1PHP NEWS 2||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 3 403 Aug 2023, PHP 8.0.30 5 6- Libxml: 7 . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading 8 in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) 9 10- Phar: 11 . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). 12 (CVE-2023-3824) (nielsdos) 13 1408 Jun 2023, PHP 8.0.29 15 16- Soap: 17 . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random 18 bytes in HTTP Digest authentication for SOAP). 19 (CVE-2023-3247) (nielsdos, timwolla) 20 2114 Feb 2023, PHP 8.0.28 22 23- Core: 24 . Fixed bug #81744 (Password_verify() always return true with some hash). 25 (CVE-2023-0567). (Tim Düsterhus) 26 . Fixed bug #81746 (1-byte array overrun in common path resolve code). 27 (CVE-2023-0568). (Niels Dossche) 28 29- SAPI: 30 . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart 31 request body). (CVE-2023-0662) (Jakub Zelenka) 32 3305 Jan 2023, PHP 8.0.27 34 35- PDO/SQLite: 36 . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) 37 (cmb) 38 3924 Nov 2022, PHP 8.0.26 40 41- CLI: 42 . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara) 43 44- Core: 45 . Fixed bug GH-9752 (Generator crashes when interrupted during argument 46 evaluation with extra named params). (Arnaud) 47 . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during 48 initialization). (Arnaud) 49 . Fixed potential NULL pointer dereference in Windows shm*() functions. (cmb) 50 . Fixed bug GH-9750 (Generator memory leak when interrupted during argument 51 evaluation. (Arnaud) 52 53- Date: 54 . Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if 55 the argument is an offset larger than 100*60 minutes). (Derick) 56 57- FPM: 58 . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running 59 php-fpm 8.1.11). (Jakub Zelenka) 60 . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug 61 #66694). (Petr Sumbera) 62 63- mysqli: 64 . Fixed bug GH-9841 (mysqli_query throws warning despite using 65 silenced error mode). (Kamil Tekiela) 66 67- OpenSSL: 68 . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does 69 not build). (Jakub Zelenka, fsbruva) 70 71- SOAP: 72 . Fixed GH-9720 (Null pointer dereference while serializing the response). 73 (cmb) 74 7527 Oct 2022, PHP 8.0.25 76 77- GD: 78 . Fixed bug #81739: OOB read due to insufficient input validation in 79 imageloadfont(). (CVE-2022-31630) (cmb) 80 81- Hash: 82 . Fixed bug #81738: buffer overflow in hash_update() on long parameter. 83 (CVE-2022-37454) (nicky at mouha dot be) 84 85- Session: 86 . Fixed bug GH-9583 (session_create_id() fails with user defined save handler 87 that doesn't have a validateId() method). (Girgias) 88 89- Streams: 90 . Fixed bug GH-9590 (stream_select does not abort upon exception or empty 91 valid fd set). (Arnaud) 92 9329 Sep 2022, PHP 8.0.24 94 95- Core: 96 . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) 97 (Tim Starling) 98 . Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb, 99 Christian Schneider) 100 . Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static 101 type). (ilutov) 102 . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones 103 that have a specific semantic meaning. (CVE-2022-31629). (Derick) 104 105- DOM: 106 . Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free). 107 (Nathan Freeman) 108 109- FPM: 110 . Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to 111 error_log after daemon reload). (Dmitry Menshikov) 112 . Fixed bug #77780 ("Headers already sent..." when previous connection was 113 aborted). (Jakub Zelenka) 114 115- GMP 116 . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed 117 to gmp_init()). (Girgias) 118 119- Intl 120 . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). 121 (Girgias) 122 123- PDO_PGSQL: 124 . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). 125 (Yurunsoft) 126 127- Phar: 128 . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. 129 (CVE-2022-31628). (cmb) 130 131- Reflection: 132 . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called 133 class of a Closure). (cmb, Nicolas Grekas) 134 . Fixed bug GH-9409 (Private method is incorrectly dumped as "overwrites"). 135 (ilutov) 136 137- Streams: 138 . Fixed bug GH-9316 ($http_response_header is wrong for long status line). 139 (cmb, timwolla) 140 14101 Sep 2022, PHP 8.0.23 142 143- Core: 144 . Fixed incorrect double to long casting in latest clang. (zeriyoshi) 145 146- DBA: 147 . Fixed LMDB driver memory leak on DB creation failure (Girgias) 148 . Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults). 149 (cmb) 150 151- Intl: 152 . Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter) 153 154- OPcache: 155 . Fixed bug GH-9033 (Loading blacklist file can fail due to negative length). 156 (cmb) 157 158- OpenSSL: 159 . Fixed bug GH-9339 (OpenSSL oid_file path check warning contains 160 uninitialized path). (Jakub Zelenka) 161 162- PDO_SQLite: 163 . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) 164 165- SQLite3: 166 . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) 167 168- Standard: 169 . Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL). 170 (Heiko Weber) 171 172- Streams: 173 . Fixed bug GH-8472 (The resource returned by stream_socket_accept may have 174 incorrect metadata). (Jakub Zelenka) 175 . Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections 176 hanging). (Jakub Zelenka, Twosee) 177 17804 Aug 2022, PHP 8.0.22 179 180- CLI: 181 . Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS 182 environment variable. (yiyuaner) 183 184- Core: 185 . Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb) 186 . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError). 187 (Tobias Bachert) 188 189- Date: 190 . Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable). 191 (Derick) 192 193- DBA: 194 . Fixed LMDB driver hanging when attempting to delete a non-existing key 195 (Girgias) 196 197- FPM: 198 . Fixed zlog message prepend, free on incorrect address. (Heiko Weber) 199 . Fixed possible double free on configuration loading failure. (Heiko Weber). 200 201- GD: 202 . Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument). 203 (cmb) 204 205- Intl: 206 . Fixed build for ICU 69.x and onwards. (David Carlier) 207 208- OPcache: 209 . Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php 210 syntaxe of a valid file). (Dmitry) 211 212- Standard: 213 . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier) 214 . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier). 215 21607 Jul 2022, PHP 8.0.21 217 218- Core: 219 . Fixed potential use after free in php_binary_init(). (Heiko Weber) 220 221- CLI: 222 . Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb) 223 224- COM: 225 . Fixed bug GH-8778 (Integer arithmethic with large number variants fails). 226 (cmb) 227 228- Curl: 229 . Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick) 230 231- Date: 232 . Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick) 233 . Fixed bug #77243 (Weekdays are calculated incorrectly for negative years). 234 (Derick) 235 . Fixed bug #78139 (timezone_open accepts invalid timezone string argument). 236 (Derick) 237 238- FPM: 239 . Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka) 240 241- MBString: 242 . Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi) 243 244- ODBC: 245 . Fixed handling of single-key connection strings. (Calvin Buckley) 246 247- OpenSSL: 248 . Fixed bug #50293 (Several openssl functions ignore the VCWD). 249 (Jakub Zelenka, cmb) 250 . Fixed bug #81713 (NULL byte injection in several OpenSSL functions working 251 with certificates). (Jakub Zelenka) 252 253- PDO_ODBC: 254 . Fixed errorInfo() result on successful PDOStatement->execute(). (Yurunsoft) 255 . Fixed handling of single-key connection strings. (Calvin Buckley) 256 257- Zip: 258 . Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat 259 cache). (Remi) 260 26109 Jun 2022, PHP 8.0.20 262 263- CLI: 264 . Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison) 265 266- Core: 267 . Fixed Haiku ZTS builds. (David Carlier) 268 269- Date: 270 . Fixed bug #72963 (Null-byte injection in CreateFromFormat and related 271 functions). (Derick) 272 . Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable 273 DateTime instances created using reflection). (Derick) 274 275- FPM: 276 . Fixed ACL build check on MacOS. (David Carlier) 277 . Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502. 278 (Jakub Zelenka, loveharmful) 279 . Fixes use after free. (Heiko Weber). 280 281- Mysqlnd: 282 . Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) 283 (c dot fol at ambionics dot io) 284 285- OPcache: 286 . Fixed bug GH-8466 (ini_get() is optimized out when the option does not 287 exist). (Arnaud) 288 289- Pgsql: 290 . Fixed bug #81720: Uninitialized array in pg_query_params(). 291 (CVE-2022-31625) (cmb) 292 293- Pcntl: 294 . Fixed Haiku build. (David Carlier) 295 296- Soap: 297 . Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). 298 (robertnisipeanu) 299 . Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb) 300 301- SPL: 302 . Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb) 303 304- Zip: 305 . Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger) 306 30712 May 2022, PHP 8.0.19 308 309- Core: 310 . Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are 311 not rethrown into the generator). (Bob) 312 313- Date: 314 . Fixed bug GH-7979 (DatePeriod iterator advances when checking if valid). 315 (Derick, Cody Mann) 316 317- FFI: 318 . Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks). 319 (Bob) 320 321- FPM: 322 . Fixed bug #76003 (FPM /status reports wrong number of active processe). 323 (Jakub Zelenka) 324 . Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka) 325 . Fixed comment in kqueue remove callback log message. (David Carlier) 326 327- Iconv: 328 . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header). 329 (cmb) 330 331- Intl: 332 . Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb) 333 334- MySQLi: 335 . Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows). 336 (cmb) 337 338- SPL: 339 . Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()). 340 (cmb) 341 . Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias) 342 343- Streams: 344 . Fixed php://temp does not preserve file-position when switched to temporary 345 file. (Bernd Holzmüller) 346 347- zlib: 348 . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header). 349 (cmb) 350 35114 Apr 2022, PHP 8.0.18 352 353- Core: 354 . Fixed freeing of internal attribute arguments. (Bob) 355 . Fixed bug GH-8070 (memory leak of internal function attribute hash). 356 (Tim Düsterhus) 357 . Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek) 358 . Fixed potential race condition during resource ID allocation. (ryancaicse) 359 360- Filter: 361 . Fixed signedness confusion in php_filter_validate_domain(). (cmb) 362 363- Hash: 364 . Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb) 365 366- Intl: 367 . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier) 368 369- MBString: 370 . Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken). 371 (cmb) 372 373- MySQLi: 374 . Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties). 375 (cmb) 376 377- Pcntl: 378 . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier) 379 380- PgSQL: 381 . Fixed result_type related stack corruption on LLP64 architectures. (cmb) 382 . Fixed bug GH-8253 (pg_insert() fails for references). (cmb) 383 384- Sockets: 385 . Fixed Solaris builds. (David Carlier) 386 . Fix undefined behavior in php_set_inet6_addr. (ilutov) 387 388- SPL: 389 . Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent). 390 (cmb) 391 392- Standard: 393 . Fixed bug GH-8048 (Force macOS to use statfs). (risner) 394 39517 Mar 2022, PHP 8.0.17 396 397- Core: 398 . Fixed Haiku ZTS build. (David Carlier) 399 400- GD: 401 . Fixed libpng warning when loading interlaced images. (Brett) 402 403- FPM: 404 . Fixed bug #76109 (Unsafe access to fpm scoreboard). 405 (Till Backhaus, Jakub Zelenka) 406 407- Iconv: 408 . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb) 409 . Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb) 410 411- MySQLnd: 412 . Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela) 413 414- OPcache: 415 . Fixed bug GH-8074 (Wrong type inference of range() result). (cmb) 416 417- Reflection: 418 . Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order). 419 (cmb) 420 . Fixed bug GH-8421 (Closures should accept attributes with 421 Attribute::TARGET_FUNCTION). (ollieread) 422 423- Zlib: 424 . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb) 425 42617 Feb 2022, PHP 8.0.16 427 428- Core: 429 . Fixed bug #81430 (Attribute instantiation leaves dangling pointer). 430 (beberlei) 431 . Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb) 432 433- FFI: 434 . Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb, 435 dmitry) 436 437- Filter: 438 . Fix #81708: UAF due to php_filter_float() failing for ints. 439 (CVE-2021-21708) (stas) 440 441- FPM: 442 . Fixed memory leak on invalid port. (David Carlier) 443 444- MBString: 445 . Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb) 446 447- MySQLnd: 448 . Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela) 449 450- Sockets: 451 . Fixed ext/sockets build on Haiku. (David Carlier) 452 . Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier) 453 454- Standard: 455 . Fixed bug GH-7875 (mails are sent even if failure to log throws exception). 456 (cmb) 457 45820 Jan 2022, PHP 8.0.15 459 460- Core: 461 . Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner) 462 . Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown). 463 (cmb) 464 465- Filter: 466 . Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong) 467 468- Hash: 469 . Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()). 