PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.1.29 11 Apr 2024, PHP 8.1.28 - Standard: . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) 21 Dec 2023, PHP 8.1.27 - Core: . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler). (ilutov) . Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend). (ilutov) . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt) - DOM: . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix). (nielsdos) - FPM: . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval). (Patrick Prasse) - Intl: . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos) - LibXML: . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303) - MySQLnd: . Avoid using uninitialised struct. (mikhainin) - OpenSSL: . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs). (Jakub Zelenka) - PCRE: . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos) - PGSQL: . Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov) - PHPDBG: . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos) - SQLite3: . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0). (SakiTakamachi) - Standard: . Fix memory leak in syslog device handling. (danog) . Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost). (nielsdos) . Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array). (nielsdos) - Streams: . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault). (Jakub Zelenka) - Zip: . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior). (Remi) 23 Nov 2023, PHP 8.1.26 - Core: . Fixed bug GH-12468 (Double-free of doc_comment when overriding static property via trait). (ilutov) . Fixed segfault caused by weak references to FFI objects. (sj-i) . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas) - DOM: . Fix registerNodeClass with abstract class crashing. (nielsdos) . Add missing NULL pointer error check. (icy17) . Fix validation logic of php:function() callbacks. (nielsdos) - Fiber: . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi) - FPM: . Fixed bug GH-9921 (Loading ext in FPM config does not register module handlers). (Jakub Zelenka) . Fixed bug GH-12232 (FPM: segfault dynamically loading extension without opcache). (Jakub Zelenka) - Intl: . Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale. (David Carlier) - Opcache: . Added warning when JIT cannot be enabled. (danog) . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) - OpenSSL: . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). (Jakub Zelenka) - PCRE: . Fixed bug GH-11374 (Backport upstream fix, Different preg_match result with -d pcre.jit=0). (mvorisek) - SOAP: . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes). (nielsdos) . Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation Fault). (nielsdos) . Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos) . Fix incorrect uri check in SOAP caching. (nielsdos) . Fix segfault and assertion failure with refcounted props and arrays. (nielsdos) . Fix potential crash with an edge case of persistent encoders. (nielsdos) . Fixed bug #75306 (Memleak in SoapClient). (nielsdos) - Streams: . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers). (Jakub Zelenka) - XMLReader: . Add missing NULL pointer error check. (icy17) - XMLWriter: . Add missing NULL pointer error check. (icy17) - XSL: . Add missing module dependency. (nielsdos) . Fix validation logic of php:function() callbacks. (nielsdos) 26 Oct 2023, PHP 8.1.25 - Core: . Fixed bug GH-12207 (memory leak when class using trait with doc block). (rioderelfte) . Fixed bug GH-12215 (Module entry being overwritten causes type errors in ext/dom). (nielsdos) . Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky) . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos) - CLI: . Ensure a single Date header is present. (coppolafab) - CType: . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater). (nielsdos) - DOM: . Restore old namespace reconciliation behaviour. (nielsdos) . Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos) - Fileinfo: . Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise) - Filter: . Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov) - Hash: . Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext). (MaxSem) - Intl: . Fixed bug GH-12243 (segfault on IntlDateFormatter::construct). (David Carlier) . Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception on an invalid locale). (David Carlier) - MySQLnd: . Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line). (nielsdos) - Opcache: . Fixed opcache_invalidate() on deleted file. (mikhainin) . Fixed bug GH-12380 (JIT+private array property access inside closure accesses private property in child class). (nielsdos) - PCRE: . Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result). (nielsdos) - SimpleXML: . Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos) . Fixed bug GH-12223 (Entity reference produces infinite loop in var_dump/print_r). (nielsdos) . Fixed bug GH-12167 (Unable to get processing instruction contents in SimpleXML). (nielsdos) . Fixed bug GH-12169 (Unable to get comment contents in SimpleXML). (nielsdos) - Streams: . Fixed bug GH-12190 (binding ipv4 address with both address and port at 0). (David Carlier) - XML: . Fix return type of stub of xml_parse_into_struct(). (nielsdos) . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos) - XSL: . Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML. (nielsdos) - Sockets: . Fix socket_export_stream() with wrong protocol (twosee) 28 Sep 2023, PHP 8.1.24 - Core: . Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov) . Fixed bug GH-11790 (On riscv64 require libatomic if actually needed). (Jeremie Courreges-Anglas) . Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures). (ilutov) . Fixed bug GH-12060 (Internal iterator rewind handler is called twice). (ju1ius) . Fixed bug GH-12102 (Incorrect compile error when using array access on TMP value in function call). (ilutov) - DOM: . Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos) - Iconv: . Fixed build for NetBSD which still uses the old iconv signature. (David Carlier) - Intl: . Fixed bug GH-12020 (intl_get_error_message() broken after MessageFormatter::formatMessage() fails). (Girgias) - MySQLnd: . Fixed bug GH-10270 (Invalid error message when connection via SSL fails: "trying to connect via (null)"). (Kamil Tekiela) - ODBC: . Fixed memory leak with failed SQLPrepare. (NattyNarwhal) . Fixed persistent procedural ODBC connections not getting closed. (NattyNarwhal) - SimpleXML: . Fixed bug #52751 (XPath processing-instruction() function is not supported). (nielsdos) - SPL: . Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18). (nielsdos) - SQLite3: . Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with a callable array). (nielsdos, arnaud-lb) 31 Aug 2023, PHP 8.1.23 - CLI: . Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1). (nielsdos) . Fixed bug GH-10964 (Improve man page about the built-in server). (Alexandre Daubois) - Core: . Fixed strerror_r detection at configuration time. (Kévin Dunglas) - Date: . Fixed bug GH-11416: Crash with DatePeriod when uninitialised objects are passed in. (Derick) - DOM: . Fix DOMEntity field getter bugs. (nielsdos) . Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS. (nielsdos) . Fix DOMCharacterData::replaceWith() with itself. (nielsdos) . Fix empty argument cases for DOMParentNode methods. (nielsdos) . Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone). (nielsdos) . Fix json_encode result on DOMDocument. (nielsdos) . Fix manually calling __construct() on DOM classes. (nielsdos) . Fixed bug GH-11830 (ParentNode methods should perform their checks upfront). (nielsdos) . Fix segfault when DOMParentNode::prepend() is called when the child disappears. (nielsdos) - FFI: . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov) - MySQLnd: . Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL). (nielsdos) . Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters). (nielsdos, Kamil Tekiela) . Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault). (Yurunsoft) . Fixed invalid error message "Malformed packet" when connection is dropped. (Kamil Tekiela) - Opcache: . Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong). (nielsdos) . Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress. (mikhainin) - PCNTL: . Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22. (nielsdos) - SPL: . Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free). (nielsdos) - Standard: . Prevent int overflow on $decimals in number_format. (Marc Bennewitz) . Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro) 03 Aug 2023, PHP 8.1.22 - Build: . Fixed bug GH-11522 (PHP version check fails with '-' separator). (SVGAnimate) - CLI: . Fix interrupted CLI output causing the process to exit. (nielsdos) - Core: . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). (ilutov) . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - Curl: . Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos) - Date: . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick) - DOM: . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos) - Fileinfo: . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol) - FTP: . Fix context option check for "overwrite". (JonasQuinten) . Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos) - GD: . Fix most of the external libgd test failures. (Michael Orlitzky) - Hash: . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. (ilutov) - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - Libxml: . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) - Opcache: . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos) . Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos) - PCNTL: . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos) - PCRE: . Mangle PCRE regex cache key with JIT option. (mvorisek) - PDO: . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi) - PDO SQLite: . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias) - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) - Session: . Removed broken url support for transferring session ID. (ilutov) - Standard: . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - SQLite3: . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos) 06 Jul 2023, PHP 8.1.21 - CLI: . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS). (James Lucas) - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - Curl: . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL). (nielsdos) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) . Fix return value in stub file for DOMNodeList::item. (divinity76) . Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS. (nielsdos) . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks. (nielsdos) . Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query). (nielsdos) . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces). (nielsdos) . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself). (nielsdos) . Fixed bug #77686 (Removed elements are still returned by getElementById). (nielsdos) . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()). (nielsdos) . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos) . Fix lifetime issue with getAttributeNodeNS(). (nielsdos) . Fix "invalid state error" with cloned namespace declarations. (nielsdos) . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues). (nielsdos) . Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked). (nielsdos) - OpenSSL: . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka). - PGSQL: . Fixed intermittent segfault with pg_trace. (David Carlier) - Phar: . Fix cross-compilation check in phar generation for FreeBSD. (peter279k) - SPL: . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash). (nielsdos) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) 08 Jun 2023, PHP 8.1.20 - Core: . Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos) . Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) . Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob) - Date: . Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos) - Exif: . Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos) - FPM: . Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka) . Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka) . Fixed memory leak for invalid primary script file handle. (Jakub Zelenka) - Hash: . Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos) - LibXML: . Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos) - Opcache: . Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov) . Fixed too wide OR and AND range inference. (nielsdos) . Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos) - PGSQL: . Fixed parameter parsing of pg_lo_export(). (kocsismate) - Phar: . Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done). (peter279k) - Soap: . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247) (nielsdos, timwolla) . Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos) - SPL: . Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) - Standard: . Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov) . Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos) - Streams: . Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos) . Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos) . Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos) 11 May 2023, PHP 8.1.19 - Core: . Fix inconsistent float negation in constant expressions. (ilutov) . Fixed bug GH-8841 (php-cli core dump calling a badly formed function). (nielsdos) . Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB) . Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos) . Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=). (ilutov) - DOM: . Fixed bug #80602 (Segfault when using DOMChildNode::before()). (Nathan Freeman) . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos) - Exif: . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index). (nielsdos) - Intl: . Fixed bug GH-11071 (TZData version not displayed anymore). (Remi) - PCRE: . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov) - Standard: . Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference). (nielsdos) . Fixed bug GH-9775 (Duplicates returned by array_unique when using enums). (ilutov) 13 Apr 2023, PHP 8.1.18 - Core: . Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas) . Fixed use-after-free in recursive AST evaluation. (ilutov) . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos) . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault). (nielsdos) . Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache). (nielsdos) . Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown). (nielsdos) . Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()). (ilutov) . Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov) - Date: . Fixed bug GH-10583 (DateTime modify with tz pattern should not update linked timezone). (Derick) - FPM: . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos) . Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos) . Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path). (Jakub Zelenka) - FTP: . Propagate success status of ftp_close(). (nielsdos) . Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB). (nielsdos) - IMAP: . Fix build failure with Clang 16. (orlitzky) - MySQLnd: . Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections). (nielsdos) - Opcache: . Fixed build for macOS to cater with pkg-config settings. (David Carlier) . Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context). (nielsdos) - OpenSSL: . Add missing error checks on file writing functions. (nielsdos) - PDO Firebird: . Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland). (nielsdos) - PDO ODBC: . Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos) - Phar: . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)). (nielsdos) . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit(). (nielsdos) - PGSQL: . Fixed typo in the array returned from pg_meta_data (extended mode). (David Carlier) - SPL: . Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman) . Fixed bug GH-10844 (ArrayIterator allows modification of readonly props). (ilutov) - Standard: . Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov) . Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)). (nielsdos) . Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure). (ilutov) . Fixed undefined behaviour in unpack(). (nielsdos) 16 Mar 2023, PHP 8.1.17 - Core: . Fixed incorrect check condition in ZEND_YIELD. (nielsdos) . Fixed incorrect check condition in type inference. (nielsdos) . Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos) . Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes). (Arnaud) . Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout). (trowski) . Fixed SSA object type update for compound assignment opcodes. (nielsdos) . Fixed language scanner generation build. (Daniel Black) . Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type. (nielsdos) . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name). (nielsdos) . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized. (nielsdos) - Curl: . Fixed deprecation warning at compile time. (Max Kellermann) . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback). (Pierrick Charron) - Date: . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick) - FFI: . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos) - Fiber: . Fixed assembly on alpine x86. (nielsdos) . Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber). (Bob, Arnaud) - FPM: . Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka) . Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos) - Intl: . Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0. (Nathan Freeman) - JSON: . Fixed JSON scanner and parser generation build. (Daniel Black, Jakub Zelenka) - MBString: . ext/mbstring: fix new_value length check. (Max Kellermann) . Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos) - Opcache: . Fix incorrect page_size check. (nielsdos) . Fix readonly modification check when using inc/dec operators on readonly property with JIT. (ilutov) - OpenSSL: . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos) - PDO OCI: . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars). (Michael Voříšek) - PHPDBG: . Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos) - PGSQL: . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias) - Phar: . Fix incorrect check in phar tar parsing. (nielsdos) - Reflection: . Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments). (nielsdos) . Fix Segfault when using ReflectionFiber suspended by an internal function. (danog) - Session: . Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos). - Standard: . Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos) . Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes . Fix incorrect error check in browsecap for pcre2_match(). (nielsdos) - Tidy: . Fix memory leaks when attempting to open a non-existing file or a file over 4GB. (Girgias) . Add missing error check on tidyLoadConfig. (nielsdos) - Zlib: . Fixed output_handler directive value's length which counted the string terminator. (nieldos) 14 Feb 2023, PHP 8.1.16 - Core: . Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus) . Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche) - SAPI: . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka) 02 Feb 2023, PHP 8.1.15 - Apache: . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb) - Core: . Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code). (Derick) . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos) . Fix wrong comparison in block optimisation pass after opcode update. (nieldsdos) . Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed). (nielsdos) - Date: . Fixed bug GH-9891 (DateTime modify with unixtimestamp (@) must work like setTimestamp). (Derick) . Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the "+" character). (Derick) - Fiber: . Fix assertion on stack allocation size. (nielsdos) - FPM: . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header). (Jakub Zelenka) . Fixed bug #67244 (Wrong owner:group for listening unix socket). (Jakub Zelenka) - Hash: . Handle exceptions from __toString in XXH3's initialization (nielsdos) - LDAP: . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()). (cmb) - MBString: . Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character. (Alex Dowad) - Opcache: . Fix inverted bailout value in zend_runtime_jit() (Max Kellermann). . Fix access to uninitialized variable in accel_preload(). (nielsdos) . Fix zend_jit_find_trace() crashes. (Max Kellermann) . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann) - Phar: . Fix wrong flags check for compression method in phar_object.c (nielsdos) - PHPDBG: . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos) . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos) . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos) . Fix phpdbg segmentation fault in case of malformed input (nielsdos) - Posix: . Fix memory leak in posix_ttyname() (girgias) - Standard: . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos) . Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos) - TSRM: . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre) - XMLWriter . Fix missing check for xmlTextWriterEndElement (nielsdos) 05 Jan 2023, PHP 8.1.14 - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) - Date: . Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related). (Derick) . Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy). (Derick) . Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()). (Derick) . Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone). (Derick) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) 24 Nov 2022, PHP 8.1.13 - CLI: . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara) - Core: . Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params). (Arnaud) . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization). (Arnaud) . Fixed potential NULL pointer dereference Windows shm*() functions. (cmb) . Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation. (Arnaud) - Date: . Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes). (Derick) - FPM: . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11). (Jakub Zelenka) - mysqli: . Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode). (Kamil Tekiela) - MySQLnd: . Fixed potential heap corruption due to alignment mismatch. (cmb) - OpenSSL: . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build). (Jakub Zelenka, fsbruva) - SOAP: . Fixed GH-9720 (Null pointer dereference while serializing the response). (cmb) 27 Oct 2022, PHP 8.1.12 - Core: . Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier) - Fileinfo: . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files). (Anatol) - GD: . Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb) - Hash: . Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be) - MBString: - Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad) - Opcache: . Added indirect call reduction for jit on x86 architectures. (wxue1) - Session: . Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias) - Streams: . Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud) 29 Sep 2022, PHP 8.1.11 - Core: . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling) . Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb, Christian Schneider) . Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions). (ilutov) . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick) - DOM: . Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman) - FPM: . Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov) . Fixed bug #77780 ("Headers already sent..." when previous connection was aborted). (Jakub Zelenka) - GMP . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias) - Intl . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias) - PCRE: . Fixed pcre.jit on Apple Silicon. (Niklas Keller) - PDO_PGSQL: . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft) - Phar: . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb) - Reflection: . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas) - Streams: . Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla) 01 Sep 2022, PHP 8.1.10 - Core: . Fixed --CGI-- support of run-tests.php. (cmb) . Fixed incorrect double to long casting in latest clang. (zeriyoshi) . Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present). (Michael Olšavský) - Date: . Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type). (Derick) . Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second). (Derick) . Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0). (Derick) . Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick) - DBA: . Fixed LMDB driver memory leak on DB creation failure (Girgias) . Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults) (cmb) - IMAP: . Fixed bug GH-9309 (Segfault when connection is used after imap_close()). (cmb) - Intl: . Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter) - MBString: . Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings). (cmb) - OPcache: . Fixed bug GH-9033 (Loading blacklist file can fail due to negative length). (cmb) . Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy). (Arnaud, Sergei Turchanov) - OpenSSL: . Fixed bug GH-9339 (OpenSSL oid_file path check warning contains uninitialized path). (Jakub Zelenka) - PDO_SQLite: . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) - SQLite3: . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) - Streams: . Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata). (Jakub Zelenka) . Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging). (Jakub Zelenka, Twosee) 04 Aug 2022, PHP 8.1.9 - CLI: . Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner) - Core: . Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb) . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError). (Tobias Bachert) - CLI: . Fixed GH-8952 (Intentionally closing std handles no longer possible). (Arnaud, cmb) - Date: . Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable). (Derick) - FPM: . Fixed zlog message prepend, free on incorrect address. (Heiko Weber) . Fixed possible double free on configuration loading failure. (Heiko Weber). - GD: . Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument). (cmb) - Intl: . Fixed build for ICU 69.x and onwards. (David Carlier) - OPcache: . Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file). (Dmitry) . Fixed bug GH-8030 (Segfault with JIT and large match/switch statements). (Arnaud) - Reflection: . Fixed bug GH-8943 (Fixed Reflection::getModifiersNames() with readonly modifier). (Pierrick) . Fixed bug GH-8982 (Attribute with TARGET_METHOD is rejected on fake closure of method). (ilutov) - Standard: . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier) . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier). . Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL). (Heiko Weber) 07 Jul 2022, PHP 8.1.8 - Core: . Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu) . Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov) . Fixed calling internal methods with a static return type from extension code. (Sara) . Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas) . Fixed potential use after free in php_binary_init(). (Heiko Weber) . Fixed bug GH-7942 (Indirect mutation of readonly properties through references). (ilutov) - CLI: . Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb) - COM: . Fixed bug GH-8778 (Integer arithmethic with large number variants fails). (cmb) - Curl: . Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick) - Date: . Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions). (Derick) . Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick) . Fixed bug #77243 (Weekdays are calculated incorrectly for negative years). (Derick) . Fixed bug #78139 (timezone_open accepts invalid timezone string argument). (Derick) - Fileinfo: . Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627) (cmb) - FPM: . Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka) - GD: . Fixed imagecreatefromavif() memory leak. (cmb) - MBString: . mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad) . mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad) . Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi) . Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0. (Alex Dowad) - ODBC: . Fixed handling of single-key connection strings. (Calvin Buckley) - OPcache: . Fixed bug GH-8591 (tracing JIT crash after private instance method change). (Arnaud, Dmitry, Oleg Stepanischev) - OpenSSL: . Fixed bug #50293 (Several openssl functions ignore the VCWD). (Jakub Zelenka, cmb) . Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates). (Jakub Zelenka) - PDO_ODBC: . Fixed handling of single-key connection strings. (Calvin Buckley) - Zip: . Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat cache). (Remi) 09 Jun 2022, PHP 8.1.7 - CLI: . Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison) - Date: . Fixed bug #51934 (strtotime plurals / incorrect time). (Derick) . Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)). (Derick) . Fixed bug #66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH) (cmb, Derick) . Fixed bug #68549 (Timezones and offsets are not properly used when working with dates) (Derick, Roel Harbers) . Fixed bug #81565 (date parsing fails when provided with timezones including seconds). (Derick) . Fixed bug GH-7758 (Problems with negative timestamps and fractions). (Derick, Ilija) - FPM: . Fixed ACL build check on MacOS. (David Carlier) . Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful) . Fixes use after free. (Heiko Weber). - mysqlnd: . Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io) - OPcache: . Fixed bug GH-8461 (tracing JIT crash after function/method change). (Arnaud, Dmitry) - OpenSSL: . Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading). (Jakub Zelenka) - Pcntl: . Fixed Haiku build. (David Carlier) - pgsql . Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb) - Soap: . Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu) . Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb) - SPL: . Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb) - Standard: . Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS). (Arnaud) - Zip: . Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger) 12 May 2022, PHP 8.1.6 - Core: . Fixed bug GH-8310 (Registry settings are no longer recognized). (cmb) . Fixed potential race condition during resource ID allocation. (ryancaicse) . Fixed bug GH-8133 (Preloading of constants containing arrays with enums segfaults). (ilutov) . Fixed Haiku ZTS builds. (David Carlier) - Date: . Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient data). (Derick) . Fixed bug GH-8108 (Timezone doesn't work as intended). (Derick) . Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data). (Derick) . Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator). (Bob) - FFI: . Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks). (Bob) - FPM: . Fixed bug #76003 (FPM /status reports wrong number of active processe). (Jakub Zelenka) . Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka) . Fixed comment in kqueue remove callback log message. (David Carlier) - Hash: . Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb) - Iconv: . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header). (cmb) - Intl: . Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb) - MBString: . Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier. (alexdowad) - MySQLi: . Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows). (cmb) - OPcache: . Fixed bug GH-8063 (OPcache breaks autoloading after E_COMPILE_ERROR). (Arnaud) - SPL: . Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()). (cmb) . Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias) - Streams: . Fixed php://temp does not preserve file-position when switched to temporary file. (Bernd Holzmüller) - zlib: . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header). (cmb) 14 Apr 2022, PHP 8.1.5 - Core: . Fixed bug GH-8176 (Enum values in property initializers leak). (Bob) . Fixed freeing of internal attribute arguments. (Bob) . Fixed bug GH-8070 (memory leak of internal function attribute hash). (Tim Düsterhus) . Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek) - Filter: . Fixed signedness confusion in php_filter_validate_domain(). (cmb) - Intl: . Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl classes). (ilutov) . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier) . Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first key). (ilutov) - MBString: . Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken). (cmb) - MySQLi: . Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties). (cmb) - Pcntl: . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier) - PgSQL: . Fixed result_type related stack corruption on LLP64 architectures. (cmb) . Fixed bug GH-8253 (pg_insert() fails for references). (cmb) - Sockets: . Fixed Solaris builds. (David Carlier) . Fix undefined behavior in php_set_inet6_addr. (ilutov) - SPL: . Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent). (cmb) . Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without return typehint in 8.1). (Nikita) - Standard: . Fixed bug GH-8048 (Force macOS to use statfs). (risner) 17 Mar 2022, PHP 8.1.4 - Core: . Fixed Haiku ZTS build. (David Carlier) . Fixed bug GH-8059 arginfo not regenerated for extension. (Remi) . Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static variables. (ilutov) . Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory). (cmb) . Fixed bug GH-8074 (Wrong type inference of range() result). (cmb) . Fixed bug GH-8140 (Wrong first class callable by name optimization). (cmb) . Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory when observed). (Bob) - GD: . Fixed libpng warning when loading interlaced images. (Brett) - FPM: . Fixed bug #76109 (Unsafe access to fpm scoreboard). (Till Backhaus, Jakub Zelenka) - Iconv: . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb) . Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb) - MBString: . Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit). (alexdowad) - MySQLnd: . Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela) - Reflection: . Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order). (cmb) . Fixed bug GH-8444 (Fix ReflectionProperty::__toString() of properties containing instantiated enums). (ilutov) - Zlib: . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb) 03 Feb 2022, PHP 8.1.3 - Core: . Fixed bug #81430 (Attribute instantiation leaves dangling pointer). (beberlei) . Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb) . Fixed bug GH-7883 (Segfault when INI file is not readable). (Remi) - FFI: . Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb, dmitry) - Filter: . Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708) (cmb) - FPM: . Fixed memory leak on invalid port. (David Carlier) . Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM status page. (Stefano Arlandini) - MBString: . Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb) - MySQLnd: . Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela) - pcntl: . Fixed pcntl_rfork build for DragonFlyBSD. (David Carlier) - Sockets: . Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier) - Standard: . Fixed bug GH-7899 (Regression in unpack for negative int value). (Remi) . Fixed bug GH-7875 (mails are sent even if failure to log throws exception). (cmb) 20 Jan 2022, PHP 8.1.2 - Core: . Fixed bug #81216 (Nullsafe operator leaks dynamic property name). (Dmitry) . Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error). (ilutov) . Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner) . Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods). (ilutov) . Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown). (cmb) . Fixed bug GH-7757 (Multi-inherited final constant causes fatal error). (cmb) . Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera) . Added riscv64 support for fibers. (Jeremie Courreges-Anglas) - Filter: . Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong) - Hash: . Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()). (cmb) . Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file). (cmb) - MBString: . Fixed bug #81693 (mb_check_encoding(7bit) segfaults). (cmb) - MySQLi: . Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB). (devnexen) . Introduced MYSQLI_IS_MARIADB. (devnexen) . Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()). (Kamil Tekiela) - MySQLnd: . Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb) - OCI8: . Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call). (cmb) - OPcache: . Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb) - Readline: . Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive shell). (Nikita) - Reflection: . Fixed bug #81681 (ReflectionEnum throwing exceptions). (cmb) - PDO_PGSQL: . Fixed error message allocation of PDO PgSQL. (SATO Kentaro) - Sockets: . Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier) . Fixed ext/sockets build on Haiku. (David Carlier) - Spl: . Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr Bystry) . Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault). (cmb) - Standard: . Fixed bug GH-7748 (gethostbyaddr outputs binary string). (cmb) . Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions). (David Warner) 02 Dec 2021, PHP 8.1.1 - IMAP: . Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers). (cmb) - PCRE: . Update bundled PCRE2 to 10.39. (cmb) . Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry) - Standard: . Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate). (cmb) 25 Nov 2021, PHP 8.1.0 - Core: . Fixed inclusion order for phpize builds on Windows. (cmb) . Added missing hashtable insertion APIs for arr/obj/ref. (Sara) . Implemented FR #77372 (Relative file path is removed from uploaded file). (Björn Tantau) . Fixed bug #81607 (CE_CACHE allocation with concurrent access). (Nikita, Dmitry) . Fixed bug #81507 (Fiber does not compile on AIX). (Clément Chigot) . Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check). (Nikita) . Fixed bug #81518 (Header injection via default_mimetype / default_charset). (cmb) . Fixed bug #75941 (Fix compile failure on Solaris with clang). (Jaromír Doleček) . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe) . Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault). (Nikita) . Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php). (Remi) . Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning). (Nikita) . Fixed bug #81342 (New ampersand token parsing depends on new line after it). (Nikita) . Fixed bug #81280 (Unicode characters in cli.prompt causes segfault). (krakjoe) . Fixed bug #81192 ("Declaration should be compatible with" gives incorrect line number with traits). (Nikita) . Fixed bug #78919 (CLI server: insufficient cleanup if request startup fails). (cataphract, cmb) . Fixed bug #81303 (match error message improvements). (krakjoe) . Fixed bug #81238 (Fiber support missing for Solaris Sparc). (trowski) . Fixed bug #81237 (Comparison of fake closures doesn't work). (krakjoe) . Fixed bug #81202 (powerpc64 build fails on fibers). (krakjoe) . Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak). (Nikita) . Fixed bug #81163 (__sleep allowed to return non-array). (krakjoe) . Fixed bug #75474 (function scope static variables are not bound to a unique function). (Nikita) . Fixed bug #53826 (__callStatic fired in base class through a parent call if the method is private). (Nikita) . Fixed bug #81076 (incorrect debug info on Closures with implicit binds). (krakjoe) - CLI: . Fixed bug #81496 (Server logs incorrect request method). (lauri) - COM: . Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT. (Dmitry Maksimov) - Curl: . Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings). (camporter) - Date: . Fixed bug #81458 (Regression Incorrect difference after timezone change). (Derick) . Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2). (cmb) . Fixed bug #81504 (Incorrect timezone transition details for POSIX data). (Derick) . Fixed bug #80998 (Missing second with inverted interval). (Derick) . Speed up finding timezone offset information. (Derick) . Fixed bug #79580 (date_create_from_format misses leap year). (Derick) . Fixed bug #80963 (DateTimeZone::getTransitions() truncated). (Derick) . Fixed bug #80974 (Wrong diff between 2 dates in different timezones). (Derick) . Fixed bug #80998 (Missing second with inverted interval). (Derick) . Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an offset with seconds). (Derick) . Fixed bug #81106 (Regression in 8.1: add() now truncate ->f). (Derick) . Fixed bug #81273 (Date interval calculation not correct). (Derick) . Fixed bug #52480 (Incorrect difference using DateInterval). (Derick) . Fixed bug #62326 (date_diff() function returns false result). (Derick) . Fixed bug #64992 (dst not handled past 2038). (Derick) . Fixed bug #65003 (Wrong date diff). (Derick) . Fixed bug #66545 (DateTime. diff returns negative values). (Derick) . Fixed bug #68503 (date_diff on two dates with timezone set localised returns wrong results). (Derick) . Fixed bug #69806 (Incorrect date from timestamp). (Derick) . Fixed bug #71700 (Extra day on diff between begin and end of march 2016). (Derick) . Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo'). (Derick) . Fixed bug #73460 (Datetime add not realising it already applied DST change). (Derick) . Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in incorrect time). (Derick) . Fixed bug #74274 (Handling DST transitions correctly). (Derick) . Fixed bug #74524 (Date diff is bad calculated, in same time zone). (Derick) . Fixed bug #75167 (DateTime::add does only care about backward DST transition, not forward). (Derick) . Fixed bug #76032 (DateTime->diff having issues with leap days for timezones ahead of UTC). (Derick) . Fixed bug #76374 (Date difference varies according day time). (Derick) . Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from UTC+01:00 to UTC+12:00). (Derick) . Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran). (Derick) . Fixed bug #79452 (DateTime::diff() generates months differently between time zones). (Derick) . Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic -b slim')). (Derick) . Fixed bug #79716 (Invalid date time created (with day "00")). (Derick) . Fixed bug #80610 (DateTime calculate wrong with DateInterval). (Derick) . Fixed bug #80664 (DateTime objects behave incorrectly around DST transition). (Derick) . Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect time). (Derick) - DBA: . Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias) - DOM: . Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID). (Viktor Volkov) - FFI: . Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined). (Dmitry) - Filter: . Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing). (cmb, Nikita) - FPM: . Fixed bug #81513 (Future possibility for heap overflow in FPM zlog). (Jakub Zelenka) . Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703). (Jakub Zelenka) . Added openmetrics status format. (Cees-Jan Kiewiet) . Enable process renaming on macOS. (devnexen) . Added pm.max_spawn_rate option to configure max spawn child processes rate. (Paulius Sapragonas) . Fixed bug #65800 (Events port mechanism). (psumbera) - FTP: . Convert resource to object \FTP\Connection. (Sara) - GD: . Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb) . Convert resource to object \GdFont. (Sara) - hash: . Implemented FR #68109 (Add MurmurHash V3). (Anatol, Michael) . Implemented FR #73385 (Add xxHash support). (Anatol) - JSON: . Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1). (Nikita) . Fixed bug GH-8238 (Register JSON_ERROR_NON_BACKED_ENUM constant). (ilutov) - LDAP: . Convert resource to object \LDAP\Connection. (Máté) . Convert resource to object \LDAP\Result. (Máté) . Convert resource to object \LDAP\ResultEntry. (Máté) - MBString: . Fixed bug #76167 (mbstring may use pointer from some previous request). (cmb, cataphract) . Fixed bug #81390 (mb_detect_encoding() regression). (alexdowad) . Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases). (Nikita) . Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is specified). (Nikita) - MySQLi: . Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient). (Nikita) . Fixed bug #80330 (Replace language in APIs and source code/docs). (Darek Ślusarczyk) . Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder (including libmysql)). (Darek Ślusarczyk) - MySQLnd: . Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment). (Nikita) . Fixed bug #80761 (PDO uses too much memory). (Nikita) - Opcache: . Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array). (Dmitry) . Fixed bug #81255 (Memory leak in PHPUnit with functional JIT). . Fixed bug #80959 (infinite loop in building cfg during JIT compilation). (Nikita, Dmitry) . Fixed bug #81225 (Wrong result with pow operator with JIT enabled). (Dmitry) . Fixed bug #81249 (Intermittent property assignment failure with JIT enabled). (Dmitry) . Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with JIT). (Dmitry) . Fixed bug #81133 (building opcache with phpize fails). (krakjoe) . Fixed bug #81136 (opcache header not installed). (krakjoe) . Added inheritance cache. (Dmitry) - OpenSSL: . Fixed bug #81502 ($tag argument of openssl_decrypt() should accept null/empty string). (Nikita) . Bump minimal OpenSSL version to 1.0.2. (Jakub Zelenka) - PCRE: . Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb) . Bundled PCRE2 is 10.37. - PDO: . Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for fetching a BLOB). (Nikita) - PDO MySQL: . Fixed bug #80908 (PDO::lastInsertId() return wrong). (matt) . Fixed bug #81037 (PDO discards error message text from prepared statement). (Kamil Tekiela) - PDO OCI: . Fixed bug #77120 (Support 'success with info' at connection). (Sergei Morozov) - PDO ODBC: . Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for PDO::getAttribute(). (Calvin Buckley) - PDO PgSQL: . Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling closeCursor()). (Philip Hofstetter) - PDO SQLite: . Fixed bug #38334 (Proper data-type support for PDO_SQLITE). (Nikita) - PgSQL: . Fixed bug #81509 (pg_end_copy still expects a resource). (Matteo) . Convert resource to object \PgSql\Connection. (Máté) . Convert resource to object \PgSql\Result. (Máté) . Convert resource to object \PgSql\Lob. (Máté) - Phar: . Use SHA256 by default for signature. (remi) . Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature. (remi) - phpdbg: . Fixed bug #81135 (unknown help topic causes assertion failure). (krakjoe) - PSpell: . Convert resource to object \PSpell\Dictionary. (Sara) . Convert resource to object \PSpell\Config. (Sara) - readline: . Fixed bug #72998 (invalid read in readline completion). (krakjoe) - Reflection: . Fixed bug #81611 (ArgumentCountError when getting default value from ReflectionParameter with new). (Cameron Porter) . Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with Internal error). (Nikita) . Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a ReflectionClass). (Nikita) . Fixed bug #81474 (Make ReflectionEnum and related class non-final). (Nikita) . Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current value for statics). (Nikita) . Fixed bug #80564 (ReflectionProperty::__toString() renders current value, not default value). (Nikita) . Fixed bug #80097 (ReflectionAttribute is not a Reflector). (beberlei) . Fixed bug #81200 (no way to determine if Closure is static). (krakjoe) . Implement ReflectionFunctionAbstract::getClosureUsedVariables. (krakjoe) - Shmop: . Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb) - SimpleXML: . Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi) - SNMP: . Implement SHA256 and SHA512 for security protocol. (remi) - Sodium: . Added the XChaCha20 stream cipher functions. (P.I.E. Security Team) . Added the Ristretto255 functions, which are available in libsodium 1.0.18. (P.I.E. Security Team) - SPL: . Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on premature EOF). (Aliaksandr Bystry) . Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free). (cmb, Nikita, Tyson Andre) . Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb) . Fixed bug #81112 (Special json_encode behavior for SplFixedArray). (Nikita) . Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject non-existing key). (Nikita) . Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE from bitmask). (Cameron Porter) - Standard: . Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after calling some other method). (Nikita) . Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing). (Dan Pock) . Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an associative array). (Nikita) . Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes with __serialize()). (Nikita) . Fixed bug #81137 (hrtime breaks build on OSX before Sierra). (krakjoe) . Fixed bug #77627 (method_exists on Closure::__invoke inconsistency). (krakjoe) - Streams: . Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper). (cmb) - XML: . Fixed bug #79971 (special character is breaking the path in xml function) (CVE-2021-21707). (cmb) . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace). (Aliaksandr Bystry, cmb) - Zip: . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi) . Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb) . Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination) (CVE-2021-21706). (cmb) . Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi)