xref: /PHP-8.3/NEWS (revision d5683376) 
1PHP                                                                        NEWS
2|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3?? ??? ????, PHP 8.3.10
4
5- Core:
6  . Fixed bug GH-13922 (Fixed support for systems with
7    sysconf(_SC_GETPW_R_SIZE_MAX) == -1). (Arnaud)
8  . Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). (Arnaud)
9  . Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
10    (nielsdos)
11  . Fixed OSS-Fuzz #69765. (nielsdos)
12
13- Dom:
14  . Fixed bug GH-14702 (DOMDocument::xinclude() crash). (nielsdos)
15
16- LibXML:
17  . Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). (nielsdos)
18
19- PDO:
20  . Fixed bug GH-14712 (Crash with PDORow access to null property).
21    (David Carlier)
22
23- Phar:
24  . Fixed bug GH-14603 (null string from zip entry).
25    (David Carlier)
26
27- PHPDBG:
28  . Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
29    (David Carlier)
30
31- Shmop:
32   . Fixed bug GH-14537 (shmop Windows 11 crashes the process). (nielsdos)
33
3420 Jun 2024, PHP 8.3.9
35
36- Core:
37  . Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot)
38  . Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14
39    when running on Apple Silicon). (Manuel Kress)
40  . Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from
41    values during Generator->throw()). (Bob)
42  . Fixed bug GH-14456 (Attempting to initialize class with private constructor
43    calls destructor). (Girgias)
44  . Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call).
45    (Florian Engelhardt)
46  . Fixed bug GH-14549 (Incompatible function pointer type for fclose).
47    (Ryan Carsten Schmidt)
48
49- BCMatch:
50  . Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). (Girgias)
51
52- Curl:
53  . Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos)
54
55- DOM:
56  . Fixed bug GH-14343 (Memory leak in xml and dom). (nielsdos)
57
58- FPM:
59  . Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are
60    ignored in status pool). (Wilhansen Li, Pierrick Charron)
61
62- GD:
63  . Fix parameter numbers for imagecolorset(). (Giovanni Giacobbi)
64
65- Intl:
66  . Fix reference handling in SpoofChecker. (nielsdos)
67
68- MySQLnd:
69  . Partially fix bug GH-10599 (Apache crash on Windows when using a
70    self-referencing anonymous function inside a class with an active
71    mysqli connection). (nielsdos)
72
73- Opcache:
74  . Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
75    (ilutov)
76  . Fixed TLS access in JIT on FreeBSD/amd64. (Arnaud)
77  . Fixed bug GH-11188 (Error when building TSRM in ARM64). (nielsdos)
78
79- PDO ODBC:
80  . Fixed bug GH-14367 (incompatible SDWORD type with iODBC). (Calvin Buckley)
81
82- PHPDBG:
83  . Fixed bug GH-13681 (segfault on watchpoint addition failure). (David Carlier)
84
85- Soap:
86  . Fixed bug #47925 (PHPClient can't decompress response). (nielsdos)
87  . Fix missing error restore code. (nielsdos)
88  . Fix memory leak if calling SoapServer::setObject() twice. (nielsdos)
89  . Fix memory leak if calling SoapServer::setClass() twice. (nielsdos)
90  . Fix reading zlib ini settings in ext-soap. (nielsdos)
91  . Fix memory leaks with string function name lookups. (nielsdos)
92  . Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class
93    name). (nielsdos)
94  . Fixed bug #76232 (SoapClient Cookie Header Semicolon). (nielsdos)
95  . Fixed memory leaks when calling SoapFault::__construct() twice. (Girgias)
96
97- Sodium:
98  . Fix memory leaks in ext/sodium on failure of some functions. (nielsdos)
99
100- SPL:
101  . Fixed bug GH-14290 (Member access within null pointer in extension spl).
102    (nielsdos)
103
104- Standard:
105  . Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract
106    namespace Unix sockets). (Derick)
107
108- Streams:
109  . Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not
110    allocated and malloc: double free for ptr errors). (nielsdos)
111
11206 Jun 2024, PHP 8.3.8
113
114- CGI:
115  . Fixed buffer limit on Windows, replacing read call usage by _read.
116    (David Carlier)
117  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
118    in PHP-CGI). (CVE-2024-4577) (nielsdos)
119
120- CLI:
121  . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
122    quoted heredoc literals.). (nielsdos)
123
124- Core:
125  . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
126    non-compile-time expressions). (ilutov)
127
128- DOM:
129  . Fix crashes when entity declaration is removed while still having entity
130    references. (nielsdos)
131  . Fix references not handled correctly in C14N. (nielsdos)
132  . Fix crash when calling childNodes next() when iterator is exhausted.
133    (nielsdos)
134  . Fix crash in ParentNode::append() when dealing with a fragment
135    containing text nodes. (nielsdos)
136
137- Filter:
138  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
139    (CVE-2024-5458) (nielsdos)
140
141- FPM:
142  . Fix bug GH-14175 (Show decimal number instead of scientific notation in
143    systemd status). (Benjamin Cremer)
144
145- Hash:
146  . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
147    (Saki Takamachi)
148
149- Intl:
150  . Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
151    Peter Kokot)
152
153- MySQLnd:
154  . Fix bug GH-14255 (mysqli_fetch_assoc reports error from
155    nested query). (Kamil Tekiela)
156
157- Opcache:
158  . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
159    shm). (ilutov)
160
161- OpenSSL:
162  . The openssl_private_decrypt function in PHP, when using PKCS1 padding
163    (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
164    unless it is used with an OpenSSL version that includes the changes from this pull
165    request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
166    These changes are part of OpenSSL 3.2 and have also been backported to stable
167    versions of various Linux distributions, as well as to the PHP builds provided for
168    Windows since the previous release. All distributors and builders should ensure that
169    this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)
170
171- Standard:
172  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
173    (CVE-2024-5585) (nielsdos)
174
175- XML:
176  . Fixed bug GH-14124 (Segmentation fault with XML extension under certain
177    memory limit). (nielsdos)
178
179- XMLReader:
180  . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)
181
18209 May 2024, PHP 8.3.7
183
184- Core:
185  . Fixed zend_call_stack build with Linux/uclibc-ng without thread support.
186    (Fabrice Fontaine)
187  . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall
188    handlers when JIT is enabled). (Bob)
189  . Fixed bug GH-13931 (Applying zero offset to null pointer in
190    Zend/zend_opcode.c). (nielsdos)
191  . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with
192    other timeout implementations). (Kévin Dunglas)
193  . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert
194    parameters). (ilutov)
195  . Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Kokot)
196  . Fixed bug GH-10232 (If autoloading occurs during constant resolution
197    filename and lineno are identified incorrectly). (ranvis)
198  . Fixed bug GH-13727 (Missing void keyword). (Peter Kokot)
199
200- Fibers:
201  . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
202    (nielsdos)
203
204- Fileinfo:
205  . Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on
206    big-endian PPC). (orlitzky)
207
208- FPM:
209  . Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
210    (Jakub Zelenka)
211
212- Intl:
213  . Fixed build for icu 74 and onwards. (dunglas)
214
215- MySQLnd:
216  . Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdos)
217
218- Opcache:
219  . Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when
220    using opcache.preload). (nielsdos)
221  . Fixed incorrect assumptions across compilation units for static calls.
222    (ilutov)
223
224- OpenSSL:
225  . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
226    (Jakub Zelenka)
227
228- PDO SQLite:
229  . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi)
230  . Fix GH-13998 (Manage refcount of agg_context->val correctly).
231    (Saki Takamachi)
232
233- Phar:
234  . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing
235    filename causes a NULL pointer dereference). (nielsdos)
236  . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
237    (nielsdos)
238  . Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17)
239
240- PHPDBG:
241  . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
242    (nielsdos)
243
244- Posix:
245  . Fix usage of reentrant functions in ext/posix. (Arnaud)
246
247- Session:
248  . Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in
249    ext/session/mod_files.c). (nielsdos)
250  . Fixed bug GH-13891 (memleak and segfault when using ini_set with
251    session.trans_sid_hosts). (nielsdos, kamil-tekiela)
252  . Fixed buffer _read/_write size limit on windows for the file mode. (David Carlier)
253
254- Streams:
255  . Fixed file_get_contents() on Windows fails with "errno=22 Invalid
256    argument". (Damian Wójcik)
257  . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
258    (Jakub Zelenka)
259  . Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in
260    ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos)
261  . Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud)
262
263- Treewide:
264  . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez)
265
26628 Mar 2024, PHP 8.3.5RC1
267
268- Core:
269  . Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when
270    scanning WeakMaps). (Arnaud)
271  . Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
272    (nielsdos)
273  . Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
274  . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
275  . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
276    destructor). (Arnaud)
277
278- DOM:
279  . Add some missing ZPP checks. (nielsdos)
280  . Fix potential memory leak in XPath evaluation results. (nielsdos)
281
282- FPM:
283  . Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
284    (Jakub Zelenka)
285  . Fixed incorrect check in fpm_shm_free(). (nielsdos)
286
287- GD:
288  . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
289
290- Gettext:
291  . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
292    with category set to LC_ALL. (David Carlier)
293
294- MySQLnd:
295  . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
296  . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
297
298- Opcache:
299  . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
300    (Arnaud, Dmitry)
301  . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
302    method of internal trait when opcache is loaded). (Bob)
303
304- Random:
305  . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
306    modes). (timwolla)
307  . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
308    requests when MT_RAND_PHP is used). (timwolla)
309
310- Session:
311  . Fixed bug GH-13680 (Segfault with session_decode and compilation error).
312    (nielsdos)
313
314- SPL:
315  . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
316
317- Standard:
318  . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
319  . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
320    (SakiTakamachi)
321  . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
322    (divinity76)
323  . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
324    parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
325  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
326    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
327  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
328    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
329  . Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some
330    inputs). (CVE-2024-2757) (Alex Dowad)
331
33214 Mar 2024, PHP 8.3.4
333
334- Core:
335  . Fix ZTS persistent resource crashes on shutdown. (nielsdos)
336
337- Curl:
338  . Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh)
339
340- DOM:
341  . Fix unlikely memory leak in case of namespace removal with extremely deep
342    trees. (nielsdos)
343  . Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
344    (nielsdos)
345
346- Fileinfo:
347  . Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null),
348    backport). (nielsdos)
349
350- FPM:
351  . Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
352    (Jakub Zelenka)
353
354- GD:
355  . Fixed bug GH-12019 (detection of image formats in system gd library).
356    (Michael Orlitzky)
357
358- MySQLnd:
359  . Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error
360    if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi)
361
362- PDO:
363  . Fix various PDORow bugs. (Girgias)
364
365- PGSQL:
366  . Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute
367    with null value passed by reference). (George Barbarosie)
368
369- SPL:
370  . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
371    in PHP 8.2.15). (nielsdos)
372
373- Standard:
374  . Fixed bug GH-13279 (Instable array during in-place modification in uksort).
375    (ilutov)
376  . Fixed array key as hash to string (case insensitive) comparison typo
377    for the second operand buffer size (albeit unused for now). (A. Slepykh)
378
379- XML:
380  . Fixed bug GH-13517 (Multiple test failures when building with
381    --with-expat). (nielsdos)
382
38315 Feb 2024, PHP 8.3.3
384
385- Core:
386  . Fixed timer leak in zend-max-execution-timers builds. (withinboredom)
387  . Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus)
388  . Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown
389    Exception). (nielsdos)
390  . Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed
391    when used in trait). (nielsdos)
392  . Fixed bug GH-13215 (GCC 14 build failure). (Remi)
393
394- Curl:
395  . Fix missing error check in curl_multi_init(). (divinity76)
396
397- FPM:
398  . Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when
399    plus in path). (Jakub Zelenka)
400
401- GD:
402  . Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
403    (nielsdos)
404  . Fixed bug GH-10614 (imagerotate will turn the picture all black, when
405    rotated 90). (nielsdos)
406
407- LibXML:
408  . Fix crashes with entity references and predefined entities. (nielsdos)
409
410- MySQLnd:
411  . Fixed bug GH-12107 (When running a stored procedure (that returns a result
412    set) twice, PHP crashes). (nielsdos)
413
414- Opcache:
415  . Fixed bug GH-13145 (strtok() is not comptime). (ilutov)
416  . Fixed type inference of range(). (ilutov)
417  . Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but
418    JIT_debug is still on). (nielsdos)
419
420- OpenSSL:
421  . Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set.
422   (David Carlier).
423
424- PDO_Firebird:
425  . Fix GH-13119 (Changed to convert float and double values into strings using
426    `H` format). (SakiTakamachi)
427
428- Phar:
429  . Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos)
430  . Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos)
431
432- Random:
433  . Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken
434    engines). (timwolla)
435
436- Session:
437  . Fixed bug GH-12504 (Corrupted session written when there's a fatal error
438    in autoloader). (nielsdos)
439
440- Standard:
441  . Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault). (nielsdos)
442
443- Streams:
444  . Fixed bug GH-13071 (Copying large files using mmap-able source streams may
445    exhaust available memory and fail). (nielsdos)
446
44718 Jan 2024, PHP 8.3.2
448
449- Core:
450  . Fixed bug GH-12953 (false positive SSA integrity verification failed when
451    loading composer classmaps with more than 11k elements). (nielsdos)
452  . Fixed bug GH-12999 (zend_strnlen build when strnlen is unsupported).
453    (rainerjung)
454  . Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf
455    doesn't emit warnings). (Peter Kokot)
456  . Fixed bug GH-12854 (8.3 - as final trait-used method does not correctly
457    report visibility in Reflection). (nielsdos)
458
459- Cli:
460  . Fix incorrect timeout in built-in web server when using router script and
461    max_input_time. (ilutov)
462
463- DOM:
464  . Fixed bug GH-12870 (Creating an xmlns attribute results in a DOMException).
465    (nielsdos)
466  . Fix crash when toggleAttribute() is used without a document. (nielsdos)
467  . Fix crash in adoptNode with attribute references. (nielsdos)
468  . Fixed bug GH-13012 (DOMNode::isEqualNode() is incorrect when attribute
469    order is different). (nielsdos)
470
471- FFI:
472  . Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData).
473    (Jakub Zelenka)
474  . Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos)
475
476- GD:
477  . Fixed GH-13082 undefined behavior with GdFont instances handling with
478    imageload* and imagechar*. (David Carlier)
479
480- Intl:
481  . Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
482    (David Carlier)
483
484- Hash:
485  . Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on
486    strings >= 4GiB). (nielsdos)
487
488- MBString:
489  . When operating on a string with invalid encoding, mb_substr (as well
490    as mb_strstr and its variants) defines character indices in the same
491    way as other mbstring functions such as mb_strpos. (Alex Dowad)
492
493- ODBC:
494  . Fix crash on Apache shutdown with persistent connections. (nielsdos)
495
496- Opcache:
497  . Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM
498    with NULL when DIM is the same var as result). (ilutov)
499  . Added workaround for SELinux mprotect execheap issue.
500    See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov)
501
502- OpenSSL:
503  . Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
504    (Jakub Zelenka)
505
506- PDO:
507  . Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
508    (SakiTakamachi)
509
510- PDO_ODBC:
511  . Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
512    (SakiTakamachi)
513
514- PGSQL:
515  . Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier)
516  . Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
517    (nielsdos)
518
519- Phar:
520  . Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos)
521
522- PHPDBG:
523  . Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos)
524
525- SimpleXML:
526  . Fix getting the address of an uninitialized property of a SimpleXMLElement
527    resulting in a crash. (nielsdos)
528  . Fixed bug GH-12929 (SimpleXMLElement with stream_wrapper_register can
529    segfault). (nielsdos)
530
531- Tidy:
532  . Fixed bug GH-12980 (tidynode.props.attribute is missing
533    "Boolean Attributes" and empty attributes). (nielsdos)
534
53507 Dec 2023, PHP 8.3.1RC1
536
537- Core:
538  . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
539    ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
540  . Fix various missing NULL checks. (nielsdos, dstogov)
541  . Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
542    (ilutov)
543  . Fixed bug GH-12826 (Weird pointers issue in nested loops). (nielsdos)
544
545- FPM:
546  . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
547    (Patrick Prasse)
548
549- FTP:
550  . Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos)
551
552- LibXML:
553  . Fixed test failures for libxml2 2.12.0. (nielsdos)
554
555- MySQLnd:
556  . Avoid using uninitialised struct. (mikhainin)
557  . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
558    (nielsdos)
559
560- Opcache:
561  . Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning
562    at the same time as invalid offset Error). (Girgias)
563  . Fixed JIT bug (JIT emits "Attempt to assign property of non-object"
564    warning at the same time as Error is being thrown). (Girgias)
565
566- PDO PGSQL:
567  . Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
568
569- SOAP:
570  . Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
571    (nielsdos)
572
573- Standard
574  . Fixed GH-12745 (http_build_query() default null argument for $arg_separator
575    is implicitly coerced to string). (Girgias)
576
57723 Nov 2023, PHP 8.3.0
578
579- Bcmath
580  . Fixed GH-11761 (removing trailing zeros from numbers) (jorgsowa)
581
582- CLI:
583  . Added pdeathsig to builtin server to terminate workers when the master
584    process is killed. (ilutov)
585  . Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without
586    a script). (nielsdos)
587  . Implement GH-10024 (support linting multiple files at once using php -l).
588    (nielsdos)
589
590- Core:
591  . Fix GH-11388 (Allow "final" modifier when importing a method from a trait).
592    (nielsdos)
593  . Fixed bug GH-11406 (segfault with unpacking and magic method closure).
594    (nielsdos)
595  . Fixed bug GH-9388 (Improve unset property and __get type incompatibility
596    error message). (ilutov)
597  . SA_ONSTACK is now set for signal handlers to be friendlier to other
598    in-process code such as Go's cgo. (Kévin Dunglas)
599  . SA_ONSTACK is now set when signals are disabled. (Kévin Dunglas)
600  . Fix GH-9649: Signal handlers now do a no-op instead of crashing when
601    executed on threads not managed by TSRM. (Kévin Dunglas)
602  . Added shadow stack support for fibers. (Chen Hu)
603  . Fix bug GH-9965 (Fix accidental caching of default arguments with side
604    effects). (ilutov)
605  . Implement GH-10217 (Use strlen() for determining the class_name length).
606    (Dennis Buteyn)
607  . Fix bug GH-8821 (Improve line numbers for errors in constant expressions).
608    (ilutov)
609  . Fix bug GH-10083 (Allow comments between & and parameter). (ilutov)
610  . Zend Max Execution Timers is now enabled by default for ZTS builds on
611    Linux. (Kévin Dunglas)
612  . Fix bug GH-10469 (Disallow .. in open_basedir paths set at runtime).
613    (ilutov)
614  . Fix bug GH-10168, GH-10582 (Various segfaults with destructors and VM return
615    values). (dstogov, nielsdos, ilutov)
616  . Fix bug GH-10935 (Use of trait doesn't redeclare static property if class
617    has inherited it from its parent). (ilutov)
618  . Fix bug GH-11154 (Negative indices on empty array don't affect next chosen
619    index). (ColinHDev)
620  . Fix bug GH-8846 (Implement delayed early binding for classes without
621    parents). (ilutov)
622  . Fix bug #79836 (Segfault in concat_function). (nielsdos)
623  . Fix bug #81705 (type confusion/UAF on set_error_handler with concat
624    operation). (nielsdos)
625  . Fix GH-11348 (Closure created from magic method does not accept named
626    arguments). (nielsdos)
627  . Fix GH-11388 (Allow "final" modifier when importing a method from a trait).
628    (nielsdos)
629  . Fixed bug GH-11406 (segfault with unpacking and magic method closure).
630    (nielsdos)
631  . Fixed bug GH-11507 (String concatenation performance regression in 8.3).
632    (nielsdos)
633  . Fixed GH-11488 (Missing "Optional parameter before required" deprecation on
634    union null type). (ilutov)
635  . Implement the #[\Override] attribute RFC. (timwolla)
636  . Fixed bug GH-11601 (Incorrect handling of unwind and graceful exit
637    exceptions). (ilutov)
638  . Added zend_call_stack_get implementation for OpenBSD. (David Carlier)
639  . Add stack limit check in zend_eval_const_expr(). (Arnaud)
640  . Expose time spent collecting cycles in gc_status(). (Arnaud)
641  . Remove WeakMap entries whose key is only reachable through the entry value.
642    (Arnaud)
643  . Resolve open_basedir paths on INI update. (ilutov)
644  . Fixed oss-fuzz #60741 (Leak in open_basedir). (ilutov)
645  . Fixed segfault during freeing of some incompletely initialized objects due
646    to OOM error (PDO, SPL, XSL). (ilutov)
647  . Introduced Zend guard recursion protection to fix __debugInfo issue.
648    (Jakub Zelenka)
649  . Fixed oss-fuzz #61712 (assertion failure with error handler during binary
650    op). (nielsdos)
651  . Fixed GH-11847 (DTrace enabled build is broken). (Filip Zrůst)
652  . Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property
653    that is unset in error handler). (Girgias)
654  . Fixed warning emitted when checking if a user stream is castable. (Girgias)
655  . Fixed bug GH-12123 (Compile error on MacOS with C++ extension when using
656    ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX). (kocsismate)
657  . Fixed bug GH-12189 (#[Override] attribute in trait does not check for
658    parent class implementations). (timwolla)
659  . Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable
660    warning). (Girgias)
661  . Fixed buffer underflow when compiling memoized expression. (ilutov)
662  . Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec). (ilutov)
663
664- Curl:
665  . Added Curl options and constants up to (including) version 7.87.
666    (nielsdos, adoy)
667
668- Date:
669  . Implement More Appropriate Date/Time Exceptions RFC. (Derick)
670
671- DOM:
672  . Fix bug GH-8388 (DOMAttr unescapes character reference). (Tim Starling)
673  . Fix bug GH-11308 (getElementsByTagName() is O(N^2)). (nielsdos)
674  . Fix #79700 (wrong use of libxml oldNs leads to performance problem).
675    (nielsdos)
676  . Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after
677    normalisation). (nielsdos)
678  . Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion.
679    (nielsdos)
680  . Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong
681    output). (nielsdos)
682  . Implemented DOMDocument::adoptNode(). Previously this always threw a
683    "not yet implemented" exception. (nielsdos)
684  . Fixed bug GH-9628 (Implicitly removing nodes from \DOMDocument breaks
685    existing references). (nielsdos)
686  . Added DOMNode::contains() and DOMNameSpaceNode::contains(). (nielsdos)
687  . Added DOMElement::getAttributeNames(). (nielsdos)
688  . Added DOMNode::getRootNode(). (nielsdos)
689  . Added DOMElement::className and DOMElement::id. (nielsdos)
690  . Added DOMParentNode::replaceChildren(). (nielsdos)
691  . Added DOMNode::isConnected and DOMNameSpaceNode::isConnected. (nielsdos)
692  . Added DOMNode::parentElement and DOMNameSpaceNode::parentElement.
693    (nielsdos)
694  . Added DOMNode::isEqualNode(). (nielsdos)
695  . Added DOMElement::insertAdjacentElement() and
696    DOMElement::insertAdjacentText(). (nielsdos)
697  . Added DOMElement::toggleAttribute(). (nielsdos)
698  . Fixed bug GH-11792 (LIBXML_NOXMLDECL is not implemented or broken).
699    (nielsdos)
700  . adoptNode now respects the strict error checking property. (nielsdos)
701  . Align DOMChildNode parent checks with spec. (nielsdos)
702  . Fixed bug #80927 (Removing documentElement after creating attribute node:
703    possible use-after-free). (nielsdos)
704  . Fix various namespace prefix conflict resolution bugs. (nielsdos)
705  . Fix calling createAttributeNS() without prefix causing the default
706    namespace of the element to change. (nielsdos)
707  . Fixed GH-11952 (Confusing warning when blocking entity loading via
708    libxml_set_external_entity_loader). (nielsdos)
709  . Fix broken cache invalidation with deallocated and reallocated document
710    node. (nielsdos)
711  . Fix compile error when php_libxml.h header is included in C++.
712    (Remi, nielsdos)
713  . Fixed bug #47531 (No way of removing redundant xmlns: declarations).
714    (nielsdos)
715
716- Exif:
717  . Removed unneeded codepaths in exif_process_TIFF_in_JPEG(). (nielsdos)
718
719- FFI:
720  . Implement GH-11934 (Allow to pass CData into struct and/or union fields).
721    (nielsdos, KapitanOczywisty)
722
723- Fileinfo:
724  . Upgrade bundled libmagic to 5.43. (Anatol)
725  . Fix GH-11408 (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension).
726    (nielsdos)
727
728- FPM:
729  . The status.listen shared pool now uses the same php_values (including
730    expose_php) and php_admin_value as the pool it is shared with. (dwxh)
731  . Added warning to log when fpm socket was not registered on the expected
732    path. (Joshua Behrens, Jakub Zelenka)
733  . Fixed bug #76067 (system() function call leaks php-fpm listening sockets).
734    (Mikhail Galanin, Jakub Zelenka)
735  . Fixed GH-12077 (PHP 8.3.0RC1 borked socket-close-on-exec.phpt).
736    (Jakub Zelenka)
737
738- GD:
739  . Removed imagerotate "ignore_transparent" argument since it has no effect.
740    (David Carlier)
741
742- Intl:
743  . Added pattern format error infos for numfmt_set_pattern. (David Carlier)
744  . Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for
745    the Spoofchecker's class. (David Carlier)
746  . Updated datefmt_set_timezone/IntlDateformatter::setTimezone returns type.
747    (David Carlier).
748  . Updated IntlBreakInterator::setText return type. (David Carlier)
749  . Updated IntlChar::enumCharNames return type. (David Carlier)
750  . Removed the BC break on IntlDateFormatter::construct which threw an
751    exception with an invalid locale. (David Carlier)
752
753- JSON:
754  . Added json_validate(). (Juan Morales)
755
756- LDAP:
757  . Deprecate calling ldap_connect() with separate hostname and port.
758    (heiglandreas)
759
760- LibXML:
761  . Fix compile error with -Werror=incompatible-function-pointer-types and
762    old libxml2. (nielsdos)
763
764- MBString:
765  . mb_detect_encoding is better able to identify the correct encoding for
766    Turkish text. (Alex Dowad)
767  . mb_detect_encoding's "non-strict" mode now behaves as described in the
768    documentation. Previously, it would return false if the same byte
769    (for example, the first byte) of the input string was invalid in all
770    candidate encodings. More generally, it would eliminate candidate
771    encodings from consideration when an invalid byte was seen, and if the
772    same input byte eliminated all remaining encodings still under
773    consideration, it would return false. On the other hand, if all candidate
774    encodings but one were eliminated from consideration, it would return the
775    last remaining one without regard for how many encoding errors might be
776    encountered later in the string. This is different from the behavior
777    described in the documentation, which says: "If strict is set to false,
778    the closest matching encoding will be returned." (Alex Dowad)
779  . mb_strtolower, mb_strtotitle, and mb_convert_case implement conditional
780    casing rules for the Greek letter sigma. For mb_convert_case, conditional
781    casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to
782    MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE. (Alex Dowad)
783  . mb_detect_encoding is better able to identify UTF-8 and UTF-16 strings
784    with a byte-order mark. (Alex Dowad)
785  . mb_decode_mimeheader interprets underscores in QPrint-encoded MIME
786    encoded words as required by RFC 2047; they are converted to spaces.
787    Underscores must be encoded as "=5F" in such MIME encoded words.
788    (Alex Dowad)
789  . mb_encode_mimeheader no longer drops NUL (zero) bytes when
790    QPrint-encoding the input string. This previously caused strings in
791    certain text encodings, especially UTF-16 and UTF-32, to be
792    corrupted by mb_encode_mimeheader. (Alex Dowad)
793  . Implement mb_str_pad() RFC. (nielsdos)
794  . Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled).
795    (nielsdos)
796  . Fix use-after-free of mb_list_encodings() return value. (ilutov)
797  . Fixed bug GH-11992 (utf_encodings.phpt fails on Windows 32-bit). (nielsdos)
798
799- mysqli:
800  . mysqli_fetch_object raises a ValueError instead of an Exception.
801    (David Carlier)
802
803- Opcache:
804  . Added start, restart and force restart time to opcache's
805    phpinfo section. (Mikhail Galanin)
806  . Fix GH-9139: Allow FFI in opcache.preload when opcache.preload_user=root.
807    (Arnaud, Kapitan Oczywisty)
808  . Made opcache.preload_user always optional in the cli and phpdbg SAPIs.
809    (Arnaud)
810  . Allows W/X bits on page creation on FreeBSD despite system settings.
811    (David Carlier)
812  . Added memfd api usage, on Linux, for zend_shared_alloc_create_lock()
813    to create an abstract anonymous file for the opcache's lock. (Max Kellermann)
814  . Avoid resetting JIT counter handlers from multiple processes/threads.
815    (ilutov)
816  . Fixed COPY_TMP type inference for references. (ilutov)
817
818- OpenSSL:
819  . Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch
820    between mime content types. (Daniel Kesselberg)
821  . Fixed GH-11054: Reset OpenSSL errors when using a PEM public key.
822    (Florian Moser)
823  . Added support for additional EC parameters in openssl_pkey_new. (Eno-CN)
824
825- PCNTL:
826  . SA_ONSTACK is now set for pcntl_signal. (Kévin Dunglas)
827  . Added SIGINFO constant. (David Carlier)
828
829- PCRE:
830  . Update bundled libpcre2 to 10.42. (nielsdos)
831
832- PGSQL:
833  . pg_fetch_object raises a ValueError instead of an Exception.
834    (David Carlier)
835  . pg_cancel use thread safe PQcancel api instead. (David Carlier)
836  . pg_trace new PGSQL_TRACE_SUPPRESS_TIMESTAMPS/PGSQL_TRACE_REGRESS_MODE
837    contants support. (David Carlier)
838  . pg_set_error_verbosity adding PGSQL_ERRORS_STATE constant. (David Carlier)
839  . pg_convert/pg_insert E_WARNING on type errors had been converted to
840    ValueError/TypeError exceptions. (David Carlier)
841  . Added pg_set_error_context_visibility to set the context's visibility
842    within the error messages. (David Carlier)
843
844- Phar:
845  . Fix memory leak in phar_rename_archive(). (stkeke)
846
847- POSIX:
848  . Added posix_sysconf. (David Carlier)
849  . Added posix_pathconf. (David Carlier)
850  . Added posix_fpathconf. (David Carlier)
851  . Fixed zend_parse_arg_long's bool pointer argument assignment. (Cristian Rodriguez)
852  . Added posix_eaccess. (David Carlier)
853
854- Random:
855  . Added Randomizer::getBytesFromString(). (Joshua Rüsweg)
856  . Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary. (timwolla)
857  . Enable getrandom() for NetBSD (from 10.x). (David Carlier)
858  . Deprecate MT_RAND_PHP. (timwolla)
859  . Fix Randomizer::getFloat() returning incorrect results under
860    certain circumstances. (timwolla)
861
862- Reflection:
863  . Fix GH-9470 (ReflectionMethod constructor should not find private parent
864    method). (ilutov)
865  . Fix GH-10259 (ReflectionClass::getStaticProperties doesn't need null return
866    type). (kocsismate)
867
868- SAPI:
869  . Fixed GH-11141 (Could not open input file: should be sent to stderr).
870    (nielsdos)
871
872- Session:
873  . Fixed bug GH-11529 (Crash after dealing with an Apache request). (nielsdos)
874
875- SimpleXML:
876  . Fixed bug GH-12192 (SimpleXML infinite loop when getName() is called
877    within foreach). (nielsdos)
878  . Fixed bug GH-12208 (SimpleXML infinite loop when a cast is used inside a
879    foreach). (nielsdos)
880  . Fixed bug #55098 (SimpleXML iteration produces infinite loop). (nielsdos)
881
882- Sockets:
883  . Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control
884    over socket binding for a cpu core. (David Carlier)
885  . Added SKF_AD_QUEUE for cbpf filters. (David Carlier)
886  . Added socket_atmark if send/recv needs using MSG_OOB. (David Carlier)
887  . Added TCP_QUICKACK constant, to give tigher control over
888    ACK delays. (David Carlier)
889  . Added DONTFRAGMENT support for path MTU discovery purpose. (David Carlier)
890  . Added AF_DIVERT for raw socket for divert ports. (David Carlier)
891  . Added SOL_UPDLITE, UDPLITE_RECV_CSCOV and UDPLITE_SEND_CSCOV for updlite
892    protocol support. (David Carlier)
893  . Added SO_RERROR, SO_ZEROIZE and SO_SPLICE netbsd and openbsd constants.
894    (David Carlier)
895  . Added TCP_REPAIR for quietly close a connection. (David Carlier)
896  . Added SO_REUSEPORT_LB freebsd constant. (David Carlier)
897  . Added IP_BIND_ADDRESS_NO_PORT. (David Carlier)
898
899- SPL:
900  . Fixed GH-11573 (RecursiveDirectoryIterator::hasChildren is slow).
901    (nielsdos)
902
903- Standard:
904  . E_NOTICEs emitted by unserialize() have been promoted to E_WARNING. (timwolla)
905  . unserialize() now emits a new E_WARNING if the input contains unconsumed
906    bytes. (timwolla)
907  . Make array_pad's $length warning less confusing. (nielsdos)
908  . E_WARNING emitted by strtok in the caase both arguments are not provided when
909    starting tokenisation. (David Carlier)
910  . password_hash() will now chain the original RandomException to the ValueError
911    on salt generation failure. (timwolla)
912  . Fix GH-10239 (proc_close after proc_get_status always returns -1). (nielsdos)
913  . Improve the warning message for unpack() in case not enough values were
914    provided. (nielsdos)
915  . Fix GH-11010 (parse_ini_string() now preserves formatting of unquoted
916    strings starting with numbers when the INI_SCANNER_TYPED flag is
917    specified). (ilutov)
918  . Fix GH-10742 (http_response_code emits no error when headers were already
919    sent). (NattyNarwhal)
920  . Added support for rounding negative places in number_format().
921    (Marc Bennewitz)
922  . Prevent precision loss on formatting decimal integers in number_format().
923    (Marc Bennewitz)
924  . Added usage of posix_spawn for proc_open when supported by OS.
925    (Cristian Rodriguez)
926  . Added $before_needle argument to strrchr(). (HypeMC)
927  . Fixed GH-11982 (str_getcsv returns null byte for unterminated enclosure).
928    (Jakub Zelenka)
929  . Fixed str_decrement() on "1". (ilutov)
930
931- Streams:
932  . Fixed bug #51056: blocking fread() will block even if data is available.
933    (Jakub Zelenka)
934  . Added storing of the original path used to open xport stream.
935    (Luc Vieillescazes)
936  . Implement GH-8641 (STREAM_NOTIFY_COMPLETED over HTTP never emitted).
937    (nielsdos, Jakub Zelenka)
938  . Fix bug GH-10406 (fgets on a redis socket connection fails on PHP 8.3).
939    (Jakub Zelenka)
940  . Implemented GH-11242 (_php_stream_copy_to_mem: Allow specifying a maximum
941    length without allocating a buffer of that size). (Jakub Zelenka)
942  . Fixed bug #52335 (fseek() on memory stream behavior different than file).
943    (Jakub Zelenka)
944  . Fixed bug #76857 (Can read "non-existant" files). (Jakub Zelenka)
945
946- XSLTProcessor:
947  . Fixed bug #69168 (DomNode::getNodePath() returns invalid path). (nielsdos)
948
949- ZIP:
950  . zip extension version 1.22.0 for libzip 1.10.0. (Remi)
951  . add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED). (Remi)
952  . add new archive global flags (ER_AFL_*). (Remi)
953  . add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods.
954    (Remi)
955