470 (cmb) 471 . Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and 472 hash_file). (cmb) 473 474- MySQLnd: 475 . Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb) 476 477- OCI8: 478 . Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second 479 call). (cmb) 480 481- OPcache: 482 . Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb) 483 484- PDO_PGSQL: 485 . Fixed error message allocation of PDO PgSQL. (SATO Kentaro) 486 487- Sockets: 488 . Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier) 489 490- Spl: 491 . Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr 492 Bystry) 493 49416 Dec 2021, PHP 8.0.14 495 496- Core: 497 . Fixed bug #81582 (Stringable not implicitly declared if __toString() came 498 from a trait). (Nikita) 499 . Fixed bug #81591 (Fatal Error not properly logged in particular cases). 500 (Nikita) 501 . Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to 502 Closure::fromCallable()). (Nikita) 503 . Fixed bug #81631 (::class with dynamic class name may yield wrong line 504 number). (Nikita) 505 506- FPM: 507 . Fixed bug #81513 (Future possibility for heap overflow in FPM zlog). 508 (Jakub Zelenka) 509 510- GD: 511 . Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb) 512 513- IMAP: 514 . Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers). 515 (cmb) 516 517- OpenSSL: 518 . Fixed bug #75725 (./configure: detecting RAND_egd). (Dilyan Palauzov) 519 520- PCRE: 521 . Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry) 522 523- SPL: 524 . Fixed bug #81587 (MultipleIterator Segmentation fault w/ SimpleXMLElement 525 attached). (Nikita) 526 527- Standard: 528 . Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type). 529 (fsbruva) 530 . Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate). 531 (cmb) 532 53318 Nov 2021, PHP 8.0.13 534 535- Core: 536 . Fixed bug #81518 (Header injection via default_mimetype / default_charset). 537 (cmb) 538 539- Date: 540 . Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2). 541 (cmb) 542 543- DBA: 544 . Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias) 545 546- MBString: 547 . Fixed bug #76167 (mbstring may use pointer from some previous request). 548 (cmb, cataphract) 549 550- Opcache: 551 . Fixed bug #81512 (Unexpected behavior with arrays and JIT). (Dmitry) 552 . Fixed bug #81652 (The value of error_reporting() gets overridden). (Nikita) 553 554- PCRE: 555 . Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb) 556 557- XML: 558 . Fixed bug #79971 (special character is breaking the path in xml function). 559 (CVE-2021-21707) (cmb) 560 561- XMLReader: 562 . Fixed bug #81521 (XMLReader::getParserProperty may throw with a valid 563 property). (Nikita) 564 56521 Oct 2021, PHP 8.0.12 566 567- CLI: 568 . Fixed bug #81496 (Server logs incorrect request method). (lauri) 569 570- Core: 571 . Fixed bug #81435 (Observer current_observed_frame may point to an old 572 (overwritten) frame). (Bob) 573 . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe) 574 575- DOM: 576 . Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID). 577 (Viktor Volkov) 578 579- FFI: 580 . Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not 581 defined). (Dmitry) 582 583- Fileinfo: 584 . Fixed bug #78987 (High memory usage during encoding detection). (Anatol) 585 586- Filter: 587 . Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing). 588 (cmb, Nikita) 589 590- FPM: 591 . Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege 592 escalation) (CVE-2021-21703). (Jakub Zelenka) 593 594- Opcache: 595 . Fixed bug #81472 (Cannot support large linux major/minor device number when 596 read /proc/self/maps). (Lin Yang) 597 598- Reflection: 599 . ReflectionAttribute is no longer final. (sasezaki) 600 601- SPL: 602 . Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free). 603 (cmb, Nikita, Tyson Andre) 604 . Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb) 605 606- Standard: 607 . Fixed bug #69751 (Change Error message of sprintf/printf for missing/typo 608 position specifier). (Aliaksandr Bystry) 609 610- Streams: 611 . Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper). 612 (cmb) 613 614- XML: 615 . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace). 616 (Aliaksandr Bystry, cmb) 617 618- Zip: 619 . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi) 620 . Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb) 621 62223 Sep 2021, PHP 8.0.11 623 624- Core: 625 . Fixed bug #81302 (Stream position after stream filter removed). (cmb) 626 . Fixed bug #81346 (Non-seekable streams don't update position after write). 627 (cmb) 628 . Fixed bug #73122 (Integer Overflow when concatenating strings). (cmb) 629 630-GD: 631 . Fixed bug #53580 (During resize gdImageCopyResampled cause colors change). 632 (cmb) 633 634- Opcache: 635 . Fixed bug #81353 (segfault with preloading and statically bound closure). 636 (Nikita) 637 638- Shmop: 639 . Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb) 640 641- Standard: 642 . Fixed bug #71542 (disk_total_space does not work with relative paths). (cmb) 643 . Fixed bug #81400 (Unterminated string in dns_get_record() results). (cmb) 644 645- SysVMsg: 646 . Fixed bug #78819 (Heap Overflow in msg_send). (cmb) 647 648- XML: 649 . Fixed bug #81351 (xml_parse may fail, but has no error code). (cmb, Nikita) 650 651- Zip: 652 . Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi) 653 . Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). 654 (CVE-2021-21706) (cmb) 655 65626 Aug 2021, PHP 8.0.10 657 658- Core: 659 . Fixed bug #72595 (php_output_handler_append illegal write access). (cmb) 660 . Fixed bug #66719 (Weird behaviour when using get_called_class() with 661 call_user_func()). (Nikita) 662 . Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header). 663 (cmb) 664 665- BCMath: 666 . Fixed bug #78238 (BCMath returns "-0"). (cmb) 667 668- CGI: 669 . Fixed bug #80849 (HTTP Status header truncation). (cmb) 670 671- Date: 672 . Fixed bug #64975 (Error parsing when AM/PM not at the end). (Derick) 673 . Fixed bug #78984 (DateTimeZone accepting invalid UTC timezones). (Derick) 674 . Fixed bug #79580 (date_create_from_format misses leap year). (Derick) 675 . Fixed bug #80409 (DateTime::modify() loses time with 'weekday' parameter). 676 (Derick) 677 678- GD: 679 . Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb) 680 681- MySQLi: 682 . Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb, 683 johannes) 684 685- Opcache: 686 . Fixed bug #81225 (Wrong result with pow operator with JIT enabled). 687 (Dmitry) 688 . Fixed bug #81249 (Intermittent property assignment failure with JIT 689 enabled). (Dmitry) 690 . Fixed bug #81206 (Multiple PHP processes crash with JIT enabled). (cmb, 691 Nikita) 692 . Fixed bug #81272 (Segfault in var[] after array_slice with JIT). (Nikita) 693 . Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT). (Dmitry) 694 . Fixed Bug #80959 (infinite loop in building cfg during JIT compilation) 695 (Nikita, Dmitry) 696 . Fixed bug #81226 (Integer overflow behavior is different with JIT 697 enabled). (Dmitry) 698 699- OpenSSL: 700 . Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb) 701 702- PDO_ODBC: 703 . Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL). (cmb) 704 705- Shmop: 706 . Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita) 707 708- SimpleXML: 709 . Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi) 710 711- Standard: 712 . Fixed bug #72146 (Integer overflow on substr_replace). (cmb) 713 . Fixed bug #81265 (getimagesize returns 0 for 256px ICO images). 714 (George Dietrich) 715 . Fixed bug #74960 (Heap buffer overflow via str_repeat). (cmb, Dmitry) 716 717- Streams: 718 . Fixed bug #81294 (Segfault when removing a filter). (cmb) 719 72029 Jul 2021, PHP 8.0.9 721 722- Core: 723 . Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files). 724 (cmb, Nikita) 725 . Fixed bug #81163 (incorrect handling of indirect vars in __sleep). 726 (krakjoe) 727 . Fixed bug #81159 (Object to int warning when using an object as a string 728 offset). (girgias) 729 . Fixed bug #80728 (PHP built-in web server resets timeout when it can kill 730 the process). (Calvin Buckley) 731 . Fixed bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri']). 732 (cmb) 733 . Fixed bug #80173 (Using return value of zend_assign_to_variable() is not 734 safe). (Nikita) 735 . Fixed bug #73226 (--r[fcez] always return zero exit code). (cmb) 736 737- Intl: 738 . Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option). 739 (cmb) 740 . Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone). (cmb) 741 . Fixed bug #74264 (grapheme_strrpos() broken for negative offsets). (cmb) 742 743- OpenSSL: 744 . Fixed bug #52093 (openssl_csr_sign truncates $serial). (cmb) 745 746- PCRE: 747 . Fixed bug #81101 (PCRE2 10.37 shows unexpected result). (Anatol) 748 . Fixed bug #81243 (Too much memory is allocated for preg_replace()). (cmb) 749 750- Reflection: 751 . Fixed bug #81208 (Segmentation fault while create newInstance from 752 attribute). (Nikita) 753 754- Standard: 755 . Fixed bug #81223 (flock() only locks first byte of file). (cmb) 756 75717 Jun 2021, PHP 8.0.8 758 759- Core: 760 . Fixed bug #81076 (incorrect debug info on Closures with implicit binds). 761 (krakjoe) 762 . Fixed bug #81068 (Double free in realpath_cache_clean()). (Dimitry Andric) 763 . Fixed bug #76359 (open_basedir bypass through adding ".."). (cmb) 764 . Fixed bug #81090 (Typed property performance degradation with .= operator). 765 (Nikita) 766 . Fixed bug #81070 (Integer underflow in memory limit comparison). 767 (Peter van Dommelen) 768 . Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705) (cmb) 769 770- Bzip2: 771 . Fixed bug #81092 (fflush before stream_filter_remove corrupts stream). 772 (cmb) 773 774- Fileinfo: 775 . Fixed bug #80197 (implicit declaration of function 'magic_stream' is 776 invalid). (Nikita) 777 778- GMP: 779 . Fixed bug #81119 (GMP operators throw errors with wrong parameter names). 780 (Nikita) 781 782- MySQLnd: 783 . Fixed bug #80761 (PDO uses too much memory). (Nikita) 784 785- OCI8: 786 . Fixed bug #81088 (error in regression test for oci_fetch_object() and 787 oci_fetch_array()). (Máté) 788 789- Opcache: 790 . Fixed bug #81051 (Broken property type handling after incrementing 791 reference). (Dmitry) 792 . Fixed bug #80968 (JIT segfault with return from required file). (Dmitry) 793 794- OpenSSL: 795 . Fixed bug #76694 (native Windows cert verification uses CN as sever name). 796 (cmb) 797 798- PDO_Firebird: 799 . Fixed bug #76448: Stack buffer overflow in firebird_info_cb. 800 (CVE-2021-21704) (cmb) 801 . Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704) (cmb) 802 . Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704) (cmb) 803 . Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob. 804 (CVE-2021-21704) (cmb) 805 806- readline: 807 . Fixed bug #72998 (invalid read in readline completion). (krakjoe) 808 809- Standard: 810 . Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion"). 811 (cmb) 812 . Fixed bug #77627 (method_exists on Closure::__invoke inconsistency). 813 (krakjoe) 814 815- Windows: 816 . Fixed bug #81120 (PGO data for main PHP DLL are not used). (cmb) 817 81803 Jun 2021, PHP 8.0.7 819 820- Core: 821 . Fixed bug #80960 (opendir() warning wrong info when failed on Windows). 822 (cmb) 823 . Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive). 824 (cmb) 825 . Fixed bug #80972 (Memory exhaustion on invalid string offset). (girgias) 826 827- FPM: 828 . Fixed bug #65800 (Events port mechanism). (psumbera) 829 830- FTP: 831 . Fixed bug #80901 (Info leak in ftp extension). (cmb) 832 . Fixed bug #79100 (Wrong FTP error messages). (cmb) 833 834- GD: 835 . Fixed bug #81032 (GD install is affected by external libgd installation). 836 (Flavio Heleno, cmb) 837 838- Intl: 839 . Fixed bug #81019 (Unable to clone NumberFormatter after failed parse()). 840 (Nikita) 841 842- MBString: 843 . Fixed bug #81011 (mb_convert_encoding removes references from arrays). (cmb) 844 845- ODBC: 846 . Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator). (cmb) 847 848- Opcache: 849 . Fixed bug #81007 (JIT "not supported" on 32-bit x86 -- build problem?). 850 (Nikita) 851 . Fixed bug #81015 (Opcache optimization assumes wrong part of ternary 852 operator in if-condition). (Nikita) 853 . Fixed bug #81046 (Literal compaction merges non-equal related literals). 854 (Nikita) 855 856- PDO_MySQL: 857 . Fixed bug #81037 (PDO discards error message text from prepared 858 statement). (Kamil Tekiela) 859 860- PDO_ODBC: 861 . Fixed bug #44643 (bound parameters ignore explicit type definitions). (cmb) 862 863- pgsql: 864 . Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast(). (cmb) 865 866- SPL: 867 . Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR). 868 (cmb, Nikita) 869 870- XMLReader: 871 . Fixed bug #73246 (XMLReader: encoding length not checked). (cmb) 872 873- Zip: 874 . Fixed bug #80863 (ZipArchive::extractTo() ignores references). (cmb) 875 87606 May 2021, PHP 8.0.6 877 878- PDO_pgsql: 879 . Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)" 880 from PHP 8.0.5. 881 88229 Apr 2021, PHP 8.0.5 883 884- Core: 885 . Changed PowerPC CPU registers used by Zend VM to work around GCC bug. 886 Old registers (r28/r29) might be clobbered by _restgpr routine used for 887 return from C function compiled with -Os. (Dmitry) 888 889- DOM: 890 . Fixed bug #66783 (UAF when appending DOMDocument to element). (cmb) 891 892- FFI: 893 . Fixed bug #80847 (CData structs with fields of type struct can't be passed 894 as C function argument). (Nickolas Daniel da Silva, Dmitry) 895 896- FPM: 897 . Fixed bug #80024 (Duplication of info about inherited socket after pool 898 removing). (Jakub Zelenka) 899 900- FTP: 901 . Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open). (cmb, Jakub 902 Zelenka) 903 904- Imap: 905 . Fixed bug #80710 (imap_mail_compose() header injection). (cmb, Stas) 906 907- LibXML: 908 . Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb) 909 910- Opcache: 911 . Fixed bug #80839 (PHP problem with JIT). (Dmitry) 912 . Fixed bug #80861 (erronous array key overflow in 2D array with JIT). 913 (Dmitry) 914 915- Pcntl: 916 . Fixed bug #79812 (Potential integer overflow in pcntl_exec()). (cmb) 917 918- PDO_ODBC: 919 . Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte). 920 (cmb) 921 922- PDO_pgsql: 923 . Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR). 924 (Matteo) 925 926- Session: 927 . Fixed bug #80889 (Cannot set save handler when save_handler is invalid). 928 (cmb) 929 930- SOAP: 931 . Fixed bug #69668 (SOAP special XML characters in namespace URIs not 932 encoded). (cmb) 933 934- Standard: 935 . Fixed bug #80915 (Taking a reference to $_SERVER hides its values from 936 phpinfo()). (Rowan Tommins) 937 . Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir'). 938 (Rowan Tommins) 939 94001 Apr 2021, PHP 8.0.4 941 942- Core: 943 . Fixed bug #75776 (Flushing streams with compression filter is broken). (cmb) 944 . Fixed bug #80811 (Function exec without $output but with $restult_code 945 parameter crashes). (Nikita) 946 . Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space 947 available for static Thread Local Storage). (Dmitry) 948 949- Dba: 950 . Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN). (cmb) 951 952- IMAP: 953 . Fixed bug #80800 (imap_open() fails when the flags parameter includes 954 CL_EXPUNGE). (girgias) 955 956- Intl: 957 . Fixed bug #80763 (msgfmt_format() does not accept DateTime references). 958 (cmb) 959 960- Libxml: 961 . Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers). (cmb) 962 963- MySQLnd: 964 . Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an 965 error). (Kamil Tekiela) 966 967- Opcache: 968 . Fixed bug #80786 (PHP crash using JIT). (Nikita) 969 . Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1). (Dmitry) 970 971- PCRE: 972 . Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 973 0-width fullstring match). (Kamil Tekiela) 974 975- Session: 976 . Fixed bug #80774 (session_name() problem with backslash). (cmb) 977 978- Standard: 979 . Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI). (cmb) 980 . Fixed bug #78719 (http wrapper silently ignores long Location headers). 981 (cmb) 982 . Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101). 983 (manuelm) 984 985- Zip: 986 . Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist). 987 (cmb) 988 98918 Feb 2021, PHP 8.0.3 990 991- Core: 992 . Fixed #80706 (mail(): Headers after Bcc headers may be ignored). (cmb) 993 994- DOM: 995 . Fixed bug #80600 (DOMChildNode::remove() doesn't work on CharacterData 996 nodes). (beberlei) 997 998- Gettext: 999 . Fixed bug #53251 (bindtextdomain with null dir doesn't return old value). 1000 (cmb) 1001 1002- MySQLnd: 1003 . Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit 1004 null-terminated password). (Daniel Black) 1005 . Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and 1006 MySQL 8.0). (Nikita) 1007 1008- MySQLi: 1009 . Fixed bug #74779 (x() and y() truncating floats to integers). (cmb) 1010 1011- Opcache: 1012 . Fixed bug #80634 (write_property handler of internal classes is skipped on 1013 preloaded JITted code). (Dmitry) 1014 . Fixed bug #80682 (opcache doesn't honour pcre.jit option). (Remi) 1015 . Fixed bug #80742 (Opcache JIT makes some boolean logic unexpectedly be 1016 true). (Dmitry) 1017 . Fixed bug #80745 (JIT produces Assert failure and UNKNOWN:0 var_dumps in 1018 code involving bitshifts). (Dmitry) 1019 1020- OpenSSL: 1021 . Fixed bug #80747 (Providing RSA key size < 512 generates key that crash 1022 PHP). (Nikita) 1023 1024- Phar: 1025 . Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o 1026 semicolon) (cmb) 1027 . Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives). (cmb) 1028 . Fixed bug #53467 (Phar cannot compress large archives). (cmb, lserni) 1029 1030- Socket: 1031 . Fixed bug #80723 (Different sockets compare as equal (regression in 8.0)). 1032 (Nikita) 1033 1034- SPL: 1035 . Fixed bug#80719 (Iterating after failed ArrayObject::setIteratorClass() 1036 causes Segmentation fault). (Nikita) 1037 1038- Standard: 1039 . Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes). 1040 (cmb) 1041 . Fixed bug #80718 (ext/standard/dl.c fallback code path with syntax error). 1042 (Nikita) 1043 104421 Jan 2021, PHP 8.0.2 1045 1046- Core: 1047 . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita) 1048 . Fixed bug #80384 (filter buffers entire read until file closed). (Adam 1049 Seitz, cmb) 1050 . Fixed bug #80596 (Invalid union type TypeError in anonymous classes). 1051 (Daniil Gentili) 1052 . Fixed bug #80617 (GCC throws warning about type narrowing in 1053 ZEND_TYPE_INIT_CODE). (Nikita) 1054 1055- BCMath: 1056 . Fixed bug #80545 (bcadd('a', 'a') doesn't throw an exception). 1057 (Jens de Nies) 1058 1059- Curl: 1060 . Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request). (cmb) 1061 1062- Date: 1063 . Fixed bug #80376 (last day of the month causes runway cpu usage). (Derick) 1064 1065- DOM: 1066 . Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode 1067 stub). (Nikita) 1068 1069- Filter: 1070 . Fixed bug #80584 (0x and 0X are considered valid hex numbers by 1071 filter_var()). (girgias) 1072 1073- GMP: 1074 . Fixed bug #80560 (Strings containing only a base prefix return 0 object). 1075 (girgias) 1076 1077- Intl: 1078 . Fixed bug #80644 (Missing resource causes subsequent get() calls to fail). 1079 (Nikita) 1080 1081- MySQLi: 1082 . Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to 1083 interpret bit columns). (Nikita) 1084 . Fixed bug #64638 (Fetching resultsets from stored procedure with cursor 1085 fails). (Nikita) 1086 . Fixed bug #72862 (segfault using prepared statements on stored procedures 1087 that use a cursor). (Nikita) 1088 . Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP 1089 with a cursor). (Nikita) 1090 1091- ODBC: 1092 . Fixed bug #80592 (all floats are the same in ODBC parameters). (cmb) 1093 1094- Opcache: 1095 . Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT). 1096 (Dmitry) 1097 1098- PDO_Firebird: 1099 . Fixed bug #80521 (Parameters with underscores no longer recognized). (cmb, 1100 Simonov Denis) 1101 1102- Phar: 1103 . Fixed bug #76929 (zip-based phar does not respect phar.require_hash). 1104 (david at bamsoftware, cmb) 1105 . Fixed bug #77565 (Incorrect locator detection in ZIP-based phars). (cmb) 1106 . Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files). 1107 (cmb) 1108 1109- Phpdbg: 1110 . Reverted fix for bug #76813 (Access violation near NULL on source operand). 1111 (cmb) 1112 111307 Jan 2021, PHP 8.0.1 1114 1115- Core: 1116 . Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). 1117 (cmb) 1118 . Fixed bug #72964 (White space not unfolded for CC/Bcc headers). (cmb) 1119 . Fixed bug #80391 (Iterable not covariant to mixed). (Nikita) 1120 . Fixed bug #80393 (Build of PHP extension fails due to configuration gap 1121 with libtool). (kir dot morozov at gmail dot com) 1122 . Fixed bug #77069 (stream filter loses final block of data). (cmb) 1123 1124- Fileinfo: 1125 . Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT). (cmb) 1126 1127- FPM: 1128 . Fixed bug #69625 (FPM returns 200 status on request without 1129 SCRIPT_FILENAME env). (Jakub Zelenka) 1130 1131- IMAP 1132 . Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8.0.0). (girgias) 1133 . Fix a regression with valid UIDs in imap_savebody() (girgias) 1134 . Make warnings for invalid message numbers/UIDs between functions consistent (girgias) 1135 1136- Intl: 1137 . Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined). (Nikita) 1138 1139- OCI8 1140 . Create Windows DLLs for Oracle Client 19c. (cmb) 1141 1142- Opcache: 1143 . Fixed bug #80404 (Incorrect range inference result when division results 1144 in float). (Nikita) 1145 . Fixed bug #80377 (Opcache misses executor_globals). (Nikita) 1146 . Fixed bug #80433 (Unable to disable the use of the AVX command when using 1147 JIT). (Nikita) 1148 . Fixed bug #80447 (Strange out of memory error when running with JIT). 1149 (Dmitry) 1150 . Fixed bug #80480 (Segmentation fault with JIT enabled). (Dmitry) 1151 . Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)). 1152 (Dmitry) 1153 1154- OpenSSL: 1155 . Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to 1156 lack of OCB support). (Nikita) 1157 1158- PDO MySQL: 1159 . Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries). 1160 (Kamil Tekiela) 1161 . Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared 1162 statements). (Nikita) 1163 . Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands). 1164 (Nikita) 1165 . Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object 1166 is unset()). (Nikita) 1167 . Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered 1168 queries"). (Nikita) 1169 . Fixed bug #71145 (Multiple statements in init command triggers unbuffered 1170 query error). (Nikita) 1171 . Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a 1172 PROCEDURE resultset SIGNAL). (Nikita) 1173 . Fixed bug #79872 (Can't execute query with pending result sets). (Nikita) 1174 . Fixed bug #79131 (PDO does not throw an exception when parameter values are 1175 missing). (Nikita) 1176 . Fixed bug #72368 (PdoStatement->execute() fails but does not throw an 1177 exception). (Nikita) 1178 . Fixed bug #62889 (LOAD DATA INFILE broken). (Nikita) 1179 . Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents 1180 releasing resultset). (Nikita) 1181 . Fixed bug #79132 (PDO re-uses parameter values from earlier calls to 1182 execute()). (Nikita) 1183 1184- Phar: 1185 . Fixed bug #73809 (Phar Zip parse crash - mmap fail). (cmb) 1186 . Fixed bug #75102 (`PharData` says invalid checksum for valid tar). (cmb) 1187 . Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow). 1188 (cmb) 1189 1190- Phpdbg: 1191 . Fixed bug #76813 (Access violation near NULL on source operand). (cmb) 1192 1193- SPL: 1194 . Fixed #62004 (SplFileObject: fgets after seek returns wrong line). (cmb) 1195 1196- Standard: 1197 . Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). 1198 (CVE-2020-7071) (cmb) 1199 . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb) 1200 1201- Tidy: 1202 . Fixed bug #77594 (ob_tidyhandler is never reset). (cmb) 1203 1204- Tokenizer: 1205 . Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails). 1206 (Nikita) 1207 1208- XML: 1209 . XmlParser opaque object renamed to XMLParser for consistency with other XML objects. (girgias) 1210 1211- Zlib: 1212 . Fixed #48725 (Support for flushing in zlib stream). (cmb) 1213 121426 Nov 2020, PHP 8.0.0 1215 1216- BZ2: 1217 . Fixed bug #71263 (fread() does not report bzip2.decompress errors). (cmb) 1218 1219- CLI: 1220 . Allow debug server binding to an ephemeral port via `-S localhost:0`. (Sara) 1221 1222- COM: 1223 . Fixed bug #55847 (DOTNET .NET 4.0 GAC new location). (cmb) 1224 . Fixed bug #62474 (com_event_sink crashes on certain arguments). (cmb) 1225 1226- Calendar: 1227 . Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing). 1228 (Andy Postnikov) 1229 1230- Core: 1231 . Fixed bug #36365 (scandir duplicates file name at every 65535th file). 1232 (cmb) 1233 . Fixed bug #49555 (Fatal error "Function must be a string" message should be 1234 renamed). (Nikita) 1235 . Fixed bug #62294 (register_shutdown_function() does not correctly handle 1236 exit code). (Nikita) 1237 . Fixed bug #62609 (Allow implementing Traversable on abstract classes). 1238 (Nikita) 1239 . Fixed bug #65274 (Enhance undefined class constant error with class name). 1240 (Nikita) 1241 . Fixed bug #65275 (Calling exit() in a shutdown function does not change the 1242 exit value in CLI). (Nikita) 1243 . Fixed bug #69084 (Unclear error message when not implementing a renamed 1244 abstract trait function). (Nikita) 1245 . Fixed bug #70839 (Converting optional argument to variadic forbidden by LSP 1246 checks). (Nikita) 1247 . Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()). 1248 (cmb) 1249 . Fixed bug #77561 (Shebang line not stripped for non-primary script). 1250 (Nikita) 1251 . Fixed bug #77619 (Wrong reflection on MultipleIterator::__construct). 1252 (Fabien Villepinte) 1253 . Fixed bug #77966 (Cannot alias a method named "namespace"). (Nikita) 1254 . Fixed bug #78236 (convert error on receiving variables when duplicate [). 1255 (cmb) 1256 . Fixed bug #78770 (Incorrect callability check inside internal methods). 1257 (Nikita) 1258 . Fixed bug #79108 (Referencing argument in a function makes it a reference 1259 in the stack trace). (Nikita) 1260 . Fixed bug #79368 ("Unexpected end of file" is not an acceptable error 1261 message). (Alex Dowad) 1262 . Fixed bug #79462 (method_exists and property_exists incoherent behavior). 1263 (cmb) 1264 . Fixed bug #79467 (data:// wrappers are writable). (cmb) 1265 . Fixed bug #79521 (Check __set_state structure). (carusogabriel) 1266 . Fixed bug #79790 ("Illegal offset type" exception during AST evaluation 1267 not handled properly). (Nikita) 1268 . Fixed bug #79791 (Assertion failure when unsetting variable during binary 1269 op). (Nikita) 1270 . Fixed bug #79828 (Segfault when trying to access non-existing variable). 1271 (Nikita) 1272 . Fixed bug #79841 (Syntax error in configure / unescaped "[]" in php.m4). 1273 (Nikita) 1274 . Fixed bug #79852 (count(DOMNodeList) doesn't match 1275 count(IteratorIterator(DOMNodeList))). (Nikita) 1276 . Fixed bug #79867 (Promoted untyped properties should get null default 1277 value). (Nikita) 1278 . Fixed bug #79897 (Promoted constructor params with attribs cause crash). 