1<?php 2$_SERVER['BASE_PAGE'] = 'ChangeLog-7.php'; 3include_once __DIR__ . '/include/prepend.inc'; 4include_once __DIR__ . '/include/changelogs.inc'; 5 6$MINOR_VERSIONS = ['7.4', '7.3', '7.2', '7.1', '7.0']; 7changelog_header(7, $MINOR_VERSIONS); 8?> 9<a id="PHP_7_4"></a> 10 11<section class="version" id="7.4.33"><!-- {{{ 7.4.33 --> 12<h3>Version 7.4.33</h3> 13<b><?php release_date('03-Nov-2022'); ?></b> 14<ul><li>GD: 15<ul> 16 <li><?php bugfix(81739); ?>: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)</li> 17</ul></li> 18<li>Hash: 19<ul> 20 <li><?php bugfix(81738); ?>: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)</li> 21</ul></li> 22</ul> 23<!-- }}} --></section> 24 25 26 27<section class="version" id="7.4.32"><!-- {{{ 7.4.32 --> 28<h3>Version 7.4.32</h3> 29<b><?php release_date('29-Sep-2022'); ?></b> 30<ul><li>Core: 31<ul> 32 <li><?php bugfix(81726); ?>: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)</li> 33 <li><?php bugfix(81727); ?>: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)</li> 34</ul></li> 35</ul> 36<!-- }}} --></section> 37 38 39 40<section class="version" id="7.4.30"><!-- {{{ 7.4.30 --> 41<h3>Version 7.4.30</h3> 42<b><?php release_date('09-Jun-2022'); ?></b> 43<ul><li>mysqlnd: 44<ul> 45 <li><?php bugfix(81719); ?>: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)</li> 46</ul></li> 47<li>pgsql: 48<ul> 49 <li><?php bugfix(81720); ?>: Uninitialized array in pg_query_params(). (CVE-2022-31625)</li> 50</ul></li> 51</ul> 52<!-- }}} --></section> 53 54 55 56<section class="version" id="7.4.29"><!-- {{{ 7.4.29 --> 57<h3>Version 7.4.29</h3> 58<b><?php release_date('14-Apr-2022'); ?></b> 59<ul><li>Core: 60<ul> 61 <li>No source changes to this release. This update allows for re-building the 62 Windows binaries against upgraded dependencies which have received security 63 updates.</li> 64</ul></li> 65<li>Date: 66<ul> 67 <li>Updated to latest IANA timezone database (2022a).</li> 68</ul></li> 69</ul> 70<!-- }}} --></section> 71 72 73 74<section class="version" id="7.4.28"><!-- {{{ 7.4.28 --> 75<h3>Version 7.4.28</h3> 76<b><?php release_date('17-Feb-2022'); ?></b> 77<ul><li>Filter: 78<ul> 79 <li>Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)</li> 80</ul></li> 81</ul> 82<!-- }}} --></section> 83 84 85 86<section class="version" id="7.4.27"><!-- {{{ 7.4.27 --> 87<h3>Version 7.4.27</h3> 88<b><?php release_date('16-Dec-2021'); ?></b> 89<ul><li>Core: 90<ul> 91 <li><?php bugfix(81626); ?> (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).</li> 92</ul></li> 93<li>FPM: 94<ul> 95 <li><?php bugfix(81513); ?> (Future possibility for heap overflow in FPM zlog).</li> 96</ul></li> 97<li>GD: 98<ul> 99 <li><?php bugfix(71316); ?> (libpng warning from imagecreatefromstring).</li> 100</ul></li> 101<li>OpenSSL: 102<ul> 103 <li><?php bugfix(75725); ?> (./configure: detecting RAND_egd).</li> 104</ul></li> 105<li>PCRE: 106<ul> 107 <li><?php bugfix(74604); ?> (Out of bounds in php_pcre_replace_impl).</li> 108</ul></li> 109<li>Standard: 110<ul> 111 <li><?php bugfix(81618); ?> (dns_get_record fails on FreeBSD for missing type).</li> 112 <li><?php bugfix(81659); ?> (stream_get_contents() may unnecessarily overallocate).</li> 113</ul></li> 114</ul> 115<!-- }}} --></section> 116 117 118 119<section class="version" id="7.4.26"><!-- {{{ 7.4.26 --> 120<h3>Version 7.4.26</h3> 121<b><?php release_date('18-Nov-2021'); ?></b> 122<ul><li>Core: 123<ul> 124 <li><?php bugfix(81518); ?