PHP Release Notes

Core

• Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
• Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
• Fixed bug GH-20714 (Uncatchable exception thrown in generator).
• Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
• Fixed bug GH-20745 ("Casting out of range floats to int" applies to strings).

DOM

• Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
• Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()).

EXIF

• Fixed bug GH-20631 (Integer underflow in exif HEIF parsing when pos.size < 2).

Intl

• Fix leak in umsg_format_helper().

LDAP

• Fix memory leak in ldap_set_options().

Lexbor

• Fixed bug GH-20668 (\Uri\WhatWg\Url::withHost() crashes (SEGV) for URLs using the file: scheme).

Mbstring

• Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).

PCNTL

• Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.

Phar

• Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
• Fix SplFileInfo::openFile() in write mode.
• Fix build on legacy OpenSSL 1.1.0 systems.
• Fixed bug #74154 (Phar extractTo creates empty files).

Session

• Fix support for MM module.

Sqlite3

• Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).

Standard

• Fix error check for proc_open() command.
• Fix memory leak in mail() when header key is numeric.
• Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).

URI

• Fixed bug GH-20366 (ext/uri incorrectly throws ValueError when encountering null byte).
• Fixed CVE-2025-67899 (uriparser through 0.9.9 allows unbounded recursion and stack consumption).

XML

• Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).

Zip

• Fix crash in property existence test.
• Don't truncate return value of zip_fread() with user sizes.

Zlib

• Fix assertion failures resulting in crashes with stream filter object parameters.

Original source Report a problem

Core

• Sync all boost.context files with release 1.86.0.
• Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter).
• Fixed hard_timeout with --enable-zend-max-execution-timers.
• Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
• Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
• Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
• Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
• Fixed bug GH-20002 (Broken build on *BSD with MSAN).

CLI

• Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.

Curl

• Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
• Fix curl build and test failures with version 8.16.

Date

• Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.

DOM

• Fix macro name clash on macOS.
• Fixed bug GH-20022 (docker-php-ext-install DOM failed).

GD

• Fixed GH-19955 (imagefttext() memory leak).

MySQLnd

• Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).

Opcache

• Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
• Fixed bug GH-19831 (function JIT may not deref property value).
• Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).

Phar

• Fix memory leak and invalid continuation afte...

Original source Report a problem

Core

• Sync all boost.context files with release 1.86.0.
• Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter).
• Fixed bug GH-20546 (preserve_none attribute configure check on macOs issue).
• Fixed bug GH-20286 (use-after-destroy during userland stream_close()).

Bz2

• Fix assertion failures resulting in crashes with stream filter object parameters.

DOM

• Fix memory leak when edge case is hit when registering xpath callback.
• Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase).
• Fix missing NUL byte check on C14NFile().

Fibers

• Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).

Intl

• Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants).

Lexbor

• Fixed bug GH-20501 (\Uri\WhatWg\Url lose host after calling withPath() or withQuery()).
• Fixed bug GH-20502 (\Uri\WhatWg\Url crashes (SEGV) when parsing malformed URL due to Lexbor memory corruption).

LibXML

• Fix some deprecations on newer libxml versions regarding input buffer/parser handling.

MySQLnd

• Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).

Opcache

• Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer).

PDO

• Fixed bug GH-20553 (PDO::FETCH_CLASSTYPE ignores $constructorArgs in PHP 8.5.0).
• Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)

Phar

• Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub).
• Fix broken return value of fflush() for phar file entries.
• Fix assertion failure when fseeking a phar file out of bounds.

PHPDBG

• Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().

SPL

• Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization).

Standard

• Fix memory leak in array_diff() with custom type checks.
• Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
• Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
• Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
• Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)

URI

• Fixed bug GH-20366 (ext/uri incorrectly throws ValueError when encountering null byte).
• Fixed CVE-2025-67899 (uriparser through 0.9.9 allows unbounded recursion and stack consumption).

XML

• Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).

Zip

• Fix crash in property existence test.
• Don't truncate return value of zip_fread() with user sizes.

Zlib

• Fix assertion failures resulting in crashes with stream filter object parameters.

Original source Report a problem

Core

• Sync all boost.context files with release 1.86.0.
• Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter).
• Fixed bug GH-20286 (use-after-destroy during userland stream_close()).

Bz2

• Fix assertion failures resulting in crashes with stream filter object parameters.

Date

• Fix crashes when trying to instantiate uninstantiable classes via date static constructors.