1279 (Deus Kane) 1280 . Fixed bug #79927 (Generator doesn't throw exception after multiple yield 1281 from iterable). (Nikita) 1282 . Fixed bug #79946 (Build fails due to undeclared UINT32_C). (Nikita) 1283 . Fixed bug #79948 (Exit in auto-prepended file does not abort PHP execution). 1284 (Nikita) 1285 . Fixed bug #80045 (memleak after two set_exception_handler calls with 1286 __call). (Nikita) 1287 . Fixed bug #80096 (Segmentation fault with named arguments in nested call). 1288 (Nikita) 1289 . Fixed bug #80109 (Cannot skip arguments when extended debug is enabled). 1290 (Nikita) 1291 . Fixed bug #80225 (broken namespace usage in eval code). (Nikita) 1292 . Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors). 1293 (cmb) 1294 . Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date). 1295 (cmb) 1296 . Fixed bug #80334 (assert() vs named parameters - confusing error). (Nikita) 1297 . Fixed bug #80055 (Abstract trait methods returning "self" cannot be 1298 fulfilled by traits). (Nikita) 1299 . Fixed faulty generator cleanup with yield from. (Bob) 1300 . Implement #[Attr] Attribute syntax as per final vote in RFC 1301 https://wiki.php.net/rfc/shorter_attribute_syntax_change 1302 . Implemented FR #47074 (phpinfo() reports "On" as 1 for the some 1303 extensions). (cmb) 1304 . Implemented FR #72089 (require() throws fatal error instead of exception). 1305 (Nikita) 1306 . Removed the pdo_odbc.db2_instance_name php.ini directive. (Kalle) 1307 . Use SSE2 instructions do locale independent strtolower. (Laruence) 1308 1309- Curl: 1310 . Bumped required libcurl version to 7.29.0. (cmb) 1311 . Fixed bug #80121 (Null pointer deref if CurlHandle directly instantiated). 1312 (Nikita) 1313 1314- DOM: 1315 . Add property DOMXPath::$registerNodeNamespaces and constructor argument 1316 that allow global flag to configure query() or evaluate() calls. 1317 . Fixed bug #79968 (DOMChildNode API crash on unattached nodes). (Benjamin) 1318 . Fixed bug #80268 (loadHTML() truncates at NUL bytes). (cmb) 1319 1320- Date: 1321 . Fixed bug #60302 (DateTime::createFromFormat should new static(), not new 1322 self()). (Derick) 1323 . Fixed bug #65547 (Default value for sunrise/sunset zenith still wrong). 1324 (cmb) 1325 . Fixed bug #69044 (discrepancy between time and microtime). (krakjoe) 1326 . Fixed bug #80057 (DateTimeImmutable::createFromFormat() does not populate 1327 time). (Derick) 1328 . Implemented FR #79903 (datetime: new format "p", same as "P" but returning 1329 "Z" for UTC). (gharlan) 1330 1331- Enchant: 1332 . Add LIBENCHANT_VERSION macro. 1333 . Add enchant_dict_add and enchant_dict_is_added functions. 1334 . Deprecate enchant_broker_set_dict_path, enchant_broker_get_dict_path, 1335 enchant_dict_add_to_personal and enchant_dict_is_in_session. 1336 . Use libenchant-2 when available. 1337 1338- FFI: 1339 . Added FFI\CType::getName() method. (chopins) 1340 . Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback). 1341 (cmb, Dmitry, Nikita) 1342 . Fixed bug #79749 (Converting FFI instances to bool fails). (cmb) 1343 1344- FPM: 1345 . Add pm.status_listen option. (Jakub Zelenka) 1346 1347- Fileinfo: 1348 . Upgrade to libmagic 5.39. (Anatol) 1349 1350- GD: 1351 . Added imagegetinterpolation(). (cmb) 1352 . Fixed bug #55005 (imagepolygon num_points requirement). (cmb) 1353 . Made the $num_points parameter of php_imagepolygon optional. (cmb) 1354 . Removed deprecated image2wbmp(). (cmb) 1355 . Removed deprecated png2wbmp() and jpeg2wbmp(). (cmb) 1356 . Replaced gd resources with objects. (Mark Randall) 1357 1358- IMAP: 1359 . Fixed bug #64076 (imap_sort() does not return FALSE on failure). (cmb) 1360 . Fixed bug #76618 (segfault on imap_reopen). (girgias) 1361 . Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies). (cmb) 1362 . Fixed bug #80215 (imap_mail_compose() may modify by-val parameters). (cmb) 1363 . Fixed bug #80216 (imap_mail_compose() does not validate types/encodings). 1364 (cmb) 1365 . Fixed bug #80220 (imap_mail_compose() may leak memory). (cmb) 1366 . Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies). 1367 (cmb) 1368 . Fixed bug #80226 (imap_sort() leaks sortpgm memory). (cmb) 1369 . Fixed bug #80239 (imap_rfc822_write_address() leaks memory). (cmb) 1370 . Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822). 1371 (cmb) 1372 . Fixed minor regression caused by fixing bug #80220. (cmb) 1373 1374- Iconv: 1375 . Dropped support for iconv without proper errno setting. (cmb) 1376 1377- Intl: 1378 . Removed deprecated INTL_IDNA_VARIANT_2003. (cmb) 1379 1380- JIT: 1381 . Fixed bug #77857 (Wrong result if executed with JIT). (Laruence) 1382 . Fixed bug #79255 (PHP cannot be compiled with enable JIT). 1383 (Laruence, Dmitry) 1384 . Fixed bug #79582 (Crash seen when opcache.jit=1235 and 1385 opcache.jit_debug=2). (Laruence) 1386 . Fixed bug #79743 (Fatal error when assigning to array property 1387 with JIT enabled). (Laruence) 1388 . Fixed bug #79864 (JIT segfault in Symfony OptionsResolver). (Dmitry) 1389 . Fixed bug #79888 (Incorrect execution with JIT enabled). (Dmitry) 1390 1391- JSON: 1392 . The JSON extension is now an integral part of PHP and cannot be disabled 1393 as per RFC: https://wiki.php.net/rfc/always_enable_json (tandre) 1394 1395- LDAP: 1396 . Fixed memory leaks. (ptomulik) 1397 . Removed deprecated ldap_sort. (mcmic) 1398 1399- MBString: 1400 . Fixed bug #76999 (mb_regex_set_options() return current options). (cmb) 1401 . Removed the unused $is_hex parameter from mb_decode_numericentity(). (cmb) 1402 1403- MySQLi: 1404 . Fixed bug #76809 (SSL settings aren't respected when persistent connections 1405 are used). (fabiomsouto) 1406 1407- Mysqlnd: 1408 . Fixed #60594 (mysqlnd exposes 160 lines of stats in phpinfo). (PeeHaa) 1409 1410- OCI8: 1411 . Deprecated old OCI8 function aliases. (Jens de Nies) 1412 . Modernized oci_register_taf_callback() callable argument parsing 1413 implementation. (girgias) 1414 . Removed obsolete no-op function oci_internal_debug(). (Jens de Nies) 1415 1416- ODBC: 1417 . Fixed bug #22986 (odbc_connect() may reuse persistent connection). (cmb) 1418 . Fixed bug #44618 (Fetching may rely on uninitialized data). (cmb) 1419 1420- Opcache: 1421 . Fixed bug #76535 (Opcache does not replay compile-time warnings). (Nikita) 1422 . Fixed bug #78654 (Incorrectly computed opcache checksum on files with 1423 non-ascii characters). (mhagstrand) 1424 . Fixed bug #79665 (ini_get() and opcache_get_configuration() inconsistency). 