handling.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12621">GH-12621</a> (browscap segmentation fault when configured in the vhost).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12655">GH-12655</a> (proc_open() does not take into account references in the descriptor array).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/79945">#79945</a> (Stream wrappers in imagecreatefrompng causes segfault).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12661">GH-12661</a> (Inconsistency in ZipArchive::addGlob remove_path Option Behavior).</li> </ul></li> </ul> </section> <section class="version" id="8.1.26"> <h3>Version 8.1.26</h3> <b><time class='releasedate' datetime='2023-11-23'>23 Nov 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12468">GH-12468</a> (Double-free of doc_comment when overriding static property via trait).</li> <li>Fixed segfault caused by weak references to FFI objects.</li> <li>Fixed max_execution_time: don't delete an unitialized timer.</li> </ul></li> <li>DOM: <ul> <li>Fix registerNodeClass with abstract class crashing.</li> <li>Add missing NULL pointer error check.</li> <li>Fix validation logic of php:function() callbacks.</li> </ul></li> <li>Fiber: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11121">GH-11121</a> (ReflectionFiber segfault).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9921">GH-9921</a> (Loading ext in FPM config does not register module handlers).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12232">GH-12232</a> (FPM: segfault dynamically loading extension without opcache).</li> </ul></li> <li>Intl: <ul> <li>Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.</li> </ul></li> <li>Opcache: <ul> <li>Added warning when JIT cannot be enabled.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8143">GH-8143</a> (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12489">GH-12489</a> (Missing sigbio creation checking in openssl_cms_verify).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11374">GH-11374</a> (Backport upstream fix, Different preg_match result with -d pcre.jit=0).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12392">GH-12392</a> (Segmentation fault on SoapClient::__getTypes).</li> <li>Fixed bug <a href="http://bugs.php.net/66150">#66150</a> (SOAP WSDL cache race condition causes Segmentation Fault).</li> <li>Fixed bug <a href="http://bugs.php.net/67617">#67617</a> (SOAP leaves incomplete cache file on ENOSPC).</li> <li>Fix incorrect uri check in SOAP caching.</li> <li>Fix segfault and assertion failure with refcounted props and arrays.</li> <li>Fix potential crash with an edge case of persistent encoders.</li> <li>Fixed bug <a href="http://bugs.php.net/75306">#75306</a> (Memleak in SoapClient).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/75708">#75708</a> (getimagesize with "&$imageinfo" fails on StreamWrappers).</li> </ul></li> <li>XMLReader: <ul> <li>Add missing NULL pointer error check.</li> </ul></li> <li>XMLWriter: <ul> <li>Add missing NULL pointer error check.</li> </ul></li> <li>XSL: <ul> <li>Add missing module dependency.</li> <li>Fix validation logic of php:function() callbacks.</li> </ul></li> </ul> </section> <section class="version" id="8.1.25"> <h3>Version 8.1.25</h3> <b><time class='releasedate' datetime='2023-10-26'>26 Oct 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12207">GH-12207</a> (memory leak when class using trait with doc block).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12215">GH-12215</a> (Module entry being overwritten causes type errors in ext/dom).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12273">GH-12273</a> (__builtin_cpu_init check).</li> <li>Fixed bug <a href="http://bugs.php.net/80092">#80092</a> (ZTS + preload = segfault on shutdown).</li> </ul></li> <li>CLI: <ul> <li>Ensure a single Date header is present.</li> </ul></li> <li>CType: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11997">GH-11997</a> (ctype_alnum 5 times slower in PHP 8.1 or greater).</li> </ul></li> <li>DOM: <ul> <li>Restore old namespace reconciliation behaviour.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8996">GH-8996</a> (DOMNode serialization on PHP ^8.1).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11891">GH-11891</a> (fileinfo returns text/xml for some svg files).</li> </ul></li> <li>Filter: <ul> <li>Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12186">GH-12186</a> (segfault copying/cloning a finalized HashContext).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12243">GH-12243</a> (segfault on IntlDateFormatter::construct).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12282">GH-12282</a> (IntlDateFormatter::construct should throw an exception on an invalid locale).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12297">GH-12297</a> (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line).</li> </ul></li> <li>Opcache: <ul> <li>Fixed opcache_invalidate() on deleted file.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12380">GH-12380</a> (JIT+private array property access inside closure accesses private property in child class).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11956">GH-11956</a> (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12170">GH-12170</a> (Can't use xpath with comments in SimpleXML).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12223">GH-12223</a> (Entity reference produces infinite loop in var_dump/print_r).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12167">GH-12167</a> (Unable to get processing instruction contents in SimpleXML).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12169">GH-12169</a> (Unable to get comment contents in SimpleXML).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12190">GH-12190</a> (binding ipv4 address with both address and port at 0).</li> </ul></li> <li>XML: <ul> <li>Fix return type of stub of xml_parse_into_struct().</li> <li>Fix memory leak when calling xml_parse_into_struct() twice.</li> </ul></li> <li>XSL: <ul> <li>Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML.</li> </ul></li> <li>Sockets: <ul> <li>Fix socket_export_stream() with wrong protocol (twosee)</li> </ul></li> </ul> </section> <section class="version" id="8.1.24"> <h3>Version 8.1.24</h3> <b><time class='releasedate' datetime='2023-09-28'>28 Sep 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11937">GH-11937</a> (Constant ASTs containing objects).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11790">GH-11790</a> (On riscv64 require libatomic if actually needed).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12073">GH-12073</a> (Segfault when freeing incompletely initialized closures).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12060">GH-12060</a> (Internal iterator rewind handler is called twice).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12102">GH-12102</a> (Incorrect compile error when using array access on TMP value in function call).</li> </ul></li> <li>DOM: <ul> <li>Fix memory leak when setting an invalid DOMDocument encoding.</li> </ul></li> <li>Iconv: <ul> <li>Fixed build for NetBSD which still uses the old iconv signature.</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/12020">GH-12020</a> (intl_get_error_message() broken after MessageFormatter::formatMessage() fails).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10270">GH-10270</a> (Invalid error message when connection via SSL fails: "trying to connect via (null)").</li> </ul></li> <li>ODBC: <ul> <li>Fixed memory leak with failed SQLPrepare.</li> <li>Fixed persistent procedural ODBC connections not getting closed.</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="http://bugs.php.net/52751">#52751</a> (XPath processing-instruction() function is not supported).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11972">GH-11972</a> (RecursiveCallbackFilterIterator regression in 8.1.18).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11878">GH-11878</a> (SQLite3 callback functions cause a memory leak with a callable array).</li> </ul></li> </ul> </section> <section class="version" id="8.1.23"> <h3>Version 8.1.23</h3> <b><time class='releasedate' datetime='2023-08-31'>31 Aug 2023</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11716">GH-11716</a> (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10964">GH-10964</a> (Improve man page about the built-in server).</li> </ul></li> <li>Core: <ul> <li>Fixed strerror_r detection at configuration time.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11416">GH-11416</a>: Crash with DatePeriod when uninitialised objects are passed in.</li> </ul></li> <li>DOM: <ul> <li>Fix DOMEntity field getter bugs.</li> <li>Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.</li> <li>Fix DOMCharacterData::replaceWith() with itself.</li> <li>Fix empty argument cases for DOMParentNode methods.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11791">GH-11791</a> (Wrong default value of DOMDocument::xmlStandalone).</li> <li>Fix json_encode result on DOMDocument.</li> <li>Fix manually calling __construct() on DOM classes.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11830">GH-11830</a> (ParentNode methods should perform their checks upfront).</li> <li>Fix segfault when DOMParentNode::prepend() is called when the child disappears.</li> </ul></li> <li>FFI: <ul> <li>Fix leaking definitions when using FFI::cdef()->new(...).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11440">GH-11440</a> (authentication to a sha256_password account fails over SSL).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11438">GH-11438</a> (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11550">GH-11550</a> (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault).</li> <li>Fixed invalid error message "Malformed packet" when connection is dropped.</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11715">GH-11715</a> (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong).</li> <li>Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress.</li> </ul></li> <li>PCNTL: <ul> <li>Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81992">#81992</a> (SplFixedArray::setSize() causes use-after-free).</li> </ul></li> <li>Standard: <ul> <li>Prevent int overflow on $decimals in number_format.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11870">GH-11870</a> (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro)</li> </ul></li> </ul> </section> <section class="version" id="8.1.22"> <h3>Version 8.1.22</h3> <b><time class='releasedate' datetime='2023-08-03'>03 Aug 2023</time></b> <ul><li>Build: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11522">GH-11522</a> (PHP version check fails with '-' separator).</li> </ul></li> <li>CLI: <ul> <li>Fix interrupted CLI output causing the process to exit.</li> </ul></li> <li>Core: <ul> <li>Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).</li> <li>Fixed use-of-uninitialized-value with ??= on assert.</li> <li>Fixed build for FreeBSD before the 11.0 releases.</li> </ul></li> <li>Curl: <ul> <li>Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11368">GH-11368</a> (Date modify returns invalid datetime).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11625">GH-11625</a> (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11298">GH-11298</a> (finfo returns wrong mime type for xz files).</li> </ul></li> <li>FTP: <ul> <li>Fix context option check for "overwrite".</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10562">GH-10562</a> (Memory leak and invalid state with consecutive ftp_nb_fget).</li> </ul></li> <li>GD: <ul> <li>Fix most of the external libgd test failures.</li> </ul></li> <li>Hash: <ul> <li>Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.</li> </ul></li> <li>Intl: <ul> <li>Fix memory leak in MessageFormatter::format() on failure.</li> </ul></li> <li>Libxml: <ul> <li>Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)</li> </ul></li> <li>MBString: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11300">GH-11300</a> (license issue: restricted unicode license headers).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10914">GH-10914</a> (OPCache with Enum and Callback functions results in segmentation fault).</li> <li>Prevent potential deadlock if accelerated globals cannot be allocated.</li> </ul></li> <li>PCNTL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11498">GH-11498</a> (SIGCHLD is not always returned from proc_open).</li> </ul></li> <li>PCRE: <ul> <li>Mangle PCRE regex cache key with JIT option.</li> </ul></li> <li>PDO: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11587">GH-11587</a> (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled).</li> </ul></li> <li>PDO SQLite: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/11492">GH-11492</a> (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).</li> </ul></li> <li>Phar: <ul> <li>Add missing check on EVP_VerifyUpdate() in phar util.</li> <li>Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9669">GH-9669</a> (phpdbg -h options doesn't list the -z option).</li> </ul></li> <li>Session: <ul> <li>Removed broken url support for transferring session ID.</li> </ul></li> <li>Standard: <ul> <li>Fix serialization of RC1 objects appearing in object graph twice.</li> </ul></li> <li>SQLite3: <ul> <li>Fix replaced error handling in SQLite3Stmt::__construct.</li> </ul></li> </ul> </section> <section class="version" id="8.1.21"> <h3>Version 8.1.21</h3> <b><time class='releasedate' datetime='2023-07-06'>06 Jul 2023</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11246">GH-11246</a> (cli/get_set_process_title fails on MacOS).</li> </ul></li> <li>Core: <ul> <li>Fixed build for the riscv64 architecture/GCC 12.</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11433">GH-11433</a> (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).</li> </ul></li> <li>DOM: <ul> <li>Fixed bugs <a href="https://github.com/php/php-src/issues/11288">GH-11288</a> and <a href="https://github.com/php/php-src/issues/11289">GH-11289</a> and <a href="https://github.com/php/php-src/issues/11290">GH-11290</a> and <a href="https://github.com/php/php-src/issues/9142">GH-9142</a> (DOMExceptions and segfaults with replaceWith).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10234">GH-10234</a> (Setting DOMAttr::textContent results in an empty attribute value).</li> <li>Fix return value in stub file for DOMNodeList::item.</li> <li>Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS.</li> <li>Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11347">GH-11347</a> (Memory leak when calling a static method inside an xpath query).</li> <li>Fixed bug <a href="http://bugs.php.net/67440">#67440</a> (append_node of a DOMDocumentFragment does not reconcile namespaces).</li> <li>Fixed bug <a href="http://bugs.php.net/81642">#81642</a> (DOMChildNode::replaceWith() bug when replacing a node with itself).</li> <li>Fixed bug <a href="http://bugs.php.net/77686">#77686</a> (Removed elements are still returned by getElementById).</li> <li>Fixed bug <a href="http://bugs.php.net/70359">#70359</a> (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()).</li> <li>Fixed bug <a href="http://bugs.php.net/78577">#78577</a> (Crash in DOMNameSpace debug info handlers).</li> <li>Fix lifetime issue with getAttributeNodeNS().</li> <li>Fix "invalid state error" with cloned namespace declarations.</li> <li>Fixed bug <a href="http://bugs.php.net/55294">#55294</a> and #47530 and #47847 (various namespace reconciliation issues).</li> <li>Fixed bug <a href="http://bugs.php.net/80332">#80332</a> (Completely broken array access functionality with DOMNamedNodeMap).</li> </ul></li> <li>Opcache: <ul> <li>Fix allocation loop in zend_shared_alloc_startup().</li> <li>Access violation on smm_shared_globals with ALLOC_FALLBACK.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11336">GH-11336</a> (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9356">GH-9356</a> Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka).</li> </ul></li> <li>PGSQL: <ul> <li>Fixed intermittent segfault with pg_trace.</li> </ul></li> <li>Phar: <ul> <li>Fix cross-compilation check in phar generation for FreeBSD.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11338">GH-11338</a> (SplFileInfo empty getBasename with more than one slash).</li> </ul></li> <li>Standard: <ul> <li>Fix access on NULL pointer in array_merge_recursive().</li> <li>Fix exception handling in array_multisort().</li> </ul></li> </ul> </section> <section class="version" id="8.1.20"> <h3>Version 8.1.20</h3> <b><time class='releasedate' datetime='2023-06-08'>08 Jun 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9068">GH-9068</a> (Conditional jump or move depends on uninitialised value(s)).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11189">GH-11189</a> (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11222">GH-11222</a> (foreach by-ref may jump over keys during a rehash).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11281">GH-11281</a> (DateTimeZone::getName() does not include seconds in offset).</li> </ul></li> <li>Exif: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10834">GH-10834</a> (exif_read_data() cannot read smaller stream wrapper chunk sizes).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10461">GH-10461</a> (PHP-FPM segfault due to after free usage of child->ev_std(out|err)).</li> <li>Fixed bug <a href="http://bugs.php.net/64539">#64539</a> (FPM status page: query_string not properly JSON encoded).</li> <li>Fixed memory leak for invalid primary script file handle.</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11180">GH-11180</a> (hash_file() appears to be restricted to 3 arguments).</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11160">GH-11160</a> (Few tests failed building with new libxml 2.11.0).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11134">GH-11134</a> (Incorrect match default branch optimization).</li> <li>Fixed too wide OR and AND range inference.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11245">GH-11245</a> (In some specific cases SWITCH with one default statement will cause segfault).</li> </ul></li> <li>PGSQL: <ul> <li>Fixed parameter parsing of pg_lo_export().</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11099">GH-11099</a> (Generating phar.php during cross-compile can't be done).</li> </ul></li> <li>Soap: <ul> <li>Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8426">GH-8426</a> (make test fail while soap extension build).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11178">GH-11178</a> (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11138">GH-11138</a> (move_uploaded_file() emits open_basedir warning for source file).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11274">GH-11274</a> (POST/PATCH request switches to GET after a HTTP 308 redirect).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10031">GH-10031</a> ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11175">GH-11175</a> (Stream Socket Timeout).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11177">GH-11177</a> (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client).</li> </ul></li> </ul> </section> <section class="version" id="8.1.19"> <h3>Version 8.1.19</h3> <b><time class='releasedate' datetime='2023-05-11'>11 May 2023</time></b> <ul><li>Core: <ul> <li>Fix inconsistent float negation in constant expressions.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8841">GH-8841</a> (php-cli core dump calling a badly formed function).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10737">GH-10737</a> (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11028">GH-11028</a> (Heap Buffer Overflow in zval_undefined_cv.).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11108">GH-11108</a> (Incorrect CG(memoize_mode) state after bailout in ??=).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/80602">#80602</a> (Segfault when using DOMChildNode::before()).</li> <li>Fixed incorrect error handling in dom_zvals_to_fragment().</li> </ul></li> <li>Exif: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9397">GH-9397</a> (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/11071">GH-11071</a> (TZData version not displayed anymore).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10968">GH-10968</a> (Segfault in preg_replace_callback_array()).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10990">GH-10990</a> (mail() throws TypeError after iterating over $additional_headers array by reference).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9775">GH-9775</a> (Duplicates returned by array_unique when using enums).</li> </ul></li> </ul> </section> <section class="version" id="8.1.18"> <h3>Version 8.1.18</h3> <b><time class='releasedate' datetime='2023-04-13'>13 Apr 2023</time></b> <ul><li>Core: <ul> <li>Added optional support for max_execution_time in ZTS/Linux builds.</li> <li>Fixed use-after-free in recursive AST evaluation.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8646">GH-8646</a> (Memory leak PHP FPM 8.1).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10801">GH-10801</a> (Named arguments in CTE functions cause a segfault).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8789">GH-8789</a> (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10015">GH-10015</a> (zend_signal_handler_defer crashes on apache shutdown).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10810">GH-10810</a> (Fix NUL byte terminating Exception::__toString()).</li> <li>Fix potential memory corruption when mixing __callStatic() and FFI.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10583">GH-10583</a> (DateTime modify with tz pattern should not update linked timezone).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10611">GH-10611</a> (fpm_env_init_main leaks environ).</li> <li>Destroy file_handle in fpm_main.</li> <li>Fixed bug <a href="http://bugs.php.net/74129">#74129</a> (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path).</li> </ul></li> <li>FTP: <ul> <li>Propagate success status of ftp_close().</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10521">GH-10521</a> (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).</li> </ul></li> <li>IMAP: <ul> <li>Fix build failure with Clang 16.</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8979">GH-8979</a> (Possible Memory Leak with SSL-enabled MySQL connections).</li> </ul></li> <li>Opcache: <ul> <li>Fixed build for macOS to cater with pkg-config settings.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8065">GH-8065</a> (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context).</li> </ul></li> <li>OpenSSL: <ul> <li>Add missing error checks on file writing functions.</li> </ul></li> <li>PDO Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10908">GH-10908</a> (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland).</li> </ul></li> <li>PDO ODBC: <ul> <li>Fixed missing and inconsistent error checks on SQLAllocHandle.</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10766">GH-10766</a> (PharData archive created with Phar::Zip format does not keep files metadata (datetime)).</li> <li>Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().</li> </ul></li> <li>PGSQL: <ul> <li>Fixed typo in the array returned from pg_meta_data (extended mode).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10519">GH-10519</a> (Array Data Address Reference Issue).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10844">GH-10844</a> (ArrayIterator allows modification of readonly props).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10885">GH-10885</a> (stream_socket_server context leaks).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10052">GH-10052</a> (Browscap crashes PHP 8.1.12 on request shutdown (apache2)).</li> <li>Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure).</li> <li>Fixed undefined behaviour in unpack().</li> </ul></li> </ul> </section> <section class="version" id="8.1.17"> <h3>Version 8.1.17</h3> <b><time class='releasedate' datetime='2023-03-16'>16 Mar 2023</time></b> <ul><li>Core: <ul> <li>Fixed incorrect check condition in ZEND_YIELD.</li> <li>Fixed incorrect check condition in type inference.</li> <li>Fixed overflow check in OnUpdateMemoryConsumption.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9916">GH-9916</a> (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10437">GH-10437</a> (Segfault/assertion when using fibers in shutdown function after bailout).</li> <li>Fixed SSA object type update for compound assignment opcodes.</li> <li>Fixed language scanner generation build.</li> <li>Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type.</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10570">GH-10570</a> (Fixed unknown string hash on property fetch with integer constant name).</li> <li>Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized.</li> </ul></li> <li>Curl: <ul> <li>Fixed deprecation warning at compile time.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10270">GH-10270</a> (Unable to return CURL_READFUNC_PAUSE in readfunc callback).</li> </ul></li> <li>Date: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10447">GH-10447</a> ('p' format specifier does not yield 'Z' for 00:00).</li> </ul></li> <li>FFI: <ul> <li>Fixed incorrect bitshifting and masking in ffi bitfield.</li> </ul></li> <li>Fiber: <ul> <li>Fixed assembly on alpine x86.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10496">GH-10496</a> (segfault when garbage collector is invoked inside of fiber).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10315">GH-10315</a> (FPM unknown child alert not valid).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10385">GH-10385</a> (FPM successful config test early exit).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10647">GH-10647</a> (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0.</li> </ul></li> <li>JSON: <ul> <li>Fixed JSON scanner and parser generation build.</li> </ul></li> <li>MBString: <ul> <li>ext/mbstring: fix new_value length check.</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/10627">GH-10627</a> (mb_convert_encoding crashes PHP on Windows).</li> </ul></li> <li>Opcache: <ul> <li>Fix incorrect page_size check.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed php_openssl_set_server_dh_param() DH params errors handling.</li> </ul></li> <li>PDO OCI: <ul> <li>Fixed bug <a href="http://bugs.php.net/60994">#60994</a> (Reading a multibyte CLOB caps at 8192 chars).</li> </ul></li> <li>PHPDBG: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10715">GH-10715</a> (heap buffer overflow on --run option misuse).</li> </ul></li> <li>PGSQL: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10672">GH-10672</a> (pg_lo_open segfaults in the strict_types mode).</li> </ul></li> <li>Phar: <ul> <li>Fix incorrect check in phar tar parsing.</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10623">GH-10623</a> (Reflection::getClosureUsedVariables opcode fix with variadic arguments).</li> <li>Fix Segfault when using ReflectionFiber suspended by an internal function.</li> </ul></li> <li>Session: <ul> <li>Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10292">GH-10292</a> (Made the default value of the first param of srand() and mt_srand() unknown).</li> <li>Fix incorrect check in cs_8559_5 in map_from_unicode().</li> <li>Fix bug <a href="https://github.com/php/php-src/issues/9697">GH-9697</a> for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes</li> <li>Fix incorrect error check in browsecap for pcre2_match().</li> </ul></li> <li>Tidy: <ul> <li>Fix memory leaks when attempting to open a non-existing file or a file over 4GB.</li> <li>Add missing error check on tidyLoadConfig.</li> </ul></li> <li>Zlib: <ul> <li>Fixed output_handler directive value's length which counted the string terminator.</li> </ul></li> </ul> </section> <section class="version" id="8.1.16"> <h3>Version 8.1.16</h3> <b><time class='releasedate' datetime='2023-02-14'>14 Feb 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81744">#81744</a> (Password_verify() always return true with some hash).</li> <li>Fixed bug <a href="http://bugs.php.net/81746">#81746</a> (1-byte array overrun in common path resolve code).</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)</li> </ul></li> </ul> </section> <section class="version" id="8.1.15"> <h3>Version 8.1.15</h3> <b><time class='releasedate' datetime='2023-02-02'>02 Feb 2023</time></b> <ul><li>Apache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9949">GH-9949</a> (Partial content on incomplete POST request).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10072">GH-10072</a> (PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code).</li> <li>Fix <a href="https://github.com/php/php-src/issues/10251">GH-10251</a> (Assertion `(flag & (1<<3)) == 0' failed).</li> <li>Fix wrong comparison in block optimisation pass after opcode update.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9891">GH-9891</a> (DateTime modify with unixtimestamp (@) must work like setTimestamp).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10218">GH-10218</a> (DateTimeZone fails to parse time zones that contain the "+" character).</li> </ul></li> <li>Fiber: <ul> <li>Fix assertion on stack allocation size.</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9981">GH-9981</a> (FPM does not reset fastcgi.error_header).</li> <li>Fixed bug <a href="http://bugs.php.net/67244">#67244</a> (Wrong owner:group for listening unix socket).</li> </ul></li> <li>Hash: <ul> <li>Handle exceptions from __toString in XXH3's initialization (nielsdos)</li> </ul></li> <li>LDAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10112">GH-10112</a> (LDAP\Connection::__construct() refers to ldap_create()).</li> </ul></li> <li>MBString: <ul> <li>Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character.</li> </ul></li> <li>Opcache: <ul> <li>Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).</li> <li>Fix access to uninitialized variable in accel_preload().</li> <li>Fix zend_jit_find_trace() crashes.</li> <li>Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit.</li> </ul></li> <li>Phar: <ul> <li>Fix wrong flags check for compression method in phar_object.c (nielsdos)</li> </ul></li> <li>PHPDBG: <ul> <li>Fix undefined behaviour in phpdbg_load_module_or_extension().</li> <li>Fix NULL pointer dereference in phpdbg_create_conditional_breal().</li> <li>Fix <a href="https://github.com/php/php-src/issues/9710">GH-9710</a>: phpdbg memory leaks by option "-h" (nielsdos)</li> <li>Fix phpdbg segmentation fault in case of malformed input (nielsdos)</li> </ul></li> <li>Posix: <ul> <li>Fix memory leak in posix_ttyname() (girgias)</li> </ul></li> <li>Standard: <ul> <li>Fix <a href="https://github.com/php/php-src/issues/10187">GH-10187</a> (Segfault in stripslashes() with arm64).</li> <li>Fix substr_replace with slots in repl_ht being UNDEF.</li> </ul></li> <li>TSRM: <ul> <li>Fixed Windows shmget() wrt. IPC_PRIVATE.</li> </ul></li> <li>XMLWriter: <ul> <li>Fix missing check for xmlTextWriterEndElement (nielsdos)</li> </ul></li> </ul> </section> <section class="version" id="8.1.14"> <h3>Version 8.1.14</h3> <b><time class='releasedate' datetime='2023-01-05'>05 Jan 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9905">GH-9905</a> (constant() behaves inconsistent when class is undefined).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9918">GH-9918</a> (License information for xxHash is not included in README.REDIST.BINS file).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9650">GH-9650</a> (Can't initialize heap: [0x000001e7]).</li> <li>Fixed potentially undefined behavior in Windows ftok(3) emulation.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9699">GH-9699</a> (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9700">GH-9700</a> (DateTime::createFromFormat: Parsing TZID string is too greedy).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9866">GH-9866</a> (Time zone bug with \DateTimeInterface::diff()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9880">GH-9880</a> (DateTime diff returns wrong sign on day count when using a timezone).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9959">GH-9959</a> (Solaris port event mechanism is still broken after bug #66694).</li> <li>Fixed bug <a href="http://bugs.php.net/68207">#68207</a> (Setting fastcgi.error_header can result in a WARNING).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8517">GH-8517</a> (Random crash of FPM master process in fpm_stdio_child_said).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9535">GH-9535</a> (The behavior of mb_strcut in mbstring has been changed in PHP8.1).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9968">GH-9968</a> (Segmentation Fault during OPCache Preload).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9064">GH-9064</a> (PHP fails to build if openssl was built with --no-ec).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/10000">GH-10000</a> (OpenSSL test failures when OpenSSL compiled with no-dsa).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9298">GH-9298</a> (Signal handler called after rshutdown leads to crash).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9971">GH-9971</a> (Incorrect NUMERIC value returned from PDO_Firebird).</li> </ul></li> <li>PDO/SQLite: <ul> <li>Fixed bug <a href="http://bugs.php.net/81740">#81740</a> (PDO::quote() may return unquoted string). (CVE-2022-31631)</li> </ul></li> <li>Session: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/9932">GH-9932</a> (session name silently fails with . and [).</li> </ul></li> <li>SPL: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/9883">GH-9883</a> (SplFileObject::__toString() reads next line).</li> <li>Fixed <a href="https://github.com/php/php-src/issues/10011">GH-10011</a> (Trampoline autoloader will get reregistered and cannot be unregistered).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="http://bugs.php.net/81742">#81742</a> (open_basedir bypass in SQLite3 by using file URI).</li> </ul></li> </ul> </section> <section class="version" id="8.1.13"> <h3>Version 8.1.13</h3> <b><time class='releasedate' datetime='2022-11-24'>24 Nov 2022</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9709">GH-9709</a> (Null pointer dereference with -w/-s options).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9752">GH-9752</a> (Generator crashes when interrupted during argument evaluation with extra named params).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9801">GH-9801</a> (Generator crashes when memory limit is exceeded during initialization).</li> <li>Fixed potential NULL pointer dereference Windows shm*() functions.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9750">GH-9750</a> (Generator memory leak when interrupted during argument evaluation.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9763">GH-9763</a> (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9754">GH-9754</a> (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).</li> </ul></li> <li>mysqli: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9841">GH-9841</a> (mysqli_query throws warning despite using silenced error mode).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed potential heap corruption due to alignment mismatch.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8430">GH-8430</a> (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).</li> </ul></li> <li>SOAP: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/9720">GH-9720</a> (Null pointer dereference while serializing the response).</li> </ul></li> </ul> </section> <section class="version" id="8.1.12"> <h3>Version 8.1.12</h3> <b><time class='releasedate' datetime='2022-10-27'>27 Oct 2022</time></b> <ul><li>Core: <ul> <li>Fixes segfault with Fiber on FreeBSD i386 architecture.</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8805">GH-8805</a> (finfo returns wrong mime type for woff/woff2 files).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/81739">#81739</a>: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="http://bugs.php.net/81738">#81738</a>: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9683">GH-9683</a> (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader).</li> </ul></li> <li>Opcache: <ul> <li>Added indirect call reduction for jit on x86 architectures.</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9583">GH-9583</a> (session_create_id() fails with user defined save handler that doesn't have a validateId() method).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9590">GH-9590</a> (stream_select does not abort upon exception or empty valid fd set).</li> </ul></li> </ul> </section> <section class="version" id="8.1.11"> <h3>Version 8.1.11</h3> <b><time class='releasedate' datetime='2022-09-29'>29 Sep 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81726">#81726</a>: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)</li> <li>Fixed bug <a href="http://bugs.php.net/81727">#81727</a>: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9323">GH-9323</a> (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9361">GH-9361</a> (Segmentation fault on script exit #9379).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9447">GH-9447</a> (Invalid class FQN emitted by AST dump for new and class constants in constant expressions).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/79451">#79451</a> (DOMDocument->replaceChild on doctype causes double free).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8885">GH-8885</a> (FPM access.log with stderr begins to write logs to error_log after daemon reload).</li> <li>Fixed bug <a href="http://bugs.php.net/77780">#77780</a> ("Headers already sent..." when previous connection was aborted).</li> </ul></li> <li>GMP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9308">GH-9308</a> (GMP throws the wrong error when a GMP object is passed to gmp_init()).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9421">GH-9421</a> (Incorrect argument number for ValueError in NumberFormatter).</li> </ul></li> <li>PCRE: <ul> <li>Fixed pcre.jit on Apple Silicon.</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9411">GH-9411</a> (PgSQL large object resource is incorrectly closed).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8932">GH-8932</a> (ReflectionFunction provides no way to get the called class of a Closure).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9316">GH-9316</a> ($http_response_header is wrong for long status line).</li> </ul></li> </ul> </section> <section class="version" id="8.1.10"> <h3>Version 8.1.10</h3> <b><time class='releasedate' datetime='2022-09-01'>01 Sep 2022</time></b> <ul><li>Core: <ul> <li>Fixed --CGI-- support of run-tests.php.</li> <li>Fixed incorrect double to long casting in latest clang.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9266">GH-9266</a> (GC root buffer keeps growing when dtors are present).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8730">GH-8730</a> (DateTime::diff miscalculation is same time zone of different type).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8964">GH-8964</a> (DateTime object comparison after applying delta less than 1 second).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9106">GH-9106</a>: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).</li> <li>Fixed bug <a href="http://bugs.php.net/81263">#81263</a> (Wrong result from DateTimeImmutable::diff).</li> </ul></li> <li>DBA: <ul> <li>Fixed LMDB driver memory leak on DB creation failure.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9155">GH-9155</a> (dba_open("non-existing", "c-", "flatfile") segfaults).</li> </ul></li> <li>IMAP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9309">GH-9309</a> (Segfault when connection is used after imap_close()).</li> </ul></li> <li>Intl: <ul> <li>Fixed IntlDateFormatter::formatObject() parameter type.</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9008">GH-9008</a> (mb_detect_encoding(): wrong results with null $encodings).</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9033">GH-9033</a> (Loading blacklist file can fail due to negative length).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9164">GH-9164</a> (Segfault in zend_accel_class_hash_copy).</li> </ul></li> <li>PDO_SQLite: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9032">GH-9032</a> (SQLite3 authorizer crashes on NULL values).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9032">GH-9032</a> (SQLite3 authorizer crashes on NULL values).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8472">GH-8472</a> (The resource returned by stream_socket_accept may have incorrect metadata).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8409">GH-8409</a> (SSL handshake timeout leaves persistent connections hanging).</li> </ul></li> </ul> </section> <section class="version" id="8.1.9"> <h3>Version 8.1.9</h3> <b><time class='releasedate' datetime='2022-08-04'>04 Aug 2022</time></b> <ul><li>CLI: <ul> <li>Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.</li> <li>Fixed <a href="https://github.com/php/php-src/issues/8952">GH-8952</a> (Intentionally closing std handles no longer possible).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8923">GH-8923</a> (error_log on Windows can hold the file write lock).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8995">GH-8995</a> (WeakMap object reference offset causing TypeError).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/80047">#80047</a> (DatePeriod doesn't warn with custom DateTimeImmutable).</li> </ul></li> <li>FPM: <ul> <li>Fixed zlog message prepend, free on incorrect address.</li> <li>Fixed possible double free on configuration loading failure. (Heiko Weber).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8848">GH-8848</a> (imagecopyresized() error refers to the wrong argument).</li> </ul></li> <li>Intl: <ul> <li>Fixed build for ICU 69.x and onwards.</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8847">GH-8847</a> (PHP hanging infinitly at 100% cpu when check php syntax of a valid file).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8030">GH-8030</a> (Segfault with JIT and large match/switch statements).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8943">GH-8943</a> (Fixed Reflection::getModifierNames() with readonly modifier).</li> </ul></li> <li>Standard: <ul> <li>Fixed the crypt_sha256/512 api build with clang > 12.</li> <li>Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9017">GH-9017</a> (php_stream_sock_open_from_socket could return NULL).</li> </ul></li> </ul> </section> <section class="version" id="8.1.8"> <h3>Version 8.1.8</h3> <b><time class='releasedate' datetime='2022-07-07'>07 Jul 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8338">GH-8338</a> (Intel CET is disabled unintentionally).</li> <li>Fixed leak in Enum::from/tryFrom for internal enums when using JIT</li> <li>Fixed calling internal methods with a static return type from extension code.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8655">GH-8655</a> (Casting an object to array does not unwrap refcount=1 references).</li> <li>Fixed potential use after free in php_binary_init().</li> </ul></li> <li>CLI: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/8827">GH-8827</a> (Intentionally closing std handles no longer possible).</li> </ul></li> <li>COM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8778">GH-8778</a> (Integer arithmethic with large number variants fails).</li> </ul></li> <li>Curl: <ul> <li>Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/72963">#72963</a> (Null-byte injection in CreateFromFormat and related functions).</li> <li>Fixed bug <a href="http://bugs.php.net/74671">#74671</a> (DST timezone abbreviation has incorrect offset).</li> <li>Fixed bug <a href="http://bugs.php.net/77243">#77243</a> (Weekdays are calculated incorrectly for negative years).</li> <li>Fixed bug <a href="http://bugs.php.net/78139">#78139</a> (timezone_open accepts invalid timezone string argument).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="http://bugs.php.net/81723">#81723</a> (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/67764">#67764</a> (fpm: syslog.ident don't work).</li> </ul></li> <li>GD: <ul> <li>Fixed imagecreatefromavif() memory leak.</li> </ul></li> <li>MBString: <ul> <li>mb_detect_encoding recognizes all letters in Czech alphabet</li> <li>mb_detect_encoding recognizes all letters in Hungarian alphabet</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8685">GH-8685</a> (pcre not ready at mbstring startup).</li> <li>Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.</li> </ul></li> <li>ODBC: <ul> <li>Fixed handling of single-key connection strings.</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8591">GH-8591</a> (tracing JIT crash after private instance method change).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/50293">#50293</a> (Several openssl functions ignore the VCWD).</li> <li>Fixed bug <a href="http://bugs.php.net/81713">#81713</a> (NULL byte injection in several OpenSSL functions working with certificates).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed handling of single-key connection strings.</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8781">GH-8781</a> (ZipArchive::close deletes zip file without updating stat cache).</li> </ul></li> </ul> </section> <section class="version" id="8.1.7"> <h3>Version 8.1.7</h3> <b><time class='releasedate' datetime='2022-06-09'>09 Jun 2022</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8575">GH-8575</a> (CLI closes standard streams too early).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/51934">#51934</a> (strtotime plurals / incorrect time).</li> <li>Fixed bug <a href="http://bugs.php.net/51987">#51987</a> (Datetime fails to parse an ISO 8601 ordinal date (extended format)).</li> <li>Fixed bug <a href="http://bugs.php.net/66019">#66019</a> (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH)</li> <li>Fixed bug <a href="http://bugs.php.net/68549">#68549</a> (Timezones and offsets are not properly used when working with dates)</li> <li>Fixed bug <a href="http://bugs.php.net/81565">#81565</a> (date parsing fails when provided with timezones including seconds).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7758">GH-7758</a> (Problems with negative timestamps and fractions).</li> </ul></li> <li>FPM: <ul> <li>Fixed ACL build check on MacOS.</li> <li>Fixed bug <a href="http://bugs.php.net/72185">#72185</a>: php-fpm writes empty fcgi record causing nginx 502.</li> </ul></li> <li>mysqlnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/81719">#81719</a>: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8461">GH-8461</a> (tracing JIT crash after function/method change).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/79589">#79589</a> (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed Haiku build.</li> </ul></li> <li>pgsql: <ul> <li>Fixed bug <a href="http://bugs.php.net/81720">#81720</a>: Uninitialized array in pg_query_params(). (CVE-2022-31625)</li> </ul></li> <li>Soap: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8578">GH-8578</a> (Error on wrong parameter on SoapHeader constructor).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8538">GH-8538</a> (SoapClient may strip parts of nmtokens).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8235">GH-8235</a> (iterator_count() may run indefinitely).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8185">GH-8185</a> (Crash during unloading of extension after dl() in ZTS).</li> </ul></li> <li>Zip: <ul> <li>Fixed type for index in ZipArchive::replaceFile.</li> </ul></li> </ul> </section> <section class="version" id="8.1.6"> <h3>Version 8.1.6</h3> <b><time class='releasedate' datetime='2022-05-12'>12 May 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8310">GH-8310</a> (Registry settings are no longer recognized).</li> <li>Fixed potential race condition during resource ID allocation.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8133">GH-8133</a> (Preloading of constants containing arrays with enums segfaults).</li> <li>Fixed Haiku ZTS builds.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7752">GH-7752</a> (DateTimeZone::getTransitions() returns insufficient data).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8108">GH-8108</a> (Timezone doesn't work as intended).</li> <li>Fixed bug <a href="http://bugs.php.net/81660">#81660</a> (DateTimeZone::getTransitions() returns invalid data).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8289">GH-8289</a> (Exceptions thrown within a yielded from iterator are not rethrown into the generator).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8433">GH-8433</a> (Assigning function pointers to structs in FFI leaks).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/76003">#76003</a> (FPM /status reports wrong number of active processe).</li> <li>Fixed bug <a href="http://bugs.php.net/77023">#77023</a> (FPM cannot shutdown processes).</li> <li>Fixed comment in kqueue remove callback log message.</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="http://bugs.php.net/81714">#81714</a> (segfault when serializing finalized HashContext).</li> </ul></li> <li>Iconv: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8218">GH-8218</a> (ob_end_clean does not reset Content-Encoding header).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8364">GH-8364</a> (msgfmt_format $values may not support references).</li> </ul></li> <li>MBString: <ul> <li>Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier.</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8267">GH-8267</a> (MySQLi uses unsupported format specifier on Windows).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8366">GH-8366</a> (ArrayIterator may leak when calling __construct()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8273">GH-8273</a> (SplFileObject: key() returns wrong value).</li> </ul></li> <li>Streams: <ul> <li>Fixed php://temp does not preserve file-position when switched to temporary file.</li> </ul></li> <li>zlib: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8218">GH-8218</a> (ob_end_clean does not reset Content-Encoding header).</li> </ul></li> </ul> </section> <section class="version" id="8.1.5"> <h3>Version 8.1.5</h3> <b><time class='releasedate' datetime='2022-04-14'>14 Apr 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8176">GH-8176</a> (Enum values in property initializers leak).</li> <li>Fixed freeing of internal attribute arguments.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8070">GH-8070</a> (memory leak of internal function attribute hash).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8160">GH-8160</a> (ZTS support on Alpine is broken).</li> </ul></li> <li>Filter: <ul> <li>Fixed signedness confusion in php_filter_validate_domain().</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8115">GH-8115</a> (Can't catch arg type deprecation when instantiating Intl classes).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8142">GH-8142</a> (Compilation error on cygwin).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7734">GH-7734</a> (Fix IntlPartsIterator key off-by-one error and first key).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8208">GH-8208</a> (mb_encode_mimeheader: $indent functionality broken).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8068">GH-8068</a> (mysqli_fetch_object creates inaccessible properties).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8142">GH-8142</a> (Compilation error on cygwin).</li> </ul></li> <li>PgSQL: <ul> <li>Fixed result_type related stack corruption on LLP64 architectures.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8253">GH-8253</a> (pg_insert() fails for references).</li> </ul></li> <li>Sockets: <ul> <li>Fixed Solaris builds.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8121">GH-8121</a> (SplFileObject - seek and key with csv file inconsistent).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8192">GH-8192</a> (Cannot override DirectoryIterator::current() without return typehint in 8.1).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8048">GH-8048</a> (Force macOS to use statfs).</li> </ul></li> </ul> </section> <section class="version" id="8.1.4"> <h3>Version 8.1.4</h3> <b><time class='releasedate' datetime='2022-03-17'>17 Mar 2022</time></b> <ul><li>Core: <ul> <li>Fixed Haiku ZTS build.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8059">GH-8059</a> arginfo not regenerated for extension.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8083">GH-8083</a> Segfault when dumping uncalled fake closure with static variables.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7958">GH-7958</a> (Nested CallbackFilterIterator is leaking memory).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8074">GH-8074</a> (Wrong type inference of range() result).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8140">GH-8140</a> (Wrong first class callable by name optimization).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8082">GH-8082</a> (op_arrays with temporary run_time_cache leak memory when observed).</li> </ul></li> <li>GD: <ul> <li>Fixed libpng warning when loading interlaced images.</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/76109">#76109</a> (Unsafe access to fpm scoreboard).</li> </ul></li> <li>Iconv: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7953">GH-7953</a> (ob_clean() only does not set Content-Encoding).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7980">GH-7980</a> (Unexpected result for iconv_mime_decode).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8128">GH-8128</a> (mb_check_encoding wrong result for 7bit).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8058">GH-8058</a> (NULL pointer dereference in mysqlnd package).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8080">GH-8080</a> (ReflectionClass::getConstants() depends on def. order).</li> </ul></li> <li>Zlib: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7953">GH-7953</a> (ob_clean() only does not set Content-Encoding).</li> </ul></li> </ul> </section> <section class="version" id="8.1.3"> <h3>Version 8.1.3</h3> <b><time class='releasedate' datetime='2022-02-17'>17 Feb 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81430">#81430</a> (Attribute instantiation leaves dangling pointer).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7896">GH-7896</a> (Environment vars may be mangled on Windows).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7883">GH-7883</a> (Segfault when INI file is not readable).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7867">GH-7867</a> (FFI::cast() from pointer to array is broken).</li> </ul></li> <li>Filter: <ul> <li>Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)</li> </ul></li> <li>FPM: <ul> <li>Fixed memory leak on invalid port.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7842">GH-7842</a> (Invalid OpenMetrics response format returned by FPM status page.</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7902">GH-7902</a> (mb_send_mail may delimit headers with LF only).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7972">GH-7972</a> (MariaDB version prefix 5.5.5- is not stripped).</li> </ul></li> <li>pcntl: <ul> <li>Fixed pcntl_rfork build for DragonFlyBSD.</li> </ul></li> <li>Sockets: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7978">GH-7978</a> (sockets extension compilation errors).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7899">GH-7899</a> (Regression in unpack for negative int value).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7875">GH-7875</a> (mails are sent even if failure to log throws exception).</li> </ul></li> </ul> </section> <section class="version" id="8.1.2"> <h3>Version 8.1.2</h3> <b><time class='releasedate' datetime='2022-01-20'>20 Jan 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81216">#81216</a> (Nullsafe operator leaks dynamic property name).</li> <li>Fixed bug <a href="http://bugs.php.net/81684">#81684</a> (Using null coalesce assignment with $GLOBALS["x"] produces opcode error).</li> <li>Fixed bug <a href="http://bugs.php.net/81656">#81656</a> (GCC-11 silently ignores -R).</li> <li>Fixed bug <a href="http://bugs.php.net/81683">#81683</a> (Misleading "access type ... must be public" error message on final or abstract interface methods).</li> <li>Fixed bug <a href="http://bugs.php.net/81585">#81585</a> (cached_chunks are not counted to real_size on shutdown).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7757">GH-7757</a> (Multi-inherited final constant causes fatal error).</li> <li>Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT.</li> <li>Added riscv64 support for fibers.</li> </ul></li> <li>Filter: <ul> <li>Fixed FILTER_FLAG_NO_RES_RANGE flag.</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7759">GH-7759</a> (Incorrect return types for hash() and hash_hmac()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7826">GH-7826</a> (Inconsistent argument name in hash_hmac_file and hash_file).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="http://bugs.php.net/81693">#81693</a> (mb_check_encoding(7bit) segfaults).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="http://bugs.php.net/81658">#81658</a> (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).</li> <li>Introduced MYSQLI_IS_MARIADB.