DOM

• Fix memory leak when edge case is hit when registering xpath callback.
• Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase).
• Fix missing NUL byte check on C14NFile().

Fibers

• Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).

FTP

• Fixed bug GH-20601 (ftp_connect overflow on timeout).

GD

• Fixed bug GH-20511 (imagegammacorrect out of range input/output values).
• Fixed bug GH-20602 (imagescale overflow with large height values).

Intl

• Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants).

LibXML

• Fix some deprecations on newer libxml versions regarding input buffer/parser handling.

MbString

• Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma).
• Fixed bug GH-20492 (mbstring compile warning due to non-strings).

MySQLnd

• Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).

Opcache

• Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer).

PDO

• Fixed bug GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)

Phar

• Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub).
• Fix broken return value of fflush() for phar file entries.
• Fix assertion failure when fseeking a phar file out of bounds.

PHPDBG

• Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().

SPL

• Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization).

Standard

• Fix memory leak in array_diff() with custom type checks.
• Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
• Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
• Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
• Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)

Tidy

• Fixed bug GH-20374 (PHP with tidy and custom-tags).

XML

• Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).

Zip

• Fix crash in property existence test.
• Don't truncate return value of zip_fread() with user sizes.

Zlib

• Fix assertion failures resulting in crashes with stream filter object parameters.

Original source Report a problem

Core

• Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv).
• Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference).
• Fixed bug GH-20085 (Assertion failure when combining lazy object get_properties exception with foreach loop).
• Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
• Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
• Fixed bug GH-20270 (Broken parent hook call with named arguments).
• Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).

DOM

• Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work).
• Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent after nodes are removed).

Exif

• Fix possible memory leak when tag is empty.

FPM

• Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution).

FTP

• Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes).

GD

• Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided).

Intl

• Fix memory leak on error in locale_filter_matches().

LibXML

• Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).

MySQLnd

• Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).

Opcache

• Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
• Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
• Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess).

PDO

• Fixed bug GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)

Phar

• Fix memory leak and invalid continuation after tar header writing fails.
• Fixed memory leaks when creating temp file fails when applying zip signature.
• Fix broken return value of fflush() for phar file entries.
• Fix assertion failure when fseeking a phar file out of bounds.

PHPDBG

• Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().

SPL

• Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization).

Standard

• Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
• Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
• Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
• Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)

Tidy

• Fixed bug GH-20374 (PHP with tidy and custom-tags).

XML

• Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).

Zip

• Fix crash in property existence test.
• Don't truncate return value of zip_fread() with user sizes.

Zlib

• Fix assertion failures resulting in crashes with stream filter object parameters.

