xref: /PHP-8.0/NEWS (revision 670052c4)
1PHP                                                                        NEWS
2|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3
403 Aug 2023, PHP 8.0.30
5
6- Libxml:
7  . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
8    in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)
9
10- Phar:
11  . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
12    (CVE-2023-3824) (nielsdos)
13
1408 Jun 2023, PHP 8.0.29
15
16- Soap:
17  . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
18    bytes in HTTP Digest authentication for SOAP).
19    (CVE-2023-3247) (nielsdos, timwolla)
20
2114 Feb 2023, PHP 8.0.28
22
23- Core:
24  . Fixed bug #81744 (Password_verify() always return true with some hash).
25    (CVE-2023-0567). (Tim Düsterhus)
26  . Fixed bug #81746 (1-byte array overrun in common path resolve code).
27    (CVE-2023-0568). (Niels Dossche)
28
29- SAPI:
30  . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
31    request body). (CVE-2023-0662) (Jakub Zelenka)
32
3305 Jan 2023, PHP 8.0.27
34
35- PDO/SQLite:
36  . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
37    (cmb)
38
3924 Nov 2022, PHP 8.0.26
40
41- CLI:
42  . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)
43
44- Core:
45  . Fixed bug GH-9752 (Generator crashes when interrupted during argument
46    evaluation with extra named params). (Arnaud)
47  . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
48    initialization). (Arnaud)
49  . Fixed potential NULL pointer dereference in Windows shm*() functions. (cmb)
50  . Fixed bug GH-9750 (Generator memory leak when interrupted during argument
51    evaluation. (Arnaud)
52
53- Date:
54  . Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if
55    the argument is an offset larger than 100*60 minutes). (Derick)
56
57- FPM:
58  . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running
59    php-fpm 8.1.11). (Jakub Zelenka)
60  . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
61    #66694). (Petr Sumbera)
62
63- mysqli:
64  . Fixed bug GH-9841 (mysqli_query throws warning despite using
65    silenced error mode). (Kamil Tekiela)
66
67- OpenSSL:
68  . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does
69    not build). (Jakub Zelenka, fsbruva)
70
71- SOAP:
72  . Fixed GH-9720 (Null pointer dereference while serializing the response).
73    (cmb)
74
7527 Oct 2022, PHP 8.0.25
76
77- GD:
78  . Fixed bug #81739: OOB read due to insufficient input validation in
79    imageloadfont(). (CVE-2022-31630) (cmb)
80
81- Hash:
82  . Fixed bug #81738: buffer overflow in hash_update() on long parameter.
83    (CVE-2022-37454) (nicky at mouha dot be)
84
85- Session:
86  . Fixed bug GH-9583 (session_create_id() fails with user defined save handler
87    that doesn't have a validateId() method). (Girgias)
88
89- Streams:
90  . Fixed bug GH-9590 (stream_select does not abort upon exception or empty
91    valid fd set). (Arnaud)
92
9329 Sep 2022, PHP 8.0.24
94
95- Core:
96  . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
97    (Tim Starling)
98  . Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb,
99    Christian Schneider)
100  . Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static
101    type). (ilutov)
102  . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones
103    that have a specific semantic meaning. (CVE-2022-31629). (Derick)
104
105- DOM:
106  . Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
107    (Nathan Freeman)
108
109- FPM:
110  . Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to
111    error_log after daemon reload). (Dmitry Menshikov)
112  . Fixed bug #77780 ("Headers already sent..." when previous connection was
113    aborted). (Jakub Zelenka)
114
115- GMP
116  . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed
117    to gmp_init()). (Girgias)
118
119- Intl
120  . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
121    (Girgias)
122
123- PDO_PGSQL:
124  . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
125    (Yurunsoft)
126
127- Phar:
128  . Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
129    (CVE-2022-31628). (cmb)
130
131- Reflection:
132  . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called
133    class of a Closure). (cmb, Nicolas Grekas)
134  . Fixed bug GH-9409 (Private method is incorrectly dumped as "overwrites").
135    (ilutov)
136
137- Streams:
138  . Fixed bug GH-9316 ($http_response_header is wrong for long status line).
139    (cmb, timwolla)
140
14101 Sep 2022, PHP 8.0.23
142
143- Core:
144  . Fixed incorrect double to long casting in latest clang. (zeriyoshi)
145
146- DBA:
147  . Fixed LMDB driver memory leak on DB creation failure (Girgias)
148  . Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults).
149    (cmb)
150
151- Intl:
152  . Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter)
153
154- OPcache:
155  . Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
156    (cmb)
157
158- OpenSSL:
159  . Fixed bug GH-9339 (OpenSSL oid_file path check warning contains
160    uninitialized path). (Jakub Zelenka)
161
162- PDO_SQLite:
163  . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
164
165- SQLite3:
166  . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
167
168- Standard:
169  . Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
170    (Heiko Weber)
171
172- Streams:
173  . Fixed bug GH-8472 (The resource returned by stream_socket_accept may have
174    incorrect metadata). (Jakub Zelenka)
175  . Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections
176    hanging). (Jakub Zelenka, Twosee)
177
17804 Aug 2022, PHP 8.0.22
179
180- CLI:
181  . Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS
182    environment variable. (yiyuaner)
183
184- Core:
185  . Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb)
186  . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
187    (Tobias Bachert)
188
189- Date:
190  . Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
191    (Derick)
192
193- DBA:
194  . Fixed LMDB driver hanging when attempting to delete a non-existing key
195    (Girgias)
196
197- FPM:
198  . Fixed zlog message prepend, free on incorrect address. (Heiko Weber)
199  . Fixed possible double free on configuration loading failure. (Heiko Weber).
200
201- GD:
202  . Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
203    (cmb)
204
205- Intl:
206  . Fixed build for ICU 69.x and onwards. (David Carlier)
207
208- OPcache:
209  . Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php
210    syntaxe of a valid file). (Dmitry)
211
212- Standard:
213  . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
214  . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
215
21607 Jul 2022, PHP 8.0.21
217
218- Core:
219  . Fixed potential use after free in php_binary_init(). (Heiko Weber)
220
221- CLI:
222  . Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)
223
224- COM:
225  . Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
226    (cmb)
227
228- Curl:
229  . Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)
230
231- Date:
232  . Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick)
233  . Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
234    (Derick)
235  . Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
236    (Derick)
237
238- FPM:
239  . Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka)
240
241- MBString:
242  . Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
243
244- ODBC:
245  . Fixed handling of single-key connection strings. (Calvin Buckley)
246
247- OpenSSL:
248  . Fixed bug #50293 (Several openssl functions ignore the VCWD).
