1PHP NEWS 2||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 3?? ??? ????, PHP 8.3.13 4 5- CLI: 6 . Fixed bug GH-16137: duplicate http headers when set several times by 7 the client. (David Carlier) 8 9- Core: 10 . Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator 11 list while adding). (nielsdos) 12 . Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). (cmb) 13 . Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to 14 exception). (ilutov) 15 . Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of 16 nested generator frame). (ilutov) 17 . Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). (Arnaud) 18 19- DOM: 20 . Fixed bug GH-16039 (Segmentation fault (access null pointer) in 21 ext/dom/parentnode/tree.c). (nielsdos) 22 . Fixed bug GH-16149 (Null pointer dereference in 23 DOMElement->getAttributeNames()). (nielsdos) 24 . Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). 25 (nielsdos) 26 . Fixed bug GH-16150 (Use after free in php_dom.c). (nielsdos) 27 . Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument). 28 (nielsdos) 29 30- JSON: 31 . Fixed bug GH-15168 (stack overflow in json_encode()). (nielsdos) 32 33- LDAP: 34 . Fixed bug GH-16032 (Various NULL pointer dereferencements in 35 ldap_modify_batch()). (Girgias) 36 . Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() 37 when LDAPs array is not a list). (Girgias) 38 . Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated 39 by ZMM.). (Girgias) 40 . Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a 41 proper dictionary). (Girgias) 42 43- OpenSSL: 44 . Fixed stub for openssl_csr_new. (Jakub Zelenka) 45 46- PCRE: 47 . Fixed bug GH-16189 (underflow on offset argument). (David Carlier) 48 . Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c). 49 (nielsdos) 50 51- PHPDBG: 52 . Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb) 53 . Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error). 54 (cmb) 55 56- SimpleXML: 57 . Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c). 58 (nielsdos) 59 60- SOAP: 61 . Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP 62 headers in array form). (nielsdos) 63 . Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos) 64 . Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value). 65 (nielsdos) 66 67- SPL: 68 . Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c). 69 (nielsdos) 70 71- Standard: 72 . Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). (Arnaud) 73 . Fixed bug GH-15169 (stack overflow when var serialization in 74 ext/standard/var). (nielsdos) 75 76- Streams: 77 . Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c). 78 (nielsdos) 79 . Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c). 80 (cmb) 81 82- TSRM: 83 . Prevent closing of unrelated handles. (cmb) 84 85- Windows: 86 . Fixed minimal Windows version. (cmb) 87 8826 Sep 2024, PHP 8.3.12 89 90- CGI: 91 . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection 92 Vulnerability). (CVE-2024-8926) (nielsdos) 93 . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is 94 bypassable due to the environment variable collision). (CVE-2024-8927) 95 (nielsdos) 96 97- Core: 98 . Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). 99 (zeriyoshi) 100 . Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot) 101 . Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot) 102 . Fixed bug GH-15565 (--disable-ipv6 during compilation produces error 103 EAI_SYSTEM not found). (nielsdos) 104 . Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). 105 (Bernd Kuhls, Thomas Petazzoni) 106 . Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud) 107 . Fixed uninitialized lineno in constant AST of internal enums. (ilutov) 108 109- Curl: 110 . FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). 111 (David Carlier) 112 113- DOM: 114 . Fixed bug GH-15551 (Segmentation fault (access null pointer) in 115 ext/dom/xml_common.h). (nielsdos) 116 . Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). 117 (nielsdos) 118 119- Fileinfo: 120 . Fixed bug GH-15752 (Incorrect error message for finfo_file 121 with an empty filename argument). (DanielEScherzer) 122 123- FPM: 124 . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). 125 (CVE-2024-9026) (Jakub Zelenka) 126 127- MySQLnd: 128 . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb, 129 Kamil Tekiela) 130 131- Opcache: 132 . Fixed bug GH-15661 (Access null pointer in 133 Zend/Optimizer/zend_inference.c). (nielsdos) 134 . Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). 135 (nielsdos) 136 137- SAPI: 138 . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). 139 (CVE-2024-8925) (Arnaud) 140 141- Standard: 142 . Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb) 143 144- Streams: 145 . Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). 146 (cmb) 147 14829 Aug 2024, PHP 8.3.11 149 150- Core: 151 . Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c). 152 (nielsdos) 153 . Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). (nielsdos) 154 . Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally). 155 (Peter Kokot) 156 . Fix uninitialized memory in network.c. (nielsdos) 157 . Fixed bug GH-15108 (Segfault when destroying generator during shutdown). 158 (Arnaud) 159 . Fixed bug GH-15275 (Crash during GC of suspended generator delegate). 160 (Arnaud) 161 162- Curl: 163 . Fixed case when curl_error returns an empty string. 164 (David Carlier) 165 166- DOM: 167 . Fix UAF when removing doctype and using foreach iteration. (nielsdos) 168 169- FFI: 170 . Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory 171 leak). (nielsdos, dstogov) 172 173- Hash: 174 . Fix crash when converting array data for array in shm in xxh3. (nielsdos) 175 176- Intl: 177 . Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). (cmb) 178 179- Opcache: 180 . Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4). 181 (Bob) 182 . Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement). 183 (Arnaud, nielsdos) 184 185- Output: 186 . Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in 187 ext/standard/url_scanner_ex.re). (nielsdos) 188 189- PDO_Firebird: 190 . Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos) 191 192- PHPDBG: 193 . Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode 194 with libedit/readline). (Peter Kokot) 195 . Fixed bug GH-15268 (heap buffer overflow in phpdbg 196 (zend_hash_num_elements() Zend/zend_hash.h)). (nielsdos) 197 . Fixed bug GH-15210 use-after-free on watchpoint allocations. (nielsdos) 198 199- Random: 200 . Fixed part of bug GH-15381, checking getrandom availability on solaris. 201 (David Carlier) 202 203- Soap: 204 . Fixed bug #55639 (Digest autentication dont work). (nielsdos) 205 . Fix SoapFault property destruction. (nielsdos) 206 . Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap 207 constructor option). (nielsdos) 208 209- Standard: 210 . Fix passing non-finite timeout values in stream functions. (nielsdos) 211 . Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier) 212 . Fixed GH-15653 overflow on fgetcsv length parameter. (David Carlier) 213 214- Streams: 215 . Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos) 216 . Fixed bug GH-15034 (Integer overflow on stream_notification_callback 217 byte_max parameter with files bigger than 2GB). (nielsdos) 218 . Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output 219 truncated to 255 characters). (Jakub Zelenka) 220 221- Tidy: 222 . Fix memory leaks in ext/tidy basedir restriction code. (nielsdos) 223 22401 Aug 2024, PHP 8.3.10 225 226- Core: 227 . Fixed bug GH-13922 (Fixed support for systems with 228 sysconf(_SC_GETPW_R_SIZE_MAX) == -1). (Arnaud) 229 . Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). (Arnaud) 230 . Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. 231 (nielsdos) 232 . Fixed OSS-Fuzz #69765. (nielsdos) 233 . Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). (nielsdos) 234 . Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). 235 (ilutov) 236 . Fixed bug GH-14961 (Comment between -> and keyword results in parse error). 237 (ilutov) 238 239- Dom: 240 . Fixed bug GH-14702 (DOMDocument::xinclude() crash). (nielsdos) 241 242- Fileinfo: 243 . Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). 244 (cmb) 245 246- Gd: 247 . ext/gd/tests/gh10614.phpt: skip if no PNG support. (orlitzky) 248 . restored warning instead of fata error. (dryabov) 249 250- LibXML: 251 . Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). (nielsdos) 252 253- Opcache: 254 . Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that 255 opcache.jit is implictly disabled). (nielsdos) 256 257- Output: 258 . Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with 259 empty output buffer). (nielsdos) 260 261- PDO: 262 . Fixed bug GH-14712 (Crash with PDORow access to null property). 263 (David Carlier) 264 265- Phar: 266 . Fixed bug GH-14603 (null string from zip entry). 267 (David Carlier) 268 269- PHPDBG: 270 . Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). 271 (David Carlier) 272 . Fixed bug GH-14553 (echo output trimmed at NULL byte). (nielsdos) 273 274- Shmop: 275 . Fixed bug GH-14537 (shmop Windows 11 crashes the process). (nielsdos) 276 277- SPL: 278 . Fixed bug GH-14639 (Member access within null pointer in 279 ext/spl/spl_observer.c). (nielsdos) 280 281- Standard: 282 . Fixed bug GH-14775 (range function overflow with negative step argument). 283 (David Carlier) 284 . Fix 32-bit wordwrap test failures. (orlitzky) 285 . Fixed bug GH-14774 (time_sleep_until overflow). (David Carlier) 286 287- Streams: 288 . Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 289 255 characters in PHP 8.3). (Joe Cai) 290 291- Tidy: 292 . Fix memory leak in tidy_repair_file(). (nielsdos) 293 294- Treewide: 295 . Fix compatibility with libxml2 2.13.2. (nielsdos) 296 297- XML: 298 . Move away from to-be-deprecated libxml fields. (nielsdos) 299 . Fixed bug GH-14834 (Error installing PHP when --with-pear is used). 300 (nielsdos) 301 30220 Jun 2024, PHP 8.3.9 303 304- Core: 305 . Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot) 306 . Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 307 when running on Apple Silicon). (Manuel Kress) 308 . Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from 309 values during Generator->throw()). (Bob) 310 . Fixed bug GH-14456 (Attempting to initialize class with private constructor 311 calls destructor). (Girgias) 312 . Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call). 313 (Florian Engelhardt) 314 . Fixed bug GH-14549 (Incompatible function pointer type for fclose). 315 (Ryan Carsten Schmidt) 316 317- BCMath: 318 . Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). (Girgias) 319 320- Curl: 321 . Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos) 322 323- DOM: 324 . Fixed bug GH-14343 (Memory leak in xml and dom). (nielsdos) 325 326- FPM: 327 . Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are 328 ignored in status pool). (Wilhansen Li, Pierrick Charron) 329 330- GD: 331 . Fix parameter numbers for imagecolorset(). (Giovanni Giacobbi) 332 333- Intl: 334 . Fix reference handling in SpoofChecker. (nielsdos) 335 336- MySQLnd: 337 . Partially fix bug GH-10599 (Apache crash on Windows when using a 338 self-referencing anonymous function inside a class with an active 339 mysqli connection). (nielsdos) 340 341- Opcache: 342 . Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). 343 (ilutov) 344 . Fixed TLS access in JIT on FreeBSD/amd64. (Arnaud) 345 . Fixed bug GH-11188 (Error when building TSRM in ARM64). (nielsdos) 346 347- PDO ODBC: 348 . Fixed bug GH-14367 (incompatible SDWORD type with iODBC). (Calvin Buckley) 349 350- PHPDBG: 351 . Fixed bug GH-13681 (segfault on watchpoint addition failure). (David Carlier) 352 353- Soap: 354 . Fixed bug #47925 (PHPClient can't decompress response). (nielsdos) 355 . Fix missing error restore code. (nielsdos) 356 . Fix memory leak if calling SoapServer::setObject() twice. (nielsdos) 357 . Fix memory leak if calling SoapServer::setClass() twice. (nielsdos) 358 . Fix reading zlib ini settings in ext-soap. (nielsdos) 359 . Fix memory leaks with string function name lookups. (nielsdos) 360 . Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class 361 name). (nielsdos) 362 . Fixed bug #76232 (SoapClient Cookie Header Semicolon). (nielsdos) 363 . Fixed memory leaks when calling SoapFault::__construct() twice. (Girgias) 364 365- Sodium: 366 . Fix memory leaks in ext/sodium on failure of some functions. (nielsdos) 367 368- SPL: 369 . Fixed bug GH-14290 (Member access within null pointer in extension spl). 370 (nielsdos) 371 372- Standard: 373 . Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract 374 namespace Unix sockets). (Derick) 375 376- Streams: 377 . Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not 378 allocated and malloc: double free for ptr errors). (nielsdos) 379 38006 Jun 2024, PHP 8.3.8 381 382- CGI: 383 . Fixed buffer limit on Windows, replacing read call usage by _read. 384 (David Carlier) 385 . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection 386 in PHP-CGI). (CVE-2024-4577) (nielsdos) 387 388- CLI: 389 . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles 390 quoted heredoc literals.). (nielsdos) 391 392- Core: 393 . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for 394 non-compile-time expressions). (ilutov) 395 396- DOM: 397 . Fix crashes when entity declaration is removed while still having entity 398 references. (nielsdos) 399 . Fix references not handled correctly in C14N. (nielsdos) 400 . Fix crash when calling childNodes next() when iterator is exhausted. 401 (nielsdos) 402 . Fix crash in ParentNode::append() when dealing with a fragment 403 containing text nodes. (nielsdos) 404 405- Filter: 406 . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). 407 (CVE-2024-5458) (nielsdos) 408 409- FPM: 410 . Fix bug GH-14175 (Show decimal number instead of scientific notation in 411 systemd status). (Benjamin Cremer) 412 413- Hash: 414 . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` 415 (Saki Takamachi) 416 417- Intl: 418 . Fixed build regression on systems without C++17 compilers. (Calvin Buckley, 419 Peter Kokot) 420 421- MySQLnd: 422 . Fix bug GH-14255 (mysqli_fetch_assoc reports error from 423 nested query). (Kamil Tekiela) 424 425- Opcache: 426 . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in 427 shm). (ilutov) 428 429- OpenSSL: 430 . The openssl_private_decrypt function in PHP, when using PKCS1 padding 431 (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack 432 unless it is used with an OpenSSL version that includes the changes from this pull 433 request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). 434 These changes are part of OpenSSL 3.2 and have also been backported to stable 435 versions of various Linux distributions, as well as to the PHP builds provided for 436 Windows since the previous release. All distributors and builders should ensure that 437 this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) 438 439- Standard: 440 . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). 441 (CVE-2024-5585) (nielsdos) 442 443- XML: 444 . Fixed bug GH-14124 (Segmentation fault with XML extension under certain 445 memory limit). (nielsdos) 446 447- XMLReader: 448 . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos) 449 45009 May 2024, PHP 8.3.7 451 452- Core: 453 . Fixed zend_call_stack build with Linux/uclibc-ng without thread support. 454 (Fabrice Fontaine) 455 . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall 456 handlers when JIT is enabled). (Bob) 457 . Fixed bug GH-13931 (Applying zero offset to null pointer in 458 Zend/zend_opcode.c). (nielsdos) 459 . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with 460 other timeout implementations). (Kévin Dunglas) 461 . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert 462 parameters). (ilutov) 463 . Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Kokot) 464 . Fixed bug GH-10232 (If autoloading occurs during constant resolution 465 filename and lineno are identified incorrectly). (ranvis) 466 . Fixed bug GH-13727 (Missing void keyword). (Peter Kokot) 467 468- Fibers: 469 . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()). 470 (nielsdos) 471 472- Fileinfo: 473 . Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on 474 big-endian PPC). (orlitzky) 475 476- FPM: 477 . Fixed bug GH-13563 (Setting bool values via env in FPM config fails). 478 (Jakub Zelenka) 479 480- Intl: 481 . Fixed build for icu 74 and onwards. (dunglas) 482 483- MySQLnd: 484 . Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdos) 485 486- Opcache: 487 . Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when 488 using opcache.preload). (nielsdos) 489 . Fixed incorrect assumptions across compilation units for static calls. 490 (ilutov) 491 492- OpenSSL: 493 . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). 494 (Jakub Zelenka) 495 496- PDO SQLite: 497 . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi) 498 . Fix GH-13998 (Manage refcount of agg_context->val correctly). 499 (Saki Takamachi) 500 501- Phar: 502 . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing 503 filename causes a NULL pointer dereference). (nielsdos) 504 . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c). 505 (nielsdos) 506 . Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17) 507 508- PHPDBG: 509 . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame). 510 (nielsdos) 511 512- Posix: 513 . Fix usage of reentrant functions in ext/posix. (Arnaud) 514 515- Session: 516 . Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in 517 ext/session/mod_files.c). (nielsdos) 518 . Fixed bug GH-13891 (memleak and segfault when using ini_set with 519 session.trans_sid_hosts). (nielsdos, kamil-tekiela) 520 . Fixed buffer _read/_write size limit on windows for the file mode. (David Carlier) 521 522- Streams: 523 . Fixed file_get_contents() on Windows fails with "errno=22 Invalid 524 argument". (Damian Wójcik) 525 . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure). 526 (Jakub Zelenka) 527 . Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in 528 ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos) 529 . Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud) 530 531- Treewide: 532 . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez) 533 53428 Mar 2024, PHP 8.3.5RC1 535 536- Core: 537 . Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when 538 scanning WeakMaps). (Arnaud) 539 . Fixed bug GH-13612 (Corrupted memory in destructor with weak references). 540 (nielsdos) 541 . Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov) 542 . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) 543 . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in 544 destructor). (Arnaud) 545 546- DOM: 547 . Add some missing ZPP checks. (nielsdos) 548 . Fix potential memory leak in XPath evaluation results. (nielsdos) 549 550- FPM: 551 . Fixed GH-11086 (FPM: config test runs twice in daemonised mode). 552 (Jakub Zelenka) 553 . Fixed incorrect check in fpm_shm_free(). (nielsdos) 554 555- GD: 556 . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) 557 558- Gettext: 559 . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 560 with category set to LC_ALL. (David Carlier) 561 562- MySQLnd: 563 . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) 564 . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) 565 566- Opcache: 567 . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). 568 (Arnaud, Dmitry) 569 . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait 570 method of internal trait when opcache is loaded). (Bob) 571 572- Random: 573 . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown 574 modes). (timwolla) 575 . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between 576 requests when MT_RAND_PHP is used). (timwolla) 577 578- Session: 579 . Fixed bug GH-13680 (Segfault with session_decode and compilation error). 580 (nielsdos) 581 582- SPL: 583 . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos) 584 585- Standard: 586 . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos) 587 . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()). 588 (SakiTakamachi) 589 . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). 590 (divinity76) 591 . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command 592 parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) 593 . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to 594 partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) 595 . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, 596 opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) 597 . Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some 598 inputs). (CVE-2024-2757) (Alex Dowad) 599 60014 Mar 2024, PHP 8.3.4 601 602- Core: 603 . Fix ZTS persistent resource crashes on shutdown. (nielsdos) 604 605- Curl: 606 . Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh) 607 608- DOM: 609 . Fix unlikely memory leak in case of namespace removal with extremely deep 610 trees. (nielsdos) 611 . Fix reference access in dimensions for DOMNodeList and DOMNodeMap. 612 (nielsdos) 613 614- Fileinfo: 615 . Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null), 616 backport). (nielsdos) 617 618- FPM: 619 . Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER). 620 (Jakub Zelenka) 621 622- GD: 623 . Fixed bug GH-12019 (detection of image formats in system gd library). 624 (Michael Orlitzky) 625 626- MySQLnd: 627 . Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error 628 if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi) 629 630- PDO: 631 . Fix various PDORow bugs. (Girgias) 632 633- PGSQL: 634 . Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute 635 with null value passed by reference). (George Barbarosie) 636 637- SPL: 638 . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized 639 in PHP 8.2.15). (nielsdos) 640 641- Standard: 642 . Fixed bug GH-13279 (Instable array during in-place modification in uksort). 643 (ilutov) 644 . Fixed array key as hash to string (case insensitive) comparison typo 645 for the second operand buffer size (albeit unused for now). (A. Slepykh) 646 647- XML: 648 . Fixed bug GH-13517 (Multiple test failures when building with 649 --with-expat). (nielsdos) 650 65115 Feb 2024, PHP 8.3.3 652 653- Core: 654 . Fixed timer leak in zend-max-execution-timers builds. (withinboredom) 655 . Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus) 656 . Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown 657 Exception). (nielsdos) 658 . Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed 659 when used in trait). (nielsdos) 660 . Fixed bug GH-13215 (GCC 14 build failure). (Remi) 661 662- Curl: 663 . Fix missing error check in curl_multi_init(). (divinity76) 664 665- FPM: 666 . Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when 667 plus in path). (Jakub Zelenka) 668 669- GD: 670 . Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path). 671 (nielsdos) 672 . Fixed bug GH-10614 (imagerotate will turn the picture all black, when 673 rotated 90). (nielsdos) 674 675- LibXML: 676 . Fix crashes with entity references and predefined entities. (nielsdos) 677 678- MySQLnd: 679 . Fixed bug GH-12107 (When running a stored procedure (that returns a result 680 set) twice, PHP crashes). (nielsdos) 681 682- Opcache: 683 . Fixed bug GH-13145 (strtok() is not comptime). (ilutov) 684 . Fixed type inference of range(). (ilutov) 685 . Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but 686 JIT_debug is still on). (nielsdos) 687 688- OpenSSL: 689 . Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. 690 (David Carlier). 691 692- PDO_Firebird: 693 . Fix GH-13119 (Changed to convert float and double values into strings using 694 `H` format). (SakiTakamachi) 695 696- Phar: 697 . Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos) 698 . Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos) 699 700- Random: 701 . Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken 702 engines). (timwolla) 703 704- Session: 705 . Fixed bug GH-12504 (Corrupted session written when there's a fatal error 706 in autoloader). (nielsdos) 707 708- Standard: 709 . Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault). (nielsdos) 710 711- Streams: 712 . Fixed bug GH-13071 (Copying large files using mmap-able source streams may 713 exhaust available memory and fail). (nielsdos) 714 71518 Jan 2024, PHP 8.3.2 716 717- Core: 718 . Fixed bug GH-12953 (false positive SSA integrity verification failed when 719 loading composer classmaps with more than 11k elements). (nielsdos) 720 . Fixed bug GH-12999 (zend_strnlen build when strnlen is unsupported). 721 (rainerjung) 722 . Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf 723 doesn't emit warnings). (Peter Kokot) 724 . Fixed bug GH-12854 (8.3 - as final trait-used method does not correctly 725 report visibility in Reflection). (nielsdos) 726 727- Cli: 728 . Fix incorrect timeout in built-in web server when using router script and 729 max_input_time. (ilutov) 730 731- DOM: 732 . Fixed bug GH-12870 (Creating an xmlns attribute results in a DOMException). 733 (nielsdos) 734 . Fix crash when toggleAttribute() is used without a document. (nielsdos) 735 . Fix crash in adoptNode with attribute references. (nielsdos) 736 . Fixed bug GH-13012 (DOMNode::isEqualNode() is incorrect when attribute 737 order is different). (nielsdos) 738 739- FFI: 740 . Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData). 741 (Jakub Zelenka) 742 . Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos) 743 744- GD: 745 . Fixed GH-13082 undefined behavior with GdFont instances handling with 746 imageload* and imagechar*. (David Carlier) 747 748- Intl: 749 . Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale). 750 (David Carlier) 751 752- Hash: 753 . Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on 754 strings >= 4GiB). (nielsdos) 755 756- MBString: 757 . When operating on a string with invalid encoding, mb_substr (as well 758 as mb_strstr and its variants) defines character indices in the same 759 way as other mbstring functions such as mb_strpos. (Alex Dowad) 760 761- ODBC: 762 . Fix crash on Apache shutdown with persistent connections. (nielsdos) 763 764- Opcache: 765 . Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM 766 with NULL when DIM is the same var as result). (ilutov) 767 . Added workaround for SELinux mprotect execheap issue. 768 See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov) 769 770- OpenSSL: 771 . Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error). 772 (Jakub Zelenka) 773 774- PDO: 775 . Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES). 776 (SakiTakamachi) 777 778- PDO_ODBC: 779 . Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()). 780 (SakiTakamachi) 781 782- PGSQL: 783 . Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier) 784 . Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()). 785 (nielsdos) 786 787- Phar: 788 . Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos) 789 790- PHPDBG: 791 . Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos) 792 793- SimpleXML: 794 . Fix getting the address of an uninitialized property of a SimpleXMLElement 795 resulting in a crash. (nielsdos) 796 . Fixed bug GH-12929 (SimpleXMLElement with stream_wrapper_register can 797 segfault). (nielsdos) 798 799- Tidy: 800 . Fixed bug GH-12980 (tidynode.props.attribute is missing 801 "Boolean Attributes" and empty attributes). (nielsdos) 802 80307 Dec 2023, PHP 8.3.1RC1 804 805- Core: 806 . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within 807 ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt) 808 . Fix various missing NULL checks. (nielsdos, dstogov) 809 . Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call). 810 (ilutov) 811 . Fixed bug GH-12826 (Weird pointers issue in nested loops). (nielsdos) 812 813- FPM: 814 . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval). 815 (Patrick Prasse) 816 817- FTP: 818 . Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos) 819 820- LibXML: 821 . Fixed test failures for libxml2 2.12.0. (nielsdos) 822 823- MySQLnd: 824 . Avoid using uninitialised struct. (mikhainin) 825 . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code). 826 (nielsdos) 827 828- Opcache: 829 . Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning 830 at the same time as invalid offset Error). (Girgias) 831 . Fixed JIT bug (JIT emits "Attempt to assign property of non-object" 832 warning at the same time as Error is being thrown). (Girgias) 833 834- PDO PGSQL: 835 . Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate) 836 837- SOAP: 838 . Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted). 839 (nielsdos) 840 841- Standard 842 . Fixed GH-12745 (http_build_query() default null argument for $arg_separator 843 is implicitly coerced to string). (Girgias) 844 84523 Nov 2023, PHP 8.3.0 846 847- Bcmath 848 . Fixed GH-11761 (removing trailing zeros from numbers) (jorgsowa) 849 850- CLI: 851 . Added pdeathsig to builtin server to terminate workers when the master 852 process is killed. (ilutov) 853 . Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without 854 a script). (nielsdos) 855 . Implement GH-10024 (support linting multiple files at once using php -l). 856 (nielsdos) 857 858- Core: 859 . Fix GH-11388 (Allow "final" modifier when importing a method from a trait). 860 (nielsdos) 861 . Fixed bug GH-11406 (segfault with unpacking and magic method closure). 