Original source Report a problem

Core:
• Added the #[\NoDiscard] attribute to indicate that a function's return value is important and should be consumed.
• Added the (void) cast to indicate that not using a value is intentional.
• Added get_error_handler(), get_exception_handler() functions.
• Added support for casts in constant expressions.
• Added the pipe (|>) operator.
• Added the #[\DelayedTargetValidation] attribute to delay target errors for internal attributes from compile time to runtime.
• Added support for final with constructor property promotion.
• Added support for configuring the URI parser for the FTP/FTPS as well as the SSL/TLS stream wrappers as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
• Added PHP_BUILD_PROVIDER constant.
• Added PHP_BUILD_DATE constant.
• Added support for Closures and first class callables in constant expressions.
• Add support for backtraces for fatal errors.
• Add clone-with support to the clone() function.
• Add RFC 3986 and WHATWG URL compliant APIs for URL parsing and manipulation (kocsismate, timwolla)
• Fixed AST printing for immediately invoked Closure.
• Properly handle __debugInfo() returning an array reference.
• Properly handle reference return value from __toString().
• Improved error message of UnhandledMatchError for zend.exception_string_param_max_len=0.
• Fixed bug GH-15753 and GH-16198 (Bind traits before parent class).
• Fixed bug GH-17951 (memory_limit is not always limited by max_memory_limit).
• Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
• Fixed bug GH-20113 (Missing new Foo(...) error in constant expressions).
• Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
• Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
• Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval).
• Fixed bug GH-20002 (Broken build on BSD with MSAN).
• Fixed bug GH-19352 (Cross-compilation with musl C library).
• Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
• Fixed hard_timeout with --enable-zend-max-execution-timers.
• Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
• Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when using OPcache).
• Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
• Fixed bug GH-19719 (Allow empty statements before declare(strict_types)).
• Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv).
• Fixed bug GH-19613 (Stale array iterator pointer).
• Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
• Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
• Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
• Fixed bug GH-19476 (pipe operator fails to correctly handle returning by reference).
• Fixed bug GH-19081 (Wrong lineno in property error with constructor property promotion).
• Fixed bug GH-17959 (Relax missing trait fatal error to error exception).
• Fixed bug GH-18033 (NULL-ptr dereference when using register_tick_function in destructor).
• Fixed bug GH-18026 (Improve "expecting token" error for ampersand).
• The report_memleaks INI directive has been deprecated.
• Fixed OSS-Fuzz #439125710 (Pipe cannot be used in write context).
• Fixed bug GH-19548 (Shared memory violation on property inheritance).
• Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
• Fixed bug GH-18373 (Don't substitute self/parent with anonymous class).
• Fix support for non-userland stream notifiers.
• Fixed bug GH-19305 (Operands may be being released during comparison).
• Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
• Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
• Fix OSS-Fuzz #427814452 (pipe compilation fails with assert).
• Fixed bug GH-16665 (\array and \callable should not be usable in class_alias).
• Use clock_gettime_nsec_np() for high resolution timer on macOS if available.
• Make clone() a function.
• Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 on x86_64 or aarch64.
• Enacted the follow-up phase of the "Path to Saner Increment/Decrement operators" RFC, meaning that incrementing non-numeric strings is now deprecated. (Girgias).
• Various closure binding issues are now deprecated.
• Constant redeclaration has been deprecated.
• Marks the stack as non-executable on Haiku.
• Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string is now deprecated.
• Using null as an array offset or when calling array_key_exists() is now deprecated.
• The disable_classes INI directive has been removed.
• The locally predefined variable $http_response_header is deprecated.
• Non-canonical cast names (boolean), (integer), (double), and (binary) have been deprecated.
• The $exclude_disabled parameter of the get_defined_functions() function has been deprecated, as it no longer has any effect since PHP 8.0.
• Terminating case statements with a semicolon instead of a colon has been deprecated.
• The backtick operator as an alias for shell_exec() has been deprecated.
• Returning null from __debugInfo() has been deprecated.
• Support #[\Override] on properties.
• Destructing non-array values (other than NULL) using [] or list() now emits a warning.
• Casting floats that are not representable as ints now emits a warning.
• Casting NAN to other types now emits a warning.
• Implement GH-15680 (Enhance zend_dump_op_array to properly represent non-printable characters in string literals).
• Fixed bug GH-17442 (Engine UAF with reference assign and dtor).
• Do not use RTLD_DEEPBIND if dlmopen is available.
BCMath:
• Simplify bc_divide() code.
• If the result is 0, n_scale is set to 0.
• If size of BC_VECTOR array is within 64 bytes, stack area is now used.
• Fixed bug GH-20006 (Power of 0 of BcMath number causes UB).
Bz2:
• Fixed bug GH-19810 (Broken bzopen() stream mode validation).
CLI:
• Add --ini=diff to print INI settings changed from the builtin default.
• Drop support for -z CLI/CGI flag.
• Fixed GH-17956 - development server 404 page does not adapt to mobiles.
• Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
COM:
• Fixed property access of PHP objects wrapped in variant.
• Fixed method calls for PHP objects wrapped in variant.
Curl:
• Added CURLFOLLOW_ALL, CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option.
• Added curl_multi_get_handles().
• Added curl_share_init_persistent().
• Added CURLINFO_USED_PROXY, CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED support to curl_getinfo.
• Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan)
• Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan)
• Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS.
• The curl_close() function has been deprecated.
• The curl_share_close() function has been deprecated.
• Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
Date:
• Fix undefined behaviour problems regarding integer overflow in extreme edge cases.
• The DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been deprecated.
• Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
• Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
• The __wakeup() magic method of DateTimeInterface, DateTime, DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been deprecated in favour of the __unserialize() magic method.
DOM:
• Added Dom\Element::$outerHTML.
• Added Dom\Element::insertAdjacentHTML().
• Added $children property to ParentNode implementations.
• Make cloning DOM node lists, maps, and collections fail.
• Added Dom\Element::getElementsByClassName().
• Fixed bug GH-18877 (\Dom\HTMLDocument querySelectorAll selecting only the first when using ~ and :has).
• Fix getNamedItemNS() incorrect namespace check.
Enchant:
• Added enchant_dict_remove_from_session().
• Added enchant_dict_remove().
• Fix missing empty string checks.
EXIF:
• Add OffsetTime Exif tags.
• Added support to retrieve Exif from HEIF file.
• Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop).
• Fix OSS-Fuzz #442954659 (Crash in exif_scan_HEIF_header).
• Various hardening fixes to HEIF parsing.
FileInfo:
• The finfo_close() function has been deprecated.
• The $context parameter of the finfo_buffer() function has been deprecated as it is ignored.
• Upgrade to file 5.46.
• Change return type of finfo_close() to true.
Filter:
• Added support for configuring the URI parser for FILTER_VALIDATE_URL as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
• Fixed bug GH-16993 (filter_var_array with FILTER_VALIDATE_INT|FILTER_NULL_ON_FAILURE should emit warning for invalid filter usage).
FPM:
• Fixed bug GH-19817 (Decode SCRIPT_FILENAME issue in php 8.5).
• Fixed bug GH-19989 (PHP 8.5 FPM access log lines also go to STDERR).
• Fixed GH-17645 (FPM with httpd ProxyPass does not decode script path).
• Make FPM access log limit configurable using log_limit.
• Fixed failed debug assertion when php_admin_value setting fails.
• Fixed bug GH-8157 (post_max_size evaluates .user.ini too late in php-fpm).
GD:
• Fixed bug #68629 (Transparent artifacts when using imagerotate).
• Fixed bug #64823 (ZTS GD fails to find system TrueType font).
• Fix incorrect comparison with result of php_stream_can_cast().
• The imagedestroy() function has been deprecated.
Iconv:
• Extends the ICONV_CONST preprocessor for illumos/solaris.
Intl:
• Bumped ICU requirement to ICU >= 57.1.
• IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an exception with uninitialised classes or clone failure.
• Added DECIMAL_COMPACT_SHORT/DECIMAL_COMPACT_LONG for NumberFormatter class.
• Added Locale::isRightToLeft to check if a locale is written right to left.
• Added null bytes presence in locale inputs for Locale class.
• Added grapheme_levenshtein() function.
• Added Locale::addLikelySubtags/Locale::minimizeSubtags to handle adding/removing likely subtags to a locale.
• Added IntlListFormatter class to format a list of items with a locale, operands types and units.
• Added grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), grapheme_strripos(), grapheme_substr(), grapheme_strstr(), grapheme_stristr() and grapheme_levenshtein() functions add $locale parameter (Yuya Hamada).
• Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
• Fixed bug GH-18566 ([intl] Weird numeric sort in Collator).
• Fix return value on failure for resourcebundle count handler.
• Fixed bug GH-19307 (PGO builds of shared ext-intl are broken).
• Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a IntlException now.
• The intl.error_level INI setting has been deprecated.
LDAP:
• Allow ldap_get_option to retrieve global option by allowing NULL for connection instance ($ldap).
MBstring:
• Updated Unicode data tables to Unicode 17.0.
MySQLi:
• Fixed bugs GH-17900 and GH-8084 (calling mysqli::_construct twice).
• The mysqli_execute() alias function has been deprecated.
MySQLnd:
• Added mysqlnd.collect_memory_statistics to ini quick reference.
ODBC:
• Removed driver-specific build flags and support.
• Remove ODBCVER and assume ODBC 3.5.
Opcache:
• Make OPcache non-optional (Arnaud, timwolla)
• Added opcache.file_cache_read_only.
• Updated default value of opcache.jit_hot_loop.
• Log a warning when opcache lock file permissions could not be changed.
• Fixed bug GH-20012 (heap buffer overflow in jit).
• Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments).
• Disallow changing opcache.memory_consumption when SHM is already set up.
• Fixed bug GH-15074 (Compiling opcache statically into ZTS PHP fails).
• Fixed bug GH-17422 (OPcache bypasses the user-defined error handler for deprecations).
• Fixed bug GH-19301 (opcache build failure).
• Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
• Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
• Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess).
• Fixed segfault in function JIT due to NAN to bool warning.
• Fixed bug GH-19984 (Double-free of EG(errors)/persistent_script->warnings on persist of already persisted file).
• Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
• Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