249    (Jakub Zelenka, cmb)
250  . Fixed bug #81713 (NULL byte injection in several OpenSSL functions working
251    with certificates). (Jakub Zelenka)
252
253- PDO_ODBC:
254  . Fixed errorInfo() result on successful PDOStatement->execute(). (Yurunsoft)
255  . Fixed handling of single-key connection strings. (Calvin Buckley)
256
257- Zip:
258  . Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat
259    cache). (Remi)
260
26109 Jun 2022, PHP 8.0.20
262
263- CLI:
264  . Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)
265
266- Core:
267  . Fixed Haiku ZTS builds. (David Carlier)
268
269- Date:
270  . Fixed bug #72963 (Null-byte injection in CreateFromFormat and related
271    functions). (Derick)
272  . Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable
273    DateTime instances created using reflection). (Derick)
274
275- FPM:
276  . Fixed ACL build check on MacOS. (David Carlier)
277  . Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
278    (Jakub Zelenka, loveharmful)
279  . Fixes use after free. (Heiko Weber).
280
281- Mysqlnd:
282  . Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
283    (c dot fol at ambionics dot io)
284
285- OPcache:
286  . Fixed bug GH-8466 (ini_get() is optimized out when the option does not
287    exist). (Arnaud)
288
289- Pgsql:
290  . Fixed bug #81720: Uninitialized array in pg_query_params().
291    (CVE-2022-31625) (cmb)
292
293- Pcntl:
294  . Fixed Haiku build. (David Carlier)
295
296- Soap:
297  . Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
298    (robertnisipeanu)
299  . Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)
300
301- SPL:
302  . Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)
303
304- Zip:
305  . Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger)
306
30712 May 2022, PHP 8.0.19
308
309- Core:
310  . Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are
311    not rethrown into the generator). (Bob)
312
313- Date:
314  . Fixed bug GH-7979 (DatePeriod iterator advances when checking if valid).
315    (Derick, Cody Mann)
316
317- FFI:
318  . Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
319    (Bob)
320
321- FPM:
322  . Fixed bug #76003 (FPM /status reports wrong number of active processe).
323    (Jakub Zelenka)
324  . Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka)
325  . Fixed comment in kqueue remove callback log message. (David Carlier)
326
327- Iconv:
328  . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
329    (cmb)
330
331- Intl:
332  . Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb)
333
334- MySQLi:
335  . Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
336    (cmb)
337
338- SPL:
339  . Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
340    (cmb)
341  . Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias)
342
343- Streams:
344  . Fixed php://temp does not preserve file-position when switched to temporary
345    file. (Bernd Holzmüller)
346
347- zlib:
348  . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
349    (cmb)
350
35114 Apr 2022, PHP 8.0.18
352
353- Core:
354  . Fixed freeing of internal attribute arguments. (Bob)
355  . Fixed bug GH-8070 (memory leak of internal function attribute hash).
356    (Tim Düsterhus)
357  . Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
358  . Fixed potential race condition during resource ID allocation. (ryancaicse)
359
360- Filter:
361  . Fixed signedness confusion in php_filter_validate_domain(). (cmb)
362
363- Hash:
364  . Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb)
365
366- Intl:
367  . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
368
369- MBString:
370  . Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
371    (cmb)
372
373- MySQLi:
374  . Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
375    (cmb)
376
377- Pcntl:
378  . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
379
380- PgSQL:
381  . Fixed result_type related stack corruption on LLP64 architectures. (cmb)
382  . Fixed bug GH-8253 (pg_insert() fails for references). (cmb)
383
384- Sockets:
385  . Fixed Solaris builds. (David Carlier)
386  . Fix undefined behavior in php_set_inet6_addr. (ilutov)
387
388- SPL:
389  . Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
390    (cmb)
391
392- Standard:
393  . Fixed bug GH-8048 (Force macOS to use statfs). (risner)
394
39517 Mar 2022, PHP 8.0.17
396
397- Core:
398  . Fixed Haiku ZTS build. (David Carlier)
399
400- GD:
401  . Fixed libpng warning when loading interlaced images. (Brett)
402
403- FPM:
404  . Fixed bug #76109 (Unsafe access to fpm scoreboard).
405    (Till Backhaus, Jakub Zelenka)
406
407- Iconv:
408  . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
409  . Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb)
410
411- MySQLnd:
412  . Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela)
413
414- OPcache:
415  . Fixed bug GH-8074 (Wrong type inference of range() result). (cmb)
416
417- Reflection:
418  . Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
419    (cmb)
420  . Fixed bug GH-8421 (Closures should accept attributes with
421    Attribute::TARGET_FUNCTION). (ollieread)
422
423- Zlib:
424  . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
425
42617 Feb 2022, PHP 8.0.16
427
428- Core:
429  . Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
430    (beberlei)
431  . Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb)
432
433- FFI:
434  . Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb,
435    dmitry)
436
437- Filter:
438  . Fix #81708: UAF due to php_filter_float() failing for ints.
439    (CVE-2021-21708) (stas)
440
441- FPM:
442  . Fixed memory leak on invalid port. (David Carlier)
443
444- MBString:
445  . Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb)
446
447- MySQLnd:
448  . Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela)
449
450- Sockets:
451  . Fixed ext/sockets build on Haiku. (David Carlier)
452  . Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier)
453
454- Standard:
455  . Fixed bug GH-7875 (mails are sent even if failure to log throws exception).
456    (cmb)
457
45820 Jan 2022, PHP 8.0.15
459
460- Core:
461  . Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner)
462  . Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
463    (cmb)
464
465- Filter:
466  . Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong)
467
468- Hash:
469  . Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
470    (cmb)
471  . Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and
472    hash_file). (cmb)
473
474- MySQLnd:
475  . Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb)
476
477- OCI8:
478  . Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second
479    call). (cmb)
480
481- OPcache:
482  . Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb)
483
484- PDO_PGSQL:
485  . Fixed error message allocation of PDO PgSQL. (SATO Kentaro)
486
487- Sockets:
488  . Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier)
489
490- Spl:
491  . Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr
492    Bystry)
493
49416 Dec 2021, PHP 8.0.14
495
496- Core:
497  . Fixed bug #81582 (Stringable not implicitly declared if __toString() came
498    from a trait). (Nikita)
499  . Fixed bug #81591 (Fatal Error not properly logged in particular cases).
500    (Nikita)
501  . Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to
502    Closure::fromCallable()). (Nikita)
503  . Fixed bug #81631 (::class with dynamic class name may yield wrong line
504    number). (Nikita)
505
506- FPM:
507  . Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
508    (Jakub Zelenka)
509
510- GD:
511  . Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb)
512
513- IMAP:
514  . Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
515    (cmb)
516
517- OpenSSL:
518  . Fixed bug #75725 (./configure: detecting RAND_egd). (Dilyan Palauzov)
519
520- PCRE:
521  . Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry)
522
523- SPL:
524  . Fixed bug #81587 (MultipleIterator Segmentation fault w/ SimpleXMLElement
525    attached). (Nikita)
526
527- Standard:
528  . Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
529    (fsbruva)
530  . Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
531    (cmb)
532
53318 Nov 2021, PHP 8.0.13
534
535- Core:
536  . Fixed bug #81518 (Header injection via default_mimetype / default_charset).
537    (cmb)
538
539- Date:
540  . Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
541    (cmb)
542
543- DBA:
544  . Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias)
545
546- MBString:
547  . Fixed bug #76167 (mbstring may use pointer from some previous request).
548    (cmb, cataphract)
549
550- Opcache:
551  . Fixed bug #81512 (Unexpected behavior with arrays and JIT). (Dmitry)
552  . Fixed bug #81652 (The value of error_reporting() gets overridden). (Nikita)
553
554- PCRE:
555  . Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb)
556
557- XML:
558  . Fixed bug #79971 (special character is breaking the path in xml function).
559    (CVE-2021-21707) (cmb)
560
561- XMLReader:
562  . Fixed bug #81521 (XMLReader::getParserProperty may throw with a valid
563    property). (Nikita)
564
56521 Oct 2021, PHP 8.0.12
566
567- CLI:
568  . Fixed bug #81496 (Server logs incorrect request method). (lauri)
569
570- Core:
571  . Fixed bug #81435 (Observer current_observed_frame may point to an old
572    (overwritten) frame). (Bob)
573  . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
574
575- DOM:
576  . Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
577    (Viktor Volkov)
578
579- FFI:
580  . Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
581    defined). (Dmitry)
582
583- Fileinfo:
584  . Fixed bug #78987 (High memory usage during encoding detection). (Anatol)
585
586- Filter:
587  . Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
588    (cmb, Nikita)
589
590- FPM:
591  . Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
592    escalation) (CVE-2021-21703). (Jakub Zelenka)
593
594- Opcache:
595  . Fixed bug #81472 (Cannot support large linux major/minor device number when
596    read /proc/self/maps). (Lin Yang)
597
598- Reflection:
599  . ReflectionAttribute is no longer final. (sasezaki)
600
601- SPL:
602  . Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
603    (cmb, Nikita, Tyson Andre)
604  . Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb)
605
606- Standard:
607  . Fixed bug #69751 (Change Error message of sprintf/printf for missing/typo
608    position specifier). (Aliaksandr Bystry)
609
610- Streams:
611  . Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
612    (cmb)
613
614- XML:
615  . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
616    (Aliaksandr Bystry, cmb)
617
618- Zip:
619  . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
620  . Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)
621
62223 Sep 2021, PHP 8.0.11
623
624- Core:
625  . Fixed bug #81302 (Stream position after stream filter removed). (cmb)
626  . Fixed bug #81346 (Non-seekable streams don't update position after write).
627    (cmb)
628  . Fixed bug #73122 (Integer Overflow when concatenating strings). (cmb)
629
630-GD:
631  . Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
632    (cmb)
633
634- Opcache:
635  . Fixed bug #81353 (segfault with preloading and statically bound closure).
636    (Nikita)
637
638- Shmop:
639  . Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb)
640
641- Standard:
642  . Fixed bug #71542 (disk_total_space does not work with relative paths). (cmb)
643  . Fixed bug #81400 (Unterminated string in dns_get_record() results). (cmb)
644
645- SysVMsg:
646  . Fixed bug #78819 (Heap Overflow in msg_send). (cmb)
647
648- XML:
649  . Fixed bug #81351 (xml_parse may fail, but has no error code). (cmb, Nikita)
650
651- Zip:
652  . Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi)
653  . Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).
654    (CVE-2021-21706) (cmb)
655
65626 Aug 2021, PHP 8.0.10
657
658- Core:
659  . Fixed bug #72595 (php_output_handler_append illegal write access). (cmb)
660  . Fixed bug #66719 (Weird behaviour when using get_called_class() with
661    call_user_func()). (Nikita)
662  . Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
663    (cmb)
664
665- BCMath:
666  . Fixed bug #78238 (BCMath returns "-0"). (cmb)
667
668- CGI:
669  . Fixed bug #80849 (HTTP Status header truncation). (cmb)
670
671- Date:
672  . Fixed bug #64975 (Error parsing when AM/PM not at the end). (Derick)
673  . Fixed bug #78984 (DateTimeZone accepting invalid UTC timezones). (Derick)
674  . Fixed bug #79580 (date_create_from_format misses leap year). (Derick)
675  . Fixed bug #80409 (DateTime::modify() loses time with 'weekday' parameter).
676    (Derick)
677
678- GD:
679  . Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
680
681- MySQLi:
682  . Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
683    johannes)
684
685- Opcache:
686  . Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
687    (Dmitry)
688  . Fixed bug #81249 (Intermittent property assignment failure with JIT
689    enabled). (Dmitry)
690  . Fixed bug #81206 (Multiple PHP processes crash with JIT enabled). (cmb,
691    Nikita)
692  . Fixed bug #81272 (Segfault in var[] after array_slice with JIT). (Nikita)
693  . Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT). (Dmitry)
694  . Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)
695    (Nikita, Dmitry)
696  . Fixed bug #81226 (Integer overflow behavior is different with JIT
697    enabled). (Dmitry)
698
699- OpenSSL:
700  . Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb)
701
702- PDO_ODBC:
703  . Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL). (cmb)
704
705- Shmop:
706  . Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita)
707
708- SimpleXML:
709  . Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi)
710
711- Standard:
712  . Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
713  . Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
714    (George Dietrich)
715  . Fixed bug #74960 (Heap buffer overflow via str_repeat). (cmb, Dmitry)
716
717- Streams:
718  . Fixed bug #81294 (Segfault when removing a filter). (cmb)
719
72029 Jul 2021, PHP 8.0.9
721
722- Core:
723  . Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
724    (cmb, Nikita)
725  . Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
726    (krakjoe)
727  . Fixed bug #81159 (Object to int warning when using an object as a string
728    offset). (girgias)
729  . Fixed bug #80728 (PHP built-in web server resets timeout when it can kill
730    the process). (Calvin Buckley)
731  . Fixed bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri']).
732    (cmb)
733  . Fixed bug #80173 (Using return value of zend_assign_to_variable() is not
734    safe). (Nikita)
735  . Fixed bug #73226 (--r[fcez] always return zero exit code). (cmb)
736
737- Intl:
738  . Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
739    (cmb)
740  . Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone). (cmb)
741  . Fixed bug #74264 (grapheme_strrpos() broken for negative offsets). (cmb)
742
743- OpenSSL:
744  . Fixed bug #52093 (openssl_csr_sign truncates $serial). (cmb)
745
746- PCRE:
747  . Fixed bug #81101 (PCRE2 10.37 shows unexpected result). (Anatol)
748  . Fixed bug #81243 (Too much memory is allocated for preg_replace()). (cmb)
749
750- Reflection:
751  . Fixed bug #81208 (Segmentation fault while create newInstance from
752    attribute). (Nikita)
753
754- Standard:
755  . Fixed bug #81223 (flock() only locks first byte of file). (cmb)
756
75717 Jun 2021, PHP 8.0.8
758
759- Core:
760  . Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
761    (krakjoe)
762  . Fixed bug #81068 (Double free in realpath_cache_clean()). (Dimitry Andric)
763  . Fixed bug #76359 (open_basedir bypass through adding ".."). (cmb)
764  . Fixed bug #81090 (Typed property performance degradation with .= operator).
765    (Nikita)
766  . Fixed bug #81070 (Integer underflow in memory limit comparison).
767    (Peter van Dommelen)
768  . Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705) (cmb)
769
770- Bzip2:
771  . Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
772    (cmb)
773
774- Fileinfo:
775  . Fixed bug #80197 (implicit declaration of function 'magic_stream' is
776    invalid). (Nikita)
777
778- GMP:
779  . Fixed bug #81119 (GMP operators throw errors with wrong parameter names).
780    (Nikita)
781
782- MySQLnd:
783  . Fixed bug #80761 (PDO uses too much memory). (Nikita)
784
785- OCI8:
786  . Fixed bug #81088 (error in regression test for oci_fetch_object() and
787    oci_fetch_array()). (Máté)
788
789- Opcache:
790  . Fixed bug #81051 (Broken property type handling after incrementing
791    reference). (Dmitry)
792  . Fixed bug #80968 (JIT segfault with return from required file). (Dmitry)
793
794- OpenSSL:
795  . Fixed bug #76694 (native Windows cert verification uses CN as sever name).
796    (cmb)
797
798- PDO_Firebird:
799  . Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
800    (CVE-2021-21704) (cmb)
801  . Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704) (cmb)
802  . Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704) (cmb)
803  . Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob.
804    (CVE-2021-21704) (cmb)
805
806- readline:
807  . Fixed bug #72998 (invalid read in readline completion). (krakjoe)
808
809- Standard:
810  . Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
811    (cmb)
812  . Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
813    (krakjoe)
814
815- Windows:
816  . Fixed bug #81120 (PGO data for main PHP DLL are not used). (cmb)
817
81803 Jun 2021, PHP 8.0.7
819
820- Core:
821  . Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
822    (cmb)
823  . Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
824    (cmb)
825  . Fixed bug #80972 (Memory exhaustion on invalid string offset). (girgias)
826
827- FPM:
828  . Fixed bug #65800 (Events port mechanism). (psumbera)
829
830- FTP:
831  . Fixed bug #80901 (Info leak in ftp extension). (cmb)
832  . Fixed bug #79100 (Wrong FTP error messages). (cmb)
833
834- GD:
835  . Fixed bug #81032 (GD install is affected by external libgd installation).
836    (Flavio Heleno, cmb)
837
838- Intl:
839  . Fixed bug #81019 (Unable to clone NumberFormatter after failed parse()).
840    (Nikita)
841
842- MBString:
843  . Fixed bug #81011 (mb_convert_encoding removes references from arrays). (cmb)
844
845- ODBC:
846  . Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator). (cmb)
847
848- Opcache:
849  . Fixed bug #81007 (JIT "not supported" on 32-bit x86 -- build problem?).
850    (Nikita)
851  . Fixed bug #81015 (Opcache optimization assumes wrong part of ternary
852    operator in if-condition). (Nikita)
853  . Fixed bug #81046 (Literal compaction merges non-equal related literals).
854    (Nikita)
855
856- PDO_MySQL:
857  . Fixed bug #81037 (PDO discards error message text from prepared
858    statement). (Kamil Tekiela)
859
860- PDO_ODBC:
861  . Fixed bug #44643 (bound parameters ignore explicit type definitions). (cmb)
862
863- pgsql:
864  . Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast(). (cmb)
865
866- SPL:
867  . Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
868    (cmb, Nikita)
869
870- XMLReader:
871  . Fixed bug #73246 (XMLReader: encoding length not checked). (cmb)
872
873- Zip:
874  . Fixed bug #80863 (ZipArchive::extractTo() ignores references). (cmb)
875
87606 May 2021, PHP 8.0.6
877
878- PDO_pgsql:
879  . Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"
880    from PHP 8.0.5.
881
88229 Apr 2021, PHP 8.0.5
883
884- Core:
885  . Changed PowerPC CPU registers used by Zend VM to work around GCC bug.
886    Old registers (r28/r29) might be clobbered by _restgpr routine used for
887    return from C function compiled with -Os. (Dmitry)
888
889- DOM:
890  . Fixed bug #66783 (UAF when appending DOMDocument to element). (cmb)
891
892- FFI:
893  . Fixed bug #80847 (CData structs with fields of type struct can't be passed
894    as C function argument). (Nickolas Daniel da Silva, Dmitry)
895
896- FPM:
897  . Fixed bug #80024 (Duplication of info about inherited socket after pool
898    removing). (Jakub Zelenka)
899
900- FTP:
901  . Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open). (cmb, Jakub
902    Zelenka)
903
904- Imap:
905  . Fixed bug #80710 (imap_mail_compose() header injection). (cmb, Stas)
906
907- LibXML:
908  . Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
909
910- Opcache:
911  . Fixed bug #80839 (PHP problem with JIT). (Dmitry)
912  . Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
913    (Dmitry)
914
915- Pcntl:
916  . Fixed bug #79812 (Potential integer overflow in pcntl_exec()). (cmb)
917
918- PDO_ODBC:
919  . Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
920    (cmb)
921
922- PDO_pgsql:
923  . Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
924    (Matteo)
925
926- Session:
927  . Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
928    (cmb)
929
930- SOAP:
931  . Fixed bug #69668 (SOAP special XML characters in namespace URIs not
932    encoded). (cmb)
933
934- Standard:
935  . Fixed bug #80915 (Taking a reference to $_SERVER hides its values from
936    phpinfo()). (Rowan Tommins)
937  . Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
938    (Rowan Tommins)
939
94001 Apr 2021, PHP 8.0.4
941
942- Core:
943  . Fixed bug #75776 (Flushing streams with compression filter is broken). (cmb)
944  . Fixed bug #80811 (Function exec without $output but with $restult_code
945    parameter crashes). (Nikita)
946  . Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space
947    available for static Thread Local Storage). (Dmitry)
948
949- Dba:
950  . Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN). (cmb)
951
952- IMAP:
953  . Fixed bug #80800 (imap_open() fails when the flags parameter includes
954    CL_EXPUNGE). (girgias)
955
956- Intl:
957  . Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
958    (cmb)
959
960- Libxml:
961  . Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers). (cmb)
962
963- MySQLnd:
964  . Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an
965    error). (Kamil Tekiela)
966
967- Opcache:
968  . Fixed bug #80786 (PHP crash using JIT). (Nikita)
969  . Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1). (Dmitry)
970
971- PCRE:
972  . Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has
973    0-width fullstring match). (Kamil Tekiela)
974
975- Session:
976  . Fixed bug #80774 (session_name() problem with backslash). (cmb)
977
978- Standard:
979  . Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI). (cmb)
980  . Fixed bug #78719 (http wrapper silently ignores long Location headers).
981    (cmb)
982  . Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
983    (manuelm)
984
985- Zip:
986  . Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).
987    (cmb)
988
98918 Feb 2021, PHP 8.0.3
990
991- Core:
992  . Fixed #80706 (mail(): Headers after Bcc headers may be ignored). (cmb)
993
994- DOM:
995  . Fixed bug #80600 (DOMChildNode::remove() doesn't work on CharacterData
996    nodes). (beberlei)
997
998- Gettext:
999  . Fixed bug #53251 (bindtextdomain with null dir doesn't return old value).
1000    (cmb)
1001
1002- MySQLnd:
1003  . Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit
1004    null-terminated password). (Daniel Black)
1005  . Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and
1006    MySQL 8.0). (Nikita)
1007
1008- MySQLi:
1009  . Fixed bug #74779 (x() and y() truncating floats to integers). (cmb)
1010
1011- Opcache:
1012  . Fixed bug #80634 (write_property handler of internal classes is skipped on
1013    preloaded JITted code). (Dmitry)
1014  . Fixed bug #80682 (opcache doesn't honour pcre.jit option). (Remi)
1015  . Fixed bug #80742 (Opcache JIT makes some boolean logic unexpectedly be
1016    true). (Dmitry)
1017  . Fixed bug #80745 (JIT produces Assert failure and UNKNOWN:0 var_dumps in
1018    code involving bitshifts). (Dmitry)
1019
1020- OpenSSL:
1021  . Fixed bug #80747 (Providing RSA key size < 512 generates key that crash
1022    PHP). (Nikita)
1023
1024- Phar:
1025  . Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o
1026    semicolon) (cmb)
1027  . Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives). (cmb)
1028  . Fixed bug #53467 (Phar cannot compress large archives). (cmb, lserni)
1029
1030- Socket:
1031  . Fixed bug #80723 (Different sockets compare as equal (regression in 8.0)).
1032    (Nikita)
1033
1034- SPL:
1035  . Fixed bug#80719 (Iterating after failed ArrayObject::setIteratorClass()
1036    causes Segmentation fault). (Nikita)
1037
1038- Standard:
1039  . Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
1040    (cmb)
1041  . Fixed bug #80718 (ext/standard/dl.c fallback code path with syntax error).
1042    (Nikita)
1043
104421 Jan 2021, PHP 8.0.2
1045
1046- Core:
1047  . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita)
1048  . Fixed bug #80384 (filter buffers entire read until file closed). (Adam
1049    Seitz, cmb)
1050  . Fixed bug #80596 (Invalid union type TypeError in anonymous classes).
1051    (Daniil Gentili)
1052  . Fixed bug #80617 (GCC throws warning about type narrowing in
1053    ZEND_TYPE_INIT_CODE). (Nikita)
1054
1055- BCMath:
1056  . Fixed bug #80545 (bcadd('a', 'a') doesn't throw an exception).
1057    (Jens de Nies)
1058
1059- Curl:
1060  . Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request). (cmb)
1061
1062- Date:
1063  . Fixed bug #80376 (last day of the month causes runway cpu usage). (Derick)
1064
1065- DOM:
1066  . Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode
1067    stub). (Nikita)
1068
1069- Filter:
1070  . Fixed bug #80584 (0x and 0X are considered valid hex numbers by
1071    filter_var()). (girgias)
1072
1073- GMP:
1074  . Fixed bug #80560 (Strings containing only a base prefix return 0 object).
1075    (girgias)
1076
1077- Intl:
1078  . Fixed bug #80644 (Missing resource causes subsequent get() calls to fail).
1079    (Nikita)
1080
1081- MySQLi:
1082  . Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to
1083    interpret bit columns). (Nikita)
1084  . Fixed bug #64638 (Fetching resultsets from stored procedure with cursor
1085    fails). (Nikita)
1086  . Fixed bug #72862 (segfault using prepared statements on stored procedures
1087    that use a cursor). (Nikita)
1088  . Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP
1089    with a cursor). (Nikita)
1090
1091- ODBC:
1092  . Fixed bug #80592 (all floats are the same in ODBC parameters). (cmb)
1093
1094- Opcache:
1095  . Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT).
1096    (Dmitry)
1097
1098- PDO_Firebird:
1099  . Fixed bug #80521 (Parameters with underscores no longer recognized). (cmb,
1100    Simonov Denis)
1101
1102- Phar:
1103  . Fixed bug #76929 (zip-based phar does not respect phar.require_hash).
1104    (david at bamsoftware, cmb)
1105  . Fixed bug #77565 (Incorrect locator detection in ZIP-based phars). (cmb)
1106  . Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
1107    (cmb)
1108
1109- Phpdbg:
1110  . Reverted fix for bug #76813 (Access violation near NULL on source operand).
1111    (cmb)
1112
111307 Jan 2021, PHP 8.0.1
1114
1115- Core:
1116  . Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
1117    (cmb)
1118  . Fixed bug #72964 (White space not unfolded for CC/Bcc headers). (cmb)
1119  . Fixed bug #80391 (Iterable not covariant to mixed). (Nikita)
1120  . Fixed bug #80393 (Build of PHP extension fails due to configuration gap
1121    with libtool). (kir dot morozov at gmail dot com)
1122  . Fixed bug #77069 (stream filter loses final block of data). (cmb)
1123
1124- Fileinfo:
1125  . Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT). (cmb)
1126
1127- FPM:
1128  . Fixed bug #69625 (FPM returns 200 status on request without
1129    SCRIPT_FILENAME env). (Jakub Zelenka)
1130
1131- IMAP
1132  . Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8.0.0). (girgias)
1133  . Fix a regression with valid UIDs in imap_savebody() (girgias)
1134  . Make warnings for invalid message numbers/UIDs between functions consistent (girgias)
1135
1136- Intl:
1137  . Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined). (Nikita)
1138
1139- OCI8
1140  . Create Windows DLLs for Oracle Client 19c. (cmb)
1141
1142- Opcache:
1143  . Fixed bug #80404 (Incorrect range inference result when division results
1144    in float). (Nikita)
1145  . Fixed bug #80377 (Opcache misses executor_globals). (Nikita)
1146  . Fixed bug #80433 (Unable to disable the use of the AVX command when using
1147    JIT). (Nikita)
1148  . Fixed bug #80447 (Strange out of memory error when running with JIT).
1149    (Dmitry)
1150  . Fixed bug #80480 (Segmentation fault with JIT enabled). (Dmitry)
1151  . Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
1152    (Dmitry)
1153
1154- OpenSSL:
1155  . Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to
1156    lack of OCB support). (Nikita)
1157
1158- PDO MySQL:
1159  . Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
1160    (Kamil Tekiela)
1161  . Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared
1162    statements). (Nikita)
1163  . Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
1164    (Nikita)
1165  . Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object
1166    is unset()). (Nikita)
1167  . Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered
1168    queries"). (Nikita)
1169  . Fixed bug #71145 (Multiple statements in init command triggers unbuffered
1170    query error). (Nikita)
1171  . Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a
1172    PROCEDURE resultset SIGNAL). (Nikita)
1173  . Fixed bug #79872 (Can't execute query with pending result sets). (Nikita)
1174  . Fixed bug #79131 (PDO does not throw an exception when parameter values are
1175    missing). (Nikita)
1176  . Fixed bug #72368 (PdoStatement->execute() fails but does not throw an
1177    exception). (Nikita)
1178  . Fixed bug #62889 (LOAD DATA INFILE broken). (Nikita)
1179  . Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents
1180    releasing resultset). (Nikita)
1181  . Fixed bug #79132 (PDO re-uses parameter values from earlier calls to
1182    execute()). (Nikita)
1183
1184- Phar:
1185  . Fixed bug #73809 (Phar Zip parse crash - mmap fail). (cmb)
1186  . Fixed bug #75102 (`PharData` says invalid checksum for valid tar). (cmb)
1187  . Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
1188    (cmb)
1189
1190- Phpdbg:
1191  . Fixed bug #76813 (Access violation near NULL on source operand). (cmb)
1192
1193- SPL:
1194  . Fixed #62004 (SplFileObject: fgets after seek returns wrong line). (cmb)
1195
1196- Standard:
1197  . Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo).
1198    (CVE-2020-7071) (cmb)
1199  . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)
1200
1201- Tidy:
1202  . Fixed bug #77594 (ob_tidyhandler is never reset). (cmb)
1203
1204- Tokenizer:
1205  . Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
1206    (Nikita)
1207
1208- XML:
1209  . XmlParser opaque object renamed to XMLParser for consistency with other XML objects. (girgias)
1210
1211- Zlib:
1212  . Fixed #48725 (Support for flushing in zlib stream). (cmb)
1213
121426 Nov 2020, PHP 8.0.0
1215
1216- BZ2:
1217  . Fixed bug #71263 (fread() does not report bzip2.decompress errors). (cmb)
1218
1219- CLI:
1220  . Allow debug server binding to an ephemeral port via `-S localhost:0`. (Sara)
1221
1222- COM:
1223  . Fixed bug #55847 (DOTNET .NET 4.0 GAC new location). (cmb)
1224  . Fixed bug #62474 (com_event_sink crashes on certain arguments). (cmb)
1225
1226- Calendar:
1227  . Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
1228    (Andy Postnikov)
1229
1230- Core:
1231  . Fixed bug #36365 (scandir duplicates file name at every 65535th file).
1232    (cmb)
1233  . Fixed bug #49555 (Fatal error "Function must be a string" message should be
1234    renamed). (Nikita)
1235  . Fixed bug #62294 (register_shutdown_function() does not correctly handle
1236    exit code). (Nikita)
1237  . Fixed bug #62609 (Allow implementing Traversable on abstract classes).
1238    (Nikita)
1239  . Fixed bug #65274 (Enhance undefined class constant error with class name).
1240    (Nikita)
1241  . Fixed bug #65275 (Calling exit() in a shutdown function does not change the
1242    exit value in CLI). (Nikita)
1243  . Fixed bug #69084 (Unclear error message when not implementing a renamed
1244    abstract trait function). (Nikita)
1245  . Fixed bug #70839 (Converting optional argument to variadic forbidden by LSP
1246    checks). (Nikita)
1247  . Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).
1248    (cmb)
1249  . Fixed bug #77561 (Shebang line not stripped for non-primary script).
1250    (Nikita)
1251  . Fixed bug #77619 (Wrong reflection on MultipleIterator::__construct).
1252    (Fabien Villepinte)
1253  . Fixed bug #77966 (Cannot alias a method named "namespace"). (Nikita)
1254  . Fixed bug #78236 (convert error on receiving variables when duplicate [).
1255    (cmb)
1256  . Fixed bug #78770 (Incorrect callability check inside internal methods).
1257    (Nikita)
1258  . Fixed bug #79108 (Referencing argument in a function makes it a reference
1259    in the stack trace). (Nikita)
1260  . Fixed bug #79368 ("Unexpected end of file" is not an acceptable error
1261    message). (Alex Dowad)
1262  . Fixed bug #79462 (method_exists and property_exists incoherent behavior).
1263    (cmb)
1264  . Fixed bug #79467 (data:// wrappers are writable). (cmb)
1265  . Fixed bug #79521 (Check __set_state structure). (carusogabriel)
1266  . Fixed bug #79790 ("Illegal offset type" exception during AST evaluation
1267    not handled properly). (Nikita)
1268  . Fixed bug #79791 (Assertion failure when unsetting variable during binary
1269    op). (Nikita)
1270  . Fixed bug #79828 (Segfault when trying to access non-existing variable).
1271    (Nikita)
1272  . Fixed bug #79841 (Syntax error in configure / unescaped "[]" in php.m4).
1273    (Nikita)
1274  . Fixed bug #79852 (count(DOMNodeList) doesn't match
1275    count(IteratorIterator(DOMNodeList))). (Nikita)
1276  . Fixed bug #79867 (Promoted untyped properties should get null default
1277    value). (Nikita)
1278  . Fixed bug #79897 (Promoted constructor params with attribs cause crash).
1279    (Deus Kane)
1280  . Fixed bug #79927 (Generator doesn't throw exception after multiple yield
1281    from iterable). (Nikita)
1282  . Fixed bug #79946 (Build fails due to undeclared UINT32_C). (Nikita)
1283  . Fixed bug #79948 (Exit in auto-prepended file does not abort PHP execution).
1284    (Nikita)
1285  . Fixed bug #80045 (memleak after two set_exception_handler calls with
1286    __call). (Nikita)
1287  . Fixed bug #80096 (Segmentation fault with named arguments in nested call).
1288    (Nikita)
1289  . Fixed bug #80109 (Cannot skip arguments when extended debug is enabled).
1290    (Nikita)
1291  . Fixed bug #80225 (broken namespace usage in eval code). (Nikita)
1292  . Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
1293    (cmb)
1294  . Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
1295    (cmb)
1296  . Fixed bug #80334 (assert() vs named parameters - confusing error). (Nikita)
1297  . Fixed bug #80055 (Abstract trait methods returning "self" cannot be
1298    fulfilled by traits). (Nikita)
1299  . Fixed faulty generator cleanup with yield from. (Bob)
1300  . Implement #[Attr] Attribute syntax as per final vote in RFC
1301    https://wiki.php.net/rfc/shorter_attribute_syntax_change
1302  . Implemented FR #47074 (phpinfo() reports "On" as 1 for the some
1303    extensions). (cmb)
1304  . Implemented FR #72089 (require() throws fatal error instead of exception).
1305    (Nikita)
1306  . Removed the pdo_odbc.db2_instance_name php.ini directive. (Kalle)
1307  . Use SSE2 instructions do locale independent strtolower. (Laruence)
1308
1309- Curl:
1310  . Bumped required libcurl version to 7.29.0. (cmb)
1311  . Fixed bug #80121 (Null pointer deref if CurlHandle directly instantiated).
1312    (Nikita)
1313
1314- DOM:
1315  . Add property DOMXPath::$registerNodeNamespaces and constructor argument
1316    that allow global flag to configure query() or evaluate() calls.