862 (nielsdos) 863 . Fixed bug GH-9388 (Improve unset property and __get type incompatibility 864 error message). (ilutov) 865 . SA_ONSTACK is now set for signal handlers to be friendlier to other 866 in-process code such as Go's cgo. (Kévin Dunglas) 867 . SA_ONSTACK is now set when signals are disabled. (Kévin Dunglas) 868 . Fix GH-9649: Signal handlers now do a no-op instead of crashing when 869 executed on threads not managed by TSRM. (Kévin Dunglas) 870 . Added shadow stack support for fibers. (Chen Hu) 871 . Fix bug GH-9965 (Fix accidental caching of default arguments with side 872 effects). (ilutov) 873 . Implement GH-10217 (Use strlen() for determining the class_name length). 874 (Dennis Buteyn) 875 . Fix bug GH-8821 (Improve line numbers for errors in constant expressions). 876 (ilutov) 877 . Fix bug GH-10083 (Allow comments between & and parameter). (ilutov) 878 . Zend Max Execution Timers is now enabled by default for ZTS builds on 879 Linux. (Kévin Dunglas) 880 . Fix bug GH-10469 (Disallow .. in open_basedir paths set at runtime). 881 (ilutov) 882 . Fix bug GH-10168, GH-10582 (Various segfaults with destructors and VM return 883 values). (dstogov, nielsdos, ilutov) 884 . Fix bug GH-10935 (Use of trait doesn't redeclare static property if class 885 has inherited it from its parent). (ilutov) 886 . Fix bug GH-11154 (Negative indices on empty array don't affect next chosen 887 index). (ColinHDev) 888 . Fix bug GH-8846 (Implement delayed early binding for classes without 889 parents). (ilutov) 890 . Fix bug #79836 (Segfault in concat_function). (nielsdos) 891 . Fix bug #81705 (type confusion/UAF on set_error_handler with concat 892 operation). (nielsdos) 893 . Fix GH-11348 (Closure created from magic method does not accept named 894 arguments). (nielsdos) 895 . Fix GH-11388 (Allow "final" modifier when importing a method from a trait). 896 (nielsdos) 897 . Fixed bug GH-11406 (segfault with unpacking and magic method closure). 898 (nielsdos) 899 . Fixed bug GH-11507 (String concatenation performance regression in 8.3). 900 (nielsdos) 901 . Fixed GH-11488 (Missing "Optional parameter before required" deprecation on 902 union null type). (ilutov) 903 . Implement the #[\Override] attribute RFC. (timwolla) 904 . Fixed bug GH-11601 (Incorrect handling of unwind and graceful exit 905 exceptions). (ilutov) 906 . Added zend_call_stack_get implementation for OpenBSD. (David Carlier) 907 . Add stack limit check in zend_eval_const_expr(). (Arnaud) 908 . Expose time spent collecting cycles in gc_status(). (Arnaud) 909 . Remove WeakMap entries whose key is only reachable through the entry value. 910 (Arnaud) 911 . Resolve open_basedir paths on INI update. (ilutov) 912 . Fixed oss-fuzz #60741 (Leak in open_basedir). (ilutov) 913 . Fixed segfault during freeing of some incompletely initialized objects due 914 to OOM error (PDO, SPL, XSL). (ilutov) 915 . Introduced Zend guard recursion protection to fix __debugInfo issue. 916 (Jakub Zelenka) 917 . Fixed oss-fuzz #61712 (assertion failure with error handler during binary 918 op). (nielsdos) 919 . Fixed GH-11847 (DTrace enabled build is broken). (Filip Zrůst) 920 . Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property 921 that is unset in error handler). (Girgias) 922 . Fixed warning emitted when checking if a user stream is castable. (Girgias) 923 . Fixed bug GH-12123 (Compile error on MacOS with C++ extension when using 924 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX). (kocsismate) 925 . Fixed bug GH-12189 (#[Override] attribute in trait does not check for 926 parent class implementations). (timwolla) 927 . Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable 928 warning). (Girgias) 929 . Fixed buffer underflow when compiling memoized expression. (ilutov) 930 . Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec). (ilutov) 931 932- Curl: 933 . Added Curl options and constants up to (including) version 7.87. 934 (nielsdos, adoy) 935 936- Date: 937 . Implement More Appropriate Date/Time Exceptions RFC. (Derick) 938 939- DOM: 940 . Fix bug GH-8388 (DOMAttr unescapes character reference). (Tim Starling) 941 . Fix bug GH-11308 (getElementsByTagName() is O(N^2)). (nielsdos) 942 . Fix #79700 (wrong use of libxml oldNs leads to performance problem). 943 (nielsdos) 944 . Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after 945 normalisation). (nielsdos) 946 . Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion. 947 (nielsdos) 948 . Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong 949 output). (nielsdos) 950 . Implemented DOMDocument::adoptNode(). Previously this always threw a 951 "not yet implemented" exception. (nielsdos) 952 . Fixed bug GH-9628 (Implicitly removing nodes from \DOMDocument breaks 953 existing references). (nielsdos) 954 . Added DOMNode::contains() and DOMNameSpaceNode::contains(). (nielsdos) 955 . Added DOMElement::getAttributeNames(). (nielsdos) 956 . Added DOMNode::getRootNode(). (nielsdos) 957 . Added DOMElement::className and DOMElement::id. (nielsdos) 958 . Added DOMParentNode::replaceChildren(). (nielsdos) 959 . Added DOMNode::isConnected and DOMNameSpaceNode::isConnected. (nielsdos) 960 . Added DOMNode::parentElement and DOMNameSpaceNode::parentElement. 961 (nielsdos) 962 . Added DOMNode::isEqualNode(). (nielsdos) 963 . Added DOMElement::insertAdjacentElement() and 964 DOMElement::insertAdjacentText(). (nielsdos) 965 . Added DOMElement::toggleAttribute(). (nielsdos) 966 . Fixed bug GH-11792 (LIBXML_NOXMLDECL is not implemented or broken). 