> (Header injection via default_mimetype / default_charset).</li> 125</ul></li> 126<li>Date: 127<ul> 128 <li><?php bugfix(81500); ?> (Interval serialization regression since 7.3.14 / 7.4.2).</li> 129</ul></li> 130<li>MBString: 131<ul> 132 <li><?php bugfix(76167); ?> (mbstring may use pointer from some previous request).</li> 133</ul></li> 134<li>MySQLi: 135<ul> 136 <li><?php bugfix(81494); ?> (Stopped unbuffered query does not throw error).</li> 137</ul></li> 138<li>PCRE: 139<ul> 140 <li><?php bugfix(81424); ?> (PCRE2 10.35 JIT performance regression).</li> 141</ul></li> 142<li>Streams: 143<ul> 144 <li><?php bugfix(54340); ?> (Memory corruption with user_filter).</li> 145</ul></li> 146<li>XML: 147<ul> 148 <li><?php bugfix(79971); ?> (special character is breaking the path in xml function). (CVE-2021-21707)</li> 149</ul></li> 150</ul> 151<!-- }}} --></section> 152 153 154 155<section class="version" id="7.4.25"><!-- {{{ 7.4.25 --> 156<h3>Version 7.4.25</h3> 157<b><?php release_date('21-Oct-2021'); ?></b> 158<ul><li>DOM: 159<ul> 160 <li><?php bugfix(81433); ?> (DOMElement::setIdAttribute() called twice may remove ID).</li> 161</ul></li> 162<li>FFI: 163<ul> 164 <li><?php bugfix(79576); ?> ("TYPE *" shows unhelpful message when type is not defined).</li> 165</ul></li> 166<li>Fileinfo: 167<ul> 168 <li><?php bugfix(78987); ?> (High memory usage during encoding detection).</li> 169</ul></li> 170<li>Filter: 171<ul> 172 <li><?php bugfix(61700); ?> (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).</li> 173</ul></li> 174<li>FPM: 175<ul> 176 <li><?php bugfix(81026); ?> (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).</li> 177</ul></li> 178<li>SPL: 179<ul> 180 <li><?php bugfix(80663); ?> (Recursive SplFixedArray::setSize() may cause double-free).</li> 181</ul></li> 182<li>Streams: 183<ul> 184 <li><?php bugfix(81475); ?> (stream_isatty emits warning with attached stream wrapper).</li> 185</ul></li> 186<li>XML: 187<ul> 188 <li><?php bugfix(70962); ?> (XML_OPTION_SKIP_WHITE strips embedded whitespace).</li> 189</ul></li> 190<li>Zip: 191<ul> 192 <li><?php bugfix(81490); ?> (ZipArchive::extractTo() may leak memory).</li> 193 <li><?php bugfix(77978); ?> (Dirname ending in colon unzips to wrong dir).</li> 194</ul></li> 195</ul> 196<!-- }}} --></section> 197 198 199 200<section class="version" id="7.4.24"><!-- {{{ 7.4.24 --> 201<h3>Version 7.4.24</h3> 202<b><?php release_date('23-Sep-2021'); ?></b> 203<ul><li>Core: 204<ul> 205 <li><?php bugfix(81302); ?> (Stream position after stream filter removed).</li> 206 <li><?php bugfix(81346); ?> (Non-seekable streams don't update position after write).</li> 207 <li><?php bugfix(73122); ?> (Integer Overflow when concatenating strings).</li> 208</ul></li> 209<li>GD: 210<ul> 211 <li><?php bugfix(53580); ?> (During resize gdImageCopyResampled cause colors change).</li> 212</ul></li> 213<li>Opcache: 214<ul> 215 <li><?php bugfix(81353); ?> (segfault with preloading and statically bound closure).</li> 216</ul></li> 217<li>Shmop: 218<ul> 219 <li><?php bugfix(81407); ?> (shmop_open won't attach and causes php to crash).</li> 220</ul></li> 221<li>Standard: 222<ul> 223 <li><?php bugfix(71542); ?> (disk_total_space does not work with relative paths).</li> 224 <li><?php bugfix(81400); ?> (Unterminated string in dns_get_record() results).</li> 225</ul></li> 226<li>SysVMsg: 227<ul> 228 <li><?php bugfix(78819); ?> (Heap Overflow in msg_send).