1317  . Fixed bug #79968 (DOMChildNode API crash on unattached nodes). (Benjamin)
1318  . Fixed bug #80268 (loadHTML() truncates at NUL bytes). (cmb)
1319
1320- Date:
1321  . Fixed bug #60302 (DateTime::createFromFormat should new static(), not new
1322    self()). (Derick)
1323  . Fixed bug #65547 (Default value for sunrise/sunset zenith still wrong).
1324    (cmb)
1325  . Fixed bug #69044 (discrepancy between time and microtime). (krakjoe)
1326  . Fixed bug #80057 (DateTimeImmutable::createFromFormat() does not populate
1327    time). (Derick)
1328  . Implemented FR #79903 (datetime: new format "p", same as "P" but returning
1329    "Z" for UTC). (gharlan)
1330
1331- Enchant:
1332  . Add LIBENCHANT_VERSION macro.
1333  . Add enchant_dict_add and enchant_dict_is_added functions.
1334  . Deprecate enchant_broker_set_dict_path, enchant_broker_get_dict_path,
1335    enchant_dict_add_to_personal and enchant_dict_is_in_session.
1336  . Use libenchant-2 when available.
1337
1338- FFI:
1339  . Added FFI\CType::getName() method. (chopins)
1340  . Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback).
1341    (cmb, Dmitry, Nikita)
1342  . Fixed bug #79749 (Converting FFI instances to bool fails). (cmb)
1343
1344- FPM:
1345  . Add pm.status_listen option. (Jakub Zelenka)
1346
1347- Fileinfo:
1348  . Upgrade to libmagic 5.39. (Anatol)
1349
1350- GD:
1351  . Added imagegetinterpolation(). (cmb)
1352  . Fixed bug #55005 (imagepolygon num_points requirement). (cmb)
1353  . Made the $num_points parameter of php_imagepolygon optional. (cmb)
1354  . Removed deprecated image2wbmp(). (cmb)
1355  . Removed deprecated png2wbmp() and jpeg2wbmp(). (cmb)
1356  . Replaced gd resources with objects. (Mark Randall)
1357
1358- IMAP:
1359  . Fixed bug #64076 (imap_sort() does not return FALSE on failure). (cmb)
1360  . Fixed bug #76618 (segfault on imap_reopen). (girgias)
1361  . Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies). (cmb)
1362  . Fixed bug #80215 (imap_mail_compose() may modify by-val parameters). (cmb)
1363  . Fixed bug #80216 (imap_mail_compose() does not validate types/encodings).
1364    (cmb)
1365  . Fixed bug #80220 (imap_mail_compose() may leak memory). (cmb)
1366  . Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
1367    (cmb)
1368  . Fixed bug #80226 (imap_sort() leaks sortpgm memory). (cmb)
1369  . Fixed bug #80239 (imap_rfc822_write_address() leaks memory). (cmb)
1370  . Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
1371    (cmb)
1372  . Fixed minor regression caused by fixing bug #80220. (cmb)
1373
1374- Iconv:
1375  . Dropped support for iconv without proper errno setting. (cmb)
1376
1377- Intl:
1378  . Removed deprecated INTL_IDNA_VARIANT_2003. (cmb)
1379
1380- JIT:
1381  . Fixed bug #77857 (Wrong result if executed with JIT). (Laruence)
1382  . Fixed bug #79255 (PHP cannot be compiled with enable JIT).
1383    (Laruence, Dmitry)
1384  . Fixed bug #79582 (Crash seen when opcache.jit=1235 and
1385    opcache.jit_debug=2). (Laruence)
1386  . Fixed bug #79743 (Fatal error when assigning to array property
1387    with JIT enabled). (Laruence)
1388  . Fixed bug #79864 (JIT segfault in Symfony OptionsResolver). (Dmitry)
1389  . Fixed bug #79888 (Incorrect execution with JIT enabled). (Dmitry)
1390
1391- JSON:
1392  . The JSON extension is now an integral part of PHP and cannot be disabled
1393    as per RFC: https://wiki.php.net/rfc/always_enable_json (tandre)
1394
1395- LDAP:
1396  . Fixed memory leaks. (ptomulik)
1397  . Removed deprecated ldap_sort. (mcmic)
1398
1399- MBString:
1400  . Fixed bug #76999 (mb_regex_set_options() return current options). (cmb)
1401  . Removed the unused $is_hex parameter from mb_decode_numericentity(). (cmb)
1402
1403- MySQLi:
1404  . Fixed bug #76809 (SSL settings aren't respected when persistent connections
1405    are used). (fabiomsouto)
1406
1407- Mysqlnd:
1408  . Fixed #60594 (mysqlnd exposes 160 lines of stats in phpinfo). (PeeHaa)
1409
1410- OCI8:
1411  . Deprecated old OCI8 function aliases. (Jens de Nies)
1412  . Modernized oci_register_taf_callback() callable argument parsing
1413    implementation. (girgias)
1414  . Removed obsolete no-op function oci_internal_debug(). (Jens de Nies)
1415
1416- ODBC:
1417  . Fixed bug #22986 (odbc_connect() may reuse persistent connection). (cmb)
1418  . Fixed bug #44618 (Fetching may rely on uninitialized data). (cmb)
1419
1420- Opcache:
1421  . Fixed bug #76535 (Opcache does not replay compile-time warnings). (Nikita)
1422  . Fixed bug #78654 (Incorrectly computed opcache checksum on files with
1423    non-ascii characters). (mhagstrand)
1424  . Fixed bug #79665 (ini_get() and opcache_get_configuration() inconsistency).
1425    (cmb)
1426  . Fixed bug #80030 (Optimizer segfault with isset on static property with
1427    undef dynamic class name). (Nikita)
1428  . Fixed bug #80175 (PHP8 RC1 - JIT Buffer not working). (cmb)
1429  . Fixed bug #80184 (Complex expression in while / if statements resolves to
1430    false incorrectly). (Nikita)
1431  . Fixed bug #80255 (Opcache bug (bad condition result) in 8.0.0rc1). (Nikita)
1432  . Fixed run-time binding of preloaded dynamically declared function. (Dmitry)
1433
1434- OpenSSL:
1435  . Added Cryptographic Message Syntax (CMS) support. (Eliot Lear)
1436
1437- PCRE:
1438  . Don't ignore invalid escape sequences. (sjon)
1439  . Updated to PCRE2 10.35. (cmb)
1440
1441- PDO:
1442  . Changed default PDO error mode to exceptions. (AllenJB)
1443  . Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
1444    (camporter)
1445
1446- PDO_Firebird:
1447  . Fixed bug #64937 (Firebird PDO preprocessing sql). (Simonov Denis)
1448
1449- PDO_OCI:
1450  . Added support for setting and getting the oracle OCI 18c call timeout.