967 (nielsdos) 968 . adoptNode now respects the strict error checking property. (nielsdos) 969 . Align DOMChildNode parent checks with spec. (nielsdos) 970 . Fixed bug #80927 (Removing documentElement after creating attribute node: 971 possible use-after-free). (nielsdos) 972 . Fix various namespace prefix conflict resolution bugs. (nielsdos) 973 . Fix calling createAttributeNS() without prefix causing the default 974 namespace of the element to change. (nielsdos) 975 . Fixed GH-11952 (Confusing warning when blocking entity loading via 976 libxml_set_external_entity_loader). (nielsdos) 977 . Fix broken cache invalidation with deallocated and reallocated document 978 node. (nielsdos) 979 . Fix compile error when php_libxml.h header is included in C++. 980 (Remi, nielsdos) 981 . Fixed bug #47531 (No way of removing redundant xmlns: declarations). 982 (nielsdos) 983 984- Exif: 985 . Removed unneeded codepaths in exif_process_TIFF_in_JPEG(). (nielsdos) 986 987- FFI: 988 . Implement GH-11934 (Allow to pass CData into struct and/or union fields). 989 (nielsdos, KapitanOczywisty) 990 991- Fileinfo: 992 . Upgrade bundled libmagic to 5.43. (Anatol) 993 . Fix GH-11408 (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension). 994 (nielsdos) 995 996- FPM: 997 . The status.listen shared pool now uses the same php_values (including 998 expose_php) and php_admin_value as the pool it is shared with. (dwxh) 999 . Added warning to log when fpm socket was not registered on the expected 1000 path. (Joshua Behrens, Jakub Zelenka) 1001 . Fixed bug #76067 (system() function call leaks php-fpm listening sockets). 1002 (Mikhail Galanin, Jakub Zelenka) 1003 . Fixed GH-12077 (PHP 8.3.0RC1 borked socket-close-on-exec.phpt). 1004 (Jakub Zelenka) 1005 1006- GD: 1007 . Removed imagerotate "ignore_transparent" argument since it has no effect. 1008 (David Carlier) 1009 1010- Intl: 1011 . Added pattern format error infos for numfmt_set_pattern. (David Carlier) 1012 . Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for 1013 the Spoofchecker's class. (David Carlier) 1014 . Updated datefmt_set_timezone/IntlDateformatter::setTimezone returns type. 1015 (David Carlier). 1016 . Updated IntlBreakInterator::setText return type. (David Carlier) 1017 . Updated IntlChar::enumCharNames return type. (David Carlier) 1018 . Removed the BC break on IntlDateFormatter::construct which threw an 1019 exception with an invalid locale. (David Carlier) 1020 1021- JSON: 1022 . Added json_validate(). (Juan Morales) 1023 1024- LDAP: 1025 . Deprecate calling ldap_connect() with separate hostname and port. 1026 (heiglandreas) 1027 1028- LibXML: 1029 . Fix compile error with -Werror=incompatible-function-pointer-types and 1030 old libxml2. (nielsdos) 1031 1032- MBString: 1033 . mb_detect_encoding is better able to identify the correct encoding for 1034 Turkish text. (Alex Dowad) 1035 . mb_detect_encoding's "non-strict" mode now behaves as described in the 1036 documentation. Previously, it would return false if the same byte 1037 (for example, the first byte) of the input string was invalid in all 1038 candidate encodings. More generally, it would eliminate candidate 1039 encodings from consideration when an invalid byte was seen, and if the 1040 same input byte eliminated all remaining encodings still under 1041 consideration, it would return false. On the other hand, if all candidate 1042 encodings but one were eliminated from consideration, it would return the 1043 last remaining one without regard for how many encoding errors might be 1044 encountered later in the string. This is different from the behavior 1045 described in the documentation, which says: "If strict is set to false, 1046 the closest matching encoding will be returned." (Alex Dowad) 1047 . mb_strtolower, mb_strtotitle, and mb_convert_case implement conditional 1048 casing rules for the Greek letter sigma. For mb_convert_case, conditional 1049 casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to 1050 MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE. (Alex Dowad) 1051 . mb_detect_encoding is better able to identify UTF-8 and UTF-16 strings 1052 with a byte-order mark. (Alex Dowad) 1053 . mb_decode_mimeheader interprets underscores in QPrint-encoded MIME 1054 encoded words as required by RFC 2047; they are converted to spaces. 1055 Underscores must be encoded as "=5F" in such MIME encoded words. 1056 (Alex Dowad) 1057 . mb_encode_mimeheader no longer drops NUL (zero) bytes when 1058 QPrint-encoding the input string. This previously caused strings in 1059 certain text encodings, especially UTF-16 and UTF-32, to be 1060 corrupted by mb_encode_mimeheader. (Alex Dowad) 1061 . Implement mb_str_pad() RFC. (nielsdos) 1062 . Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled). 1063 (nielsdos) 1064 . Fix use-after-free of mb_list_encodings() return value. (ilutov) 1065 . Fixed bug GH-11992 (utf_encodings.phpt fails on Windows 32-bit). (nielsdos) 1066 1067- mysqli: 1068 . mysqli_fetch_object raises a ValueError instead of an Exception. 1069 (David Carlier) 1070 1071- Opcache: 1072 . Added start, restart and force restart time to opcache's 1073 phpinfo section. (Mikhail Galanin) 1074 . Fix GH-9139: Allow FFI in opcache.preload when opcache.preload_user=root. 1075 (Arnaud, Kapitan Oczywisty) 1076 . Made opcache.preload_user always optional in the cli and phpdbg SAPIs. 1077 (Arnaud) 1078 . Allows W/X bits on page creation on FreeBSD despite system settings. 1079 (David Carlier) 1080 . Added memfd api usage, on Linux, for zend_shared_alloc_create_lock() 1081 to create an abstract anonymous file for the opcache's lock. (Max Kellermann) 1082 . Avoid resetting JIT counter handlers from multiple processes/threads. 1083 (ilutov) 1084 . Fixed COPY_TMP type inference for references. (ilutov) 1085 1086- OpenSSL: 1087 . Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch 1088 between mime content types. (Daniel Kesselberg) 1089 . Fixed GH-11054: Reset OpenSSL errors when using a PEM public key. 1090 (Florian Moser) 1091 . Added support for additional EC parameters in openssl_pkey_new. (Eno-CN) 1092 1093- PCNTL: 1094 . SA_ONSTACK is now set for pcntl_signal. (Kévin Dunglas) 1095 . Added SIGINFO constant. (David Carlier) 1096 1097- PCRE: 1098 . Update bundled libpcre2 to 10.42. (nielsdos) 1099 1100- PGSQL: 1101 . pg_fetch_object raises a ValueError instead of an Exception. 