</li> 229</ul></li> 230<li>XML: 231<ul> 232 <li><?php bugfix(81351); ?> (xml_parse may fail, but has no error code).</li> 233</ul></li> 234<li>Zip: 235<ul> 236 <li><?php bugfix(81420); ?> (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)</li> 237</ul></li> 238</ul> 239<!-- }}} --></section> 240 241 242 243<section class="version" id="7.4.23"><!-- {{{ 7.4.23 --> 244<h3>Version 7.4.23</h3> 245<b><?php release_date('26-Aug-2021'); ?></b> 246<ul><li>Core: 247<ul> 248 <li><?php bugfix(72595); ?> (php_output_handler_append illegal write access).</li> 249 <li><?php bugfix(66719); ?> (Weird behaviour when using get_called_class() with call_user_func()).</li> 250 <li><?php bugfix(81305); ?> (Built-in Webserver Drops Requests With "Upgrade" Header).</li> 251</ul></li> 252<li>BCMath: 253<ul> 254 <li><?php bugfix(78238); ?> (BCMath returns "-0").</li> 255</ul></li> 256<li>CGI: 257<ul> 258 <li><?php bugfix(80849); ?> (HTTP Status header truncation).</li> 259</ul></li> 260<li>GD: 261<ul> 262 <li><?php bugfix(51498); ?> (imagefilledellipse does not work for large circles).</li> 263</ul></li> 264<li>MySQLi: 265<ul> 266 <li><?php bugfix(74544); ?> (Integer overflow in mysqli_real_escape_string()).</li> 267</ul></li> 268<li>OpenSSL: 269<ul> 270 <li><?php bugfix(81327); ?> (Error build openssl extension on php 7.4.22).</li> 271</ul></li> 272<li>PDO_ODBC: 273<ul> 274 <li><?php bugfix(81252); ?> (PDO_ODBC doesn't account for SQL_NO_TOTAL).</li> 275</ul></li> 276<li>Phar: 277<ul> 278 <li><?php bugfix(81211); ?>: Symlinks are followed when creating PHAR archive.(cmb)</li> 279</ul></li> 280<li>Shmop: 281<ul> 282 <li><?php bugfix(81283); ?> (shmop can't read beyond 2147483647 bytes).</li> 283</ul></li> 284<li>Standard: 285<ul> 286 <li><?php bugfix(72146); ?> (Integer overflow on substr_replace).</li> 287 <li><?php bugfix(81265); ?> (getimagesize returns 0 for 256px ICO images).</li> 288 <li><?php bugfix(74960); ?> (Heap buffer overflow via str_repeat).</li> 289</ul></li> 290<li>Streams: 291<ul> 292 <li><?php bugfix(81294); ?> (Segfault when removing a filter).</li> 293</ul></li> 294</ul> 295<!-- }}} --></section> 296 297 298 299<section class="version" id="7.4.22"><!-- {{{ 7.4.22 --> 300<h3>Version 7.4.22</h3> 301<b><?php release_date('29-Jul-2021'); ?></b> 302<ul><li>Core: 303<ul> 304 <li><?php bugfix(81145); ?> (copy() and stream_copy_to_stream() fail for +4GB files).</li> 305 <li><?php bugfix(81163); ?> (incorrect handling of indirect vars in __sleep).</li> 306 <li><?php bugfix(80728); ?> (PHP built-in web server resets timeout when it can kill the process).</li> 307 <li><?php bugfix(73630); ?> (Built-in Webserver - overwrite $_SERVER['request_uri']).</li> 308 <li><?php bugfix(80173); ?> (Using return value of zend_assign_to_variable() is not safe).</li> 309 <li><?php bugfix(73226); ?> (--r[fcez] always return zero exit code).</li> 310</ul></li> 311<li>Intl: 312<ul> 313 <li><?php bugfix(72809); ?> (Locale::lookup() wrong result with canonicalize option).</li> 314 <li><?php bugfix(68471); ?> (IntlDateFormatter fails for "GMT+00:00" timezone).</li> 315 <li><?php bugfix(74264); ?> (grapheme_strrpos() broken for negative offsets).</li> 316</ul></li> 317<li>OpenSSL: 318<ul> 319 <li><?php bugfix(52093); ?> (openssl_csr_sign truncates $serial).</li> 320</ul></li> 321<li>PCRE: 322<ul> 323 <li><?php bugfix(81101); ?> (PCRE2 10.37 shows unexpected result).</li> 324 <li><?php bugfix(81243); ?> (Too much memory is allocated for preg_replace()).