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7746">GH-7746</a> (mysqli_sql_exception->getSqlState()).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug where large bigints may be truncated.</li> </ul></li> <li>OCI8: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7765">GH-7765</a> (php_oci_cleanup_global_handles segfaults at second call).</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81679">#81679</a> (Tracing JIT crashes on reattaching).</li> </ul></li> <li>Readline: <ul> <li>Fixed bug <a href="http://bugs.php.net/81598">#81598</a> (Cannot input unicode characters in PHP 8 interactive shell).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="http://bugs.php.net/81681">#81681</a> (ReflectionEnum throwing exceptions).</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Fixed error message allocation of PDO PgSQL.</li> </ul></li> <li>Sockets: <ul> <li>Avoid void* arithmetic in sockets/multicast.c on NetBSD.</li> <li>Fixed ext/sockets build on Haiku.</li> </ul></li> <li>Spl: <ul> <li>Fixed bug <a href="http://bugs.php.net/75917">#75917</a> (SplFileObject::seek broken with CSV flags).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7809">GH-7809</a> (Cloning a faked SplFileInfo object may segfault).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7748">GH-7748</a> (gethostbyaddr outputs binary string).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7815">GH-7815</a> (php_uname doesn't recognise latest Windows versions).</li> </ul></li> </ul> </section> <section class="version" id="8.1.1"> <h3>Version 8.1.1</h3> <b><time class='releasedate' datetime='2021-12-02'>02 Dec 2021</time></b> <ul><li>IMAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/81649">#81649</a> (imap_(un)delete accept sequences, not single numbers).</li> </ul></li> <li>PCRE: <ul> <li>Update bundled PCRE2 to 10.39.</li> <li>Fixed bug <a href="http://bugs.php.net/74604">#74604</a> (Out of bounds in php_pcre_replace_impl).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/81659">#81659</a> (stream_get_contents() may unnecessarily overallocate).</li> </ul></li> </ul> </section> <section class="version" id="8.1.0"> <h3>Version 8.1.0</h3> <b><time class='releasedate' datetime='2021-11-25'>25 Nov 2021</time></b> <ul><li>Core: <ul> <li>Fixed inclusion order for phpize builds on Windows.</li> <li>Added missing hashtable insertion APIs for arr/obj/ref.</li> <li>Implemented FR <a href="http://bugs.php.net/77372">#77372</a> (Relative file path is removed from uploaded file).</li> <li>Fixed bug <a href="http://bugs.php.net/81607">#81607</a> (CE_CACHE allocation with concurrent access).</li> <li>Fixed bug <a href="http://bugs.php.net/81507">#81507</a> (Fiber does not compile on AIX).</li> <li>Fixed bug <a href="http://bugs.php.net/78647">#78647</a> (SEGFAULT in zend_do_perform_implementation_check).</li> <li>Fixed bug <a href="http://bugs.php.net/81518">#81518</a> (Header injection via default_mimetype / default_charset).</li> <li>Fixed bug <a href="http://bugs.php.net/75941">#75941</a> (Fix compile failure on Solaris with clang).</li> <li>Fixed bug <a href="http://bugs.php.net/81380">#81380</a> (Observer may not be initialized properly).</li> <li>Fixed bug <a href="http://bugs.php.net/81514">#81514</a> (Using Enum as key in WeakMap triggers GC + SegFault).</li> <li>Fixed bug <a href="http://bugs.php.net/81520">#81520</a> (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).</li> <li>Fixed bug <a href="http://bugs.php.net/81377">#81377</a> (unset() of $GLOBALS sub-key yields warning).</li> <li>Fixed bug <a href="http://bugs.php.net/81342">#81342</a> (New ampersand token parsing depends on new line after it).</li> <li>Fixed bug <a href="http://bugs.php.net/81280">#81280</a> (Unicode characters in cli.prompt causes segfault).</li> <li>Fixed bug <a href="http://bugs.php.net/81192">#81192</a> ("Declaration should be compatible with" gives incorrect line number with traits).</li> <li>Fixed bug <a href="http://bugs.php.net/78919">#78919</a> (CLI server: insufficient cleanup if request startup fails).</li> <li>Fixed bug <a href="http://bugs.php.net/81303">#81303</a> (match error message improvements).</li> <li>Fixed bug <a href="http://bugs.php.net/81238">#81238</a> (Fiber support missing for Solaris Sparc).</li> <li>Fixed bug <a href="http://bugs.php.net/81237">#81237</a> (Comparison of fake closures doesn't work).</li> <li>Fixed bug <a href="http://bugs.php.net/81202">#81202</a> (powerpc64 build fails on fibers).</li> <li>Fixed bug <a href="http://bugs.php.net/80072">#80072</a> (Cyclic unserialize in TMPVAR operand may leak).</li> <li>Fixed bug <a href="http://bugs.php.net/81163">#81163</a> (__sleep allowed to return non-array).</li> <li>Fixed bug <a href="http://bugs.php.net/75474">#75474</a> (function scope static variables are not bound to a unique function).</li> <li>Fixed bug <a href="http://bugs.php.net/53826">#53826</a> (__callStatic fired in base class through a parent call if the method is private).</li> <li>Fixed bug <a href="http://bugs.php.net/81076">#81076</a> (incorrect debug info on Closures with implicit binds).</li> </ul></li> <li>CLI: <ul> <li>Fixed bug <a href="http://bugs.php.net/81496">#81496</a> (Server logs incorrect request method).</li> </ul></li> <li>COM: <ul> <li>Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT.</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="http://bugs.php.net/81085">#81085</a> (Support CURLOPT_SSLCERT_BLOB for cert strings).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/81458">#81458</a> (Regression Incorrect difference after timezone change).</li> <li>Fixed bug <a href="http://bugs.php.net/81500">#81500</a> (Interval serialization regression since 7.3.14 / 7.4.2).</li> <li>Fixed bug <a href="http://bugs.php.net/81504">#81504</a> (Incorrect timezone transition details for POSIX data).</li> <li>Fixed bug <a href="http://bugs.php.net/80998">#80998</a> (Missing second with inverted interval).</li> <li>Speed up finding timezone offset information.</li> <li>Fixed bug <a href="http://bugs.php.net/79580">#79580</a> (date_create_from_format misses leap year).</li> <li>Fixed bug <a href="http://bugs.php.net/80963">#80963</a> (DateTimeZone::getTransitions() truncated).</li> <li>Fixed bug <a href="http://bugs.php.net/80974">#80974</a> (Wrong diff between 2 dates in different timezones).</li> <li>Fixed bug <a href="http://bugs.php.net/80998">#80998</a> (Missing second with inverted interval).</li> <li>Fixed bug <a href="http://bugs.php.net/81097">#81097</a> (DateTimeZone silently falls back to UTC when providing an offset with seconds).</li> <li>Fixed bug <a href="http://bugs.php.net/81106">#81106</a> (Regression in 8.1: add() now truncate ->f).</li> <li>Fixed bug <a href="http://bugs.php.net/81273">#81273</a> (Date interval calculation not correct).</li> <li>Fixed bug <a href="http://bugs.php.net/52480">#52480</a> (Incorrect difference using DateInterval).</li> <li>Fixed bug <a href="http://bugs.php.net/62326">#62326</a> (date_diff() function returns false result).</li> <li>Fixed bug <a href="http://bugs.php.net/64992">#64992</a> (dst not handled past 2038).</li> <li>Fixed bug <a href="http://bugs.php.net/65003">#65003</a> (Wrong date diff).</li> <li>Fixed bug <a href="http://bugs.php.net/66545">#66545</a> (DateTime. diff returns negative values).</li> <li>Fixed bug <a href="http://bugs.php.net/68503">#68503</a> (date_diff on two dates with timezone set localised returns wrong results).</li> <li>Fixed bug <a href="http://bugs.php.net/69806">#69806</a> (Incorrect date from timestamp).</li> <li>Fixed bug <a href="http://bugs.php.net/71700">#71700</a> (Extra day on diff between begin and end of march 2016).</li> <li>Fixed bug <a href="http://bugs.php.net/71826">#71826</a> (DateTime::diff confuse on timezone 'Asia/Tokyo').</li> <li>Fixed bug <a href="http://bugs.php.net/73460">#73460</a> (Datetime add not realising it already applied DST change).</li> <li>Fixed bug <a href="http://bugs.php.net/74173">#74173</a> (DateTimeImmutable::getTimestamp() triggers DST switch in incorrect time).</li> <li>Fixed bug <a href="http://bugs.php.net/74274">#74274</a> (Handling DST transitions correctly).</li> <li>Fixed bug <a href="http://bugs.php.net/74524">#74524</a> (Date diff is bad calculated, in same time zone).</li> <li>Fixed bug <a href="http://bugs.php.net/75167">#75167</a> (DateTime::add does only care about backward DST transition, not forward).</li> <li>Fixed bug <a href="http://bugs.php.net/76032">#76032</a> (DateTime->diff having issues with leap days for timezones ahead of UTC).</li> <li>Fixed bug <a href="http://bugs.php.net/76374">#76374</a> (Date difference varies according day time).</li> <li>Fixed bug <a href="http://bugs.php.net/77571">#77571</a> (DateTime's diff DateInterval incorrect in timezones from UTC+01:00 to UTC+12:00).</li> <li>Fixed bug <a href="http://bugs.php.net/78452">#78452</a> (diff makes wrong in hour for Asia/Tehran).</li> <li>Fixed bug <a href="http://bugs.php.net/79452">#79452</a> (DateTime::diff() generates months differently between time zones).</li> <li>Fixed bug <a href="http://bugs.php.net/79698">#79698</a> (timelib mishandles future timestamps (triggered by 'zic -b slim')).</li> <li>Fixed bug <a href="http://bugs.php.net/79716">#79716</a> (Invalid date time created (with day "00")).</li> <li>Fixed bug <a href="http://bugs.php.net/80610">#80610</a> (DateTime calculate wrong with DateInterval).</li> <li>Fixed bug <a href="http://bugs.php.net/80664">#80664</a> (DateTime objects behave incorrectly around DST transition).</li> <li>Fixed bug <a href="http://bugs.php.net/80913">#80913</a> (DateTime(Immutable)::sub around DST yield incorrect time).</li> </ul></li> <li>DBA: <ul> <li>Fixed bug <a href="http://bugs.php.net/81588">#81588</a> (TokyoCabinet driver leaks memory).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/81433">#81433</a> (DOMElement::setIdAttribute() called twice may remove ID).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="http://bugs.php.net/79576">#79576</a> ("TYPE *" shows unhelpful message when type is not defined).</li> </ul></li> <li>Filter: <ul> <li>Fixed bug <a href="http://bugs.php.net/61700">#61700</a> (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/81513">#81513</a> (Future possibility for heap overflow in FPM zlog).</li> <li>Fixed bug <a href="http://bugs.php.net/81026">#81026</a> (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).</li> <li>Added openmetrics status format.</li> <li>Enable process renaming on macOS.</li> <li>Added pm.max_spawn_rate option to configure max spawn child processes rate.</li> <li>Fixed bug <a href="http://bugs.php.net/65800">#65800</a> (Events port mechanism).</li> </ul></li> <li>FTP: <ul> <li>Convert resource<ftp> to object \FTP\Connection.</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/71316">#71316</a> (libpng warning from imagecreatefromstring).</li> <li>Convert resource<gd font> to object \GdFont.</li> <li>Added support for Avif images</li> </ul></li> <li>hash: <ul> <li>Implemented FR <a href="http://bugs.php.net/68109">#68109</a> (Add MurmurHash V3).</li> <li>Implemented FR <a href="http://bugs.php.net/73385">#73385</a> (Add xxHash support).</li> </ul></li> <li>JSON: <ul> <li>Fixed bug <a href="http://bugs.php.net/81532">#81532</a> (Change of $depth behaviour in json_encode() on PHP 8.1).</li> </ul></li> <li>LDAP: <ul> <li>Convert resource<ldap link> to object \LDAP\Connection.</li> <li>Convert resource<ldap result> to object \LDAP\Result.</li> <li>Convert resource<ldap result entry> to object \LDAP\ResultEntry.</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="http://bugs.php.net/76167">#76167</a> (mbstring may use pointer from some previous request).</li> <li>Fixed bug <a href="http://bugs.php.net/81390">#81390</a> (mb_detect_encoding() regression).</li> <li>Fixed bug <a href="http://bugs.php.net/81349">#81349</a> (mb_detect_encoding misdetcts ASCII in some cases).</li> <li>Fixed bug <a href="http://bugs.php.net/81298">#81298</a> (mb_detect_encoding() segfaults when 7bit encoding is specified).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="http://bugs.php.net/70372">#70372</a> (Emulate mysqli_fetch_all() for libmysqlclient).</li> <li>Fixed bug <a href="http://bugs.php.net/80330">#80330</a> (Replace language in APIs and source code/docs).</li> <li>Fixed bug <a href="http://bugs.php.net/80329">#80329</a> (Add option to specify LOAD DATA LOCAL white list folder (including libmysql)).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/63327">#63327</a> (Crash (Bus Error) in mysqlnd due to wrong alignment).</li> <li>Fixed bug <a href="http://bugs.php.net/80761">#80761</a> (PDO uses too much memory).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81409">#81409</a> (Incorrect JIT code for ADD with a reference to array).</li> <li>Fixed bug <a href="http://bugs.php.net/81255">#81255</a> (Memory leak in PHPUnit with functional JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80959">#80959</a> (infinite loop in building cfg during JIT compilation).</li> <li>Fixed bug <a href="http://bugs.php.net/81225">#81225</a> (Wrong result with pow operator with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/81249">#81249</a> (Intermittent property assignment failure with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/81256">#81256</a> (Assertion `zv != ((void *)0)' failed for "preload" with JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/81133">#81133</a> (building opcache with phpize fails).</li> <li>Fixed bug <a href="http://bugs.php.net/81136">#81136</a> (opcache header not installed).</li> <li>Added inheritance cache.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81502">#81502</a> ($tag argument of openssl_decrypt() should accept null/empty string).</li> <li>Bump minimal OpenSSL version to 1.0.2.</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="http://bugs.php.net/81424">#81424</a> (PCRE2 10.35 JIT performance regression).</li> <li>Bundled PCRE2 is 10.37.</li> </ul></li> <li>PDO: <ul> <li>Fixed bug <a href="http://bugs.php.net/40913">#40913</a> (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for fetching a BLOB).</li> </ul></li> <li>PDO MySQL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80908">#80908</a> (PDO::lastInsertId() return wrong).</li> <li>Fixed bug <a href="http://bugs.php.net/81037">#81037</a> (PDO discards error message text from prepared statement).</li> </ul></li> <li>PDO OCI: <ul> <li>Fixed bug <a href="http://bugs.php.net/77120">#77120</a> (Support 'success with info' at connection).</li> </ul></li> <li>PDO ODBC: <ul> <li>Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for PDO::getAttribute().</li> </ul></li> <li>PDO PgSQL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81343">#81343</a> (pdo_pgsql: Inconsitent boolean conversion after calling closeCursor()).</li> </ul></li> <li>PDO SQLite: <ul> <li>Fixed bug <a href="http://bugs.php.net/38334">#38334</a> (Proper data-type support for PDO_SQLITE).</li> </ul></li> <li>PgSQL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81509">#81509</a> (pg_end_copy still expects a resource).</li> <li>Convert resource<pgsql link> to object \PgSql\Connection.</li> <li>Convert resource<pgsql result> to object \PgSql\Result.</li> <li>Convert resource<pgsql large object> to object \PgSql\Lob.</li> </ul></li> <li>Phar: <ul> <li>Use SHA256 by default for signature.</li> <li>Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature.</li> </ul></li> <li>phpdbg: <ul> <li>Fixed bug <a href="http://bugs.php.net/81135">#81135</a> (unknown help topic causes assertion failure).</li> </ul></li> <li>PSpell: <ul> <li>Convert resource<pspell> to object \PSpell\Dictionary.</li> <li>Convert resource<pspell config> to object \PSpell\Config.</li> </ul></li> <li>readline: <ul> <li>Fixed bug <a href="http://bugs.php.net/72998">#72998</a> (invalid read in readline completion).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="http://bugs.php.net/81611">#81611</a> (ArgumentCountError when getting default value from ReflectionParameter with new).</li> <li>Fixed bug <a href="http://bugs.php.net/81630">#81630</a> (PHP 8.1: ReflectionClass->getTraitAliases() crashes with Internal error).</li> <li>Fixed bug <a href="http://bugs.php.net/81457">#81457</a> (Enum: ReflectionMethod->getDeclaringClass() return a ReflectionClass).</li> <li>Fixed bug <a href="http://bugs.php.net/81474">#81474</a> (Make ReflectionEnum and related class non-final).</li> <li>Fixed bug <a href="http://bugs.php.net/80821">#80821</a> (ReflectionProperty::getDefaultValue() returns current value for statics).</li> <li>Fixed bug <a href="http://bugs.php.net/80564">#80564</a> (ReflectionProperty::__toString() renders current value, not default value).</li> <li>Fixed bug <a href="http://bugs.php.net/80097">#80097</a> (ReflectionAttribute is not a Reflector).</li> <li>Fixed bug <a href="http://bugs.php.net/81200">#81200</a> (no way to determine if Closure is static).</li> <li>Implement ReflectionFunctionAbstract::getClosureUsedVariables.</li> </ul></li> <li>Shmop: <ul> <li>Fixed bug <a href="http://bugs.php.net/81407">#81407</a> (shmop_open won't attach and causes php to crash).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="http://bugs.php.net/81325">#81325</a> (Segfault in zif_simplexml_import_dom).</li> </ul></li> <li>SNMP: <ul> <li>Implement SHA256 and SHA512 for security protocol.</li> </ul></li> <li>Sodium: <ul> <li>Added the XChaCha20 stream cipher functions.</li> <li>Added the Ristretto255 functions, which are available in libsodium 1.0.18.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/66588">#66588</a> (SplFileObject::fgetcsv incorrectly returns a row on premature EOF).</li> <li>Fixed bug <a href="http://bugs.php.net/80663">#80663</a> (Recursive SplFixedArray::setSize() may cause double-free).</li> <li>Fixed bug <a href="http://bugs.php.net/81477">#81477</a> (LimitIterator + SplFileObject regression in 8.0.1).</li> <li>Fixed bug <a href="http://bugs.php.net/81112">#81112</a> (Special json_encode behavior for SplFixedArray).</li> <li>Fixed bug <a href="http://bugs.php.net/80945">#80945</a> ("Notice: Undefined index" on unset() ArrayObject non-existing key).</li> <li>Fixed bug <a href="http://bugs.php.net/80724">#80724</a> (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE from bitmask).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/81441">#81441</a> (gethostbyaddr('::1') returns ip instead of name after calling some other method).</li> <li>Fixed bug <a href="http://bugs.php.net/81491">#81491</a> (Incorrectly using libsodium for argon2 hashing).</li> <li>Fixed bug <a href="http://bugs.php.net/81142">#81142</a> (PHP 7.3+ memory leak when unserialize() is used on an associative array).</li> <li>Fixed bug <a href="http://bugs.php.net/81111">#81111</a> (Serialization is unexpectedly allowed on anonymous classes with __serialize()).</li> <li>Fixed bug <a href="http://bugs.php.net/81137">#81137</a> (hrtime breaks build on OSX before Sierra).</li> <li>Fixed bug <a href="http://bugs.php.net/77627">#77627</a> (method_exists on Closure::__invoke inconsistency).