1102 (David Carlier) 1103 . pg_cancel use thread safe PQcancel api instead. (David Carlier) 1104 . pg_trace new PGSQL_TRACE_SUPPRESS_TIMESTAMPS/PGSQL_TRACE_REGRESS_MODE 1105 contants support. (David Carlier) 1106 . pg_set_error_verbosity adding PGSQL_ERRORS_STATE constant. (David Carlier) 1107 . pg_convert/pg_insert E_WARNING on type errors had been converted to 1108 ValueError/TypeError exceptions. (David Carlier) 1109 . Added pg_set_error_context_visibility to set the context's visibility 1110 within the error messages. (David Carlier) 1111 1112- Phar: 1113 . Fix memory leak in phar_rename_archive(). (stkeke) 1114 1115- POSIX: 1116 . Added posix_sysconf. (David Carlier) 1117 . Added posix_pathconf. (David Carlier) 1118 . Added posix_fpathconf. (David Carlier) 1119 . Fixed zend_parse_arg_long's bool pointer argument assignment. (Cristian Rodriguez) 1120 . Added posix_eaccess. (David Carlier) 1121 1122- Random: 1123 . Added Randomizer::getBytesFromString(). (Joshua Rüsweg) 1124 . Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary. (timwolla) 1125 . Enable getrandom() for NetBSD (from 10.x). (David Carlier) 1126 . Deprecate MT_RAND_PHP. (timwolla) 1127 . Fix Randomizer::getFloat() returning incorrect results under 1128 certain circumstances. (timwolla) 1129 1130- Reflection: 1131 . Fix GH-9470 (ReflectionMethod constructor should not find private parent 1132 method). (ilutov) 1133 . Fix GH-10259 (ReflectionClass::getStaticProperties doesn't need null return 1134 type). (kocsismate) 1135 1136- SAPI: 1137 . Fixed GH-11141 (Could not open input file: should be sent to stderr). 1138 (nielsdos) 1139 1140- Session: 1141 . Fixed bug GH-11529 (Crash after dealing with an Apache request). (nielsdos) 1142 1143- SimpleXML: 1144 . Fixed bug GH-12192 (SimpleXML infinite loop when getName() is called 1145 within foreach). (nielsdos) 1146 . Fixed bug GH-12208 (SimpleXML infinite loop when a cast is used inside a 1147 foreach). (nielsdos) 1148 . Fixed bug #55098 (SimpleXML iteration produces infinite loop). (nielsdos) 1149 1150- Sockets: 1151 . Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control 1152 over socket binding for a cpu core. (David Carlier) 1153 . Added SKF_AD_QUEUE for cbpf filters. (David Carlier) 1154 . Added socket_atmark if send/recv needs using MSG_OOB. (David Carlier) 1155 . Added TCP_QUICKACK constant, to give tigher control over 1156 ACK delays. (David Carlier) 1157 . Added DONTFRAGMENT support for path MTU discovery purpose. (David Carlier) 1158 . Added AF_DIVERT for raw socket for divert ports. (David Carlier) 1159 . Added SOL_UPDLITE, UDPLITE_RECV_CSCOV and UDPLITE_SEND_CSCOV for updlite 1160 protocol support. (David Carlier) 1161 . Added SO_RERROR, SO_ZEROIZE and SO_SPLICE netbsd and openbsd constants. 1162 (David Carlier) 1163 . Added TCP_REPAIR for quietly close a connection. (David Carlier) 1164 . Added SO_REUSEPORT_LB freebsd constant. (David Carlier) 1165 . Added IP_BIND_ADDRESS_NO_PORT. (David Carlier) 1166 1167- SPL: 1168 . Fixed GH-11573 (RecursiveDirectoryIterator::hasChildren is slow). 1169 (nielsdos) 1170 1171- Standard: 1172 . E_NOTICEs emitted by unserialize() have been promoted to E_WARNING. (timwolla) 1173 . unserialize() now emits a new E_WARNING if the input contains unconsumed 1174 bytes. (timwolla) 1175 . Make array_pad's $length warning less confusing. (nielsdos) 1176 . E_WARNING emitted by strtok in the caase both arguments are not provided when 1177 starting tokenisation. (David Carlier) 1178 . password_hash() will now chain the original RandomException to the ValueError 1179 on salt generation failure. (timwolla) 1180 . Fix GH-10239 (proc_close after proc_get_status always returns -1). (nielsdos) 1181 . Improve the warning message for unpack() in case not enough values were 1182 provided. (nielsdos) 1183 . Fix GH-11010 (parse_ini_string() now preserves formatting of unquoted 1184 strings starting with numbers when the INI_SCANNER_TYPED flag is 1185 specified). (ilutov) 1186 . Fix GH-10742 (http_response_code emits no error when headers were already 1187 sent). (NattyNarwhal) 1188 . Added support for rounding negative places in number_format(). 1189 (Marc Bennewitz) 1190 . Prevent precision loss on formatting decimal integers in number_format(). 1191 (Marc Bennewitz) 1192 . Added usage of posix_spawn for proc_open when supported by OS. 1193 (Cristian Rodriguez) 1194 . Added $before_needle argument to strrchr(). (HypeMC) 1195 . Fixed GH-11982 (str_getcsv returns null byte for unterminated enclosure). 1196 (Jakub Zelenka) 1197 . Fixed str_decrement() on "1". (ilutov) 1198 1199- Streams: 1200 . Fixed bug #51056: blocking fread() will block even if data is available. 1201 (Jakub Zelenka) 1202 . Added storing of the original path used to open xport stream. 1203 (Luc Vieillescazes) 1204 . Implement GH-8641 (STREAM_NOTIFY_COMPLETED over HTTP never emitted). 1205 (nielsdos, Jakub Zelenka) 1206 . Fix bug GH-10406 (fgets on a redis socket connection fails on PHP 8.3). 1207 (Jakub Zelenka) 1208 . Implemented GH-11242 (_php_stream_copy_to_mem: Allow specifying a maximum 1209 length without allocating a buffer of that size). (Jakub Zelenka) 1210 . Fixed bug #52335 (fseek() on memory stream behavior different than file). 1211 (Jakub Zelenka) 1212 . Fixed bug #76857 (Can read "non-existant" files). (Jakub Zelenka) 1213 1214- XSLTProcessor: 1215 . Fixed bug #69168 (DomNode::getNodePath() returns invalid path). (nielsdos) 1216 1217- ZIP: 1218 . zip extension version 1.22.0 for libzip 1.10.0. (Remi) 1219 . add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED). (Remi) 1220 . add new archive global flags (ER_AFL_*). (Remi) 1221 . add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods. 1222 (Remi) 1223