1451    (camporter)
1452
1453- PDO_PGSQL:
1454  . Bumped required libpq version to 9.1. (cmb)
1455
1456- PGSQL:
1457  . Bumped required libpq version to 9.1. (cmb)
1458
1459- Phpdbg:
1460  . Fixed bug #76596 (phpdbg support for display_errors=stderr). (kabel)
1461  . Fixed bug #76801 (too many open files). (alekitto)
1462  . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
1463    (krakjoe)
1464  . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
1465
1466- Reflection:
1467  . Fixed bug #64592 (ReflectionClass::getMethods() returns methods out of
1468    scope). (Nikita)
1469  . Fixed bug #69180 (Reflection does not honor trait conflict resolution /
1470    method aliasing). (Nikita)
1471  . Fixed bug #74939 (Nested traits' aliased methods are lowercased). (Nikita)
1472  . Fixed bug #77325 (ReflectionClassConstant::$class returns wrong class when
1473    extending). (Nikita)
1474  . Fixed bug #78697 (ReflectionClass::implementsInterface - inaccurate error
1475    message with traits). (villfa)
1476  . Fixed bug #80190 (ReflectionMethod::getReturnType() does not handle static
1477    as part of union type). (Nikita)
1478  . Fixed bug #80299 (ReflectionFunction->invokeArgs confused in arguments).
1479    (Nikita)
1480  . Fixed bug #80370 (getAttributes segfault on dynamic properties). (Benjamin
1481    Eberlei)
1482  . Implement #79628 (Add $filter parameter for ReflectionClass::getConstants
1483    and ReflectionClass::getReflectionConstants) (carusogabriel)
1484  . Implement ReflectionProperty::hasDefaultValue and
1485    Reflection::getDefaultValue (beberlei)
1486
1487- SNMP:
1488  . Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
1489    (Alexander Bergmann, cmb)
1490
1491- SPL:
1492  . Fixed bug #65006 (spl_autoload_register fails with multiple callables using
1493    self, same method). (Nikita)
1494  . Fixed bug #65387 (Circular references in SPL iterators are not garbage
1495    collected). (Nikita)
1496  . Fixed bug #71236 (Second call of spl_autoload_register() does nothing if it
1497    has no arguments). (Nikita)
1498  . Fixed bug #79987 (Memory leak in SplFileInfo because of missing
1499    zend_restore_error_handling()). (Dmitry)
1500  . SplFixedArray is now IteratorAggregate rather than Iterator. (alexdowad)
1501
1502- SQLite3:
1503  . Added SQLite3::setAuthorizer() and respective class constants. (bohwaz)
1504
1505- Session:
1506  . Fixed bug #73529 (session_decode() silently fails on wrong input). (cmb)
1507  . Fixed bug #78624 (session_gc return value for user defined session
1508    handlers). (bshaffer)
1509
1510- Shmop:
1511  . Converted shmop resources to objects. (cmb)
1512
1513- SimpleXML:
1514  . Fixed bug #63575 (Root elements are not properly cloned). (cmb)
1515  . Fixed bug #75245 (Don't set content of elements with only whitespaces).
1516    (eriklundin)
1517
1518- Sodium:
1519  . Fixed bug #77646 (sign_detached() strings not terminated). (Frank)
1520
1521- Standard:
1522  . Don't force rebuild of symbol table, when populating $http_response_header
1523    variable by the HTTP stream wrapper. (Dmitry)
1524  . Fixed bug #47983 (mixed LF and CRLF line endings in mail()). (cmb)
1525  . Fixed bug #64060 (lstat_stat_variation7.phpt fails on certain file systems).
1526    (M. Voelker, cmb)
1527  . Fixed bug #75902 (str_replace should warn when misused with nested arrays).
1528    (Nikita)
1529  . Fixed bug #76859 (stream_get_line skips data if used with data-generating
1530    filter). (kkopachev)
1531  . Fixed bug #77204 (getimagesize(): Read error! should mention file path).
1532    (peter279k)
1533  . Fixed bug #78385 (parse_url() does not include 'query' when question mark
1534    is the last char). (Islam Israfilov)
1535  . Fixed bug #79868 (Sorting with array_unique gives unwanted result). (Nikita)
1536  . Fixed bug #80256 (file_get_contents strip first line with chunked encoding
1537    redirect). (Nikita)
1538  . Fixed bug #80266 (parse_url silently drops port number 0). (cmb, Nikita)
1539  . Fixed bug #80290 (Double free when ASSERT_CALLBACK is used with a dynamic
1540    message). (Nikita)
1541  . Implemented FR #78638 (__PHP_Incomplete_Class should be final). (Laruence)
1542  . Made quoting of cmd execution functions consistent. (cmb)
1543
1544- Tidy:
1545  . Removed the unused $use_include_path parameter from tidy_repair_string().
1546    (cmb)
1547
1548- Tokenizer:
1549  . Fixed bug #80328 (PhpToken::getAll() confusing name). (Nikita)
1550
1551- XML:
1552  . Fixed bug #76874 (xml_parser_free() should never leak memory). (Nikita)
1553
1554- XMLWriter:
1555  . Changed functions to accept/return XMLWriter objects instead of resources.
1556    (cmb)
1557  . Implemented FR #79344 (xmlwriter_write_attribute_ns: $prefix should be
1558    nullable). (cmb)
1559  . Removed return types from XMLWriter stubs. (cmb)
1560
1561- Zip:
1562  . Add "flags" options to ZipArchive::addGlob and addPattern methods
1563    keeping previous behavior having FL_OVERWRITE by default. (Remi)
1564  . Add ZipArchive::EM_UNKNOWN and ZipArchive::EM_TRAD_PKWARE constants. (Remi)
1565  . Add ZipArchive::isCompressionMethodSupported() and
1566    ZipArchive::isEncryptionMethodSupported() method (libzip 1.7.0). (Remi)
1567  . Add ZipArchive::replaceFile() method. (Remi)
1568  . Add ZipArchive::setCancelCallback method (since libzip 1.6.0). (Remi)
1569  . Add ZipArchive::setMtimeName and ZipArchive::setMtimeIndex methods. (Remi)
1570  . Add ZipArchive::setProgressCallback method (since libzip 1.3.0). (Remi)
1571  . Add lastId property to ZipArchive. (Remi)
1572  . Add optional "flags" parameter to ZipArchive::addEmptyDir, addFile and
1573    addFromString methods. (Remi)
1574  . Fixed bug #50678 (files extracted by ZipArchive class lost their
1575    original modified time). (Remi)
1576  . Fixed bug #72374 (remove_path strips first char of filename). (tyage, Remi)
1577  . Implemented FR #77960 (add compression / encryption options for
1578    ZipArchive::addGlob and ZipArchive::addPattern). (Remi)
1579  . ZipArchive::status and ZipArchive::statusSys properties and
1580    ZipArchive::getStatusString() method stay valid after the archive
1581    is closed. (Remi)
1582
1583- Zlib:
1584  . Fixed bug #71417 (fread() does not report zlib.inflate errors). (cmb)
1585  . Fixed bug #78792 (zlib.output_compression disabled by Content-Type: image/).
1586    (cmb)
1587