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/81475">#81475</a> (stream_isatty emits warning with attached stream wrapper).</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="http://bugs.php.net/79971">#79971</a> (special character is breaking the path in xml function) (CVE-2021-21707).</li> <li>Fixed bug <a href="http://bugs.php.net/70962">#70962</a> (XML_OPTION_SKIP_WHITE strips embedded whitespace).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="http://bugs.php.net/81490">#81490</a> (ZipArchive::extractTo() may leak memory).</li> <li>Fixed bug <a href="http://bugs.php.net/77978">#77978</a> (Dirname ending in colon unzips to wrong dir).</li> <li>Fixed bug <a href="http://bugs.php.net/81420">#81420</a> (ZipArchive::extractTo extracts outside of destination) (CVE-2021-21706).</li> <li>Fixed bug <a href="http://bugs.php.net/80833">#80833</a> (ZipArchive::getStream doesn't use setPassword).</li> </ul></li> </ul> </section> <a id="PHP_8_0"></a> <section class="version" id="8.0.30"> <h3>Version 8.0.30</h3> <b><time class='releasedate' datetime='2023-08-03'>03 Aug 2023</time></b> <ul><li>Libxml: <ul> <li>Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)</li> </ul></li> <li>Phar: <ul> <li>Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)</li> </ul></li> </ul> </section> <section class="version" id="8.0.29"> <h3>Version 8.0.29</h3> <b><time class='releasedate' datetime='2023-06-08'>08 Jun 2023</time></b> <ul><li>Soap: <ul> <li>Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)</li> </ul></li> </ul> </section> <section class="version" id="8.0.28"> <h3>Version 8.0.28</h3> <b><time class='releasedate' datetime='2023-02-14'>14 Feb 2023</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81744">#81744</a> (Password_verify() always return true with some hash).</li> <li>Fixed bug <a href="http://bugs.php.net/81746">#81746</a> (1-byte array overrun in common path resolve code).</li> </ul></li> <li>SAPI: <ul> <li>Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)</li> </ul></li> </ul> </section> <section class="version" id="8.0.27"> <h3>Version 8.0.27</h3> <b><time class='releasedate' datetime='2023-01-05'>05 Jan 2023</time></b> <ul><li>PDO/SQLite: <ul> <li>Fixed bug <a href="http://bugs.php.net/81740">#81740</a> (PDO::quote() may return unquoted string). (CVE-2022-31631)</li> </ul></li> </ul> </section> <section class="version" id="8.0.26"> <h3>Version 8.0.26</h3> <b><time class='releasedate' datetime='2022-11-24'>24 Nov 2022</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9709">GH-9709</a> (Null pointer dereference with -w/-s options).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9752">GH-9752</a> (Generator crashes when interrupted during argument evaluation with extra named params).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9801">GH-9801</a> (Generator crashes when memory limit is exceeded during initialization).</li> <li>Fixed potential NULL pointer dereference in Windows shm*() functions.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9750">GH-9750</a> (Generator memory leak when interrupted during argument evaluation.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9763">GH-9763</a> (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9754">GH-9754</a> (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).</li> </ul></li> <li>mysqli: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9841">GH-9841</a> (mysqli_query throws warning despite using silenced error mode).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8430">GH-8430</a> (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).</li> </ul></li> <li>SOAP: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/9720">GH-9720</a> (Null pointer dereference while serializing the response).</li> </ul></li> </ul> </section> <section class="version" id="8.0.25"> <h3>Version 8.0.25</h3> <b><time class='releasedate' datetime='2022-10-27'>27 Oct 2022</time></b> <ul><li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/81739">#81739</a>: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="http://bugs.php.net/81738">#81738</a>: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9583">GH-9583</a> (session_create_id() fails with user defined save handler that doesn't have a validateId() method).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9590">GH-9590</a> (stream_select does not abort upon exception or empty valid fd set).</li> </ul></li> </ul> </section> <section class="version" id="8.0.24"> <h3>Version 8.0.24</h3> <b><time class='releasedate' datetime='2022-09-29'>29 Sep 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9323">GH-9323</a> (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9361">GH-9361</a> (Segmentation fault on script exit #9379).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9407">GH-9407</a> (LSP error in eval'd code refers to wrong class for static type).</li> <li>Fixed bug <a href="http://bugs.php.net/81727">#81727</a>: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/79451">#79451</a> (DOMDocument->replaceChild on doctype causes double free).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8885">GH-8885</a> (FPM access.log with stderr begins to write logs to error_log after daemon reload).</li> <li>Fixed bug <a href="http://bugs.php.net/77780">#77780</a> ("Headers already sent..." when previous connection was aborted).</li> </ul></li> <li>GMP: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9308">GH-9308</a> (GMP throws the wrong error when a GMP object is passed to gmp_init()).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9421">GH-9421</a> (Incorrect argument number for ValueError in NumberFormatter).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/81726">#81726</a>: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9411">GH-9411</a> (PgSQL large object resource is incorrectly closed).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8932">GH-8932</a> (ReflectionFunction provides no way to get the called class of a Closure).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9409">GH-9409</a> (Private method is incorrectly dumped as "overwrites").</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9316">GH-9316</a> ($http_response_header is wrong for long status line).</li> </ul></li> </ul> </section> <section class="version" id="8.0.23"> <h3>Version 8.0.23</h3> <b><time class='releasedate' datetime='2022-09-01'>01 Sep 2022</time></b> <ul><li>Core: <ul> <li>Fixed incorrect double to long casting in latest clang.</li> </ul></li> <li>DBA: <ul> <li>Fixed LMDB driver memory leak on DB creation failure.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9155">GH-9155</a> (dba_open("non-existing", "c-", "flatfile") segfaults).</li> </ul></li> <li>Intl: <ul> <li>Fixed IntlDateFormatter::formatObject() parameter type.</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9033">GH-9033</a> (Loading blacklist file can fail due to negative length).</li> </ul></li> <li>PDO_SQLite: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9032">GH-9032</a> (SQLite3 authorizer crashes on NULL values).</li> </ul></li> <li>SQLite3: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9032">GH-9032</a> (SQLite3 authorizer crashes on NULL values).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/9017">GH-9017</a> (php_stream_sock_open_from_socket could return NULL).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8472">GH-8472</a> (The resource returned by stream_socket_accept may have incorrect metadata).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8409">GH-8409</a> (SSL handshake timeout leaves persistent connections hanging).</li> </ul></li> </ul> </section> <section class="version" id="8.0.22"> <h3>Version 8.0.22</h3> <b><time class='releasedate' datetime='2022-08-04'>04 Aug 2022</time></b> <ul><li>CLI: <ul> <li>Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8923">GH-8923</a> (error_log on Windows can hold the file write lock).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8995">GH-8995</a> (WeakMap object reference offset causing TypeError).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/80047">#80047</a> (DatePeriod doesn't warn with custom DateTimeImmutable).</li> </ul></li> <li>DBA: <ul> <li>Fixed LMDB driver hanging when attempting to delete a non-existing key.</li> </ul></li> <li>FPM: <ul> <li>Fixed zlog message prepend, free on incorrect address.</li> <li>Fixed possible double free on configuration loading failure.</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8848">GH-8848</a> (imagecopyresized() error refers to the wrong argument).</li> </ul></li> <li>Intl: <ul> <li>Fixed build for ICU 69.x and onwards.</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8847">GH-8847</a> (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).</li> </ul></li> <li>Standard: <ul> <li>Fixed the crypt_sha256/512 api build with clang > 12.</li> <li>Uses CCRandomGenerateBytes instead of arc4random_buf on macOs.</li> </ul></li> </ul> </section> <section class="version" id="8.0.21"> <h3>Version 8.0.21</h3> <b><time class='releasedate' datetime='2022-07-07'>07 Jul 2022</time></b> <ul><li>Core: <ul> <li>Fixed potential use after free in php_binary_init().</li> </ul></li> <li>CLI: <ul> <li>Fixed <a href="https://github.com/php/php-src/issues/8827">GH-8827</a> (Intentionally closing std handles no longer possible).</li> </ul></li> <li>COM: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8778">GH-8778</a> (Integer arithmethic with large number variants fails).</li> </ul></li> <li>Curl: <ul> <li>Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/74671">#74671</a> (DST timezone abbreviation has incorrect offset).</li> <li>Fixed bug <a href="http://bugs.php.net/77243">#77243</a> (Weekdays are calculated incorrectly for negative years).</li> <li>Fixed bug <a href="http://bugs.php.net/78139">#78139</a> (timezone_open accepts invalid timezone string argument).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/67764">#67764</a> (fpm: syslog.ident don't work).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8685">GH-8685</a> (pcre not ready at mbstring startup).</li> </ul></li> <li>ODBC: <ul> <li>Fixed handling of single-key connection strings.</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/50293">#50293</a> (Several openssl functions ignore the VCWD).</li> <li>Fixed bug <a href="http://bugs.php.net/81713">#81713</a> (NULL byte injection in several OpenSSL functions working with certificates).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed errorInfo() result on successful PDOStatement->execute().</li> <li>Fixed handling of single-key connection strings.</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8781">GH-8781</a> (ZipArchive::close deletes zip file without updating stat cache).</li> </ul></li> </ul> </section> <section class="version" id="8.0.20"> <h3>Version 8.0.20</h3> <b><time class='releasedate' datetime='2022-06-09'>09 Jun 2022</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8575">GH-8575</a> (CLI closes standard streams too early).</li> </ul></li> <li>Core: <ul> <li>Fixed Haiku ZTS builds.</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8471">GH-8471</a> (Segmentation fault when converting immutable and mutable DateTime instances created using reflection).</li> </ul></li> <li>FPM: <ul> <li>Fixed ACL build check on MacOS.</li> <li>Fixed bug <a href="http://bugs.php.net/72185">#72185</a>: php-fpm writes empty fcgi record causing nginx 502.</li> </ul></li> <li>Mysqlnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/81719">#81719</a>: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8466">GH-8466</a> (ini_get() is optimized out when the option does not exist).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed Haiku build.</li> </ul></li> <li>Pgsql: <ul> <li>Fixed bug <a href="http://bugs.php.net/81720">#81720</a>: Uninitialized array in pg_query_params(). (CVE-2022-31625)</li> </ul></li> <li>Soap: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8578">GH-8578</a> (Error on wrong parameter on SoapHeader constructor).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8538">GH-8538</a> (SoapClient may strip parts of nmtokens).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8235">GH-8235</a> (iterator_count() may run indefinitely).</li> </ul></li> <li>Zip: <ul> <li>Fixed type for index in ZipArchive::replaceFile.</li> </ul></li> </ul> </section> <section class="version" id="8.0.19"> <h3>Version 8.0.19</h3> <b><time class='releasedate' datetime='2022-05-12'>12 May 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8289">GH-8289</a> (Exceptions thrown within a yielded from iterator are not rethrown into the generator).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7979">GH-7979</a> (DatePeriod iterator advances when checking if valid).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8433">GH-8433</a> (Assigning function pointers to structs in FFI leaks).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/76003">#76003</a> (FPM /status reports wrong number of active processe).</li> <li>Fixed bug <a href="http://bugs.php.net/77023">#77023</a> (FPM cannot shutdown processes).</li> <li>Fixed comment in kqueue remove callback log message.</li> </ul></li> <li>Iconv: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8218">GH-8218</a> (ob_end_clean does not reset Content-Encoding header).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8364">GH-8364</a> (msgfmt_format $values may not support references).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8267">GH-8267</a> (MySQLi uses unsupported format specifier on Windows).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8366">GH-8366</a> (ArrayIterator may leak when calling __construct()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8273">GH-8273</a> (SplFileObject: key() returns wrong value).</li> </ul></li> <li>Streams: <ul> <li>Fixed php://temp does not preserve file-position when switched to temporary file.</li> </ul></li> <li>zlib: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8218">GH-8218</a> (ob_end_clean does not reset Content-Encoding header).</li> </ul></li> </ul> </section> <section class="version" id="8.0.18"> <h3>Version 8.0.18</h3> <b><time class='releasedate' datetime='2022-04-14'>14 Apr 2022</time></b> <ul><li>Core: <ul> <li>Fixed freeing of internal attribute arguments.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8070">GH-8070</a> (memory leak of internal function attribute hash).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8160">GH-8160</a> (ZTS support on Alpine is broken).</li> </ul></li> <li>Filter: <ul> <li>Fixed signedness confusion in php_filter_validate_domain().</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8142">GH-8142</a> (Compilation error on cygwin).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8208">GH-8208</a> (mb_encode_mimeheader: $indent functionality broken).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8068">GH-8068</a> (mysqli_fetch_object creates inaccessible properties).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8142">GH-8142</a> (Compilation error on cygwin).</li> </ul></li> <li>PgSQL: <ul> <li>Fixed result_type related stack corruption on LLP64 architectures.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8253">GH-8253</a> (pg_insert() fails for references).</li> </ul></li> <li>Sockets: <ul> <li>Fixed Solaris builds.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8121">GH-8121</a> (SplFileObject - seek and key with csv file inconsistent).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8048">GH-8048</a> (Force macOS to use statfs).</li> </ul></li> </ul> </section> <section class="version" id="8.0.17"> <h3>Version 8.0.17</h3> <b><time class='releasedate' datetime='2022-03-17'>17 Mar 2022</time></b> <ul><li>Core: <ul> <li>Fixed Haiku ZTS build.</li> </ul></li> <li>GD: <ul> <li>Fixed libpng warning when loading interlaced images.</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/76109">#76109</a> (Unsafe access to fpm scoreboard).</li> </ul></li> <li>Iconv: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7953">GH-7953</a> (ob_clean() only does not set Content-Encoding).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7980">GH-7980</a> (Unexpected result for iconv_mime_decode).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8058">GH-8058</a> (NULL pointer dereference in mysqlnd package).</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8074">GH-8074</a> (Wrong type inference of range() result).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/8080">GH-8080</a> (ReflectionClass::getConstants() depends on def. order).</li> </ul></li> <li>Zlib: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7953">GH-7953</a> (ob_clean() only does not set Content-Encoding).</li> </ul></li> </ul> </section> <section class="version" id="8.0.16"> <h3>Version 8.0.16</h3> <b><time class='releasedate' datetime='2022-02-17'>17 Feb 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81430">#81430</a> (Attribute instantiation leaves dangling pointer).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7896">GH-7896</a> (Environment vars may be mangled on Windows).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7867">GH-7867</a> (FFI::cast() from pointer to array is broken).</li> </ul></li> <li>Filter: <ul> <li>Fix #81708: UAF due to php_filter_float() failing for ints.</li> </ul></li> <li>FPM: <ul> <li>Fixed memory leak on invalid port.</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7902">GH-7902</a> (mb_send_mail may delimit headers with LF only).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7972">GH-7972</a> (MariaDB version prefix 5.5.5- is not stripped).</li> </ul></li> <li>Sockets: <ul> <li>Fixed ext/sockets build on Haiku.</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7978">GH-7978</a> (sockets extension compilation errors).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7875">GH-7875</a> (mails are sent even if failure to log throws exception).</li> </ul></li> </ul> </section> <section class="version" id="8.0.15"> <h3>Version 8.0.15</h3> <b><time class='releasedate' datetime='2022-01-20'>20 Jan 2022</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81656">#81656</a> (GCC-11 silently ignores -R).</li> <li>Fixed bug <a href="http://bugs.php.net/81585">#81585</a> (cached_chunks are not counted to real_size on shutdown).</li> </ul></li> <li>Filter: <ul> <li>Fixed FILTER_FLAG_NO_RES_RANGE flag.</li> </ul></li> <li>Hash: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7759">GH-7759</a> (Incorrect return types for hash() and hash_hmac()).</li> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7826">GH-7826</a> (Inconsistent argument name in hash_hmac_file and hash_file).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug where large bigints may be truncated.</li> </ul></li> <li>OCI8: <ul> <li>Fixed bug <a href="https://github.com/php/php-src/issues/7765">GH-7765</a> (php_oci_cleanup_global_handles segfaults at second call).</li> </ul></li> <li>OPcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81679">#81679</a> (Tracing JIT crashes on reattaching).