From 5247df47a73dc5f9ce56242d253958cb03f7a0d2 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Fri, 3 Oct 2025 22:04:36 +0200 Subject: [PATCH 1/7] Fix NEWS --- NEWS | 2023 ++++++++++++++++------------------------------------------ 1 file changed, 562 insertions(+), 1461 deletions(-) diff --git a/NEWS b/NEWS index 4fcf738065920..5b7175eed1746 100644 --- a/NEWS +++ b/NEWS @@ -1,93 +1,135 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? ????, PHP 8.4.14 +?? ??? ????, PHP 8.5.0RC2 + +- Core: + . Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval). (ilutov) + . Fixed bug GH-20002 (Broken build on *BSD with MSAN). (outtersg) + . Fixed bug GH-19352 (Cross-compilation with musl C library). + (henderkes, Peter Kokot) + +- BcMath: + . Fixed bug GH-20006 (Power of 0 of BcMath number causes UB). (nielsdos) + +- Opcache: + . Fixed segfault in function JIT due to NAN to bool warning. (Girgias) + . Fixed bug GH-19984 (Double-free of EG(errors)/persistent_script->warnings on + persist of already persisted file). (ilutov, Arnaud) + +- SOAP: + . Fixed bug GH-19773 (SIGSEGV due to uninitialized soap_globals->lang_en). + (nielsdos, KaseyJenkins) + +- URI: + . Fixed Uri\WhatWg\Url::withPort() when an invalid value is passed. + (timwolla) + . Fixed Uri\WhatWg\Url::parse() when resolving a relative URL + against a base URL with query or fragment. (timwolla) + +25 Sep 2025, PHP 8.5.0RC1 - Core: . Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks). (timwolla) + . The __sleep() and __wakeup() magic methods have been deprecated. (Girgias) . Fixed hard_timeout with --enable-zend-max-execution-timers. (Appla) - . Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and - exception are triggered). (nielsdos) - . Fixed bug GH-19653 (Closure named argument unpacking between temporary - closures can cause a crash). (nielsdos, Arnaud, Bob) . Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array). (ilutov) + . Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when + using OPcache). (timwolla) . Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured). (nielsdos) - . Fixed bug GH-20002 (Broken build on *BSD with MSAN). (outtersg) - . Fixed bug GH-19352 (Cross-compilation with musl C library). - (henderkes, Peter Kokot) + . Fixed bug GH-19719 (Allow empty statements before declare(strict_types)). + (nielsdos) + . Casting floats that are not representable as ints now emits a warning. + (Girgias) + . Casting NAN to other types now emits a warning. (Girgias) + +- Bz2: + . Fixed bug GH-19810 (Broken bzopen() stream mode validation). (ilutov) - Curl: . Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle. (timwolla) - . Fix curl build failure on macOS+curl 8.16. (nielsdos) - Date: . Fixed GH-17159: "P" format for ::createFromFormat swallows string literals. (nielsdos) + . The __wakeup() magic method of DateTimeInterface, DateTime, + DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been + deprecated in favour of the __unserialize() magic method. (Girgias) -- DOM: - . Fix macro name clash on macOS. (Ruoyu Zhong) - . Fixed bug GH-20022 (docker-php-ext-install DOM failed). (nielsdos) +- Exif: + . Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop). + (nielsdos) + . Fix OSS-Fuzz #442954659 (Crash in exif_scan_HEIF_header). (nielsdos) + . Various hardening fixes to HEIF parsing. (nielsdos) -- GD: - . Fixed GH-19955 (imagefttext() memory leak). (David Carlier) +- FPM: + . Fixed GH-8157 (post_max_size evaluates .user.ini too late in php-fpm). + (Jakub Zelenka) -- MySQLnd: - . Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress - as parameter). (nielsdos) +- Iconv: + . Extends the ICONV_CONST preprocessor for illumos/solaris. (jMichaelA) - Opcache: . Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex). (Arnaud) . Fixed bug GH-19831 (function JIT may not deref property value). (Arnaud) -- Phar: - . Fix memory leak and invalid continuation after tar header writing fails. - (nielsdos) +- OpenSSL: + . Fixed build when --with-openssl-legacy-provider set. (Jakub Zelenka) -- SimpleXML: - . Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)). - (nielsdos) +- MBstring: + . Updated Unicode data tables to Unicode 17.0. (Yuya Hamada) -- Soap: - . Fixed bug GH-19784 (SoapServer memory leak). (nielsdos) +- Reflection: + . ReflectionConstant is no longer final. (sasezaki) + +- SAPI: + . Fixed bug GH-18582 and #81451: http_response_code() does not override the + status code generated by header(). (ilutov, Jakub Zelenka) - Standard: - . Fixed bug GH-12265 (Cloning an object breaks serialization recursion). - (nielsdos) - . Fixed bug GH-19701 (Serialize/deserialize loses some data). (nielsdos) + . Passing strings which are not one byte long to ord() is now deprecated. + (Girgias) . Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()). (alexandre-daubois) + . Fixed GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their + data on serialize()). (alexandre-daubois) + +- URI: + . Fixed bug GH-19780 (InvalidUrlException should check $errors argument). + (nielsdos) + . Prevent modifying Uri\WhatWg\Url and Uri\Rfc3986\Uri objects by manually + calling __construct() or __unserialize(). (timwolla) + . Add new Uri\UriError exception that is thrown for internal error + conditions. (timwolla) + . Further clean up the internal API. (timwolla) + . Fixed bug GH-19892 (Refcounting on zend_empty_array). (ilutov, timwolla) + . Fixed handling of port numbers > 65535 with the internal + `php_uri_parse_to_struct()` API. (timwolla) + . Fix Uri\WhatWg\Url::withHost(). (timwolla) -- Streams: - . Fixed bug GH-19248 (Use strerror_r instead of strerror in main). - (Jakub Zelenka) - . Fixed bug GH-17345 (Bug #35916 was not completely fixed). (nielsdos) - -- XMLReader: - . Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure). (nielsdos) - -- Zip: - . Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()). (nielsdos) - . Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()). - (David Carlier) +- Windows: + . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket). + (dktapps) -25 Sep 2025, PHP 8.4.13 +11 Sep 2025, PHP 8.5.0beta3 - Core: - . Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() - triggers "Constant already defined" warning). (ilutov) - . Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail - due to signed int overflow). (ilutov) - . Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap - references). (Arnaud, timwolla) + . Destructing non-array values (other than NULL) using [] or list() now + emits a warning. (Girgias) + . Fixed bug GH-19637 (Incorrect Closure scope for FCC in constant + expression). (timwolla) . Fixed bug GH-19613 (Stale array iterator pointer). (ilutov) . Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge). (Arnaud) + . Using null as an array offset or when calling array_key_exists() is now + deprecated. (alexandre-daubois) . Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0). (Remi) - . Fixed bug GH-19720 (Assertion failure when error handler throws when - accessing a deprecated constant). (nielsdos) + . Marks the stack as non-executable on Haiku. (David Carlier) + . Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string is + now deprecated. (timwolla, nicolasgrekas) - CLI: . Fixed bug GH-19461 (Improve error message on listening error with IPv6 @@ -97,1595 +139,654 @@ PHP NEWS . Fixed date_sunrise() and date_sunset() with partial-hour UTC offset. (ilutov) -- DBA: - . Fixed bug GH-19706 (dba stream resource mismanagement). (nielsdos) - -- DOM: - . Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug). (nielsdos) +- EXIF: + . Added support to retrieve Exif from HEIF file. (Benstone Zhang) - FPM: . Fixed failed debug assertion when php_admin_value setting fails. (ilutov) +- Filter: + . Fixed bug GH-16993 (filter_var_array with FILTER_VALIDATE_INT|FILTER_NULL_ON_FAILURE + should emit warning for invalid filter usage). (alexandre-daubois) + - Intl: + . Added grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), + grapheme_strripos(), grapheme_strstr(), grapheme_stristr() and + grapheme_levenshtein() functions add $locale parameter (Yuya Hamada). . Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter). (alexandre-daubois) +- ODBC: + . Removed driver-specific build flags and support. (Calvin Buckley) + - Opcache: - . Fixed bug GH-19493 (JIT variable not stored before YIELD). (Arnaud) + . Fixed bug GH-19486 (Incorrect opline after deoptimization). (Arnaud) + . Fixed bug GH-19601 (Wrong JIT stack setup on aarch64/clang). (Arnaud) + . Fixed bug GH-19388 (Broken opcache.huge_code_pages). (Arnaud) + . Fixed bug GH-19657 (Build fails on non-glibc/musl/freebsd/macos/win + platforms). (Arnaud) -- OpenSSL: - . Fixed bug GH-19245 (Success error message on TLS stream accept failure). - (Jakub Zelenka) +- PCRE: + . Upgraded to pcre2lib from 10.45 to 10.46. (nielsdos) -- PGSQL: - . Fixed bug GH-19485 (potential use after free when using persistent pgsql - connections). (Mark Karpeles) +- PDO: + . Driver specific methods in the PDO class are now deprecated. (Arnaud) -- Phar: - . Fixed memory leaks when verifying OpenSSL signature. (Girgias) - . Fix memory leak in phar tar temporary file error handling code. (nielsdos) - . Fix metadata leak when phar convert logic fails. (nielsdos) - . Fix memory leak on failure in phar_convert_to_other(). (nielsdos) - . Fixed bug GH-19752 (Phar decompression with invalid extension - can cause UAF). (nielsdos) +- PDO_SQLITE: + . Add PDO\Sqlite::ATTR_TRANSACTION_MODE connection attribute. + (Samuel Štancl) + +- Reflection: + . Fix GH-19691 (getModifierNames() not reporting asymmetric visibility). + (DanielEScherzer) + +- Session: + . Fix RC violation of session SID constant deprecation attribute. (ilutov) - Standard: - . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois) + . Fix GH-19610 (Deprecation warnings in functions taking as argument). + (Girgias) . Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator). (alexandre-daubois) + . Implement GH-19188: Add support for new INI mail.cr_lf_mode. + (alexandre-daubois) - Streams: - . Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata(). - (nielsdos) - . Fix OSS-Fuzz #385993744. (nielsdos) - -- Zip: - . Fix memory leak in zip when encountering empty glob result. (nielsdos) + . Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler + causes heap corruption). (nielsdos) + . Avoid double conversion to string in php_userstreamop_readdir(). (nielsdos) + +- URI: + . Added support for Uri\Rfc3986\Uri::with*() methods. (kocsismate) + . Fixed memory management of Uri\WhatWg\Url objects. (timwolla) + . Fixed memory management of the internal "parse_url" URI parser. + (timwolla) + . Fixed double-free when assigning to $errors fails when using + the Uri\WhatWg\Url parser. (timwolla) + . Reject out-of-range ports when using the Uri\Rfc3986\Uri parser. + (timwolla) + . Return null instead of 0 for Uri\Rfc3986\Uri::getPort() when the + URI contains an empty port. (timwolla) + . Fixed creation of the InvalidUrlException when not passing an + errors zval to the internal whatwg parser. (timwolla) + . Clean up naming of internal API. (timwolla) -28 Aug 2025, PHP 8.4.12 +28 Aug 2025, PHP 8.5.0beta2 - Core: - . Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. - (psumbera) - . Fixed bug GH-19053 (Duplicate property slot with hooks and interface - property). (ilutov) - . Fixed bug GH-19044 (Protected properties are not scoped according to their - prototype). (Bob) - . Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument - unpacking). (ilutov) - . Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in - binary const expr). (ilutov) - . Fixed bug GH-19305 (Operands may be being released during comparison). - (Arnaud) - . Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array - causes assertion failure). (nielsdos) - . Fixed bug GH-19306 (Generator can be resumed while fetching next value from - delegated Generator). (Arnaud) - . Fixed bug GH-19326 (Calling Generator::throw() on a running generator with - a non-Generator delegate crashes). (Arnaud) - . Fixed bug GH-19280 (Stale array iterator position on rehashing). (ilutov) - . Fixed bug GH-18736 (Circumvented type check with return by ref + finally). - (ilutov) - . Fixed bug GH-19065 (Long match statement can segfault compiler during - recursive SSA renaming). (nielsdos, Arnaud) - -- Calendar: - . Fixed bug GH-19371 (integer overflow in calendar.c). (nielsdos) - -- FTP: - . Fix theoretical issues with hrtime() not being available. (nielsdos) - -- GD: - . Fix incorrect comparison with result of php_stream_can_cast(). (Girgias) - -- Hash: - . Fix crash on clone failure. (nielsdos) - -- Intl: - . Fix memleak on failure in collator_get_sort_key(). (nielsdos) - . Fix return value on failure for resourcebundle count handler. (Girgias) - -- LDAP: - . Fixed bug GH-18529 (additional inheriting of TLS int options). - (Jakub Zelenka) - -- LibXML: - . Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by - php_libxml_node_free). (nielsdos) - -- MbString: - . Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). - (nielsdos) - -- Opcache: - . Reset global pointers to prevent use-after-free in zend_jit_status(). - (Florian Engelhardt) - . Fix issue with JIT restart and hooks. (nielsdos) - . Fix crash with dynamic function defs in hooks during preload. (nielsdos) - -- OpenSSL: - . Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() - return value check). (nielsdos, botovq) - . Fix error return check of EVP_CIPHER_CTX_ctrl(). (nielsdos) - . Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low - key_length param). (Jakub Zelenka) - -- PDO Pgsql: - . Fixed dangling pointer access on _pdo_pgsql_trim_message helper. - (dixyes) - -- SOAP: - . Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 - in soap_check_zval_ref). (nielsdos) - -- Sockets: - . Fix some potential crashes on incorrect argument value. (nielsdos) - -- Standard: - . Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). + . Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() + triggers "Constant already defined" warning). (ilutov) + . Fixed bug GH-19476 (pipe operator fails to correctly handle returning + by reference). (alexandre-daubois) + . The report_memleaks INI directive has been deprecated. (alexandre-daubois) + . Constant redeclaration has been deprecated. (alexandre-daubois) + . Fixed OSS-Fuzz #439125710 (Pipe cannot be used in write context). + (nielsdos) + . Added support for configuring the URI parser for the FTP/FTPS as well as + the SSL/TLS stream wrappers as described in + https://wiki.php.net/rfc/url_parsing_api#plugability. (kocsismate) + . Fixed bug GH-19548 (Shared memory violation on property inheritance). + (alexandre-daubois) + . Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap + references). (Arnaud, timwolla) + . Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 + on x86_64 or aarch64. (Arnaud) + . Enacted the follow-up phase of the "Path to Saner Increment/Decrement + operators" RFC, meaning that incrementing non-numeric strings is now + deprecated. (Girgias). + . Various closure binding issues are now deprecated. (alexandre-daubois) + . Fixed bug GH-18373 (Don't substitute self/parent with anonymous class). (ilutov) - . Fix theoretical issues with hrtime() not being available. (nielsdos) - . Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). - (nielsdos) - -- Windows: - . Free opened_path when opened_path_len >= MAXPATHLEN. (dixyes) - -31 Jul 2025, PHP 8.4.11 - -- Calendar: - . Fixed jewishtojd overflow on year argument. (David Carlier) - -- Core: - . Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction - order). (Daniil Gentili) - . Fixed bug GH-18907 (Leak when creating cycle in hook). (ilutov) - . Fix OSS-Fuzz #427814456. (nielsdos) - . Fix OSS-Fuzz #428983568 and #428760800. (nielsdos) - -- Curl: - . Fix memory leaks when returning refcounted value from curl callback. - (nielsdos) - . Remove incorrect string release. (nielsdos) - -- DOM: - . Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined - behavior with null byte). (nielsdos) + . Prohibit pipe & arrow function combination that leads to confusing parse + trees. (ilutov) + . The disable_classes INI directive has been removed. (Girgias) + . The locally predefined variable $http_response_header is deprecated. + (Girgias) -- LDAP: - . Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty - request OID. (David Carlier) +- Filter: + . Added support for configuring the URI parser for FILTER_VALIDATE_URL + as described in https://wiki.php.net/rfc/url_parsing_api#plugability. + (kocsismate) -- MbString: - . Fixed bug GH-18901 (integer overflow mb_split). (nielsdos) +- ODBC: + . Remove ODBCVER and assume ODBC 3.5. (Calvin Buckley) - Opcache: - . Fixed bug GH-18639 (Internal class aliases can break preloading + JIT). - (nielsdos) - . Fixed bug GH-18899 (JIT function crash when emitting undefined variable - warning and opline is not set yet). (nielsdos) - . Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 - in ext/opcache/jit/zend_jit.c). (nielsdos) - . Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks - and preloading). (nielsdos) + . Fixed bug GH-19493 (JIT variable not stored before YIELD). (Arnaud) - OpenSSL: - . Fixed bug #80770 (It is not possible to get client peer certificate with - stream_socket_server). (Jakub Zelenka) + . Implement #81724 (openssl_cms_encrypt only allows specific ciphers). + (Jakub Zelenka) -- PCNTL: - . Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or - pcntl_forkx() with zend-max-execution-timers). (Arnaud) +- PDO: + . Driver specific constants in the PDO class are now deprecated. (Arnaud) - Phar: - . Fix stream double free in phar. (nielsdos, dixyes) - . Fix phar crash and file corruption with SplFileObject. (nielsdos) + . Fixed memory leaks when verifying OpenSSL signature. (Girgias) + +- Session: + . Added support for partitioned cookies. (nielsdos) - SOAP: - . Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing - on object destruction). (nielsdos) - . Fix memory leak when URL parsing fails in redirect. (Girgias) + . Added support for configuring the URI parser for SoapClient::_doRequest() + as described in https://wiki.php.net/rfc/url_parsing_api#plugability. + (kocsismate) - SPL: - . Fixed bug GH-19094 (Attaching class with no Iterator implementation to - MultipleIterator causes crash). (nielsdos) + . Deprecate ArrayObject and ArrayIterator with objects. (Girgias) - Standard: - . Fix misleading errors in printf(). (nielsdos) - . Fix RCN violations in array functions. (nielsdos) - . Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value. - (David Carlier) - -- Streams: - . Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter - fatal error). (Jakub Zelenka) + . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois) + . Passing integers outside the interval [0, 255] to chr() is now deprecated. + (Girgias) + . Added support for partitioned cookies. (nielsdos) -- Zip: - . Fix leak when path is too long in ZipArchive::extractTo(). (nielsdos) +- Tokenizer: + . Fixed bug GH-19507 (Corrupted result after recursive tokenization during + token_get_all()). (kubawerlos, nielsdos, Arnaud) -03 Jul 2025, PHP 8.4.10 +- URI: + . Clean up naming of internal API (header names, symbol names). + (Máté Kocsis, timwolla) -- BcMath: - . Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes). - (nielsdos) +14 Aug 2025, PHP 8.5.0beta1 - Core: - . Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute - evaluation) and GH-18464 (Recursion protection for deprecation constants not - released on bailout). (DanielEScherzer and ilutov) - . Fixed GH-18695 (zend_ast_export() - float number is not preserved). - (Oleg Efimov) - . Fix handling of references in zval_try_get_long(). (nielsdos) - . Do not delete main chunk in zend_gc. (danog, Arnaud) - . Fix compile issues with zend_alloc and some non-default options. (nielsdos) + . Non-canonical cast names (boolean), (integer), (double), and (binary) have + been deprecated. (Girgias) + . The $exclude_disabled parameter of the get_defined_functions() function has + been deprecated, as it no longer has any effect since PHP 8.0. (Girgias) + . Terminating case statements with a semicolon instead of a colon has + been deprecated. (theodorejb) + . The backtick operator as an alias for shell_exec() has been deprecated. + (timwolla) + . Returning null from __debugInfo() has been deprecated. (DanielEScherzer) + . Support #[\Override] on properties. (Jiří Pudil) - Curl: - . Fix memory leak when setting a list via curl_setopt fails. (nielsdos) + . The curl_close() function has been deprecated. (DanielEScherzer) + . The curl_share_close() function has been deprecated. (DanielEScherzer) - Date: - . Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos) + . The DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been + deprecated. (jorgsowa) - DOM: - . Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by - clone keyword). (nielsdos) + . Fixed bug GH-18877 (\Dom\HTMLDocument querySelectorAll selecting only the + first when using ~ and :has). (nielsdos, lexborisov) -- FPM: - . Fixed GH-18662 (fpm_get_status segfault). (txuna) +- FileInfo + . The finfo_close() function has been deprecated. (timwolla) + . The $context parameter of the finfo_buffer() function has been deprecated + as it is ignored. (Girgias) -- Hash: - . Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos) +- GD: + . The imagedestroy() function has been deprecated. (DanielEScherzer) - Intl: - . Fix memory leak in intl_datetime_decompose() on failure. (nielsdos) - . Fix memory leak in locale lookup on failure. (nielsdos) - -- Opcache: - . Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22). - (nielsdos, Arnaud) + . Intl's internal error mechanism has been modernized so that it + indicates more accurately which call site caused what error. + Moreover, some ext/date exceptions have been wrapped inside a + IntlException now. (Girgias) + . The intl.error_level INI setting has been deprecated. (Girgias) -- ODBC: - . Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos) +- MySQLi: + . The mysqli_execute() alias function has been deprecated. (timwolla) - OpenSSL: - . Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. - (nielsdos) - . Fixed bug #74796 (Requests through http proxy set peer name). + . Fixed bug GH-19369 (8.5 | Regression in openssl_sign() - support for alias + algorithms appears to be broken). (Jakub Zelenka) + . The $key_length parameter for openssl_pkey_derive() has been deprecated. + (Girgias) + . Implement #80495 (Enable to set padding in openssl_(sign|verify). + (Jakub Zelenka) + . Implement #47728 (openssl_pkcs7_sign ignores new openssl flags). (Jakub Zelenka) -- PDO ODBC: - . Fix memory leak if WideCharToMultiByte() fails. (nielsdos) - -- PDO Sqlite: - . Fixed memory leak with Pdo_Sqlite::createCollation when the callback - has an incorrect return type. (David Carlier) - -- Phar: - . Add missing filter cleanups on phar failure. (nielsdos) - . Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos) - -- PHPDBG: - . Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos) - -- PGSQL: - . Fix warning not being emitted when failure to cancel a query with - pg_cancel_query(). (Girgias) - -- Random: - . Fix reference type confusion and leak in user random engine. - (nielsdos, timwolla) - -- Readline: - . Fix memory leak when calloc() fails in php_readline_completion_cb(). - (nielsdos) - -- SimpleXML: - . Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning - string with UTF-8 bytes). (nielsdos) - -- Soap: - . Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos) - -- Tidy: - . Fix memory leak in tidy output handler on error. (nielsdos) - . Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier) - -06 Jun 2025, PHP 8.4.8 - -- Core: - . Fixed GH-18480 (array_splice with large values for offset/length arguments). - (nielsdos/David Carlier) - . Partially fixed GH-18572 (nested object comparisons leading to stack overflow). - (David Carlier) - . Fixed OSS-Fuzz #417078295. (nielsdos) - . Fixed OSS-Fuzz #418106144. (nielsdos) - -- Curl: - . Fixed GH-18460 (curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ - CURLOPT_PASSWORD set the Authorization header when set to NULL). - (David Carlier) - -- Date: - . Fixed bug GH-18076 (Since PHP 8, the date_sun_info() function returns - inaccurate sunrise and sunset times, but other calculated times are - correct) (JiriJozif). - . Fixed bug GH-18481 (date_sunrise with unexpected nan value for the offset). - (nielsdos/David Carlier) - -- DOM: - . Backport lexbor/lexbor#274. (nielsdos, alexpeattie) - -- Intl: - . Fix various reference issues. (nielsdos) - -- LDAP: - . Fixed bug GH-18529 (ldap no longer respects TLS_CACERT from ldaprc in - ldap_start_tls()). (Remi) - -- Opcache: - . Fixed bug GH-18417 (Windows SHM reattachment fails when increasing - memory_consumption or jit_buffer_size). (nielsdos) - . Fixed bug GH-18297 (Exception not handled when jit guard is triggered). - (Arnaud) - . Fixed bug GH-18408 (Snapshotted poly_func / poly_this may be spilled). - (Arnaud) - . Fixed bug GH-18567 (Preloading with internal class alias triggers assertion - failure). (nielsdos) - . Fixed bug GH-18534 (FPM exit code 70 with enabled opcache and hooked - properties in traits). (nielsdos) - . Fix leak of accel_globals->key. (nielsdos) +- PDO: + . The "uri:" DSN scheme has been deprecated due to security concerns with + DSNs coming from remote URIs. (timwolla) -- OpenSSL: - . Fix missing checks against php_set_blocking() in xp_ssl.c. (nielsdos) +- Reflection: + . Fixed bug GH-17927 (Reflection: have some indication of property hooks in + `_property_string()`). (DanielEScherzer) + . The setAccessible() methods of various Reflection objects have been + deprecated, as those no longer have an effect. (timwolla) + . ReflectionClass::getConstant() for constants that do not exist has been + deprecated. (DanielEScherzer) + . ReflectionProperty::getDefaultValue() for properties without default values + has been deprecated. (DanielEScherzer) - SPL: - . Fixed bug GH-18421 (Integer overflow with large numbers in LimitIterator). - (nielsdos) + . Unregistering all autoloaders by passing the spl_autoload_call() function + as a callback argument to spl_autoload_unregister() has been deprecated. + Instead if this is needed, one should iterate over the return value of + spl_autoload_functions() and call spl_autoload_unregister() on each + value. (Girgias) + . The SplObjectStorage::contains(), SplObjectStorage::attach(), and + SplObjectStorage::detach() methods have been deprecated in favour of + SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and + SplObjectStorage::offsetUnset() respectively. (Girgias) - Standard: - . Fixed bug GH-17403 (Potential deadlock when putenv fails). (nielsdos) - . Fixed bug GH-18400 (http_build_query type error is inaccurate). (nielsdos) - . Fixed bug GH-18509 (Dynamic calls to assert() ignore zend.assertions). - (timwolla) - -- Windows: - . Fix leak+crash with sapi_windows_set_ctrl_handler(). (nielsdos) + . The socket_set_timeout() alias function has been deprecated. (timwolla) + . Passing null to to readdir(), rewinddir(), and closedir() to use the last + opened directory has been deprecated. (Girgias) + . Fixed bug GH-19153 (#[\Attribute] validation should error on + trait/interface/enum/abstract class). (DanielEScherzer) -- Zip: - . Fixed bug GH-18431 (Registering ZIP progress callback twice doesn't work). - (nielsdos) - . Fixed bug GH-18438 (Handling of empty data and errors in - ZipArchive::addPattern). (nielsdos) +- XML: + . The xml_parser_free() function has been deprecated. (DanielEScherzer) -24 Apr 2025, PHP 8.4.7 +31 Jul 2025, PHP 8.5.0alpha4 - Core: - . Fixed bug GH-18038 (Lazy proxy calls magic methods twice). (Arnaud) - . Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS). (ilutov) - . Fixed bug GH-18268 (Segfault in array_walk() on object with added property - hooks). (ilutov) - . Fixed bug GH-18304 (Changing the properties of a DateInterval through - dynamic properties triggers a SegFault). (nielsdos) - . Fix some leaks in php_scandir. (nielsdos) + . Add clone-with support to the clone() function. (timwolla, edorian) + . Fix support for non-userland stream notifiers. (timwolla) + . Added PHP_BUILD_PROVIDER constant. (timwolla) + . Fixed bug GH-19305 (Operands may be being released during comparison). + (Arnaud) + . Fixed bug GH-19306 (Generator can be resumed while fetching next value from + delegated Generator). (Arnaud) + . Fixed bug GH-19326 (Calling Generator::throw() on a running generator with + a non-Generator delegate crashes). (Arnaud) -- DBA: - . FIxed bug GH-18247 dba_popen() memory leak on invalid path. (David Carlier) +- Curl: + . Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan) + . Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan) + . Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS. (Ayesh Karunaratne) -- Filter: - . Fixed bug GH-18309 (ipv6 filter integer overflow). (nielsdos) +- FPM: + . Make FPM access log limit configurable using log_limit. (Jakub Zelenka) - GD: - . Fixed imagecrop() overflow with rect argument with x/width y/heigh usage - in gdImageCrop(). (David Carlier) - . Fixed GH-18243 imagettftext() overflow/underflow on font size value. - (David Carlier) + . Fix incorrect comparison with result of php_stream_can_cast(). (Girgias) - Intl: - . Fix reference support for intltz_get_offset(). (nielsdos) - -- LDAP: - . Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden). (Remi) - . Fix NULL deref on high modification key. (nielsdos) - -- libxml: - . Fixed custom external entity loader returning an invalid resource leading - to a confusing TypeError message. (Girgias) - -- Opcache: - . Fixed bug GH-18294 (assertion failure zend_jit_ir.c). (nielsdos) - . Fixed bug GH-18289 (Fix segfault in JIT). (Florian Engelhardt) - . Fixed bug GH-18136 (tracing JIT floating point register clobbering on - Windows and ARM64). (nielsdos) - -- OpenSSL: - . Fix memory leak in openssl_sign() when passing invalid algorithm. - (nielsdos) - . Fix potential leaks when writing to BIO fails. (nielsdos) - -- PDO Firebird: - . Fixed bug GH-18276 (persistent connection - "zend_mm_heap corrupted" - with setAttribute()) (SakiTakamachi). - . Fixed bug GH-17383 (PDOException has wrong code and message since PHP 8.4) - (SakiTakamachi). - -- PDO Sqlite: - . Fix memory leak on error return of collation callback. (nielsdos) - -- PgSql: - . Fix uouv in pg_put_copy_end(). (nielsdos) - -- SPL: - . Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory). - (nielsdos) - -- Standard: - . Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()). - (Jakub Zelenka) - . Fix resource leak in iptcembed() on error. (nielsdos) - -- Tests: - . Address deprecated PHP 8.4 session options to prevent test failures. - (willvar) - -- Zip: - . Fix uouv when handling empty options in ZipArchive::addGlob(). (nielsdos) - . Fix memory leak when handling a too long path in ZipArchive::addGlob(). - (nielsdos) - -10 Apr 2025, PHP 8.4.6 - -- BCMath: - . Fixed pointer subtraction for scale. (SakiTakamachi) + . Fix return value on failure for resourcebundle count handler. (Girgias) + . Fixed bug GH-19307 (PGO builds of shared ext-intl are broken). (cmb) -- Core: - . Fixed property hook backing value access in multi-level inheritance. - (ilutov) - . Fixed accidentally inherited default value in overridden virtual properties. - (ilutov) - . Fixed bug GH-17376 (Broken JIT polymorphism for property hooks added to - child class). (ilutov) - . Fixed bug GH-17913 (ReflectionFunction::isDeprecated() returns incorrect - results for closures created from magic __call()). (timwolla) - . Fixed bug GH-17941 (Stack-use-after-return with lazy objects and hooks). - (nielsdos) - . Fixed bug GH-17988 (Incorrect handling of hooked props without get hook in - get_object_vars()). (ilutov) - . Fixed bug GH-17998 (Skipped lazy object initialization on primed - SIMPLE_WRITE cache). (ilutov) - . Fixed bug GH-17998 (Assignment to backing value in set hook of lazy proxy - calls hook again). (ilutov) - . Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction). - (Arnaud) - . Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown). +- OPcache: + . Disallow changing opcache.memory_consumption when SHM is already set up. + (timwolla) + . Fixed bug GH-15074 (Compiling opcache statically into ZTS PHP fails). (Arnaud) - . Fixed OSS-Fuzz #403308724. (nielsdos) - . Fixed bug GH-13193 again (Significant performance degradation in 'foreach'). - (nielsdos) - -- DBA: - . Fixed assertion violation when opening the same file with dba_open - multiple times. (chschneider) - -- DOM: - . Fixed bug GH-17991 (Assertion failure dom_attr_value_write). (nielsdos) - . Fix weird unpack behaviour in DOM. (nielsdos) - . Fixed bug GH-18090 (DOM: Svg attributes and tag names are being lowercased). - (nielsdos) - . Fix xinclude destruction of live attributes. (nielsdos) - -- Fuzzer: - . Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI). - (Lung-Alexandra) - -- GD: - . Fixed bug GH-17984 (calls with arguments as array with references). - (David Carlier) - -- LDAP: - . Fixed bug GH-18015 (Error messages for ldap_mod_replace are confusing). - (nielsdos) - -- Mbstring: - . Fixed bug GH-17989 (mb_output_handler crash with unset - http_output_conv_mimetypes). (nielsdos) - -- Opcache: - . Fixed bug GH-15834 (Segfault with hook "simple get" cache slot and minimal - JIT). (nielsdos) - . Fixed bug GH-17966 (Symfony JIT 1205 assertion failure). (nielsdos) - . Fixed bug GH-18037 (SEGV Zend/zend_execute.c). (nielsdos) - . Fixed bug GH-18050 (IN_ARRAY optimization in DFA pass is broken). (ilutov) - . Fixed bug GH-18113 (stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c). - (nielsdos) - . Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos) - . Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks - the exception table). (nielsdos) + . Make OPcache non-optional (Arnaud, timwolla) + . Fixed bug GH-17422 (OPcache bypasses the user-defined error handler for + deprecations). (Arnaud, timwolla) + . Fixed bug GH-19301 (opcache build failure). (Remi) -- PDO: - . Fix memory leak when destroying PDORow. (nielsdos) - -- PGSQL: - . Fixed bug GH-18148 (pg_copy_from() regression with explicit \n terminator - due to wrong offset check). (David Carlier) - -- Standard: - . Fix memory leaks in array_any() / array_all(). (nielsdos) - -- SOAP: - . Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to - a segfault) . (Remi) - -- SPL: - . Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in - ArrayObject). (nielsdos) - -- Treewide: - . Fixed bug GH-17736 (Assertion failure zend_reference_destroy()). (nielsdos) - -- Windows: - . Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line - endings). (DanielEScherzer) - -27 Feb 2025, PHP 8.4.5 - -- BCMath: - . Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi) - -- Core: - . Fixed bug GH-17623 (Broken stack overflow detection for variable - compilation). (ilutov) - . Fixed bug GH-17618 (UnhandledMatchError does not take - zend.exception_ignore_args=1 into account). (timwolla) - . Fix fallback paths in fast_long_{add,sub}_function. (nielsdos) - . Fixed bug OSS-Fuzz #391975641 (Crash when accessing property backing value - by reference). (ilutov) - . Fixed bug GH-17718 (Calling static methods on an interface that has - `__callStatic` is allowed). (timwolla) - . Fixed bug GH-17713 (ReflectionProperty::getRawValue() and related methods - may call hooks of overridden properties). (Arnaud) - . Fixed bug GH-17916 (Final abstract properties should error). - (DanielEScherzer) - . Fixed bug GH-17866 (zend_mm_heap corrupted error after upgrading from - 8.4.3 to 8.4.4). (nielsdos) - . Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown - causes Use-After-Free). (CVE-2024-11235) (ilutov) - -- DOM: - . Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of - Dom\HTML_NO_DEFAULT_NS). (nielsdos) - . Fixed bug GH-17802 (\Dom\HTMLDocument querySelector attribute name is case - sensitive in HTML). (nielsdos) - . Fixed bug GH-17847 (xinclude destroys live node). (nielsdos) - . Fix using Dom\Node with Dom\XPath callbacks. (nielsdos) - -- FFI: - . Fix FFI Parsing of Pointer Declaration Lists. (davnotdev) - -- FPM: - . Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). - (Jakub Zelenka) +- OpenSSL: + . Add $digest_algo parameter to openssl_public_encrypt() and + openssl_private_decrypt() functions. (Jakub Zelenka) -- GD: - . Fixed bug GH-17703 (imagescale with both width and height negative values - triggers only an Exception on width). (David Carlier) - . Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). +- POSIX: + . posix_kill and posix_setpgid throws a ValueError on invalid process_id. (David Carlier) - -- LDAP: - . Fixed bug GH-17704 (ldap_search fails when $attributes contains a - non-packed array with numerical keys). (nielsdos, 7u83) - -- LibXML: - . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos) - . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header - when requesting a redirected resource). (CVE-2025-1219) (timwolla) - -- MBString: - . Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). - (cmb) - -- Opcache: - . Fixed bug GH-17654 (Multiple classes using same trait causes function - JIT crash). (nielsdos) - . Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry) - . Fixed bug GH-17747 (Exception on reading property in register-based - FETCH_OBJ_R breaks JIT). (Dmitry, nielsdos) - . Fixed bug GH-17715 (Null pointer deref in observer API when calling - cases() method on preloaded enum). (Bob) - . Fixed bug GH-17868 (Cannot allocate memory with tracing JIT on 8.4.4). - (nielsdos) - -- PDO_SQLite: - . Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). - (cmb) - . Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos) - . Fix memory leaks in pdo_sqlite callback registration. (nielsdos) - -- Phar: - . Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos) - -- PHPDBG: - . Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). (nielsdos) - . Fix memory leak in phpdbg calling registered function. (nielsdos) + . posix_setpgid throws a ValueError on invalid process_group_id, + posix_setrlimit throws a ValueError on invalid soft_limit and hard_limit + arguments. (David Carlier) - Reflection: - . Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). - (DanielEScherzer) - . Fixed missing final and abstract flags when dumping properties. - (DanielEScherzer) - -- Standard: - . Fixed bug #72666 (stat cache clearing inconsistent between file:// paths - and plain paths). (Jakub Zelenka) - -- Streams: - . Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos) - . Fix memory leak on overflow in _php_stream_scandir(). (nielsdos) - . Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit - basic auth header). (CVE-2025-1736) (Jakub Zelenka) - . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location - to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka) - . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers - without colon). (CVE-2025-1734) (Jakub Zelenka) - . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not - handle folded headers). (CVE-2025-1217) (Jakub Zelenka) - -- Windows: - . Fixed phpize for Windows 11 (24H2). (bwoebi) - . Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib). - (cmb) - -- Zlib: - . Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). - (nielsdos) - . Fix memory leak when encoding check fails. (nielsdos) - . Fix zlib support for large files. (nielsdos) - -13 Feb 2025, PHP 8.4.4 - -- Core: - . Fixed bug GH-17234 (Numeric parent hook call fails with assertion). - (nielsdos) - . Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting - with 0x0b). (nielsdos) - . Fixed bug GH-16886 (ini_parse_quantity() fails to emit warning for 0x+0). - (nielsdos) - . Fixed bug GH-17222 (__PROPERTY__ magic constant does not work in all - constant expression contexts). (ilutov) - . Fixed bug GH-17214 (Relax final+private warning for trait methods with - inherited final). (ilutov) - . Fixed NULL arithmetic during system program execution on Windows. (cmb, - nielsdos) - . Fixed potential OOB when checking for trailing spaces on Windows. (cmb) - . Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c). - (nielsdos, ilutov) - . Fix may_have_extra_named_args flag for ZEND_AST_UNPACK. (nielsdos) - . Fix NULL arithmetic in System V shared memory emulation for Windows. (cmb) - . Fixed bug GH-17597 (#[\Deprecated] does not work for __call() and - __callStatic()). (timwolla) - -- DOM: - . Fixed bug GH-17397 (Assertion failure ext/dom/php_dom.c). (nielsdos) - . Fixed bug GH-17486 (Incorrect error line numbers reported in - Dom\HTMLDocument::createFromString). (nielsdos) - . Fixed bug GH-17481 (UTF-8 corruption in \Dom\HTMLDocument). (nielsdos) - . Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype). - (nielsdos) - . Fixed bug GH-17485 (upstream fix, Self-closing tag on void elements - shouldn't be a parse error/warning in \Dom\HTMLDocument). (lexborisov) - . Fixed bug GH-17572 (getElementsByTagName returns collections with - tagName-based indexing). (nielsdos) - -- Enchant: - . Fix crashes in enchant when passing null bytes. (nielsdos) - -- FTP: - . Fixed bug GH-16800 (ftp functions can abort with EINTR). (nielsdos) - -- GD: - . Fixed bug GH-17349 (Tiled truecolor filling looses single color - transparency). (cmb) - . Fixed bug GH-17373 (imagefttext() ignores clipping rect for palette - images). (cmb) - . Ported fix for libgd 223 (gdImageRotateGeneric() does not properly - interpolate). (cmb) - . Added support for reading GIFs without colormap to bundled libgd. (Andrew - Burley, cmb) - -- Gettext: - . Fixed bug GH-17400 (bindtextdomain SEGV on invalid domain). - (David Carlier) - -- Intl: - . Fixed bug GH-11874 (intl causing segfault in docker images). (nielsdos) - -- Opcache: - . Fixed bug GH-15981 (Segfault with frameless jumps and minimal JIT). - (nielsdos) - . Fixed bug GH-17307 (Internal closure causes JIT failure). (nielsdos) - . Fixed bug GH-17428 (Assertion failure ext/opcache/jit/zend_jit_ir.c:8940). - (nielsdos) - . Fixed bug GH-17564 (Potential UB when reading from / writing to struct - padding). (ilutov) - -- PCNTL: - . Fixed pcntl_setcpuaffinity exception type from ValueError to TypeError for - the cpu mask argument with entries type different than int/string. - (David Carlier) - -- PCRE: - . Fixed bug GH-17122 (memory leak in regex). (nielsdos) - -- PDO: - . Fixed a memory leak when the GC is used to free a PDOStatment. (Girgias) - . Fixed a crash in the PDO Firebird Statement destructor. (nielsdos) - . Fixed UAFs when changing default fetch class ctor args. (Girgias, nielsdos) - -- PgSql: - . Fixed build failure when the constant PGRES_TUPLES_CHUNK is not present - in the system. (chschneider) - -- Phar: - . Fixed bug GH-17518 (offset overflow phar extractTo()). (nielsdos) - -- PHPDBG: - . Fix crashes in function registration + test. (nielsdos, Girgias) + . Fixed bug GH-19187 (ReflectionNamedType::getName() prints nullable type when + retrieved from ReflectionProperty::getSettableType()). (ilutov) - Session: - . Fix type confusion with session SID constant. (nielsdos) - . Fixed bug GH-17541 (ext/session NULL pointer dereferencement during - ID reset). (Girgias) - -- SimpleXML: - . Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). (nielsdos) + . Fixed GH-19197: build broken with ZEND_STRL usage with memcpy + when implemented as macro. (David Carlier) -- SNMP: - . Fixed bug GH-17330 (SNMP::setSecurity segfault on closed session). - (David Carlier) +- Soap: + . Fixed bug GH-19226 (Segfault when spawning new thread in soap extension). + (Florian Engelhardt) -- SPL: - . Fixed bug GH-15833 (Segmentation fault (access null pointer) in - ext/spl/spl_array.c). (nielsdos) - . Fixed bug GH-17516 (SplFileTempObject::getPathInfo() Undefined behavior - on invalid class). (David Carlier) +- Sockets: + . socket_set_option for multicast context throws a ValueError + when the socket family is not of AF_INET/AF_INET6 family. (David Carlier) - Standard: - . Fixed bug GH-17447 (Assertion failure when array popping a self addressing - variable). (nielsdos) - -- Windows: - . Fixed clang compiler detection. (cmb) - -- Zip: - . Fixed bug GH-17139 (Fix zip_entry_name() crash on invalid entry). + . Add HEIF/HEIC support to getimagesize. (Benstone Zhang) + . Implement #71517 (Implement SVG support for getimagesize() and friends). (nielsdos) + . Optimized PHP html_entity_decode function. (Artem Ukrainskiy) + . Minor optimization to array_chunk(). (nielsdos) -16 Jan 2025, PHP 8.4.3 +- URI: + . Empty host handling is fixed. (Máté Kocsis) + . Error handling of Uri\WhatWg\Url::withHost() is fixed when the input + contains a port. Now, it triggers an exception; previously, the error + was silently swallowed. (Máté Kocsis) + . Support empty URIs with Uri\Rfc3986\Uri. (timwolla) -- BcMath: - . Fixed bug GH-17049 (Correctly compare 0 and -0). (Saki Takamachi) - . Fixed bug GH-17061 (Now Number::round() does not remove trailing zeros). - (Saki Takamachi) - . Fixed bug GH-17064 (Correctly round rounding mode with zero edge case). - (Saki Takamachi) - . Fixed bug GH-17275 (Fixed the calculation logic of dividend scale). - (Saki Takamachi) +17 Jul 2025, PHP 8.5.0alpha2 - Core: - . Fixed bug OSS-Fuzz #382922236 (Duplicate dynamic properties in hooked object - iterator properties table). (ilutov) - . Fixed unstable get_iterator pointer for hooked classes in shm on Windows. - (ilutov) - . Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). (ilutov) - . Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF). - (nielsdos) - . Fixed bug GH-17101 (AST->string does not reproduce constructor property - promotion correctly). (nielsdos) - . Fixed bug GH-17200 (Incorrect dynamic prop offset in hooked prop iterator). - (ilutov) - . Fixed bug GH-17216 (Trampoline crash on error). (nielsdos) - -- DBA: - . Skip test if inifile is disabled. (orlitzky) + . Fix OSS-Fuzz #427814452 (pipe compilation fails with assert). + (nielsdos, ilutov) - DOM: - . Fixed bug GH-17145 (DOM memory leak). (nielsdos) - . Fixed bug GH-17201 (Dom\TokenList issues with interned string replace). - (nielsdos) - . Fixed bug GH-17224 (UAF in importNode). (nielsdos) - -- Embed: - . Make build command for program using embed portable. (dunglas) - -- FFI: - . Fixed bug #79075 (FFI header parser chokes on comments). (nielsdos) - . Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. (nielsdos) - . Fixed bug GH-16013 and bug #80857 (Big endian issues). (Dmitry, nielsdos) - -- Fileinfo: - . Fixed bug GH-17039 (PHP 8.4: Incorrect MIME content type). (nielsdos) - -- FPM: - . Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already - locked)). (Jakub Zelenka) - . Fixed bug GH-17112 (Macro redefinitions). (cmb, nielsdos) - . Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits). - (nielsdos) - -- GD: - . Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c). - (nielsdos, cmb) - . Ported fix for libgd bug 276 (Sometimes pixels are missing when storing - images as BMPs). (cmb) + . Make cloning DOM node lists, maps, and collections fail. (nielsdos) + . Added Dom\Element::getElementsByClassName(). (nielsdos) -- Gettext: - . Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c - bindtextdomain()). (Michael Orlitzky) - -- Iconv: - . Fixed bug GH-17047 (UAF on iconv filter failure). (nielsdos) - -- LDAP: - . Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes). - (nielsdos) - -- LibXML: - . Fixed bug GH-17223 (Memory leak in libxml encoding handling). (nielsdos) - -- MBString: - . Fixed bug GH-17112 (Macro redefinitions). (nielsdos, cmb) - -- Opcache: - . opcache_get_configuration() properly reports jit_prof_threshold. (cmb) - . Fixed bug GH-17140 (Assertion failure in JIT trace exit with - ZEND_FETCH_DIM_FUNC_ARG). (nielsdos, Dmitry) - . Fixed bug GH-17151 (Incorrect RC inference of op1 of FETCH_OBJ and - INIT_METHOD_CALL). (Dmitry, ilutov) - . Fixed bug GH-17246 (GC during SCCP causes segfault). (Dmitry) - . Fixed bug GH-17257 (UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c). - (nielsdos, Dmitry) - -- PCNTL: - . Fix memory leak in cleanup code of pcntl_exec() when a non stringable - value is encountered past the first entry. (Girgias) - -- PgSql: - . Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError - Message when Called With 1 Argument). (nielsdos) - . Fixed further ArgumentCountError for calls with flexible - number of arguments. (David Carlier) - -- Phar: - . Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c). (nielsdos) - -- SimpleXML: - . Fixed bug GH-17040 (SimpleXML's unset can break DOM objects). (nielsdos) - . Fixed bug GH-17153 (SimpleXML crash when using autovivification on - document). (nielsdos) +- PDO_ODBC + . Fetch larger block sizes and better handle SQL_NO_TOTAL when calling + SQLGetData. (Calvin Buckley, Saki Takamachi) -- Sockets: - . Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN). - (David Carlier / cmb) - . Fixed overflow on SO_LINGER values setting, strengthening values check - on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option(). - (David Carlier) - -- SPL: - . Fixed bug GH-17198 (SplFixedArray assertion failure with get_object_vars). +- Standard: + . Optimized pack(). (nielsdos, divinity76) + . Fixed bug GH-19070 (setlocale($type, NULL) should not be deprecated). (nielsdos) - . Fixed bug GH-17225 (NULL deref in spl_directory.c). (nielsdos) -- Streams: - . Fixed bug GH-17037 (UAF in user filter when adding existing filter name due - to incorrect error handling). (nielsdos) - . Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value). - (David Carlier) - . Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds). - (cmb) +- URI: + . Return the singleton UrlValidationErrorType instances from Uri\WhatWg\Url + instead of creating new objects that are different from the singleton. + (timwolla) -- Windows: - . Hardened proc_open() against cmd.exe hijacking. (cmb) +03 Jul 2025, PHP 8.5.0alpha1 -- XML: - . Fixed bug GH-1718 (unreachable program point in zend_hash). (nielsdos) +- BCMath: + . Simplify `bc_divide()` code. (SakiTakamachi) + . If the result is 0, n_scale is set to 0. (SakiTakamachi) + . If size of BC_VECTOR array is within 64 bytes, stack area is now used. + (SakiTakamachi) -19 Dec 2024, PHP 8.4.2 +- CLI: + . Add --ini=diff to print INI settings changed from the builtin default. + (timwolla) + . Drop support for -z CLI/CGI flag. (nielsdos) + . Fixed GH-17956 - development server 404 page does not adapt to mobiles. + (pascalchevrel) -- BcMath: - . Fixed bug GH-16978 (Avoid unnecessary padding with leading zeros). - (Saki Takamachi) +- CURL: + . Added CURLFOLLOW_ALL, CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY + values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option. (David Carlier) - COM: - . Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). - (cmb) - -- Core: - . Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and - skipLazyInitialization() may change initialized proxy). (Arnaud) - . Fix is_zend_ptr() huge block comparison. (nielsdos) - . Fixed potential OOB read in zend_dirname() on Windows. (cmb) - . Fixed bug GH-15964 (printf() can strip sign of -INF). (divinity76, cmb) - -- Curl: - . Fix various memory leaks in curl mime handling. (nielsdos) - -- DBA: - . Fixed bug GH-16990 (dba_list() is now zero-indexed instead of using - resource ids) (kocsismate) - -- DOM: - . Fixed bug GH-16906 (Reloading document can cause UAF in iterator). - (nielsdos) - -- FPM: - . Fixed bug GH-16932 (wrong FPM status output). (Jakub Zelenka, James Lucas) - -- GMP: - . Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)). - (cmb) - -- Opcache: - . Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). - (dktapps) - . Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). (nielsdos) - . Fixed bug GH-16879 (JIT dead code skipping does not update call_level). - (nielsdos) - -- SAPI: - . Fixed bug GH-16998 (UBSAN warning in rfc1867). (nielsdos) - -- PHPDBG: - . Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). - (nielsdos) - -- Standard: - . Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF - properties). (nielsdos) - . Fixed bug GH-16957 (Assertion failure in array_shift with - self-referencing array). (nielsdos) - -- Streams: - . Fixed network connect poll interuption handling. (Jakub Zelenka) - -- Windows: - . Fixed bug GH-16849 (Error dialog causes process to hang). (cmb) - . Windows Server 2025 is now properly reported. (cmb) - -21 Nov 2024, PHP 8.4.1 - -- BcMath: - . [RFC] Add bcfloor, bcceil and bcround to BCMath. (Saki Takamachi) - . Improve performance. (Saki Takamachi, nielsdos) - . Adjust bcround()'s $mode parameter to only accept the RoundingMode - enum. (timwolla, saki) - . Fixed LONG_MAX in BCMath ext. (Saki Takamachi) - . Fixed bcdiv() div by one. (Saki Takamachi) - . [RFC] Support object types in BCMath. (Saki Takamachi) - . bcpow() performance improvement. (Jorg Sowa) - . ext/bcmath: Check for scale overflow. (SakiTakamachi) - . [RFC] ext/bcmath: Added bcdivmod. (SakiTakamachi) - . Fix GH-15968 (Avoid converting objects to strings in operator calculations). - (SakiTakamachi) - . Fixed bug GH-16265 (Added early return case when result is 0) - (Saki Takamachi). - . Fixed bug GH-16262 (Fixed a bug where size_t underflows) (Saki Takamachi). - . Fixed GH-16236 (Fixed a bug in BcMath\Number::pow() and bcpow() when - raising negative powers of 0) (Saki Takamachi). + . Fixed property access of PHP objects wrapped in variant. (cmb) + . Fixed method calls for PHP objects wrapped in variant. (cmb) - Core: - . Added zend_call_stack_get implementation for NetBSD, DragonFlyBSD, - Solaris and Haiku. (David Carlier) - . Enabled ifunc checks on FreeBSD from the 12.x releases. (Freaky) - . Changed the type of PHP_DEBUG and PHP_ZTS constants to bool. (haszi) - . Fixed bug GH-13142 (Undefined variable name is shortened when contains \0). - (nielsdos) - . Fixed bug GH-13178 (Iterator positions incorrect when converting packed - array to hashed). (ilutov) - . Fixed zend fiber build for solaris default mode (32 bits). (David Carlier) - . Fixed zend call stack size for macOs/arm64. (David Carlier) - . Added support for Zend Max Execution Timers on FreeBSD. (Kévin Dunglas) - . Ensure fiber stack is not backed by THP. (crrodriguez) - . Implement GH-13609 (Dump wrapped object in WeakReference class). (nielsdos) - . Added sparc64 arch assembly support for zend fiber. (Claudio Jeker) - . Fixed GH-13581 no space available for TLS on NetBSD. (Paul Ripke) - . Added fiber Sys-V loongarch64 support. (qiangxuhui) - . Adjusted closure names to include the parent function's name. (timwolla) - . Improve randomness of uploaded file names and files created by tempnam(). - (Arnaud) - . Added gc and shutdown callbacks to zend_mm custom handlers. - (Florian Engelhardt) - . Fixed bug GH-14650 (Compute the size of pages before allocating memory). - (Julien Voisin) - . Fixed bug GH-11928 (The --enable-re2c-cgoto doesn't add the -g flag). - (Peter Kokot) - . Added the #[\Deprecated] attribute. (beberlei, timwolla) - . Fixed GH-11389 (Allow suspending fibers in destructors). (Arnaud, trowski) - . Fixed bug GH-14801 (Fix build for armv7). (andypost) - . Implemented property hooks RFC. (ilutov) - . Fix GH-14978 (The xmlreader extension phpize build). (Peter Kokot) - . Throw Error exception when encountering recursion during comparison, rather - than fatal error. (ilutov) - . Added missing cstddef include for C++ builds. (cmb) - . Updated build system scripts config.guess to 2024-07-27 and config.sub to - 2024-05-27. (Peter Kokot) - . Fixed bug GH-15240 (Infinite recursion in trait hook). (ilutov) - . Fixed bug GH-15140 (Missing variance check for abstract set with asymmetric - type). (ilutov) - . Fixed bug GH-15181 (Disabled output handler is flushed again). (cmb) - . Passing E_USER_ERROR to trigger_error() is now deprecated. (Girgias) - . Fixed bug GH-15292 (Dynamic AVX detection is broken for MSVC). (nielsdos) - . Using "_" as a class name is now deprecated. (Girgias) - . Exiting a namespace now clears seen symbols. (ilutov) - . The exit (and die) language constructs now behave more like a function. - They can be passed liked callables, are affected by the strict_types - declare statement, and now perform the usual type coercions instead of - casting any non-integer value to a string. - As such, passing invalid types to exit/die may now result in a TypeError - being thrown. (Girgias) - . Fixed bug GH-15438 (Hooks on constructor promoted properties without - visibility are ignored). (ilutov) - . Fixed bug GH-15419 (Missing readonly+hook incompatibility check for readonly - classes). (ilutov) - . Fixed bug GH-15187 (Various hooked object iterator issues). (ilutov) - . Fixed bug GH-15456 (Crash in get_class_vars() on virtual properties). - (ilutov) - . Fixed bug GH-15501 (Windows HAVE_
_H macros defined to 1 or - undefined). (Peter Kokot) - . Implemented asymmetric visibility for properties. (ilutov) - . Fixed bug GH-15644 (Asymmetric visibility doesn't work with hooks). (ilutov) - . Implemented lazy objects RFC. (Arnaud) - . Fixed bug GH-15686 (Building shared iconv with external iconv library). - (Peter Kokot, zeriyoshi) - . Fixed missing error when adding asymmetric visibility to unilateral virtual - property. (ilutov) - . Fixed bug GH-15693 (Unnecessary include in main.c bloats binary). - (nielsdos) - . Fixed bug GH-15731 (AllowDynamicProperties validation should error on - enums). (DanielEScherzer) - . Fixed bug GH-16040 (Use-after-free of object released in hook). (ilutov) - . Fixed bug GH-16026 (Reuse of dtor fiber during shutdown). (Arnaud) - . Fixed bug GH-15999 (zend_std_write_property() assertion failure with lazy - objects). (Arnaud) - . Fixed bug GH-15960 (Foreach edge cases with lazy objects). (Arnaud) - . Fixed bug GH-16185 (Various hooked object iterator issues). (ilutov) - . Fixed bug OSS-Fuzz #371445205 (Heap-use-after-free in attr_free). - (nielsdos) - . Fixed missing error when adding asymmetric visibility to static properties. + . Fixed bug GH-16665 (\array and \callable should not be usable in + class_alias). (nielsdos) + . Added PHP_BUILD_DATE constant. (cmb) + . Added support for Closures and first class callables in constant + expressions. (timwolla, Volker Dusch) + . Use `clock_gettime_nsec_np()` for high resolution timer on macOS + if available. (timwolla) + . Implement GH-15680 (Enhance zend_dump_op_array to properly represent + non-printable characters in string literals). (nielsdos, WangYihang) + . Add support for backtraces for fatal errors. (enorris) + . Fixed bug GH-17442 (Engine UAF with reference assign and dtor). (nielsdos) + . Improved error message of UnhandledMatchError for + zend.exception_string_param_max_len=0. (timwolla) + . Fixed bug GH-17959 (Relax missing trait fatal error to error exception). (ilutov) - . Fixed bug OSS-Fuzz #71407 (Null-dereference WRITE in - zend_lazy_object_clone). (Arnaud) - . Fixed bug GH-16574 (Incorrect error "undefined method" messages). - (nielsdos) - . Fixed bug GH-16577 (EG(strtod_state).freelist leaks with opcache.preload). - (nielsdos) - . Fixed bug GH-16615 (Assertion failure in zend_std_read_property). (Arnaud) - . Fixed bug GH-16342 (Added ReflectionProperty::isLazy()). (Arnaud) - . Fixed bug GH-16725 (Incorrect access check for non-hooked props in hooked - object iterator). (ilutov) + . Fixed bug GH-18033 (NULL-ptr dereference when using register_tick_function + in destructor). (nielsdos) + . Fixed bug GH-18026 (Improve "expecting token" error for ampersand). (ilutov) + . Added the #[\NoDiscard] attribute to indicate that a function's return + value is important and should be consumed. (timwolla, Volker Dusch) + . Added the (void) cast to indicate that not using a value is intentional. + (timwolla, Volker Dusch) + . Added get_error_handler(), get_exception_handler() functions. (Arnaud) + . Fixed bug GH-15753 and GH-16198 (Bind traits before parent class). (ilutov) + . Added support for casts in constant expressions. (nielsdos) + . Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute + evaluation) and GH-18464 (Recursion protection for deprecation constants not + released on bailout). (DanielEScherzer and ilutov) + . Fixed AST printing for immediately invoked Closure. (Dmitrii Derepko) + . Properly handle __debugInfo() returning an array reference. (nielsdos) + . Properly handle reference return value from __toString(). (nielsdos) + . Added the pipe (|>) operator. (crell) + . Added support for `final` with constructor property promotion. + (DanielEScherzer) + . Do not use RTLD_DEEPBIND if dlmopen is available. (Daniil Gentili) + . Make `clone()` a function. (timwolla, edorian) + . Fixed bug GH-19081 (Wrong lineno in property error with constructor property + promotion). (ilutov) - Curl: - . Deprecated the CURLOPT_BINARYTRANSFER constant. (divinity76) - . Bumped required libcurl version to 7.61.0. (Ayesh) - . Added feature_list key to the curl_version() return value. (Ayesh) - . Added constants CURL_HTTP_VERSION_3 (libcurl 7.66) and CURL_HTTP_VERSION_3ONLY - (libcurl 7.88) as options for CURLOPT_HTTP_VERSION (Ayesh Karunaratne) - . Added CURLOPT_TCP_KEEPCNT to set the number of probes to send before - dropping the connection. (David Carlier) - . Added CURLOPT_PREREQFUNCTION Curl option to set a custom callback - after the connection is established, but before the request is - performed. (Ayesh Karunaratne) - . Added CURLOPT_SERVER_RESPONSE_TIMEOUT, which was formerly known as - CURLOPT_FTP_RESPONSE_TIMEOUT. (Ayesh Karunaratne) - . The CURLOPT_DNS_USE_GLOBAL_CACHE option is now silently ignored. (Ayesh Karunaratne) - . Added CURLOPT_DEBUGFUNCTION as a Curl option. (Ayesh Karunaratne) - . Fixed bug GH-16359 (crash with curl_setopt* CURLOPT_WRITEFUNCTION - without null callback). (David Carlier) - . Fixed bug GH-16723 (CURLMOPT_PUSHFUNCTION issues). (cmb) + . Added curl_multi_get_handles(). (timwolla) + . Added curl_share_init_persistent(). (enorris) + . Added CURLINFO_USED_PROXY, CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED + support to curl_getinfo. (Ayesh Karunaratne) - Date: - . Added DateTime[Immutable]::createFromTimestamp. (Marc Bennewitz) - . Added DateTime[Immutable]::[get|set]Microsecond. (Marc Bennewitz) - . Constants SUNFUNCS_RET_TIMESTAMP, SUNFUNCS_RET_STRING, and SUNFUNCS_RET_DOUBLE - are now deprecated. (Jorg Sowa) - . Fixed bug GH-13773 (DatePeriod not taking into account microseconds for end - date). (Mark Bennewitz, Derick) + . Fix undefined behaviour problems regarding integer overflow in extreme edge + cases. (nielsdos, cmb, ilutov) -- DBA: - . Passing null or false to dba_key_split() is deprecated. (Grigias) +- DOM: + . Added Dom\Element::$outerHTML. (nielsdos) + . Added Dom\Element::insertAdjacentHTML(). (nielsdos) + . Added $children property to ParentNode implementations. (nielsdos) -- Debugging: - . Fixed bug GH-15923 (GDB: Python Exception : - exceptions must derive from BaseException). (nielsdos) +- Enchant: + . Added enchant_dict_remove_from_session(). (nielsdos) + . Added enchant_dict_remove(). (nielsdos) + . Fix missing empty string checks. (nielsdos) -- DOM: - . Added DOMNode::compareDocumentPosition(). (nielsdos) - . Implement #53655 (Improve speed of DOMNode::C14N() on large XML documents). - (nielsdos) - . Fix cloning attribute with namespace disappearing namespace. (nielsdos) - . Implement DOM HTML5 parsing and serialization RFC. (nielsdos) - . Fix DOMElement->prefix with empty string creates bogus prefix. (nielsdos) - . Handle OOM more consistently. (nielsdos) - . Implemented "Improve callbacks in ext/dom and ext/xsl" RFC. (nielsdos) - . Added DOMXPath::quote() static method. (divinity76) - . Implemented opt-in ext/dom spec compliance RFC. (nielsdos) - . Fixed bug #79701 (getElementById does not correctly work with duplicate - definitions). (nielsdos) - . Implemented "New ext-dom features in PHP 8.4" RFC. (nielsdos) - . Fixed GH-14698 (segfault on DOM node dereference). (David Carlier) - . Improve support for template elements. (nielsdos) - . Fix trampoline leak in xpath callables. (nielsdos) - . Throw instead of silently failing when creating a too long text node in - (DOM)ParentNode and (DOM)ChildNode. (nielsdos) - . Fixed bug GH-15192 (Segmentation fault in dom extension - (html5_serializer)). (nielsdos) - . Deprecated DOM_PHP_ERR constant. (nielsdos) - . Removed DOMImplementation::getFeature(). (nielsdos) - . Fixed bug GH-15331 (Element::$substitutedNodeValue test failed). (nielsdos) - . Fixed bug GH-15570 (Segmentation fault (access null pointer) in - ext/dom/html5_serializer.c). (nielsdos) - . Fixed bug GH-13988 (Storing DOMElement consume 4 times more memory in - PHP 8.1 than in PHP 8.0). (nielsdos) - . Fix XML serializer errata: xmlns="" serialization should be allowed. - (nielsdos) - . Fixed bug GH-15910 (Assertion failure in ext/dom/element.c). (nielsdos) - . Fix unsetting DOM properties. (nielsdos) - . Fixed bug GH-16190 (Using reflection to call Dom\Node::__construct - causes assertion failure). (nielsdos) - . Fix edge-case in DOM parsing decoding. (nielsdos) - . Fixed bug GH-16465 (Heap buffer overflow in DOMNode->getElementByTagName). - (nielsdos) - . Fixed bug GH-16594 (Assertion failure in DOM -> before). (nielsdos) +- EXIF: + . Add OffsetTime* Exif tags. (acc987) - Fileinfo: - . Update to libmagic 5.45. (nielsdos) - . Fixed bug #65106 (PHP fails to compile ext/fileinfo). (Guillaume Outters) + . Upgrade to file 5.46. (nielsdos) + . Change return type of finfo_close() to true. (timwolla) - FPM: - . Implement GH-12385 (flush headers without body when calling flush()). - (nielsdos) - . Added DragonFlyBSD system to the list which set FPM_BACKLOG_DEFAULT - to SOMAXCONN. (David Carlier) - . /dev/poll events.mechanism for Solaris/Illumos setting had been retired. - (David Carlier) - . Added memory peak to the scoreboard / status page. (Flávio Heleno) - -- FTP: - . Removed the deprecated inet_ntoa call support. (David Carlier) - . Fixed bug #63937 (Upload speed 10 times slower with PHP). (nielsdos) + . Fixed GH-17645 (FPM with httpd ProxyPass does not decode script path). + (Jakub Zelenka) - GD: - . Fix parameter numbers and missing alpha check for imagecolorset(). - (Giovanni Giacobbi) - . imagepng/imagejpeg/imagewep/imageavif now throw an exception on - invalid quality parameter. (David Carlier) - . Check overflow/underflow for imagescale/imagefilter. (David Carlier) - . Added gdImageClone to bundled libgd. (David Carlier) - -- Gettext: - . bind_textdomain_codeset, textdomain and d(*)gettext functions - now throw an exception on empty domain. (David Carlier) - -- GMP: - . The GMP class is now final and cannot be extended anymore. (Girgias) - . RFC: Change GMP bool cast behavior. (Saki Takamachi) - -- Hash: - . Changed return type of hash_update() to true. (nielsdos) - . Added HashContext::__debugInfo(). (timwolla) - . Deprecated passing incorrect data types for options to ext/hash functions. - (nielsdos) - . Added SSE2 and SHA-NI implementation of SHA-256. (timwolla, Colin Percival, - Graham Percival) - . Fix GH-15384 (Build fails on Alpine / Musl for amd64). (timwolla) - . Fixed bug GH-15742 (php_hash_sha.h incompatible with C++). (cmb) - -- IMAP: - . Moved to PECL. (Derick Rethans) + . Fixed bug #68629 (Transparent artifacts when using imagerotate). (pierre, + cmb) + . Fixed bug #64823 (ZTS GD fails to to find system TrueType font). (cmb) - Intl: - . Added IntlDateFormatter::PATTERN constant. (David Carlier) - . Fixed Numberformatter::__construct when the locale is invalid, now - throws an exception. (David Carlier) - . Added NumberFormatter::ROUND_TOWARD_ZERO and ::ROUND_AWAY_FROM_ZERO as - aliases for ::ROUND_DOWN and ::ROUND_UP. (Jorg Sowa) - . Added NumberFormatter::ROUND_HALFODD. (Ayesh Karunaratne) - . Added PROPERTY_IDS_UNARY_OPERATOR, PROPERTY_ID_COMPAT_MATH_START and - PROPERTY_ID_COMPAT_MATH_CONTINUE constants. (David Carlier) - . Added IntlDateFormatter::getIanaID/intltz_get_iana_id method/function. - (David Carlier) - . Set to C++17 standard for icu 74 and onwards. (David Carlier) - . resourcebundle_get(), ResourceBundle::get(), and accessing offsets on a - ResourceBundle object now throw: - - TypeError for invalid offset types - - ValueError for an empty string - - ValueError if the integer index does not fit in a signed 32 bit integer - . ResourceBundle::get() now has a tentative return type of: - ResourceBundle|array|string|int|null - . Added the new Grapheme function grapheme_str_split. (youkidearitai) - . Added IntlDateFormatter::parseToCalendar. (David Carlier) - . Added SpoofChecker::setAllowedChars to set unicode chars ranges. + . Bumped ICU requirement to ICU >= 57.1. (cmb) + . IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an exception + with uninitialised classes or clone failure. (David Carlier) + . Added DECIMAL_COMPACT_SHORT/DECIMAL_COMPACT_LONG for NumberFormatter class. + (BogdanUngureanu) + . Added Locale::isRightToLeft to check if a locale is written right to left. (David Carlier) + . Added null bytes presence in locale inputs for Locale class. (David Carlier) + . Added grapheme_levenshtein() function. (Yuya Hamada) + . Added Locale::addLikelySubtags/Locale::minimizeSubtags to handle + adding/removing likely subtags to a locale. (David Carlier) + . Added IntlListFormatter class to format a list of items with a locale, + operands types and units. (BogdanUngureanu) + . Fixed bug GH-18566 ([intl] Weird numeric sort in Collator). (nielsdos) - LDAP: - . Added LDAP_OPT_X_TLS_PROTOCOL_MAX/LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 - constants. (StephenWall) - -- LibXML: - . Added LIBXML_RECOVER constant. (nielsdos) - . libxml_set_streams_context() now throws immediately on an invalid context - instead of at the use-site. (nielsdos) - . Added LIBXML_NO_XXE constant. (nielsdos) - -- MBString: - . Added mb_trim, mb_ltrim and mb_rtrim. (Yuya Hamada) - . Added mb_ucfirst and mb_lcfirst. (Yuya Hamada) - . Updated Unicode data tables to Unicode 15.1. (Ayesh Karunaratne) - . Fixed bug GH-15824 (mb_detect_encoding(): Argument $encodings contains - invalid encoding "UTF8"). (Yuya Hamada) - . Updated Unicode data tables to Unicode 16.0. (Ayesh Karunaratne) - -- Mysqli: - . The mysqli_ping() function and mysqli::ping() method are now deprecated, - as the reconnect feature was removed in PHP 8.2. (Kamil Tekiela) - . The mysqli_kill() function and mysqli::kill() method are now deprecated. - If this functionality is needed a SQL "KILL" command can be used instead. - (Kamil Tekiela) - . The mysqli_refresh() function and mysqli::refresh() method are now deprecated. - If this functionality is needed a SQL "FLUSH" command can be used instead. - (Kamil Tekiela) - . Passing explicitly the $mode parameter to mysqli_store_result() has been - deprecated. As the MYSQLI_STORE_RESULT_COPY_DATA constant was only used in - conjunction with this function it has also been deprecated. (Girgias) + . Allow ldap_get_option to retrieve global option by allowing NULL for + connection instance ($ldap). (Remi) -- MySQLnd: - . Fixed bug GH-13440 (PDO quote bottleneck). (nielsdos) - . Fixed bug GH-10599 (Apache crash on Windows when using a self-referencing - anonymous function inside a class with an active mysqli connection). +- MySQLi: + . Fixed bugs GH-17900 and GH-8084 (calling mysqli::__construct twice). (nielsdos) +- MySQLnd: + . Added mysqlnd.collect_memory_statistics to ini quick reference. + (hauk92) + - Opcache: - . Added large shared segments support for FreeBSD. (David Carlier) - . If JIT is enabled, PHP will now exit with a fatal error on startup in case - of JIT startup initialization issues. (danog) - . Increased the maximum value of opcache.interned_strings_buffer to 32767 on - 64bit archs. (Arnaud) - . Fixed bug GH-13834 (Applying non-zero offset 36 to null pointer in - zend_jit.c). (nielsdos) - . Fixed bug GH-14361 (Deep recursion in zend_cfg.c causes segfault). - (nielsdos) - . Fixed bug GH-14873 (PHP 8.4 min function fails on typed integer). - (nielsdos) - . Fixed bug GH-15490 (Building of callgraph modifies preloaded symbols). - (ilutov) - . Fixed bug GH-15178 (Assertion in tracing JIT on hooks). (ilutov) - . Fixed bug GH-15657 (Segmentation fault in dasm_x86.h). (nielsdos) - . Added opcache_jit_blacklist() function. (Bob) - . Fixed bug GH-16009 (Segmentation fault with frameless functions and - undefined CVs). (nielsdos) - . Fixed bug GH-16186 (Assertion failure in Zend/zend_operators.c). (Arnaud) - . Fixed bug GH-16572 (Incorrect result with reflection in low-trigger JIT). - (nielsdos) - . Fixed GH-16839 (Error on building Opcache JIT for Windows ARM64). (cmb) + . Fixed ZTS OPcache build on Cygwin. (cmb) + . Added opcache.file_cache_read_only. (Samuel Melrose) + . Updated default value of opcache.jit_hot_loop. (Arnaud) + . Log a warning when opcache lock file permissions could not be changed. + (Taavi Eomäe) - OpenSSL: - . Fixed bug #80269 (OpenSSL sets Subject wrong with extraattribs parameter). - (Jakub Zelenka) - . Implement request #48520 (openssl_csr_new - allow multiple values in DN). + . Added openssl.libctx INI that allows to select the OpenSSL library context + type and convert various parts of the extension to use the custom libctx. (Jakub Zelenka) - . Introduced new serial_hex parameter to openssl_csr_sign. (Jakub Zelenka, - Florian Sowade) - . Added X509_PURPOSE_OCSP_HELPER and X509_PURPOSE_TIMESTAMP_SIGN constants. - (Vincent Jardin) - . Bumped minimum required OpenSSL version to 1.1.1. (Ayesh Karunaratne) - . Added compile-time option --with-openssl-legacy-provider to enable legacy - provider. (Adam Saponara) - . Added support for Curve25519 + Curve448 based keys. (Manuel Mausz) - . Fixed bug GH-13343 (openssl_x509_parse should not allow omitted seconds in - UTCTimes). (Jakub Zelenka) - . Bumped minimum required OpenSSL version to 1.1.0. (cmb) - . Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2. (Remi) - Output: - . Clear output handler status flags during handler initialization. (haszi) - . Fixed bug with url_rewriter.hosts not used by output_add_rewrite_var(). - (haszi) + . Fixed calculation of aligned buffer size. (cmb) - PCNTL: - . Added pcntl_setns for Linux. (David Carlier) - . Added pcntl_getcpuaffinity/pcntl_setcpuaffinity. (David Carlier) - . Updated pcntl_get_signal_handler signal id upper limit to be - more in line with platforms limits. (David Carlier) - . Added pcntl_getcpu for Linux/FreeBSD/Solaris/Illumos. (David Carlier) - . Added pcntl_getqos_class/pcntl_setqos_class for macOs. (David Carlier) - . Added SIGCKPT/SIGCKPTEXIT constants for DragonFlyBSD. (David Carlier) - . Added FreeBSD's SIGTRAP handling to pcntl_siginfo_to_zval. (David Carlier) - . Added POSIX pcntl_waitid. (Vladimir Vrzić) - . Fixed bug GH-16769: (pcntl_sigwaitinfo aborts on signal value - as reference). (David Carlier) + . Extend pcntl_waitid with rusage parameter. (vrza) - PCRE: - . Upgrade bundled pcre2lib to version 10.43. (nielsdos) - . Add "/r" modifier. (Ayesh) - . Upgrade bundled pcre2lib to version 10.44. (Ayesh) - . Fixed GH-16189 (underflow on offset argument). (David Carlier) - . Fix UAF issues with PCRE after request shutdown. (nielsdos) - -- PDO: - . Fixed setAttribute and getAttribute. (SakiTakamachi) - . Implemented PDO driver-specific subclasses RFC. (danack, kocsismate) - . Added support for PDO driver-specific SQL parsers. (Matteo Beccati) - . Fixed bug GH-14792 (Compilation failure on pdo_* extensions). - (Peter Kokot) - . mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT. (Appla) - . The internal header php_pdo_int.h is no longer installed; it is not - supposed to be used by PDO drivers. (cmb) - . Fixed bug GH-16167 (Prevent mixing PDO sub-classes with different DSN). - (kocsismate) - . Fixed bug GH-16314 ("Pdo\Mysql object is uninitialized" when opening a - persistent connection). (kocsismate) - -- PDO_DBLIB: - . Fixed setAttribute and getAttribute. (SakiTakamachi) - . Added class Pdo\DbLib. (danack, kocsismate) - -- PDO_Firebird: - . Fixed setAttribute and getAttribute. (SakiTakamachi) - . Feature: Add transaction isolation level and mode settings to pdo_firebird. - (SakiTakamachi) - . Added class Pdo\Firebird. (danack, kocsismate) - . Added Pdo\Firebird::ATTR_API_VERSION. (SakiTakamachi) - . Added getApiVersion() and removed from getAttribute(). - (SakiTakamachi) - . Supported Firebird 4.0 datatypes. (sim1984) - . Support proper formatting of time zone types. (sim1984) - . Fixed GH-15604 (Always make input parameters nullable). (sim1984) - -- PDO_MYSQL: - . Fixed setAttribute and getAttribute. (SakiTakamachi) - . Added class Pdo\Mysql. (danack, kocsismate) - . Added custom SQL parser. (Matteo Beccati) - . Fixed GH-15949 (PDO_MySQL not properly quoting PDO_PARAM_LOB binary - data). (mbeccati, lcobucci) - -- PDO_ODBC: - . Added class Pdo\Odbc. (danack, kocsismate) + . Upgraded to pcre2lib from 10.44 to 10.45. (nielsdos) + . Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options. + (mvorisek) - PDO_PGSQL: - . Fixed GH-12423, DSN credentials being prioritized over the user/password - PDO constructor arguments. (SakiTakamachi) - . Fixed native float support with pdo_pgsql query results. (Yurunsoft) - . Added class Pdo\Pgsql. (danack, kocsismate) - . Retrieve the memory usage of the query result resource. (KentarouTakeda) - . Added Pdo\Pgsql::setNoticeCallBack method to receive DB notices. - (outtersg) - . Added custom SQL parser. (Matteo Beccati) - . Fixed GH-15986 (Double-free due to Pdo\Pgsql::setNoticeCallback()). (cmb, - nielsdos) - . Fixed GH-12940 (Using PQclosePrepared when available instead of - the DEALLOCATE command to free statements resources). (David Carlier) - . Remove PGSQL_ATTR_RESULT_MEMORY_SIZE constant as it is provided by - the new PDO Subclass as Pdo\Pgsql::ATTR_RESULT_MEMORY_SIZE. (Girgias) + . Added Iterable support for PDO::pgsqlCopyFromArray. (KentarouTakeda) + . Implement GH-15387 Pdo\Pgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or + Pdo\Pgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy + instead of storing the whole result set in memory (Guillaume Outters) - PDO_SQLITE: - . Added class Pdo\Sqlite. (danack, kocsismate) - . Fixed bug #81227 (PDO::inTransaction reports false when in transaction). - (nielsdos) - . Added custom SQL parser. (Matteo Beccati) - -- PHPDBG: - . array out of bounds, stack overflow handled for segfault handler on windows. - (David Carlier) - . Fixed bug GH-16041 (Support stack limit in phpdbg). (Arnaud) + . throw on null bytes / resolve GH-13952 (divinity76). + . Implement GH-17321: Add setAuthorizer to Pdo\Sqlite. (nielsdos) + . PDO::sqliteCreateCollation now throws a TypeError if the callback + has a wrong return type. (David Carlier) + . Added Pdo_Sqlite::ATTR_BUSY_STATEMENT constant to check + if a statement is currently executing. (David Carlier) + . Added Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT constant to set a statement + in either EXPLAIN_MODE_PREPARED, EXPLAIN_MODE_EXPLAIN, + EXPLAIN_MODE_EXPLAIN_QUERY_PLAN modes. (David Carlier) - PGSQL: - . Added the possibility to have no conditions for pg_select. (OmarEmaraDev) - . Persistent connections support the PGSQL_CONNECT_FORCE_RENEW flag. + . Added pg_close_stmt to close a prepared statement while allowing + its name to be reused. (David Carlier) + . Added Iterable support for pgsql_copy_from. (David Carlier) + . pg_connect checks if connection_string contains any null byte, + pg_close_stmt check if the statement contains any null byte. (David Carlier) - . Added pg_result_memory_size to get the query result memory usage. - (KentarouTakeda) - . Added pg_change_password to alter an user's password. (David Carlier) - . Added pg_put_copy_data/pg_put_copy_end to send COPY commands and signal - the end of the COPY. (David Carlier) - . Added pg_socket_poll to poll on the connection. (David Carlier) - . Added pg_jit to get infos on server JIT support. (David Carlier) - . Added pg_set_chunked_rows_size to fetch results per chunk. (David Carlier) - . pg_convert/pg_insert/pg_update/pg_delete ; regexes are now cached. + . Added pg_service to get the connection current service identifier. (David Carlier) -- Phar: - . Fixed bug GH-12532 (PharData created from zip has incorrect timestamp). - (nielsdos) - - POSIX: - . Added POSIX_SC_CHILD_MAX and POSIX_SC_CLK_TCK constants. (Jakub Zelenka) - . Updated posix_isatty to set the error number on file descriptors. - (David Carlier) - -- PSpell: - . Moved to PECL. (Derick Rethans) + . Added POSIX_SC_OPEN_MAX constant to get the number of file descriptors + a process can handle. (David Carlier) + . posix_ttyname() sets last_error to EBADF on invalid file descriptors, + posix_isatty() raises E_WARNING on invalid file descriptors, + posix_fpathconf checks invalid file descriptors. (David Carlier) - Random: - . Fixed bug GH-15094 (php_random_default_engine() is not C++ conforming). - (cmb) - . lcg_value() is now deprecated. (timwolla) - -- Readline: - . Fixed readline_info, rl_line_buffer_length/rl_len globals on update. - (David Carlier) - . Fixed bug #51558 (Shared readline build fails). (Peter Kokot) - . Fixed UAF with readline_info(). (David Carlier) + . Moves from /dev/urandom usage to arc4random_buf on Haiku. (David Carlier) - Reflection: - . Implement GH-12908 (Show attribute name/class in ReflectionAttribute dump). - (nielsdos) - . Make ReflectionGenerator::getFunction() legal after generator termination. - (timwolla) - . Added ReflectionGenerator::isClosed(). (timwolla) - . Fixed bug GH-15718 (Segfault on ReflectionProperty::get{Hook,Hooks}() on - dynamic properties). (DanielEScherzer) - . Fixed bug GH-15694 (ReflectionProperty::isInitialized() is incorrect for - hooked properties). (ilutov) - . Add missing ReflectionProperty::hasHook[s]() methods. (ilutov) - . Add missing ReflectionProperty::isFinal() method. (ilutov) - . Fixed bug GH-16122 (The return value of ReflectionFunction::getNamespaceName() - and ReflectionFunction::inNamespace() for closures is incorrect). (timwolla) - . Fixed bug GH-16162 (No ReflectionProperty::IS_VIRTUAL) (DanielEScherzer) - . Fixed the name of the second parameter of - ReflectionClass::resetAsLazyGhost(). (Arnaud) + . Added ReflectionConstant::getExtension() and ::getExtensionName(). + (DanielEScherzer) + . Fixed bug GH-12856 (ReflectionClass::getStaticPropertyValue() returns UNDEF + zval for uninitialized typed properties). (nielsdos) + . Fixed bug GH-15766 (ReflectionClass::__toString() should have better output + for enums). (DanielEScherzer) + . Added ReflectionProperty::getMangledName() method. (alexandre-daubois) - Session: - . INI settings session.sid_length and session.sid_bits_per_character are now - deprecated. (timwolla) - . Emit warnings for non-positive values of session.gc_divisor and negative values - of session.gc_probability. (Jorg Sowa) - . Fixed bug GH-16590 (UAF in session_encode()). (nielsdos) + . session_start() throws a ValueError on option argument if not a hashmap + or a TypeError if read_and_close value is not compatible with int. + (David Carlier) - SimpleXML: - . Fix signature of simplexml_import_dom(). (nielsdos) + . Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return + types than node lists). (nielsdos) - SNMP: - . Removed the deprecated inet_ntoa call support. (David Carlier) + . snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and + SNMP::__construct() throw an exception on invalid hostname, community + timeout and retries arguments. (David Carlier) - SOAP: - . Add support for clark notation for namespaces in class map. (lxShaDoWxl) - . Mitigate #51561 (SoapServer with a extented class and using sessions, - lost the setPersistence()). (nielsdos) - . Fixed bug #49278 (SoapClient::__getLastResponseHeaders returns NULL if - wsdl operation !has output). (nielsdos) - . Fixed bug #44383 (PHP DateTime not converted to xsd:datetime). (nielsdos) - . Fixed bug GH-11941 (soap with session persistence will silently fail when - "session" built as a shared object). (nielsdos) - . Passing an int to SoapServer::addFunction() is now deprecated. - If all PHP functions need to be provided flatten the array returned by - get_defined_functions(). (Girgias) - . The SOAP_FUNCTIONS_ALL constant is now deprecated. (Girgias) - . Fixed bug #61525 (SOAP functions require at least one space after HTTP - header colon). (nielsdos) - . Implement request #47317 (SoapServer::__getLastResponse()). (nielsdos) + . Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action" + header is correct). (nielsdos) + . Fix namespace handling of WSDL and XML schema in SOAP, + fixing at least GH-16320 and bug #68576. (nielsdos) + . Fixed bug #70951 (Segmentation fault on invalid WSDL cache). (nielsdos) + . Implement request #55503 (Extend __getTypes to support enumerations). + (nielsdos, datibbaw) + . Implement request #61105 (Support Soap 1.2 SoapFault Reason Text lang + attribute). (nielsdos) - Sockets: - . Removed the deprecated inet_ntoa call support. (David Carlier) - . Added the SO_EXECLUSIVEADDRUSE windows constant. (David Carlier) - . Added the SOCK_CONN_DGRAM/SOCK_DCCP netbsd constants. (David Carlier) - . Added multicast group support for ipv4 on FreeBSD. (jonathan@tangential.ca) - . Added the TCP_SYNCNT constant for Linux to set number of attempts to send - SYN packets from the client. (David Carlier) - . Added the SO_EXCLBIND constant for exclusive socket binding on illumos/solaris. + . Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage. + (David Carlier) + . Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD. + (David Carlier) + . socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO + with timeout setting on windows. (David Carlier) + . Added TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM, + TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants. + . socket_create_listen() throws an exception on invalid port value. + (David Carlier) + . socket_bind() throws an exception on invalid port value. (David Carlier) - . Updated the socket_create_listen backlog argument default value to SOMAXCONN. + . socket_sendto() throws an exception on invalid port value. (David Carlier) - . Added the SO_NOSIGPIPE constant to control the generation of SIGPIPE for - macOs and FreeBSD. (David Carlier) - . Added SO_LINGER_SEC for macOs, true equivalent of SO_LINGER in other platforms. + . socket_addrinfo_lookup throws an exception on invalid hints value types. (David Carlier) - . Add close-on-exec on socket created with socket_accept on unixes. (David Carlier) - . Added IP_PORTRANGE* constants for BSD systems to control ephemeral port - ranges. (David Carlier) - . Added SOCK_NONBLOCK/SOCK_CLOEXEC constants for socket_create and - socket_create_pair to apply O_NONBLOCK/O_CLOEXEC flags to the - newly created sockets. (David Carlier) - . Added SO_BINDTOIFINDEX to bind a socket to an interface index. + . socket_addrinfo_lookup throws an exception if any of the hints value + overflows. (David Carlier) + . socket_addrinfo_lookup throws an exception if one or more hints entries + has an index as numeric. (David Carlier) + . socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP + will throw an exception if its value is not a valid array/object. + (David Carlier) + . socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket. + (David Carlier) + . Added IP_BINDANY for a socket to bind to any address. (David Carlier) + . Added SO_BUSY_POOL to reduce packets poll latency. (David Carlier) + - Added UDP_SEGMENT support to optimise multiple large datagrams over UDP + if the kernel and hardware supports it. (David Carlier) + - Added SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown(). (David Carlier) - Sodium: - . Add support for AEGIS-128L and AEGIS-256. (jedisct1) - . Enable AES-GCM on aarch64 with the ARM crypto extensions. (jedisct1) + . Fix overall theoretical overflows on zend_string buffer allocations. + (David Carlier/nielsdos) -- SPL: - . Implement SeekableIterator for SplObjectStorage. (nielsdos) - . The SplFixedArray::__wakeup() method has been deprecated as it implements - __serialize() and __unserialize() which need to be overwritten instead. - (TysonAndre) - . Passing a non-empty string for the $escape parameter of: - - SplFileObject::setCsvControl() - - SplFileObject::fputcsv() - - SplFileObject::fgetcsv() - is now deprecated. (Girgias) +- Sqlite: + . Added Sqlite3Stmt::busy to check if a statement is still being executed. + (David Carlier) + . Added Sqlite3Stmt::explain to produce a explain query plan from + the statement. (David