• Fixed bug GH-19831 (function JIT may not deref property value).
• Fixed bug GH-19486 (Incorrect opline after deoptimization).
• Fixed bug GH-19601 (Wrong JIT stack setup on aarch64/clang).
• Fixed bug GH-19388 (Broken opcache.huge_code_pages).
• Fixed bug GH-19657 (Build fails on non-glibc/musl/freebsd/macos/win platforms).
• Fixed ZTS OPcache build on Cygwin.
• Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
• Added openssl.libctx INI that allows to select the OpenSSL library context type and convert various parts of the extension to use the custom libctx.
• Add $digest_algo parameter to openssl_public_encrypt() and openssl_private_decrypt() functions.
• Implement #81724 (openssl_cms_encrypt only allows specific ciphers).
• Implement #80495 (Enable to set padding in openssl(sign|verify).
• Implement #47728 (openssl_pkcs7_sign ignores new openssl flags).
• Fixed bug GH-19994 (openssl_get_cipher_methods inconsistent with fetching).
• Fixed build when --with-openssl-legacy-provider set.
• Fixed bug GH-19369 (8.5 | Regression in openssl_sign() - support for alias algorithms appears to be broken).
• The $key_length parameter for openssl_pkey_derive() has been deprecated.
Output:
• Fixed calculation of aligned buffer size.
PCNTL:
• Extend pcntl_waitid with rusage parameter.
PCRE:
• Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options.
PDO:
• Fixed bug GH-20095 (Incorrect class name in deprecation message for PDO mixins).
• Driver specific methods and constants in the PDO class are now deprecated.
• The "uri:" DSN scheme has been deprecated due to security concerns with DSNs coming from remote URIs.
PDO_ODBC:
• Fetch larger block sizes and better handle SQL_NO_TOTAL when calling SQLGetData.
PDO_PGSQL:
• Added Iterable support for PDO::pgsqlCopyFromArray.
• Implement GH-15387: Pdo\Pgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or Pdo\Pgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy instead of storing the whole result set in memory (Guillaume Outters)
PDO_SQLITE:
• Add PDO\Sqlite::ATTR_TRANSACTION_MODE connection attribute.
• Implement GH-17321: Add setAuthorizer to Pdo\Sqlite.
• PDO::sqliteCreateCollation now throws a TypeError if the callback has a wrong return type.
• Added Pdo_Sqlite::ATTR_BUSY_STATEMENT constant to check if a statement is still being executed.
• Added Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT constant to set a statement in either EXPLAIN_MODE_PREPARED, EXPLAIN_MODE_EXPLAIN, EXPLAIN_MODE_EXPLAIN_QUERY_PLAN modes.
• Fix bug GH-13952 (sqlite PDO::quote silently corrupts strings with null bytes) by throwing on null bytes.
PGSQL:
• Added pg_close_stmt to close a prepared statement while allowing its name to be reused.
• Added Iterable support for pgsql_copy_from.
• pg_connect checks if connection_string contains any null byte, pg_close_stmt check if the statement contains any null byte.
• Added pg_service to get the connection current service identifier.
• Fix segfaults when attempting to fetch row into a non-instantiable class name.
Phar:
• Fix potential buffer length truncation due to usage of type int instead of type size_t.
• Fixed memory leaks when verifying OpenSSL signature.
POSIX:
• Added POSIX_SC_OPEN_MAX constant to get the number of file descriptors a process can handle.
• posix_ttyname() sets last_error to EBADF on invalid file descriptors, posix_isatty() raises E_WARNING on invalid file descriptors, posix_fpathconf checks invalid file descriptors.
• posix_kill and posix_setpgid throws a ValueError on invalid process_id.
• posix_setpgid throws a ValueError on invalid process_group_id, posix_setrlimit throws a ValueError on invalid soft_limit and hard_limit arguments.
Random:
• Moves from /dev/urandom usage to arc4random_buf on Haiku.
Reflection:
• Added ReflectionConstant::getExtension() and ::getExtensionName().
• Added ReflectionProperty::getMangledName() method.
• ReflectionConstant is no longer final.
• The setAccessible() methods of various Reflection objects have been deprecated, as those no longer have an effect.
• ReflectionClass::getConstant() for constants that do not exist has been deprecated.
• ReflectionProperty::getDefaultValue() for properties without default values has been deprecated.
• Fixed bug GH-12856 (ReflectionClass::getStaticPropertyValue() returns UNDEF zval for uninitialized typed properties).
• Fixed bug GH-15766 (ReflectionClass::__toString() should have better output for enums).
• Fix GH-19691 (getModifierNames() not reporting asymmetric visibility).
• Fixed bug GH-17927 (Reflection: have some indication of property hooks in _property_string()).
• Fixed bug GH-19187 (ReflectionNamedType::getName() prints nullable type when retrieved from ReflectionProperty::getSettableType()).
• Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks).
SAPI:
• Fixed bug GH-18582 and #81451: http_response_code() does not override the status code generated by header().
Session:
• session_start() throws a ValueError on option argument if not a hashmap or a TypeError if read_and_close value is not compatible with int.
• Added support for partitioned cookies.
• Fix RC violation of session SID constant deprecation attribute.
• Fixed GH-19197: build broken with ZEND_STRL usage with memcpy when implemented as macro.
SimpleXML:
• Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return types than node lists).
SNMP:
• snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw an exception on invalid hostname, community timeout and retries arguments.
SOAP:
• Added support for configuring the URI parser for SoapClient::__doRequest() as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
• Implement request #55503 (Extend __getTypes to support enumerations).
• Implement request #61105 (Support Soap 1.2 SoapFault Reason Text lang attribute).
• Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action" header is correct).
• Fix namespace handling of WSDL and XML schema in SOAP, fixing at least GH-16320 and bug #68576.