</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Fixed error message allocation of PDO PgSQL.</li> </ul></li> <li>Sockets: <ul> <li>Avoid void* arithmetic in sockets/multicast.c on NetBSD.</li> </ul></li> <li>Spl: <ul> <li>Fixed bug <a href="http://bugs.php.net/75917">#75917</a> (SplFileObject::seek broken with CSV flags).</li> </ul></li> </ul> </section> <section class="version" id="8.0.14"> <h3>Version 8.0.14</h3> <b><time class='releasedate' datetime='2021-12-16'>16 Dec 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81582">#81582</a> (Stringable not implicitly declared if __toString() came from a trait).</li> <li>Fixed bug <a href="http://bugs.php.net/81591">#81591</a> (Fatal Error not properly logged in particular cases).</li> <li>Fixed bug <a href="http://bugs.php.net/81626">#81626</a> (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).</li> <li>Fixed bug <a href="http://bugs.php.net/81631">#81631</a> (::class with dynamic class name may yield wrong line number).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/81513">#81513</a> (Future possibility for heap overflow in FPM zlog).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/71316">#71316</a> (libpng warning from imagecreatefromstring).</li> </ul></li> <li>IMAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/81649">#81649</a> (imap_(un)delete accept sequences, not single numbers).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/75725">#75725</a> (./configure: detecting RAND_egd).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="http://bugs.php.net/74604">#74604</a> (Out of bounds in php_pcre_replace_impl).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81587">#81587</a> (MultipleIterator Segmentation fault w/ SimpleXMLElement attached).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/81618">#81618</a> (dns_get_record fails on FreeBSD for missing type).</li> <li>Fixed bug <a href="http://bugs.php.net/81659">#81659</a> (stream_get_contents() may unnecessarily overallocate).</li> </ul></li> </ul> </section> <section class="version" id="8.0.13"> <h3>Version 8.0.13</h3> <b><time class='releasedate' datetime='2021-11-18'>18 Nov 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81518">#81518</a> (Header injection via default_mimetype / default_charset).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/81500">#81500</a> (Interval serialization regression since 7.3.14 / 7.4.2).</li> </ul></li> <li>DBA: <ul> <li>Fixed bug <a href="http://bugs.php.net/81588">#81588</a> (TokyoCabinet driver leaks memory).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="http://bugs.php.net/76167">#76167</a> (mbstring may use pointer from some previous request).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81512">#81512</a> (Unexpected behavior with arrays and JIT).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="http://bugs.php.net/81424">#81424</a> (PCRE2 10.35 JIT performance regression).</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="http://bugs.php.net/79971">#79971</a> (special character is breaking the path in xml function). (CVE-2021-21707)</li> </ul></li> <li>XMLReader: <ul> <li>Fixed bug <a href="http://bugs.php.net/81521">#81521</a> (XMLReader::getParserProperty may throw with a valid property).</li> </ul></li> </ul> </section> <section class="version" id="8.0.12"> <h3>Version 8.0.12</h3> <b><time class='releasedate' datetime='2021-10-21'>21 Oct 2021</time></b> <ul><li>CLI: <ul> <li>Fixed bug <a href="http://bugs.php.net/81496">#81496</a> (Server logs incorrect request method).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81435">#81435</a> (Observer current_observed_frame may point to an old (overwritten) frame).</li> <li>Fixed bug <a href="http://bugs.php.net/81380">#81380</a> (Observer may not be initialized properly).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/81433">#81433</a> (DOMElement::setIdAttribute() called twice may remove ID).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="http://bugs.php.net/79576">#79576</a> ("TYPE *" shows unhelpful message when type is not defined).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/81026">#81026</a> (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="http://bugs.php.net/78987">#78987</a> (High memory usage during encoding detection).</li> </ul></li> <li>Filter: <ul> <li>Fixed bug <a href="http://bugs.php.net/61700">#61700</a> (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81472">#81472</a> (Cannot support large linux major/minor device number when read /proc/self/maps).</li> </ul></li> <li>Reflection: <ul> <li>ReflectionAttribute is no longer final.</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80663">#80663</a> (Recursive SplFixedArray::setSize() may cause double-free).</li> <li>Fixed bug <a href="http://bugs.php.net/81477">#81477</a> (LimitIterator + SplFileObject regression in 8.0.1).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/69751">#69751</a> (Change Error message of sprintf/printf for missing/typo position specifier).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/81475">#81475</a> (stream_isatty emits warning with attached stream wrapper).</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="http://bugs.php.net/70962">#70962</a> (XML_OPTION_SKIP_WHITE strips embedded whitespace).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="http://bugs.php.net/81490">#81490</a> (ZipArchive::extractTo() may leak memory).</li> <li>Fixed bug <a href="http://bugs.php.net/77978">#77978</a> (Dirname ending in colon unzips to wrong dir).</li> </ul></li> </ul> </section> <section class="version" id="8.0.11"> <h3>Version 8.0.11</h3> <b><time class='releasedate' datetime='2021-09-23'>23 Sep 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81302">#81302</a> (Stream position after stream filter removed).</li> <li>Fixed bug <a href="http://bugs.php.net/81346">#81346</a> (Non-seekable streams don't update position after write).</li> <li>Fixed bug <a href="http://bugs.php.net/73122">#73122</a> (Integer Overflow when concatenating strings).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/53580">#53580</a> (During resize gdImageCopyResampled cause colors change).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81353">#81353</a> (segfault with preloading and statically bound closure).</li> </ul></li> <li>Shmop: <ul> <li>Fixed bug <a href="http://bugs.php.net/81407">#81407</a> (shmop_open won't attach and causes php to crash).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/71542">#71542</a> (disk_total_space does not work with relative paths).</li> <li>Fixed bug <a href="http://bugs.php.net/81400">#81400</a> (Unterminated string in dns_get_record() results).</li> </ul></li> <li>SysVMsg: <ul> <li>Fixed bug <a href="http://bugs.php.net/78819">#78819</a> (Heap Overflow in msg_send).</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="http://bugs.php.net/81351">#81351</a> (xml_parse may fail, but has no error code).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="http://bugs.php.net/80833">#80833</a> (ZipArchive::getStream doesn't use setPassword).</li> <li>Fixed bug <a href="http://bugs.php.net/81420">#81420</a> (ZipArchive::extractTo extracts outside of destination).</li> </ul></li> </ul> </section> <section class="version" id="8.0.10"> <h3>Version 8.0.10</h3> <b><time class='releasedate' datetime='2021-08-26'>26 Aug 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/72595">#72595</a> (php_output_handler_append illegal write access).</li> <li>Fixed bug <a href="http://bugs.php.net/66719">#66719</a> (Weird behaviour when using get_called_class() with call_user_func()).</li> <li>Fixed bug <a href="http://bugs.php.net/81305">#81305</a> (Built-in Webserver Drops Requests With "Upgrade" Header).</li> </ul></li> <li>BCMath: <ul> <li>Fixed bug <a href="http://bugs.php.net/78238">#78238</a> (BCMath returns "-0").</li> </ul></li> <li>CGI: <ul> <li>Fixed bug <a href="http://bugs.php.net/80849">#80849</a> (HTTP Status header truncation).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/64975">#64975</a> (Error parsing when AM/PM not at the end).</li> <li>Fixed bug <a href="http://bugs.php.net/78984">#78984</a> (DateTimeZone accepting invalid UTC timezones).</li> <li>Fixed bug <a href="http://bugs.php.net/79580">#79580</a> (date_create_from_format misses leap year).</li> <li>Fixed bug <a href="http://bugs.php.net/80409">#80409</a> (DateTime::modify() loses time with 'weekday' parameter).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/51498">#51498</a> (imagefilledellipse does not work for large circles).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="http://bugs.php.net/74544">#74544</a> (Integer overflow in mysqli_real_escape_string()).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81225">#81225</a> (Wrong result with pow operator with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/81249">#81249</a> (Intermittent property assignment failure with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/81206">#81206</a> (Multiple PHP processes crash with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/81272">#81272</a> (Segfault in var[] after array_slice with JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/81255">#81255</a> (Memory leak in PHPUnit with functional JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80959">#80959</a> (Infinite loop in building cfg during JIT compilation) (Nikita, Dmitry)</li> <li>Fixed bug <a href="http://bugs.php.net/81226">#81226</a> (Integer overflow behavior is different with JIT enabled).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81327">#81327</a> (Error build openssl extension on php 7.4.22).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/81252">#81252</a> (PDO_ODBC doesn't account for SQL_NO_TOTAL).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/81211">#81211</a>: Symlinks are followed when creating PHAR archive</li> </ul></li> <li>Shmop: <ul> <li>Fixed bug <a href="http://bugs.php.net/81283">#81283</a> (shmop can't read beyond 2147483647 bytes).</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="http://bugs.php.net/81325">#81325</a> (Segfault in zif_simplexml_import_dom).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/72146">#72146</a> (Integer overflow on substr_replace).</li> <li>Fixed bug <a href="http://bugs.php.net/81265">#81265</a> (getimagesize returns 0 for 256px ICO images).</li> <li>Fixed bug <a href="http://bugs.php.net/74960">#74960</a> (Heap buffer overflow via str_repeat).</li> </ul></li> <li>Streams: <ul> <li>Fixed bug <a href="http://bugs.php.net/81294">#81294</a> (Segfault when removing a filter).</li> </ul></li> </ul> </section> <section class="version" id="8.0.9"> <h3>Version 8.0.9</h3> <b><time class='releasedate' datetime='2021-07-29'>29 Jul 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81145">#81145</a> (copy() and stream_copy_to_stream() fail for +4GB files).</li> <li>Fixed bug <a href="http://bugs.php.net/81163">#81163</a> (incorrect handling of indirect vars in __sleep).</li> <li>Fixed bug <a href="http://bugs.php.net/81159">#81159</a> (Object to int warning when using an object as a string offset).</li> <li>Fixed bug <a href="http://bugs.php.net/80728">#80728</a> (PHP built-in web server resets timeout when it can kill the process).</li> <li>Fixed bug <a href="http://bugs.php.net/73630">#73630</a> (Built-in Webserver - overwrite $_SERVER['request_uri']).</li> <li>Fixed bug <a href="http://bugs.php.net/80173">#80173</a> (Using return value of zend_assign_to_variable() is not safe).</li> <li>Fixed bug <a href="http://bugs.php.net/73226">#73226</a> (--r[fcez] always return zero exit code).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="http://bugs.php.net/72809">#72809</a> (Locale::lookup() wrong result with canonicalize option).</li> <li>Fixed bug <a href="http://bugs.php.net/68471">#68471</a> (IntlDateFormatter fails for "GMT+00:00" timezone).</li> <li>Fixed bug <a href="http://bugs.php.net/74264">#74264</a> (grapheme_strrpos() broken for negative offsets).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/52093">#52093</a> (openssl_csr_sign truncates $serial).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="http://bugs.php.net/81101">#81101</a> (PCRE2 10.37 shows unexpected result).</li> <li>Fixed bug <a href="http://bugs.php.net/81243">#81243</a> (Too much memory is allocated for preg_replace()).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="http://bugs.php.net/81208">#81208</a> (Segmentation fault while create newInstance from attribute).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/81223">#81223</a> (flock() only locks first byte of file).</li> </ul></li> </ul> </section> <section class="version" id="8.0.8"> <h3>Version 8.0.8</h3> <b><time class='releasedate' datetime='2021-07-01'>01 Jul 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/81076">#81076</a> (incorrect debug info on Closures with implicit binds).</li> <li>Fixed bug <a href="http://bugs.php.net/81068">#81068</a> (Double free in realpath_cache_clean()).</li> <li>Fixed bug <a href="http://bugs.php.net/76359">#76359</a> (open_basedir bypass through adding "..").</li> <li>Fixed bug <a href="http://bugs.php.net/81090">#81090</a> (Typed property performance degradation with .= operator).</li> <li>Fixed bug <a href="http://bugs.php.net/81070">#81070</a> (Integer underflow in memory limit comparison).</li> <li>Fixed bug <a href="http://bugs.php.net/81122">#81122</a> (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)</li> </ul></li> <li>Bzip2: <ul> <li>Fixed bug <a href="http://bugs.php.net/81092">#81092</a> (fflush before stream_filter_remove corrupts stream).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="http://bugs.php.net/80197">#80197</a> (implicit declaration of function 'magic_stream' is invalid).</li> </ul></li> <li>GMP: <ul> <li>Fixed bug <a href="http://bugs.php.net/81119">#81119</a> (GMP operators throw errors with wrong parameter names).</li> </ul></li> <li>OCI8: <ul> <li>Fixed bug <a href="http://bugs.php.net/81088">#81088</a> (error in regression test for oci_fetch_object() and oci_fetch_array()).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81051">#81051</a> (Broken property type handling after incrementing reference).</li> <li>Fixed bug <a href="http://bugs.php.net/80968">#80968</a> (JIT segfault with return from required file).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/76694">#76694</a> (native Windows cert verification uses CN as server name).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/80761">#80761</a> (PDO uses too much memory).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed bug <a href="http://bugs.php.net/76448">#76448</a> (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)</li> <li>Fixed bug <a href="http://bugs.php.net/76449">#76449</a> (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)</li> <li>Fixed bug <a href="http://bugs.php.net/76450">#76450</a> (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)</li> <li>Fixed bug <a href="http://bugs.php.net/76452">#76452</a> (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)</li> </ul></li> <li>readline: <ul> <li>Fixed bug <a href="http://bugs.php.net/72998">#72998</a> (invalid read in readline completion).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/81048">#81048</a> (phpinfo(INFO_VARIABLES) "Array to string conversion").</li> <li>Fixed bug <a href="http://bugs.php.net/77627">#77627</a> (method_exists on Closure::__invoke inconsistency).</li> </ul></li> <li>Windows: <ul> <li>Fixed bug <a href="http://bugs.php.net/81120">#81120</a> (PGO data for main PHP DLL are not used).</li> </ul></li> </ul> </section> <section class="version" id="8.0.7"> <h3>Version 8.0.7</h3> <b><time class='releasedate' datetime='2021-06-03'>03 Jun 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/80960">#80960</a> (opendir() warning wrong info when failed on Windows).</li> <li>Fixed bug <a href="http://bugs.php.net/67792">#67792</a> (HTTP Authorization schemes are treated as case-sensitive).</li> <li>Fixed bug <a href="http://bugs.php.net/80972">#80972</a> (Memory exhaustion on invalid string offset).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/65800">#65800</a> (Events port mechanism).</li> </ul></li> <li>FTP: <ul> <li>Fixed bug <a href="http://bugs.php.net/80901">#80901</a> (Info leak in ftp extension).</li> <li>Fixed bug <a href="http://bugs.php.net/79100">#79100</a> (Wrong FTP error messages).</li> </ul></li> <li>GD: <ul> <li>Fixed bug <a href="http://bugs.php.net/81032">#81032</a> (GD install is affected by external libgd installation).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="http://bugs.php.net/81019">#81019</a> (Unable to clone NumberFormatter after failed parse()).</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="http://bugs.php.net/81011">#81011</a> (mb_convert_encoding removes references from arrays).</li> </ul></li> <li>ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/80460">#80460</a> (ODBC doesn't account for SQL_NO_TOTAL indicator).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/81007">#81007</a> (JIT "not supported" on 32-bit x86 -- build problem?).</li> <li>Fixed bug <a href="http://bugs.php.net/81015">#81015</a> (Opcache optimization assumes wrong part of ternary operator in if-condition).</li> <li>Fixed bug <a href="http://bugs.php.net/81046">#81046</a> (Literal compaction merges non-equal related literals).</li> </ul></li> <li>PDO_MySQL: <ul> <li>Fixed bug <a href="http://bugs.php.net/81037">#81037</a> (PDO discards error message text from prepared statement).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/44643">#44643</a> (bound parameters ignore explicit type definitions).</li> </ul></li> <li>pgsql: <ul> <li>Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80933">#80933</a> (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).</li> </ul></li> <li>XMLReader: <ul> <li>Fixed bug <a href="http://bugs.php.net/73246">#73246</a> (XMLReader: encoding length not checked).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="http://bugs.php.net/80863">#80863</a> (ZipArchive::extractTo() ignores references).</li> </ul></li> </ul> </section> <section class="version" id="8.0.6"> <h3>Version 8.0.6</h3> <b><time class='releasedate' datetime='2021-05-06'>06 May 2021</time></b> <ul><li>PDO_pgsql: <ul> <li>Revert "Fixed bug <a href="http://bugs.php.net/80892">#80892</a> (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"</li> </ul></li> </ul> </section> <section class="version" id="8.0.5"> <h3>Version 8.0.5</h3> <b><time class='releasedate' datetime='2021-04-29'>29 Apr 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/75776">#75776</a> (Flushing streams with compression filter is broken).</li> <li>Fixed bug <a href="http://bugs.php.net/80811">#80811</a> (Function exec without $output but with $restult_code parameter crashes).</li> <li>Fixed bug <a href="http://bugs.php.net/80814">#80814</a> (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage).</li> <li>Changed PowerPC CPU registers used by Zend VM to work around GCC bug. Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.