</li> 325</ul></li> 326<li>Standard: 327<ul> 328 <li><?php bugfix(81223); ?> (flock() only locks first byte of file).</li> 329</ul></li> 330</ul> 331<!-- }}} --></section> 332 333 334 335<section class="version" id="7.4.21"><!-- {{{ 7.4.21 --> 336<h3>Version 7.4.21</h3> 337<b><?php release_date('01-Jul-2021'); ?></b> 338<ul><li>Core: 339<ul> 340 <li><?php bugfix(81068); ?> (Double free in realpath_cache_clean()).</li> 341 <li><?php bugfix(76359); ?> (open_basedir bypass through adding "..").</li> 342 <li><?php bugfix(81090); ?> (Typed property performance degradation with .= operator).</li> 343 <li><?php bugfix(81070); ?> (Integer underflow in memory limit comparison).</li> 344 <li><?php bugfix(81122); ?> (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)</li> 345</ul></li> 346<li>Bzip2: 347<ul> 348 <li><?php bugfix(81092); ?> (fflush before stream_filter_remove corrupts stream).</li> 349</ul></li> 350<li>OpenSSL: 351<ul> 352 <li><?php bugfix(76694); ?> (native Windows cert verification uses CN as server name).</li> 353</ul></li> 354<li>PDO_Firebird: 355<ul> 356 <li><?php bugfix(76448); ?> (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)</li> 357 <li><?php bugfix(76449); ?> (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)</li> 358 <li><?php bugfix(76450); ?> (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)</li> 359 <li><?php bugfix(76452); ?> (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)</li> 360</ul></li> 361<li>Standard: 362<ul> 363 <li><?php bugfix(81048); ?> (phpinfo(INFO_VARIABLES) "Array to string conversion").</li> 364</ul></li> 365</ul> 366<!-- }}} --></section> 367 368 369 370<section class="version" id="7.4.20"><!-- {{{ 7.4.20 --> 371<h3>Version 7.4.20</h3> 372<b><?php release_date('03-Jun-2021'); ?></b> 373<ul><li>Core: 374<ul> 375 <li><?php bugfix(80929); ?> (Method name corruption related to repeated calls to call_user_func_array).</li> 376 <li><?php bugfix(80960); ?> (opendir() warning wrong info when failed on Windows).</li> 377 <li><?php bugfix(67792); ?> (HTTP Authorization schemes are treated as case-sensitive).</li> 378 <li><?php bugfix(80972); ?> (Memory exhaustion on invalid string offset).</li> 379</ul></li> 380<li>FPM: 381<ul> 382 <li><?php bugfix(65800); ?> (Events port mechanism).</li> 383</ul></li> 384<li>FTP: 385<ul> 386 <li><?php bugfix(80901); ?> (Info leak in ftp extension).</li> 387 <li><?php bugfix(79100); ?> (Wrong FTP error messages).</li> 388</ul></li> 389<li>GD: 390<ul> 391 <li><?php bugfix(81032); ?> (GD install is affected by external libgd installation).</li> 392</ul></li> 393<li>MBString: 394<ul> 395 <li><?php bugfix(81011); ?> (mb_convert_encoding removes references from arrays).</li> 396</ul></li> 397<li>ODBC: 398<ul> 399 <li><?php bugfix(80460); ?> (ODBC doesn't account for SQL_NO_TOTAL indicator).</li> 400</ul></li> 401<li>PDO_MySQL: 402<ul> 403 <li><?php bugfix(81037); ?> (PDO discards error message text from prepared statement).</li> 404</ul></li> 405<li>PDO_ODBC: 406<ul> 407 <li><?php bugfix(44643); ?> (bound parameters ignore explicit type definitions).</li> 408</ul></li> 409<li>pgsql: 410<ul> 411 <li>Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().</li> 412</ul></li> 413<li>SPL: 414<ul> 415 <li><?php bugfix(80933); ?> (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).</li> 416</ul></li> 417<li>Opcache: 418<ul> 419 <li><?php bugfix(80900); ?> (switch statement behavior inside function).</li> 420 <li><?php bugfix(81015); ?