1425 (cmb) 1426 . Fixed bug #80030 (Optimizer segfault with isset on static property with 1427 undef dynamic class name). (Nikita) 1428 . Fixed bug #80175 (PHP8 RC1 - JIT Buffer not working). (cmb) 1429 . Fixed bug #80184 (Complex expression in while / if statements resolves to 1430 false incorrectly). (Nikita) 1431 . Fixed bug #80255 (Opcache bug (bad condition result) in 8.0.0rc1). (Nikita) 1432 . Fixed run-time binding of preloaded dynamically declared function. (Dmitry) 1433 1434- OpenSSL: 1435 . Added Cryptographic Message Syntax (CMS) support. (Eliot Lear) 1436 1437- PCRE: 1438 . Don't ignore invalid escape sequences. (sjon) 1439 . Updated to PCRE2 10.35. (cmb) 1440 1441- PDO: 1442 . Changed default PDO error mode to exceptions. (AllenJB) 1443 . Fixed bug #77849 (Disable cloning of PDO handle/connection objects). 1444 (camporter) 1445 1446- PDO_Firebird: 1447 . Fixed bug #64937 (Firebird PDO preprocessing sql). (Simonov Denis) 1448 1449- PDO_OCI: 1450 . Added support for setting and getting the oracle OCI 18c call timeout. 1451 (camporter) 1452 1453- PDO_PGSQL: 1454 . Bumped required libpq version to 9.1. (cmb) 1455 1456- PGSQL: 1457 . Bumped required libpq version to 9.1. (cmb) 1458 1459- Phpdbg: 1460 . Fixed bug #76596 (phpdbg support for display_errors=stderr). (kabel) 1461 . Fixed bug #76801 (too many open files). (alekitto) 1462 . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints). 1463 (krakjoe) 1464 . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe) 1465 1466- Reflection: 1467 . Fixed bug #64592 (ReflectionClass::getMethods() returns methods out of 1468 scope). (Nikita) 1469 . Fixed bug #69180 (Reflection does not honor trait conflict resolution / 1470 method aliasing). (Nikita) 1471 . Fixed bug #74939 (Nested traits' aliased methods are lowercased). (Nikita) 1472 . Fixed bug #77325 (ReflectionClassConstant::$class returns wrong class when 1473 extending). (Nikita) 1474 . Fixed bug #78697 (ReflectionClass::implementsInterface - inaccurate error 1475 message with traits). (villfa) 1476 . Fixed bug #80190 (ReflectionMethod::getReturnType() does not handle static 1477 as part of union type). (Nikita) 1478 . Fixed bug #80299 (ReflectionFunction->invokeArgs confused in arguments). 1479 (Nikita) 1480 . Fixed bug #80370 (getAttributes segfault on dynamic properties). (Benjamin 1481 Eberlei) 1482 . Implement #79628 (Add $filter parameter for ReflectionClass::getConstants 1483 and ReflectionClass::getReflectionConstants) (carusogabriel) 1484 . Implement ReflectionProperty::hasDefaultValue and 1485 Reflection::getDefaultValue (beberlei) 1486 1487- SNMP: 1488 . Fixed bug #70461 (disable md5 code when it is not supported in net-snmp). 1489 (Alexander Bergmann, cmb) 1490 1491- SPL: 1492 . Fixed bug #65006 (spl_autoload_register fails with multiple callables using 1493 self, same method). (Nikita) 1494 . Fixed bug #65387 (Circular references in SPL iterators are not garbage 1495 collected). (Nikita) 1496 . Fixed bug #71236 (Second call of spl_autoload_register() does nothing if it 1497 has no arguments). (Nikita) 1498 . Fixed bug #79987 (Memory leak in SplFileInfo because of missing 1499 zend_restore_error_handling()). (Dmitry) 1500 . SplFixedArray is now IteratorAggregate rather than Iterator. (alexdowad) 1501 1502- SQLite3: 1503 . Added SQLite3::setAuthorizer() and respective class constants. (bohwaz) 1504 1505- Session: 1506 . Fixed bug #73529 (session_decode() silently fails on wrong input). (cmb) 1507 . Fixed bug #78624 (session_gc return value for user defined session 1508 handlers). (bshaffer) 1509 1510- Shmop: 1511 . Converted shmop resources to objects. (cmb) 1512 1513- SimpleXML: 1514 . Fixed bug #63575 (Root elements are not properly cloned). (cmb) 1515 . Fixed bug #75245 (Don't set content of elements with only whitespaces). 1516 (eriklundin) 1517 1518- Sodium: 1519 . Fixed bug #77646 (sign_detached() strings not terminated). (Frank) 1520 1521- Standard: 1522 . Don't force rebuild of symbol table, when populating $http_response_header 1523 variable by the HTTP stream wrapper. (Dmitry) 1524 . Fixed bug #47983 (mixed LF and CRLF line endings in mail()). (cmb) 1525 . Fixed bug #64060 (lstat_stat_variation7.phpt fails on certain file systems). 1526 (M. Voelker, cmb) 1527 . Fixed bug #75902 (str_replace should warn when misused with nested arrays). 1528 (Nikita) 1529 . Fixed bug #76859 (stream_get_line skips data if used with data-generating 1530 filter). (kkopachev) 1531 . Fixed bug #77204 (getimagesize(): Read error! should mention file path). 1532 (peter279k) 1533 . Fixed bug #78385 (parse_url() does not include 'query' when question mark 1534 is the last char). (Islam Israfilov) 1535 . Fixed bug #79868 (Sorting with array_unique gives unwanted result). (Nikita) 1536 . Fixed bug #80256 (file_get_contents strip first line with chunked encoding 1537 redirect). (Nikita) 1538 . Fixed bug #80266 (parse_url silently drops port number 0). (cmb, Nikita) 1539 . Fixed bug #80290 (Double free when ASSERT_CALLBACK is used with a dynamic 1540 message). (Nikita) 1541 . Implemented FR #78638 (__PHP_Incomplete_Class should be final). (Laruence) 1542 . Made quoting of cmd execution functions consistent. (cmb) 1543 1544- Tidy: 1545 . Removed the unused $use_include_path parameter from tidy_repair_string(). 1546 (cmb) 1547 1548- Tokenizer: 1549 . Fixed bug #80328 (PhpToken::getAll() confusing name). (Nikita) 1550 1551- XML: 1552 . Fixed bug #76874 (xml_parser_free() should never leak memory). (Nikita) 1553 1554- XMLWriter: 1555 . Changed functions to accept/return XMLWriter objects instead of resources. 1556 (cmb) 1557 . Implemented FR #79344 (xmlwriter_write_attribute_ns: $prefix should be 1558 nullable). (cmb) 1559 . Removed return types from XMLWriter stubs. (cmb) 1560 1561- Zip: 1562 . Add "flags" options to ZipArchive::addGlob and addPattern methods 1563 keeping previous behavior having FL_OVERWRITE by default. (Remi) 1564 . Add ZipArchive::EM_UNKNOWN and ZipArchive::EM_TRAD_PKWARE constants. (Remi) 1565 . Add ZipArchive::isCompressionMethodSupported() and 1566 ZipArchive::isEncryptionMethodSupported() method (libzip 1.7.0). (Remi) 1567 . Add ZipArchive::replaceFile() method. (Remi) 1568 . Add ZipArchive::setCancelCallback method (since libzip 1.6.0). (Remi) 1569 . Add ZipArchive::setMtimeName and ZipArchive::setMtimeIndex methods. (Remi) 1570 . Add ZipArchive::setProgressCallback method (since libzip 1.3.0). (Remi) 1571 . Add lastId property to ZipArchive. (Remi) 1572 . Add optional "flags" parameter to ZipArchive::addEmptyDir, addFile and 1573 addFromString methods. (Remi) 1574 . Fixed bug #50678 (files extracted by ZipArchive class lost their 1575 original modified time). (Remi) 1576 . Fixed bug #72374 (remove_path strips first char of filename). (tyage, Remi) 1577 . Implemented FR #77960 (add compression / encryption options for 1578 ZipArchive::addGlob and ZipArchive::addPattern). (Remi) 1579 . ZipArchive::status and ZipArchive::statusSys properties and 1580 ZipArchive::getStatusString() method stay valid after the archive 1581 is closed. (Remi) 1582 1583- Zlib: 1584 . Fixed bug #71417 (fread() does not report zlib.inflate errors). (cmb) 1585 . Fixed bug #78792 (zlib.output_compression disabled by Content-Type: image/). 1586 (cmb) 1587