</li> </ul></li> <li>Dba: <ul> <li>Fixed bug <a href="http://bugs.php.net/80817">#80817</a> (dba_popen() may cause segfault during RSHUTDOWN).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/66783">#66783</a> (UAF when appending DOMDocument to element).</li> </ul></li> <li>FFI: <ul> <li>Fixed bug <a href="http://bugs.php.net/80847">#80847</a> (CData structs with fields of type struct can't be passed as C function argument).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/80024">#80024</a> (Duplication of info about inherited socket after pool removing).</li> </ul></li> <li>FTP: <ul> <li>Fixed bug <a href="http://bugs.php.net/80880">#80880</a> (SSL_read on shutdown, ftp/proc_open).</li> </ul></li> <li>IMAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/80800">#80800</a> (imap_open() fails when the flags parameter includes CL_EXPUNGE).</li> <li>Fixed bug <a href="http://bugs.php.net/80710">#80710</a> (imap_mail_compose() header injection).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="http://bugs.php.net/80763">#80763</a> (msgfmt_format() does not accept DateTime references).</li> </ul></li> <li>LibXML: <ul> <li>Fixed bug <a href="http://bugs.php.net/73533">#73533</a> (Invalid memory access in php_libxml_xmlCheckUTF8).</li> <li>Fixed bug <a href="http://bugs.php.net/51903">#51903</a> (simplexml_load_file() doesn't use HTTP headers).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/80837">#80837</a> (Calling stmt_store_result after fetch doesn't throw an error).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/80839">#80839</a> (PHP problem with JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80861">#80861</a> (erronous array key overflow in 2D array with JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80786">#80786</a> (PHP crash using JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80782">#80782</a> (DASM_S_RANGE_VREG on PHP_INT_MIN-1).</li> </ul></li> <li>Pcntl: <ul> <li>Fixed bug <a href="http://bugs.php.net/79812">#79812</a> (Potential integer overflow in pcntl_exec()).</li> </ul></li> <li>PCRE: <ul> <li>Fixed bug <a href="http://bugs.php.net/80866">#80866</a> (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).</li> </ul></li> <li>PDO_ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/80783">#80783</a> (PDO ODBC truncates BLOB records at every 256th byte).</li> </ul></li> <li>PDO_pgsql: <ul> <li>Fixed bug <a href="http://bugs.php.net/80892">#80892</a> (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="http://bugs.php.net/80889">#80889</a> (Cannot set save handler when save_handler is invalid).</li> <li>Fixed bug <a href="http://bugs.php.net/80774">#80774</a> (session_name() problem with backslash).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/69668">#69668</a> (SOAP special XML characters in namespace URIs not encoded).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/80915">#80915</a> (Taking a reference to $_SERVER hides its values from phpinfo()).</li> <li>Fixed bug <a href="http://bugs.php.net/80914">#80914</a> ('getdir' accidentally defined as an alias of 'dir').</li> <li>Fixed bug <a href="http://bugs.php.net/80771">#80771</a> (phpinfo(INFO_CREDITS) displays nothing in CLI).</li> <li>Fixed bug <a href="http://bugs.php.net/78719">#78719</a> (http wrapper silently ignores long Location headers).</li> <li>Fixed bug <a href="http://bugs.php.net/80838">#80838</a> (HTTP wrapper waits for HTTP 1 response after HTTP 101).</li> </ul></li> <li>Zip: <ul> <li>Fixed bug <a href="http://bugs.php.net/80825">#80825</a> (ZipArchive::isCompressionMethodSupported does not exist).</li> </ul></li> </ul> </section> <section class="version" id="8.0.3"> <h3>Version 8.0.3</h3> <b><time class='releasedate' datetime='2021-03-04'>04 Mar 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/80706">#80706</a> (mail(): Headers after Bcc headers may be ignored).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/80600">#80600</a> (DOMChildNode::remove() doesn't work on CharacterData nodes).</li> </ul></li> <li>Gettext: <ul> <li>Fixed bug <a href="http://bugs.php.net/53251">#53251</a> (bindtextdomain with null dir doesn't return old value).</li> </ul></li> <li>MySQLnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/78680">#78680</a> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li> <li>Fixed bug <a href="http://bugs.php.net/80713">#80713</a> (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="http://bugs.php.net/74779">#74779</a> (x() and y() truncating floats to integers).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/80634">#80634</a> (write_property handler of internal classes is skipped on preloaded JITted code).</li> <li>Fixed bug <a href="http://bugs.php.net/80682">#80682</a> (opcache doesn't honour pcre.jit option).</li> <li>Fixed bug <a href="http://bugs.php.net/80742">#80742</a> (Opcache JIT makes some boolean logic unexpectedly be true).</li> <li>Fixed bug <a href="http://bugs.php.net/80745">#80745</a> (JIT produces Assert failure and UNKNOWN:0 var_dumps in code involving bitshifts).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80747">#80747</a> (Providing RSA key size < 512 generates key that crash PHP).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/75850">#75850</a> (Unclear error message wrt. __halt_compiler() w/o semicolon)</li> <li>Fixed bug <a href="http://bugs.php.net/70091">#70091</a> (Phar does not mark UTF-8 filenames in ZIP archives).</li> <li>Fixed bug <a href="http://bugs.php.net/53467">#53467</a> (Phar cannot compress large archives).</li> </ul></li> <li>Socket: <ul> <li>Fixed bug <a href="http://bugs.php.net/80723">#80723</a> (Different sockets compare as equal (regression in 8.0)).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80719">#80719</a> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/80654">#80654</a> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li> <li>Fixed bug <a href="http://bugs.php.net/80718">#80718</a> (ext/standard/dl.c fallback code path with syntax error).</li> </ul></li> </ul> </section> <section class="version" id="8.0.2"> <h3>Version 8.0.2</h3> <b><time class='releasedate' datetime='2021-02-04'>04 Feb 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/80523">#80523</a> (bogus parse error on >4GB source code).</li> <li>Fixed bug <a href="http://bugs.php.net/80384">#80384</a> (filter buffers entire read until file closed).</li> <li>Fixed bug <a href="http://bugs.php.net/80596">#80596</a> (Invalid union type TypeError in anonymous classes).</li> <li>Fixed bug <a href="http://bugs.php.net/80617">#80617</a> (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).</li> </ul></li> <li>BCMath: <ul> <li>Fixed bug <a href="http://bugs.php.net/80545">#80545</a> (bcadd('a', 'a') doesn't throw an exception).</li> </ul></li> <li>Curl: <ul> <li>Fixed bug <a href="http://bugs.php.net/80595">#80595</a> (Resetting POSTFIELDS to empty array breaks request).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/80376">#80376</a> (last day of the month causes runway cpu usage).</li> </ul></li> <li>DOM: <ul> <li>Fixed bug <a href="http://bugs.php.net/80537">#80537</a> (Wrong parameter type in DOMElement::removeAttributeNode stub).</li> </ul></li> <li>Filter: <ul> <li>Fixed bug <a href="http://bugs.php.net/80584">#80584</a> (0x and 0X are considered valid hex numbers by filter_var()).</li> </ul></li> <li>GMP: <ul> <li>Fixed bug <a href="http://bugs.php.net/80560">#80560</a> (Strings containing only a base prefix return 0 object).</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="http://bugs.php.net/80644">#80644</a> (Missing resource causes subsequent get() calls to fail).</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="http://bugs.php.net/67983">#67983</a> (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).</li> <li>Fixed bug <a href="http://bugs.php.net/64638">#64638</a> (Fetching resultsets from stored procedure with cursor fails).</li> <li>Fixed bug <a href="http://bugs.php.net/72862">#72862</a> (segfault using prepared statements on stored procedures that use a cursor).</li> <li>Fixed bug <a href="http://bugs.php.net/77935">#77935</a> (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).</li> </ul></li> <li>ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/80592">#80592</a> (all floats are the same in ODBC parameters).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/80422">#80422</a> (php_opcache.dll crashes when using Apache 2.4 with JIT).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed bug <a href="http://bugs.php.net/80521">#80521</a> (Parameters with underscores no longer recognized).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/76929">#76929</a> (zip-based phar does not respect phar.require_hash).</li> <li>Fixed bug <a href="http://bugs.php.net/77565">#77565</a> (Incorrect locator detection in ZIP-based phars).</li> <li>Fixed bug <a href="http://bugs.php.net/69279">#69279</a> (Compressed ZIP Phar extractTo() creates garbage files).</li> </ul></li> <li>Phpdbg: <ul> <li>Reverted fix for bug <a href="http://bugs.php.net/76813">#76813</a> (Access violation near NULL on source operand).</li> </ul></li> <li>SOAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/80672">#80672</a> (Null Dereference in SoapClient). (CVE-2021-21702)</li> </ul></li> </ul> </section> <section class="version" id="8.0.1"> <h3>Version 8.0.1</h3> <b><time class='releasedate' datetime='2021-01-07'>07 Jan 2021</time></b> <ul><li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/80345">#80345</a> (PHPIZE configuration has outdated PHP_RELEASE_VERSION).</li> <li>Fixed bug <a href="http://bugs.php.net/72964">#72964</a> (White space not unfolded for CC/Bcc headers).</li> <li>Fixed bug <a href="http://bugs.php.net/80391">#80391</a> (Iterable not covariant to mixed).</li> <li>Fixed bug <a href="http://bugs.php.net/80393">#80393</a> (Build of PHP extension fails due to configuration gap with libtool).</li> <li>Fixed bug <a href="http://bugs.php.net/77069">#77069</a> (stream filter loses final block of data).</li> </ul></li> <li>Fileinfo: <ul> <li>Fixed bug <a href="http://bugs.php.net/77961">#77961</a> (finfo_open crafted magic parsing SIGABRT).</li> </ul></li> <li>FPM: <ul> <li>Fixed bug <a href="http://bugs.php.net/69625">#69625</a> (FPM returns 200 status on request without SCRIPT_FILENAME env).</li> </ul></li> <li>IMAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/80438">#80438</a> (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).</li> <li>Fix a regression with valid UIDs in imap_savebody().</li> <li>Make warnings for invalid message numbers/UIDs between functions consistent.</li> </ul></li> <li>Intl: <ul> <li>Fixed bug <a href="http://bugs.php.net/80425">#80425</a> (MessageFormatAdapter::getArgTypeList redefined).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/80404">#80404</a> (Incorrect range inference result when division results in float).</li> <li>Fixed bug <a href="http://bugs.php.net/80377">#80377</a> (Opcache misses executor_globals).</li> <li>Fixed bug <a href="http://bugs.php.net/80433">#80433</a> (Unable to disable the use of the AVX command when using JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80447">#80447</a> (Strange out of memory error when running with JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/80480">#80480</a> (Segmentation fault with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/80506">#80506</a> (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).</li> </ul></li> <li>OpenSSL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80368">#80368</a> (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).</li> </ul></li> <li>PDO MySQL: <ul> <li>Fixed bug <a href="http://bugs.php.net/80458">#80458</a> (PDOStatement::fetchAll() throws for upsert queries).</li> <li>Fixed bug <a href="http://bugs.php.net/63185">#63185</a> (nextRowset() ignores MySQL errors with native prepared statements).</li> <li>Fixed bug <a href="http://bugs.php.net/78152">#78152</a> (PDO::exec() - Bad error handling with multiple commands).</li> <li>Fixed bug <a href="http://bugs.php.net/66878">#66878</a> (Multiple rowsets not returned unless PDO statement object is unset()).</li> <li>Fixed bug <a href="http://bugs.php.net/70066">#70066</a> (Unexpected "Cannot execute queries while other unbuffered queries").</li> <li>Fixed bug <a href="http://bugs.php.net/71145">#71145</a> (Multiple statements in init command triggers unbuffered query error).</li> <li>Fixed bug <a href="http://bugs.php.net/76815">#76815</a> (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).</li> <li>Fixed bug <a href="http://bugs.php.net/79872">#79872</a> (Can't execute query with pending result sets).</li> <li>Fixed bug <a href="http://bugs.php.net/79131">#79131</a> (PDO does not throw an exception when parameter values are missing).</li> <li>Fixed bug <a href="http://bugs.php.net/72368">#72368</a> (PdoStatement->execute() fails but does not throw an exception).</li> <li>Fixed bug <a href="http://bugs.php.net/62889">#62889</a> (LOAD DATA INFILE broken).</li> <li>Fixed bug <a href="http://bugs.php.net/67004">#67004</a> (Executing PDOStatement::fetch() more than once prevents releasing resultset).</li> <li>Fixed bug <a href="http://bugs.php.net/79132">#79132</a> (PDO re-uses parameter values from earlier calls to execute()).</li> </ul></li> <li>Phar: <ul> <li>Fixed bug <a href="http://bugs.php.net/73809">#73809</a> (Phar Zip parse crash - mmap fail).</li> <li>Fixed bug <a href="http://bugs.php.net/75102">#75102</a> (`PharData` says invalid checksum for valid tar).</li> <li>Fixed bug <a href="http://bugs.php.net/77322">#77322</a> (PharData::addEmptyDir('/') Possible integer overflow).</li> </ul></li> <li>Phpdbg: <ul> <li>Fixed bug <a href="http://bugs.php.net/76813">#76813</a> (Access violation near NULL on source operand).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/62004">#62004</a> (SplFileObject: fgets after seek returns wrong line).</li> </ul></li> <li>Standard: <ul> <li>Fixed bug <a href="http://bugs.php.net/80366">#80366</a> (Return Value of zend_fstat() not Checked).</li> <li>Fixed bug <a href="http://bugs.php.net/77423">#77423</a> (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</li> </ul></li> <li>Tidy: <ul> <li>Fixed bug <a href="http://bugs.php.net/77594">#77594</a> (ob_tidyhandler is never reset).</li> </ul></li> <li>Tokenizer: <ul> <li>Fixed bug <a href="http://bugs.php.net/80462">#80462</a> (Nullsafe operator tokenize with TOKEN_PARSE flag fails).</li> </ul></li> <li>XML: <ul> <li>XmlParser opaque object renamed to XMLParser for consistency with other XML objects.</li> </ul></li> <li>Zlib: <ul> <li>Fixed bug <a href="http://bugs.php.net/48725">#48725</a> (Support for flushing in zlib stream).</li> </ul></li> </ul> </section> <section class="version" id="8.0.0"> <h3>Version 8.0.0</h3> <b><time class='releasedate' datetime='2020-11-26'>26 Nov 2020</time></b> <ul><li>BZ2: <ul> <li>Fixed bug <a href="http://bugs.php.net/71263">#71263</a> (fread() does not report bzip2.decompress errors).</li> </ul></li> <li>CLI: <ul> <li>Allow debug server binding to an ephemeral port via `-S localhost:0`.</li> </ul></li> <li>COM: <ul> <li>Fixed bug <a href="http://bugs.php.net/55847">#55847</a> (DOTNET .NET 4.0 GAC new location).</li> <li>Fixed bug <a href="http://bugs.php.net/62474">#62474</a> (com_event_sink crashes on certain arguments).</li> </ul></li> <li>Calendar: <ul> <li>Fixed bug <a href="http://bugs.php.net/80007">#80007</a> (Potential type confusion in unixtojd() parameter parsing).</li> </ul></li> <li>Core: <ul> <li>Fixed bug <a href="http://bugs.php.net/36365">#36365</a> (scandir duplicates file name at every 65535th file).</li> <li>Fixed bug <a href="http://bugs.php.net/49555">#49555</a> (Fatal error "Function must be a string" message should be renamed).</li> <li>Fixed bug <a href="http://bugs.php.net/62294">#62294</a> (register_shutdown_function() does not correctly handle exit code).</li> <li>Fixed bug <a href="http://bugs.php.net/62609">#62609</a> (Allow implementing Traversable on abstract classes).</li> <li>Fixed bug <a href="http://bugs.php.net/65274">#65274</a> (Enhance undefined class constant error with class name).</li> <li>Fixed bug <a href="http://bugs.php.net/65275">#65275</a> (Calling exit() in a shutdown function does not change the exit value in CLI).</li> <li>Fixed bug <a href="http://bugs.php.net/69084">#69084</a> (Unclear error message when not implementing a renamed abstract trait function).</li> <li>Fixed bug <a href="http://bugs.php.net/70839">#70839</a> (Converting optional argument to variadic forbidden by LSP checks).</li> <li>Fixed bug <a href="http://bugs.php.net/74558">#74558</a> (Can't rebind closure returned by Closure::fromCallable()).</li> <li>Fixed bug <a href="http://bugs.php.net/77561">#77561</a> (Shebang line not stripped for non-primary script).</li> <li>Fixed bug <a href="http://bugs.php.net/77619">#77619</a> (Wrong reflection on MultipleIterator::__construct).</li> <li>Fixed bug <a href="http://bugs.php.net/77966">#77966</a> (Cannot alias a method named "namespace").</li> <li>Fixed bug <a href="http://bugs.php.net/78236">#78236</a> (convert error on receiving variables when duplicate [).</li> <li>Fixed bug <a href="http://bugs.php.net/78770">#78770</a> (Incorrect callability check inside internal methods).</li> <li>Fixed bug <a href="http://bugs.php.net/79108">#79108</a> (Referencing argument in a function makes it a reference in the stack trace).</li> <li>Fixed bug <a href="http://bugs.php.net/79368">#79368</a> ("Unexpected end of file" is not an acceptable error message).</li> <li>Fixed bug <a href="http://bugs.php.net/79462">#79462</a> (method_exists and property_exists incoherent behavior).</li> <li>Fixed bug <a href="http://bugs.php.net/79467">#79467</a> (data:// wrappers are writable).</li> <li>Fixed bug <a href="http://bugs.php.net/79521">#79521</a> (Check __set_state structure).</li> <li>Fixed bug <a href="http://bugs.php.net/79790">#79790</a> ("Illegal offset type" exception during AST evaluation not handled properly).</li> <li>Fixed bug <a href="http://bugs.php.net/79791">#79791</a> (Assertion failure when unsetting variable during binary op).</li> <li>Fixed bug <a href="http://bugs.php.net/79828">#79828</a> (Segfault when trying to access non-existing variable).</li> <li>Fixed bug <a href="http://bugs.php.net/79841">#79841</a> (Syntax error in configure / unescaped "[]" in php.m4).</li> <li>Fixed bug <a href="http://bugs.php.net/79852">#79852</a> (count(DOMNodeList) doesn't match count(IteratorIterator(DOMNodeList))).</li> <li>Fixed bug <a href="http://bugs.php.net/79867">#79867</a> (Promoted untyped properties should get null default value).</li> <li>Fixed bug <a href="http://bugs.php.net/79897">#79897</a> (Promoted constructor params with attribs cause crash).</li> <li>Fixed bug <a href="http://bugs.php.net/79927">#79927</a> (Generator doesn't throw exception after multiple yield from iterable).</li> <li>Fixed bug <a href="http://bugs.php.net/79946">#79946</a> (Build fails due to undeclared UINT32_C).</li> <li>Fixed bug <a href="http://bugs.php.net/79948">#79948</a> (Exit in auto-prepended file does not abort PHP execution).