Carlier) + . Added Sqlite3Result::fetchAll to returns all results at once from a query. + (David Carlier) - Standard: - . Implement GH-12188 (Indication for the int size in phpinfo()). (timwolla) - . Partly fix GH-12143 (Incorrect round() result for 0.49999999999999994). - (timwolla) - . Fix GH-12252 (round(): Validate the rounding mode). (timwolla) - . Increase the default BCrypt cost to 12. (timwolla) - . Fixed bug GH-12592 (strcspn() odd behaviour with NUL bytes and empty mask). - (nielsdos) - . Removed the deprecated inet_ntoa call support. (David Carlier) - . Cast large floats that are within int range to int in number_format so - the precision is not lost. (Marc Bennewitz) - . Add support for 4 new rounding modes to the round() function. (Jorg Sowa) - . debug_zval_dump() now indicates whether an array is packed. (Max Semenik) - . Fix GH-12143 (Optimize round). (SakiTakamachi) - . Changed return type of long2ip to string from string|false. (Jorg Sowa) - . Fix GH-12143 (Extend the maximum precision round can handle by one digit). - (SakiTakamachi) - . Added the http_get_last_response_headers() and - http_clear_last_response_headers() that allows retrieving the same content - as the magic $http_response_header variable. - . Add php_base64_encode_ex() API. (Remi) - . Implemented "Raising zero to the power of negative number" RFC. (Jorg Sowa) - . Added array_find(), array_find_key(), array_all(), and array_any(). (josh) - . Change highlight_string() and print_r() return type to string|true. (Ayesh) - . Fix references in request_parse_body() options array. (nielsdos) - . Add RoundingMode enum. (timwolla, saki) - . Unserializing the uppercase 'S' tag is now deprecated. (timwolla) - . Enables crc32 auxiliary detection on OpenBSD. (David Carlier) - . Passing a non-empty string for the $escape parameter of: - - fputcsv() - - fgetcsv() - - str_getcsv() - is now deprecated. (Girgias) - . The str_getcsv() function now throws ValueErrors when the $separator and - $enclosure arguments are not one byte long, or if the $escape is not one - byte long or the empty string. This aligns the behaviour to be identical - to that of fputcsv() and fgetcsv(). (Girgias) - . php_uname() now throws ValueErrors on invalid inputs. (Girgias) - . The "allowed_classes" option for unserialize() now throws TypeErrors and - ValueErrors if it is not an array of class names. (Girgias) - . Implemented GH-15685 (improve proc_open error reporting on Windows). (cmb) - . Add support for backed enums in http_build_query(). (ilutov) - . Fixed bug GH-15982 (Assertion failure with array_find when references are - involved). (nielsdos) - . Fixed parameter names of fpow() to be identical to pow(). (Girgias) + . Fixed crypt() tests on musl when using --with-external-libcrypt + (Michael Orlitzky). + . Fixed bug GH-18062 (is_callable(func(...), callable_name: $name) for first + class callables returns wrong name). (timwolla) + . Added array_first() and array_last(). (nielsdos) + . Fixed bug GH-18823 (setlocale's 2nd and 3rd argument ignores strict_types). + (nielsdos) + . Fixed exit code handling of sendmail cmd and added warnings. + (Jesse Hathaway) + . Fixed bug GH-18897 (printf: empty precision is interpreted as precision 6, + not as precision 0). (nielsdos) - Streams: - . Implemented GH-15155 (Stream context is lost when custom stream wrapper is - being filtered). (Quentin Dreyer) + . Fixed bug GH-16889 (stream_select() timeout useless for pipes on Windows). + (cmb) + +- Tests: + . Allow to shuffle tests even in non-parallel mode. (dhuang00) - Tidy: - . Failures in the constructor now throw exceptions rather than emitting - warnings and having a broken object. (nielsdos) - . Add tidyNode::getNextSibling() and tidyNode::getPreviousSibling(). - (nielsdos) + . tidy::__construct/parseFile/parseString methods throw an exception if + the configuration argument is invalid. (David Carlier) - Windows: - . Update the icon of the Windows executables, e.g. php.exe. (Ayesh, - Nurudin Imširović) - . Fixed bug GH-16199 (GREP_HEADER() is broken). (Peter Kokot) - -- XML: - . Added XML_OPTION_PARSE_HUGE parser option. (nielsdos) - . Fixed bug #81481 (xml_get_current_byte_index limited to 32-bit numbers on - 64-bit builds). (nielsdos) - . The xml_set_object() function has been deprecated. (Girgias) - . Passing non-callable strings to the xml_set_*_handler() functions is now - deprecated. (Girgias) - -- XMLReader: - . Declares class constant types. (Ayesh) - . Add XMLReader::fromStream(), XMLReader::fromUri(), XMLReader::fromString(). (nielsdos) - . Fixed bug GH-15123 (var_dump doesn't actually work on XMLReader). - (nielsdos) + . Fixed bug GH-10992 (Improper long path support for relative paths). (cmb, + nielsdos) + . Fixed bug GH-16843 (Windows phpize builds ignore source subfolders). (cmb) - XMLWriter: - . Add XMLWriter::toStream(), XMLWriter::toUri(), XMLWriter::toMemory(). (nielsdos) + . Improved performance and reduce memory consumption. (nielsdos) - XSL: - . Implement request #64137 (XSLTProcessor::setParameter() should allow both - quotes to be used). (nielsdos) - . Implemented "Improve callbacks in ext/dom and ext/xsl" RFC. (nielsdos) - . Added XSLTProcessor::$maxTemplateDepth and XSLTProcessor::$maxTemplateVars. - (nielsdos) - . Fix trampoline leak in xpath callables. (nielsdos) + . Implement request #30622 (make $namespace parameter functional). (nielsdos) + +- Zlib: + . gzfile, gzopen and readgzfile, their "use_include_path" argument + is now a boolean. (David Carlier) + . Fixed bug GH-16883 (gzopen() does not use the default stream context when + opening HTTP URLs). (nielsdos) + . Implemented GH-17668 (zlib streams should support locking). (nielsdos) -- Zip: - . Added ZipArchive::ER_TRUNCATED_ZIP added in libzip 1.11. (Remi) +<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>> From faa4c7f9e6aeaf9e0a36f68bd9d578093c411edf Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 3 Oct 2025 22:23:32 +0200 Subject: [PATCH 2/7] Fix flaky gh19984.phpt test When the parent finishes before the child, we may miss some output from the child and have the test fail. --- ext/opcache/tests/gh19984.phpt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ext/opcache/tests/gh19984.phpt b/ext/opcache/tests/gh19984.phpt index 4584fa6494c18..cb49869f5cf05 100644 --- a/ext/opcache/tests/gh19984.phpt +++ b/ext/opcache/tests/gh19984.phpt @@ -14,6 +14,10 @@ if (!function_exists('pcntl_fork')) die('skip pcntl_fork() not available'); --EXPECTF-- Warning: Unsupported declare 'unknown' in %s on line %d From 969e837d5b6d2511b69605c298c172e8a0a4f9d6 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Fri, 3 Oct 2025 22:30:07 +0200 Subject: [PATCH 3/7] Fix compiler segfault during call compilation (#20054) Happens due to changes in 28fd7597bae where the opline opcode may be accessed after the opcode array has been reallocated. To solve this we store the opcode in a temporary variable. --- Zend/zend_compile.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 74b63951fa961..3f88ee10218d9 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -3956,19 +3956,21 @@ static bool zend_compile_call_common(znode *result, zend_ast *args_ast, zend_fun if (args_ast->kind == ZEND_AST_CALLABLE_CONVERT) { opline = &CG(active_op_array)->opcodes[opnum_init]; opline->extended_value = 0; + /* opcode array may be reallocated, so don't access opcode field after zend_emit_op_tmp(). */ + uint8_t opcode = opline->opcode; - if (opline->opcode == ZEND_NEW) { + if (opcode == ZEND_NEW) { zend_error_noreturn(E_COMPILE_ERROR, "Cannot create Closure for new expression"); } - if (opline->opcode == ZEND_INIT_FCALL) { + if (opcode == ZEND_INIT_FCALL) { opline->op1.num = zend_vm_calc_used_stack(0, fbc); } zend_op *callable_convert_op = zend_emit_op_tmp(result, ZEND_CALLABLE_CONVERT, NULL, NULL); - if (opline->opcode == ZEND_INIT_FCALL - || opline->opcode == ZEND_INIT_FCALL_BY_NAME - || opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME) { + if (opcode == ZEND_INIT_FCALL + || opcode == ZEND_INIT_FCALL_BY_NAME + || opcode == ZEND_INIT_NS_FCALL_BY_NAME) { callable_convert_op->extended_value = zend_alloc_cache_slot(); } else { callable_convert_op->extended_value = (uint32_t)-1; From f9c4fe4c5d337e92fd0a6df506385dc645b7394a Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Fri, 3 Oct 2025 22:30:37 +0200 Subject: [PATCH 4/7] [ci skip] Fix indent --- Zend/zend_compile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 3f88ee10218d9..3dc345ba3b6c6 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -3960,7 +3960,7 @@ static bool zend_compile_call_common(znode *result, zend_ast *args_ast, zend_fun uint8_t opcode = opline->opcode; if (opcode == ZEND_NEW) { - zend_error_noreturn(E_COMPILE_ERROR, "Cannot create Closure for new expression"); + zend_error_noreturn(E_COMPILE_ERROR, "Cannot create Closure for new expression"); } if (opcode == ZEND_INIT_FCALL) { From 0e1addf8b51f6d429b00cb096d9d26e76a9c932b Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 3 Oct 2025 23:11:47 +0200 Subject: [PATCH 5/7] Skip mysqli_fetch_all_data_types_variation.phpt on PPC runner --- .../tests/fetch/mysqli_fetch_all_data_types_variation.phpt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ext/mysqli/tests/fetch/mysqli_fetch_all_data_types_variation.phpt b/ext/mysqli/tests/fetch/mysqli_fetch_all_data_types_variation.phpt index 594980ec0f829..81c15d53b84cb 100644 --- a/ext/mysqli/tests/fetch/mysqli_fetch_all_data_types_variation.phpt +++ b/ext/mysqli/tests/fetch/mysqli_fetch_all_data_types_variation.phpt @@ -4,6 +4,9 @@ mysqli_fetch_all() data types variation mysqli --SKIPIF-- From a48de0a057ba7f33fafdfc605811ef6c1e726133 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 3 Oct 2025 23:12:46 +0200 Subject: [PATCH 6/7] Skip proc_open_multiplex.phpt on PPC runner --- .../tests/general_functions/proc_open_multiplex.phpt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/standard/tests/general_functions/proc_open_multiplex.phpt b/ext/standard/tests/general_functions/proc_open_multiplex.phpt index 63e856b29c31e..798b5e74c475e 100644 --- a/ext/standard/tests/general_functions/proc_open_multiplex.phpt +++ b/ext/standard/tests/general_functions/proc_open_multiplex.phpt @@ -1,5 +1,11 @@ --TEST-- Multiplexing of child output +--SKIPIF-- + --FILE-- Date: Fri, 3 Oct 2025 00:12:52 +0200 Subject: [PATCH 7/7] Avoid capturing nested arrow function parameters Fixes GH-19867 Closes GH-20041 --- Zend/zend_compile.c | 12 +++++++++++- ext/opcache/tests/gh19867.phpt | 36 ++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/gh19867.phpt diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 3dc345ba3b6c6..e45154157c287 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -8092,6 +8092,8 @@ typedef struct { bool varvars_used; } closure_info; +static void find_implicit_binds(closure_info *info, zend_ast *params_ast, zend_ast *stmt_ast); + static void find_implicit_binds_recursively(closure_info *info, zend_ast *ast) { if (!ast) { return; @@ -8136,7 +8138,15 @@ static void find_implicit_binds_recursively(closure_info *info, zend_ast *ast) { } else if (ast->kind == ZEND_AST_ARROW_FUNC) { /* For arrow functions recursively check the expression. */ zend_ast_decl *closure_ast = (zend_ast_decl *) ast; - find_implicit_binds_recursively(info, closure_ast->child[2]); + closure_info inner_info; + find_implicit_binds(&inner_info, closure_ast->child[0], closure_ast->child[2]); + if (inner_info.varvars_used) { + info->varvars_used = true; + } + if (zend_hash_num_elements(&inner_info.uses)) { + zend_hash_copy(&info->uses, &inner_info.uses, NULL); + } + zend_hash_destroy(&inner_info.uses); } else if (!zend_ast_is_special(ast)) { uint32_t i, children = zend_ast_get_num_children(ast); for (i = 0; i < children; i++) { diff --git a/ext/opcache/tests/gh19867.phpt b/ext/opcache/tests/gh19867.phpt new file mode 100644 index 0000000000000..486a366722dad --- /dev/null +++ b/ext/opcache/tests/gh19867.phpt @@ -0,0 +1,36 @@ +--TEST-- +GH-19867: Avoid capturing nested arrow function parameters +--EXTENSIONS-- +opcache +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.opt_debug_level=0x20000 +--FILE-- + fn($a, $b) => $a + $b; +?> +--EXPECTF-- +$_main: + ; (lines=%d, args=0, vars=%d, tmps=%d) + ; (after optimizer) + ; %s +0000 T0 = DECLARE_LAMBDA_FUNCTION 0 +0001 FREE T0 +0002 RETURN int(1) + +{closure:%s:%d}: + ; (lines=%d, args=0, vars=%d, tmps=%d) + ; (after optimizer) + ; %s +0000 T0 = DECLARE_LAMBDA_FUNCTION 0 +0001 RETURN T0 + +{closure:%s:%d}: + ; (lines=%d, args=2, vars=%d, tmps=%d) + ; (after optimizer) + ; %s +0000 CV0($a) = RECV 1 +0001 CV1($b) = RECV 2 +0002 T2 = ADD CV0($a) CV1($b) +0003 RETURN T2