• Fixed bug #70951 (Segmentation fault on invalid WSDL cache).
• Fixed bug GH-19773 (SIGSEGV due to uninitialized soap_globals->lang_en).
• Fixed bug GH-19226 (Segfault when spawning new thread in soap extension).
Sockets:
• Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage.
• Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD.
• Added IP_BINDANY for a socket to bind to any address.
• Added SO_BUSY_POOL to reduce packets poll latency.
• Added UDP_SEGMENT support to optimise multiple large datagrams over UDP if the kernel and hardware supports it.
• Added SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown().
• Added TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM, TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants.
• socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO with timeout setting on windows.
• socket_create_listen() throws an exception on invalid port value.
• socket_bind() throws an exception on invalid port value.
• socket_sendto() throws an exception on invalid port value.
• socket_addrinfo_lookup throws an exception on invalid hints value types.
• socket_addrinfo_lookup throws an exception if any of the hints value overflows.
• socket_addrinfo_lookup throws an exception if one or more hints entries has an index as numeric.
• socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP will throw an exception if its value is not a valid array/object.
• socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket.
• socket_set_option for multicast context throws a ValueError when the socket family is not of AF_INET/AF_INET6 family.
Sodium:
• Fix overall theoretical overflows on zend_string buffer allocations.
SPL:
• Fixed bug GH-20101 (SplHeap/SplPriorityQueue serialization exposes INDIRECTs).
• Improve __unserialize() hardening for SplHeap/SplPriorityQueue.
• Deprecate ArrayObject and ArrayIterator with objects.
• Unregistering all autoloaders by passing the spl_autoload_call() function as a callback argument to spl_autoload_unregister() has been deprecated. Instead if this is needed, one should iterate over the return value of spl_autoload_functions() and call spl_autoload_unregister() on each value.
• The SplObjectStorage::contains(), SplObjectStorage::attach(), and SplObjectStorage::detach() methods have been deprecated in favour of SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and SplObjectStorage::offsetUnset() respectively.
Sqlite:
• Added Sqlite3Stmt::busy to check if a statement is still being executed.
• Added Sqlite3Stmt::explain to produce an explain query plan from the statement.
• Added Sqlite3Result::fetchAll to return all results at once from a query.
Standard:
• Add HEIF/HEIC support to getimagesize.
• Added support for partitioned cookies.
• Implement #71517 (Implement SVG support for getimagesize() and friends).
• Implement GH-19188: Add support for new INI mail.cr_lf_mode.
• Optimized PHP html_entity_decode function.
• Minor optimization to array_chunk().
• Optimized pack().
• Fixed crypt() tests on musl when using --with-external-libcrypt (Michael Orlitzky).
• Fixed bug GH-18062 (is_callable(func(...), callable_name: $name) for first class callables returns wrong name).
• Added array_first() and array_last().
• Fixed bug GH-18823 (setlocale's 2nd and 3rd argument ignores strict_types).
• Fixed exit code handling of sendmail cmd and added warnings.
• Fixed bug GH-18897 (printf: empty precision is interpreted as precision 6, not as precision 0).
• Fixed bug GH-20257 (mail() heap overflow with an empty message in lf mode).
• Fixed bug GH-20201 (AVIF images misdetected as HEIF after introducing HEIF support in getimagesize()).
• Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
• Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
• Fixed bug GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their data on serialize()).
• Fixed bug GH-19610 (Deprecation warnings in functions taking as argument).
• Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
• Fixed bug GH-19153 (#[\Attribute] validation should error on trait/interface/enum/abstract class).
• Fixed bug GH-19070 (setlocale($type, NULL) should not be deprecated).
• Fixed bug GH-16649 (UAF during array_splice).
• Passing strings which are not one byte long to ord() is now deprecated.
• Passing integers outside the interval [0, 255] to chr() is now deprecated.
• The socket_set_timeout() alias function has been deprecated.
Streams:
• Fixed bug GH-16889 (stream_select() timeout useless for pipes on Windows).
• Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64.
• Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler causes heap corruption).
• Avoid double conversion to string in php_userstreamop_readdir().
Tests:
• Allow to shuffle tests even in non-parallel mode.
Tidy:
• tidy::__construct/parseFile/parseString methods throw an exception if the configuration argument is invalid.
• Fixed GH-19021 (improved tidyOptGetCategory detection).
Tokenizer:
• Fixed bug GH-19507 (Corrupted result after recursive tokenization during token_get_all()).
URI:
• Add new URI extension.
Windows:
• Fixed bug GH-10992 (Improper long path support for relative paths).
• Fixed bug GH-16843 (Windows phpize builds ignore source subfolders).
• Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).
XML:
• The xml_parser_free() function has been deprecated.
XMLWriter:
• Improved performance and reduce memory consumption.
XSL:
• Implement request #30622 (make $namespace parameter functional).
Zlib:
• gzfile, gzopen and readgzfile, their "use_include_path" argument is now a boolean.
• Fixed bug GH-16883 (gzopen() does not use the default stream context when opening HTTP URLs).
• Implemented GH-17668 (zlib streams should support locking).
Zip:
• Fixed missing zend_release_fcall_info_cache on the following methods ZipArchive::registerProgressCallback() and ZipArchive::registerCancelCallback() on failure.

Original source Report a problem

Core

• Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
• Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
• Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
• Fixed bug GH-19613 (Stale array iterator pointer).
• Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
• Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
• Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).

CLI

• Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).

DOM

• Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work).
• Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).

Intl

• Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).

Opcache

• Fixed bug GH-19493 (JIT variable not stored before YIELD).

OpenSSL

• Fixed bug GH-19245 (Success error message on TLS stream accept failure).

PGSQL

• Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).

Phar

• Fixed memory leaks when verifying OpenSSL signature.
• Fix memory leak in phar tar temporary file error handling code.
• Fix metadata leak when phar convert logic fails.
• Fix memory leak on failure in phar_convert_to_other().

Standard

• Fixed bug GH-16649 (UAF during array_splice).
• Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).

Streams

• Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
• Fix OSS-Fuzz #385993744.

Zip

• Fix memory leak in zip when encountering empty glob result.

Original source Report a problem

Core

• Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
• Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
• Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
• Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
• Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
• Fixed bug GH-19305 (Operands may be being released during comparison).
• Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
• Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
• Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
• Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
• Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).

Calendar

• Fixed bug GH-19371 (integer overflow in calendar.c).

FTP

• Fix theoretical issues with hrtime() not being available.

GD

• Fix incorrect comparison with result of php_stream_can_cast().

Hash

• Fix crash on clone failure.

Intl

• Fix memleak on failure in collator_get_sort_key().
• Fix return value on failure for resourcebundle count handler.

LDAP

• Fixed bug GH-18529 (additional inheriting of TLS int options).

LibXML

• Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).

MbString

• Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).

Opcache

• Reset global pointers to prevent use-after-free in zend_jit_status().
• Fix issue with JIT restart and hooks.
• Fix crash with dynamic function defs in hooks during preload.

OpenSSL

• Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
• Fix error return check of EVP_CIPHER_CTX_ctrl().
• Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param).

PDO Pgsql

• Fixed dangling pointer access on _pdo_pgsql_trim_message helper.

SOAP

• Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref).

Sockets

• Fix some potential crashes on incorrect argument value.

Standard

• Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache).
• Fix theoretical issues with hrtime() not being available.
• Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).

Windows

• Free opened_path when opened_path_len >= MAXPATHLEN.

Original source Report a problem