</li> <li>Fixed bug <a href="http://bugs.php.net/80045">#80045</a> (memleak after two set_exception_handler calls with __call).</li> <li>Fixed bug <a href="http://bugs.php.net/80096">#80096</a> (Segmentation fault with named arguments in nested call).</li> <li>Fixed bug <a href="http://bugs.php.net/80109">#80109</a> (Cannot skip arguments when extended debug is enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/80225">#80225</a> (broken namespace usage in eval code).</li> <li>Fixed bug <a href="http://bugs.php.net/80258">#80258</a> (Windows Deduplication Enabled, randon permission errors).</li> <li>Fixed bug <a href="http://bugs.php.net/80280">#80280</a> (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).</li> <li>Fixed bug <a href="http://bugs.php.net/80334">#80334</a> (assert() vs named parameters - confusing error).</li> <li>Fixed bug <a href="http://bugs.php.net/80055">#80055</a> (Abstract trait methods returning "self" cannot be fulfilled by traits).</li> <li>Fixed faulty generator cleanup with yield from.</li> <li>Implement #[Attr] Attribute syntax as per final vote in RFC https://wiki.php.net/rfc/shorter_attribute_syntax_change</li> <li>Implemented FR <a href="http://bugs.php.net/47074">#47074</a> (phpinfo() reports "On" as 1 for the some extensions).</li> <li>Implemented FR <a href="http://bugs.php.net/72089">#72089</a> (require() throws fatal error instead of exception).</li> <li>Removed the pdo_odbc.db2_instance_name php.ini directive.</li> <li>Use SSE2 instructions do locale independent strtolower.</li> </ul></li> <li>Curl: <ul> <li>Bumped required libcurl version to 7.29.0.</li> <li>Fixed bug <a href="http://bugs.php.net/80121">#80121</a> (Null pointer deref if CurlHandle directly instantiated).</li> </ul></li> <li>DOM: <ul> <li>Add property DOMXPath::$registerNodeNamespaces and constructor argument that allow global flag to configure query() or evaluate() calls.</li> <li>Fixed bug <a href="http://bugs.php.net/79968">#79968</a> (DOMChildNode API crash on unattached nodes).</li> <li>Fixed bug <a href="http://bugs.php.net/80268">#80268</a> (loadHTML() truncates at NUL bytes).</li> </ul></li> <li>Date: <ul> <li>Fixed bug <a href="http://bugs.php.net/60302">#60302</a> (DateTime::createFromFormat should new static(), not new self()).</li> <li>Fixed bug <a href="http://bugs.php.net/65547">#65547</a> (Default value for sunrise/sunset zenith still wrong).</li> <li>Fixed bug <a href="http://bugs.php.net/69044">#69044</a> (discrepancy between time and microtime).</li> <li>Fixed bug <a href="http://bugs.php.net/80057">#80057</a> (DateTimeImmutable::createFromFormat() does not populate time).</li> <li>Implemented FR <a href="http://bugs.php.net/79903">#79903</a> (datetime: new format "p", same as "P" but returning "Z" for UTC).</li> </ul></li> <li>Enchant: <ul> <li>Add LIBENCHANT_VERSION macro.</li> <li>Add enchant_dict_add and enchant_dict_is_added functions.</li> <li>Deprecate enchant_broker_set_dict_path, enchant_broker_get_dict_path, enchant_dict_add_to_personal and enchant_dict_is_in_session.</li> <li>Use libenchant-2 when available.</li> </ul></li> <li>FFI: <ul> <li>Added FFI\CType::getName() method.</li> <li>Fixed bug <a href="http://bugs.php.net/79177">#79177</a> (FFI doesn't handle well PHP exceptions within callback).</li> <li>Fixed bug <a href="http://bugs.php.net/79749">#79749</a> (Converting FFI instances to bool fails).</li> </ul></li> <li>FPM: <ul> <li>Add pm.status_listen option.</li> </ul></li> <li>Fileinfo: <ul> <li>Upgrade to libmagic 5.39.</li> </ul></li> <li>GD: <ul> <li>Added imagegetinterpolation().</li> <li>Fixed bug <a href="http://bugs.php.net/55005">#55005</a> (imagepolygon num_points requirement).</li> <li>Made the $num_points parameter of php_imagepolygon optional.</li> <li>Removed deprecated image2wbmp().</li> <li>Removed deprecated png2wbmp() and jpeg2wbmp().</li> <li>Replaced gd resources with objects.</li> </ul></li> <li>IMAP: <ul> <li>Fixed bug <a href="http://bugs.php.net/64076">#64076</a> (imap_sort() does not return FALSE on failure).</li> <li>Fixed bug <a href="http://bugs.php.net/76618">#76618</a> (segfault on imap_reopen).</li> <li>Fixed bug <a href="http://bugs.php.net/80213">#80213</a> (imap_mail_compose() segfaults on certain $bodies).</li> <li>Fixed bug <a href="http://bugs.php.net/80215">#80215</a> (imap_mail_compose() may modify by-val parameters).</li> <li>Fixed bug <a href="http://bugs.php.net/80216">#80216</a> (imap_mail_compose() does not validate types/encodings).</li> <li>Fixed bug <a href="http://bugs.php.net/80220">#80220</a> (imap_mail_compose() may leak memory).</li> <li>Fixed bug <a href="http://bugs.php.net/80223">#80223</a> (imap_mail_compose() leaks envelope on malformed bodies).</li> <li>Fixed bug <a href="http://bugs.php.net/80226">#80226</a> (imap_sort() leaks sortpgm memory).</li> <li>Fixed bug <a href="http://bugs.php.net/80239">#80239</a> (imap_rfc822_write_address() leaks memory).</li> <li>Fixed bug <a href="http://bugs.php.net/80242">#80242</a> (imap_mail_compose() segfaults for multipart with rfc822).</li> <li>Fixed minor regression caused by fixing bug <a href="http://bugs.php.net/80220">#80220</a>.</li> </ul></li> <li>Iconv: <ul> <li>Dropped support for iconv without proper errno setting.</li> </ul></li> <li>Intl: <ul> <li>Removed deprecated INTL_IDNA_VARIANT_2003.</li> </ul></li> <li>JIT: <ul> <li>Fixed bug <a href="http://bugs.php.net/77857">#77857</a> (Wrong result if executed with JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/79255">#79255</a> (PHP cannot be compiled with enable JIT).</li> <li>Fixed bug <a href="http://bugs.php.net/79582">#79582</a> (Crash seen when opcache.jit=1235 and opcache.jit_debug=2).</li> <li>Fixed bug <a href="http://bugs.php.net/79743">#79743</a> (Fatal error when assigning to array property with JIT enabled).</li> <li>Fixed bug <a href="http://bugs.php.net/79864">#79864</a> (JIT segfault in Symfony OptionsResolver).</li> <li>Fixed bug <a href="http://bugs.php.net/79888">#79888</a> (Incorrect execution with JIT enabled).</li> </ul></li> <li>JSON: <ul> <li>The JSON extension is now an integral part of PHP and cannot be disabled as per RFC: https://wiki.php.net/rfc/always_enable_json (tandre)</li> </ul></li> <li>LDAP: <ul> <li>Fixed memory leaks.</li> <li>Removed deprecated ldap_sort.</li> </ul></li> <li>MBString: <ul> <li>Fixed bug <a href="http://bugs.php.net/76999">#76999</a> (mb_regex_set_options() return current options).</li> <li>Removed the unused $is_hex parameter from mb_decode_numericentity().</li> </ul></li> <li>MySQLi: <ul> <li>Fixed bug <a href="http://bugs.php.net/76809">#76809</a> (SSL settings aren't respected when persistent connections are used).</li> </ul></li> <li>Mysqlnd: <ul> <li>Fixed bug <a href="http://bugs.php.net/60594">#60594</a> (mysqlnd exposes 160 lines of stats in phpinfo).</li> </ul></li> <li>OCI8: <ul> <li>Deprecated old OCI8 function aliases.</li> <li>Modernized oci_register_taf_callback() callable argument parsing implementation.</li> <li>Removed obsolete no-op function oci_internal_debug().</li> </ul></li> <li>ODBC: <ul> <li>Fixed bug <a href="http://bugs.php.net/22986">#22986</a> (odbc_connect() may reuse persistent connection).</li> <li>Fixed bug <a href="http://bugs.php.net/44618">#44618</a> (Fetching may rely on uninitialized data).</li> </ul></li> <li>Opcache: <ul> <li>Fixed bug <a href="http://bugs.php.net/76535">#76535</a> (Opcache does not replay compile-time warnings).</li> <li>Fixed bug <a href="http://bugs.php.net/78654">#78654</a> (Incorrectly computed opcache checksum on files with non-ascii characters).</li> <li>Fixed bug <a href="http://bugs.php.net/79665">#79665</a> (ini_get() and opcache_get_configuration() inconsistency).</li> <li>Fixed bug <a href="http://bugs.php.net/80030">#80030</a> (Optimizer segfault with isset on static property with undef dynamic class name).</li> <li>Fixed bug <a href="http://bugs.php.net/80175">#80175</a> (PHP8 RC1 - JIT Buffer not working).</li> <li>Fixed bug <a href="http://bugs.php.net/80184">#80184</a> (Complex expression in while / if statements resolves to false incorrectly).</li> <li>Fixed bug <a href="http://bugs.php.net/80255">#80255</a> (Opcache bug (bad condition result) in 8.0.0rc1).</li> <li>Fixed run-time binding of preloaded dynamically declared function.</li> </ul></li> <li>OpenSSL: <ul> <li>Added Cryptographic Message Syntax (CMS) support.</li> </ul></li> <li>PCRE: <ul> <li>Don't ignore invalid escape sequences.</li> <li>Updated to PCRE2 10.35.</li> </ul></li> <li>PDO: <ul> <li>Changed default PDO error mode to exceptions.</li> <li>Fixed bug <a href="http://bugs.php.net/77849">#77849</a> (Disable cloning of PDO handle/connection objects).</li> </ul></li> <li>PDO_Firebird: <ul> <li>Fixed bug <a href="http://bugs.php.net/64937">#64937</a> (Firebird PDO preprocessing sql).</li> </ul></li> <li>PDO_OCI: <ul> <li>Added support for setting and getting the oracle OCI 18c call timeout.</li> </ul></li> <li>PDO_PGSQL: <ul> <li>Bumped required libpq version to 9.1.</li> </ul></li> <li>PGSQL: <ul> <li>Bumped required libpq version to 9.1.</li> </ul></li> <li>Phpdbg: <ul> <li>Fixed bug <a href="http://bugs.php.net/76596">#76596</a> (phpdbg support for display_errors=stderr).</li> <li>Fixed bug <a href="http://bugs.php.net/76801">#76801</a> (too many open files).</li> <li>Fixed bug <a href="http://bugs.php.net/77800">#77800</a> (phpdbg segfaults on listing some conditional breakpoints).</li> <li>Fixed bug <a href="http://bugs.php.net/77805">#77805</a> (phpdbg build fails when readline is shared).</li> </ul></li> <li>Reflection: <ul> <li>Fixed bug <a href="http://bugs.php.net/64592">#64592</a> (ReflectionClass::getMethods() returns methods out of scope).</li> <li>Fixed bug <a href="http://bugs.php.net/69180">#69180</a> (Reflection does not honor trait conflict resolution / method aliasing).</li> <li>Fixed bug <a href="http://bugs.php.net/74939">#74939</a> (Nested traits' aliased methods are lowercased).</li> <li>Fixed bug <a href="http://bugs.php.net/77325">#77325</a> (ReflectionClassConstant::$class returns wrong class when extending).</li> <li>Fixed bug <a href="http://bugs.php.net/78697">#78697</a> (ReflectionClass::implementsInterface - inaccurate error message with traits).</li> <li>Fixed bug <a href="http://bugs.php.net/80190">#80190</a> (ReflectionMethod::getReturnType() does not handle static as part of union type).</li> <li>Fixed bug <a href="http://bugs.php.net/80299">#80299</a> (ReflectionFunction->invokeArgs confused in arguments).</li> <li>Fixed bug <a href="http://bugs.php.net/80370">#80370</a> (getAttributes segfault on dynamic properties).</li> <li>Implemented FR <a href="http://bugs.php.net/79628">#79628</a> (Add $filter parameter for ReflectionClass::getConstants and ReflectionClass::getReflectionConstants) (carusogabriel)</li> <li>Implement ReflectionProperty::hasDefaultValue and Reflection::getDefaultValue (beberlei)</li> </ul></li> <li>SNMP: <ul> <li>Fixed bug <a href="http://bugs.php.net/70461">#70461</a> (disable md5 code when it is not supported in net-snmp).</li> </ul></li> <li>SPL: <ul> <li>Fixed bug <a href="http://bugs.php.net/65006">#65006</a> (spl_autoload_register fails with multiple callables using self, same method).</li> <li>Fixed bug <a href="http://bugs.php.net/65387">#65387</a> (Circular references in SPL iterators are not garbage collected).</li> <li>Fixed bug <a href="http://bugs.php.net/71236">#71236</a> (Second call of spl_autoload_register() does nothing if it has no arguments).</li> <li>Fixed bug <a href="http://bugs.php.net/79987">#79987</a> (Memory leak in SplFileInfo because of missing zend_restore_error_handling()).</li> <li>SplFixedArray is now IteratorAggregate rather than Iterator.</li> </ul></li> <li>SQLite3: <ul> <li>Added SQLite3::setAuthorizer() and respective class constants.</li> </ul></li> <li>Session: <ul> <li>Fixed bug <a href="http://bugs.php.net/73529">#73529</a> (session_decode() silently fails on wrong input).</li> <li>Fixed bug <a href="http://bugs.php.net/78624">#78624</a> (session_gc return value for user defined session handlers).</li> </ul></li> <li>Shmop: <ul> <li>Converted shmop resources to objects.</li> </ul></li> <li>SimpleXML: <ul> <li>Fixed bug <a href="http://bugs.php.net/63575">#63575</a> (Root elements are not properly cloned).</li> <li>Fixed bug <a href="http://bugs.php.net/75245">#75245</a> (Don't set content of elements with only whitespaces).</li> </ul></li> <li>Sodium: <ul> <li>Fixed bug <a href="http://bugs.php.net/77646">#77646</a> (sign_detached() strings not terminated).</li> </ul></li> <li>Standard: <ul> <li>Don't force rebuild of symbol table, when populating $http_response_header variable by the HTTP stream wrapper.</li> <li>Fixed bug <a href="http://bugs.php.net/47983">#47983</a> (mixed LF and CRLF line endings in mail()).</li> <li>Fixed bug <a href="http://bugs.php.net/64060">#64060</a> (lstat_stat_variation7.phpt fails on certain file systems).</li> <li>Fixed bug <a href="http://bugs.php.net/75902">#75902</a> (str_replace should warn when misused with nested arrays).</li> <li>Fixed bug <a href="http://bugs.php.net/76859">#76859</a> (stream_get_line skips data if used with data-generating filter).</li> <li>Fixed bug <a href="http://bugs.php.net/77204">#77204</a> (getimagesize(): Read error! should mention file path).</li> <li>Fixed bug <a href="http://bugs.php.net/78385">#78385</a> (parse_url() does not include 'query' when question mark is the last char).</li> <li>Fixed bug <a href="http://bugs.php.net/79868">#79868</a> (Sorting with array_unique gives unwanted result).</li> <li>Fixed bug <a href="http://bugs.php.net/80256">#80256</a> (file_get_contents strip first line with chunked encoding redirect).</li> <li>Fixed bug <a href="http://bugs.php.net/80266">#80266</a> (parse_url silently drops port number 0).</li> <li>Fixed bug <a href="http://bugs.php.net/80290">#80290</a> (Double free when ASSERT_CALLBACK is used with a dynamic message).</li> <li>Implemented FR <a href="http://bugs.php.net/78638">#78638</a> (__PHP_Incomplete_Class should be final).</li> <li>Made quoting of cmd execution functions consistent.</li> </ul></li> <li>Tidy: <ul> <li>Removed the unused $use_include_path parameter from tidy_repair_string().</li> </ul></li> <li>Tokenizer: <ul> <li>Fixed bug <a href="http://bugs.php.net/80328">#80328</a> (PhpToken::getAll() confusing name).</li> </ul></li> <li>XML: <ul> <li>Fixed bug <a href="http://bugs.php.net/76874">#76874</a> (xml_parser_free() should never leak memory).</li> </ul></li> <li>XMLWriter: <ul> <li>Changed functions to accept/return XMLWriter objects instead of resources.</li> <li>Implemented FR <a href="http://bugs.php.net/79344">#79344</a> (xmlwriter_write_attribute_ns: $prefix should be nullable).</li> <li>Removed return types from XMLWriter stubs.</li> </ul></li> <li>Zip: <ul> <li>Add "flags" options to ZipArchive::addGlob and addPattern methods keeping previous behavior having FL_OVERWRITE by default.</li> <li>Add ZipArchive::EM_UNKNOWN and ZipArchive::EM_TRAD_PKWARE constants.</li> <li>Add ZipArchive::isCompressionMethodSupported() and ZipArchive::isEncryptionMethodSupported() method (libzip 1.7.0).</li> <li>Add ZipArchive::replaceFile() method.</li> <li>Add ZipArchive::setCancelCallback method (since libzip 1.6.0).</li> <li>Add ZipArchive::setMtimeName and ZipArchive::setMtimeIndex methods.</li> <li>Add ZipArchive::setProgressCallback method (since libzip 1.3.0).</li> <li>Add lastId property to ZipArchive.</li> <li>Add optional "flags" parameter to ZipArchive::addEmptyDir, addFile and addFromString methods.</li> <li>Fixed bug <a href="http://bugs.php.net/50678">#50678</a> (files extracted by ZipArchive class lost their original modified time).</li> <li>Fixed bug <a href="http://bugs.php.net/72374">#72374</a> (remove_path strips first char of filename).</li> <li>Implemented FR <a href="http://bugs.php.net/77960">#77960</a> (add compression / encryption options for ZipArchive::addGlob and ZipArchive::addPattern).</li> <li>ZipArchive::status and ZipArchive::statusSys properties and ZipArchive::getStatusString() method stay valid after the archive is closed.</li> </ul></li> <li>Zlib: <ul> <li>Fixed bug <a href="http://bugs.php.net/71417">#71417</a> (fread() does not report zlib.inflate errors).</li> <li>Fixed bug <a href="http://bugs.php.net/78792">#78792</a> (zlib.output_compression disabled by Content-Type: image/).</li> </ul></li> </ul> </section> </section> <aside class="tips"> <div class="inner"><div class="panel">ChangeLogs<div class="body"><ul> <li><b>PHP 8.x</b> <ul> <li><a href="#PHP_8_4">8.4</a></li> <li><a href="#PHP_8_3">8.3</a></li> <li><a href="#PHP_8_2">8.2</a></li> <li><a href="#PHP_8_1">8.1</a></li> <li><a href="#PHP_8_0">8.0</a></li> </ul></li> <li><a href="/ChangeLog-7.php">PHP 7.x</a></li> <li><a href="/ChangeLog-5.php">PHP 5.x</a></li> <li><a href="/ChangeLog-4.php">PHP 4.x</a></li> </ul></div></div></div> </aside> </div> <footer> <div class="container footer-content"> <div class="row-fluid"> <ul class="footmenu"> <li><a href="/copyright.php">Copyright © 2001-2024 The PHP Group</a></li> <li><a href="/my.php">My PHP.net</a></li> <li><a href="/contact.php">Contact</a></li> <li><a href="/sites.php">Other PHP.net sites</a></li> <li><a href="/privacy.php">Privacy policy</a></li> <li><a href="https://github.com/php/web-php/blob/master/ChangeLog-8.php">View Source</a></li> </ul> </div> </div> </footer> <script src="/cached.php?t=1731172202&f=/js/ext/jquery-3.6.0.min.js"></script> <script src="/cached.php?t=1723177202&f=/js/ext/FuzzySearch.min.js"></script> <script src="/cached.php?t=1707321815&f=/js/ext/mousetrap.min.js"></script> <script src="/cached.php?t=1707321815&f=/js/ext/jquery.scrollTo.min.js"></script> <script src="/cached.php?t=1733296801&f=/js/search.js"></script> <script src="/cached.php?t=1732876201&f=/js/common.js"></script> <script type="module" src="/cached.php?t=1733276402&f=/js/interactive-examples.js"></script> <a id="toTop" href="javascript:;"><span id="toTopHover"></span><img width="40" height="40" alt="To Top" src="/images/to-top@2x.png"></a> <div id="search-modal__backdrop" class="search-modal__backdrop"> <div role="dialog" aria-label="Search modal" id="search-modal" class="search-modal" > <div class="search-modal__header"> <div class="search-modal__form"> <div class="search-modal__input-icon">  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </div> <input type="search" id="search-modal__input" class="search-modal__input" placeholder="Search docs" aria-label="Search docs" /> </div> <button aria-label="Close" class="search-modal__close">  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" > <path d="M19,6.41L17.59,5L12,10.59L6.41,5L5,6.41L10.59,12L5,17.59L6.41,19L12,13.41L17.59,19L19,17.59L13.41,12L19,6.41Z"/> </svg> </button> </div> <div role="listbox" aria-label="Search results" id="search-modal__results" class="search-modal__results" ></div> <div class="search-modal__helper-text"> <div> <kbd>↑</kbd> and <kbd>↓</kbd> to navigate • <kbd>Enter</kbd> to select • <kbd>Esc</kbd> to close </div> <div> Press <kbd>Enter</kbd> without selection to search using Google </div> </div> </div> </div> </body> </html>