> (Opcache optimization assumes wrong part of ternary operator in if-condition).</li> 421</ul></li> 422<li>XMLReader: 423<ul> 424 <li><?php bugfix(73246); ?> (XMLReader: encoding length not checked).</li> 425</ul></li> 426<li>Zip: 427<ul> 428 <li><?php bugfix(80863); ?> (ZipArchive::extractTo() ignores references).</li> 429</ul></li> 430</ul> 431<!-- }}} --></section> 432 433 434 435<section class="version" id="7.4.19"><!-- {{{ 7.4.19 --> 436<h3>Version 7.4.19</h3> 437<b><?php release_date('06-May-2021'); ?></b> 438<ul><li>PDO_pgsql: 439<ul> 440 <li>Reverted bug fix for #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li> 441</ul></li> 442</ul> 443<!-- }}} --></section> 444 445 446 447<section class="version" id="7.4.18"><!-- {{{ 7.4.18 --> 448<h3>Version 7.4.18</h3> 449<b><?php release_date('29-Apr-2021'); ?></b> 450<ul><li>Core: 451<ul> 452 <li><?php bugfix(80781); ?> (Error handler that throws ErrorException infinite loop).</li> 453 <li><?php bugfix(75776); ?> (Flushing streams with compression filter is broken).</li> 454</ul></li> 455<li>Dba: 456<ul> 457 <li><?php bugfix(80817); ?> (dba_popen() may cause segfault during RSHUTDOWN).</li> 458</ul></li> 459<li>DOM: 460<ul> 461 <li><?php bugfix(66783); ?> (UAF when appending DOMDocument to element).</li> 462</ul></li> 463<li>FPM: 464<ul> 465 <li><?php bugfix(80024); ?> (Duplication of info about inherited socket after pool removing).</li> 466</ul></li> 467<li>FTP: 468<ul> 469 <li><?php bugfix(80880); ?> (SSL_read on shutdown, ftp/proc_open).</li> 470</ul></li> 471<li>Imap: 472<ul> 473 <li><?php bugfix(80710); ?> (imap_mail_compose() header injection).</li> 474</ul></li> 475<li>Intl: 476<ul> 477 <li><?php bugfix(80763); ?> (msgfmt_format() does not accept DateTime references).</li> 478</ul></li> 479<li>LibXML: 480<ul> 481 <li><?php bugfix(51903); ?> (simplexml_load_file() doesn't use HTTP headers).</li> 482 <li><?php bugfix(73533); ?> (Invalid memory access in php_libxml_xmlCheckUTF8).</li> 483</ul></li> 484<li>MySQLnd: 485<ul> 486 <li><?php bugfix(80713); ?> (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).</li> 487 <li><?php bugfix(80837); ?> (Calling stmt_store_result after fetch doesn't throw an error).</li> 488 <li><?php bugfix(78680); ?> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li> 489</ul></li> 490<li>Opcache: 491<ul> 492 <li><?php bugfix(80805); ?> (create simple class and get error in opcache.so).</li> 493 <li><?php bugfix(80950); ?> (Variables become null in if statements).</li> 494</ul></li> 495<li>Pcntl: 496<ul> 497 <li><?php bugfix(79812); ?> (Potential integer overflow in pcntl_exec()).</li> 498</ul></li> 499<li>PCRE: 500<ul> 501 <li><?php bugfix(80866); ?> (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).</li> 502</ul></li> 503<li>PDO_ODBC: 504<ul> 505 <li><?php bugfix(80783); ?> (PDO ODBC truncates BLOB records at every 256th byte).</li> 506</ul></li> 507<li>PDO_pgsql: 508<ul> 509 <li><?php bugfix(80892); ?> (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li> 510</ul></li> 511<li>phpdbg: 512<ul> 513 <li><?php bugfix(80757); ?> (Exit code is 0 when could not open file).</li> 514</ul></li> 515<li>Session: 516<ul> 517 <li><?php bugfix(80774); ?> (session_name() problem with backslash).</li> 518 <li><?php bugfix(80889); ?> (Cannot set save handler when save_handler is invalid).</li> 519</ul></li> 520<li>SOAP: 521<ul> 522 <li><?php bugfix(69668); ?> (SOAP special XML characters in namespace URIs not encoded).</li> 523</ul></li> 524<li>Standard: 525<ul> 526 <li><?php bugfix(78719); ?> (http wrapper silently ignores long Location headers).</li> 527 <li><?php bugfix(80771); ?> (phpinfo(INFO_CREDITS) displays nothing in CLI).</li> 528 <li><?php bugfix(80838); ?> (HTTP wrapper waits for HTTP 1 response after HTTP 101).</li> 529 <li><?php bugfix(80915); ?> (Taking a reference to $_SERVER hides its values from phpinfo()).</li> 530 <li><?php bugfix(80654); ?> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li> 531</ul></li> 532<li>MySQLi: 533<ul> 534 <li><?php bugfix(74779); ?> (x() and y() truncating floats to integers).</li> 535</ul></li> 536<li>OPcache: 537<ul> 538 <li><?php bugfix(80682); ?> (opcache doesn't honour pcre.jit option).</li> 539</ul></li> 540<li>OpenSSL: 541<ul> 542 <li><?php bugfix(80747); ?> (Providing RSA key size < 512 generates key that crash PHP).</li> 543</ul></li> 544<li>Phar: 545<ul> 546 <li><?php bugfix(75850); ?> (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)</li> 547 <li><?php bugfix(70091); ?> (Phar does not mark UTF-8 filenames in ZIP archives).</li> 548 <li><?php bugfix(53467); ?> (Phar cannot compress large archives).</li> 549</ul></li> 550<li>SPL: 551<ul> 552 <li><?php bugfix(80719); ?> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li> 553</ul></li> 554<li>Zip: 555<ul> 556 <li><?php bugfix(80648); ?> (Fix for bug 79296 should be based on runtime version).</li> 557</ul></li> 558</ul> 559<!-- }}} --></section> 560 561<section class="version" id="7.4.16"><!-- {{{ 7.4.16 --> 562<h3>Version 7.4.16</h3> 563<b><?php release_date('04-Mar-2021'); ?></b> 564<ul><li>Core: 565<ul> 566 <li><?php bugfix(80706); ?> (mail(): Headers after Bcc headers may be ignored).</li> 567</ul></li> 568<li>MySQLnd: 569<ul> 570 <li><?php bugfix(78680); ?> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li> 571</ul></li> 572<li>MySQLi: 573<ul> 574 <li><?php bugfix(74779); ?> (x() and y() truncating floats to integers).</li> 575</ul></li> 576<li>OPcache: 577<ul> 578 <li><?php bugfix(80682); ?> (opcache doesn't honour pcre.jit option).</li> 579</ul></li> 580<li>OpenSSL: 581<ul> 582 <li><?php bugfix(80747); ?> (Providing RSA key size < 512 generates key that crash PHP).</li> 583</ul></li> 584<li>Phar: 585<ul> 586 <li><?php bugfix(75850); ?> (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)</li> 587 <li><?php bugfix(70091); ?> (Phar does not mark UTF-8 filenames in ZIP archives).</li> 588 <li><?php bugfix(53467); ?> (Phar cannot compress large archives).</li> 589</ul></li> 590<li>SPL: 591<ul> 592 <li><?php bugfix(80719); ?> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li> 593</ul></li> 594<li>Standard: 595<ul> 596 <li><?php bugfix(80654); ?> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li> 597</ul></li> 598<li>Zip: 599<ul> 600 <li><?php bugfix(80648); ?> (Fix for bug 79296 should be based on runtime version).</li> 601</ul></li> 602</ul> 603<!-- }}} --></section> 604 605 606 607<section class="version" id="7.4.15"><!-- {{{ 7.4.15 --> 608<h3>Version 7.4.15</h3> 609<b><?php release_date('04-Feb-2021'); ?></b> 610<ul><li>Core: 611<ul> 612 <li><?php bugfix(80523); ?> (bogus parse error on >4GB source code).</li> 613 <li><?php bugfix(80384); ?> (filter buffers entire read until file closed).</li> 614</ul></li> 615<li>Curl: 616<ul> 617 <li><?php bugfix(80595); ?> (Resetting POSTFIELDS to empty array breaks request).</li> 618</ul></li> 619<li>Date: 620<ul> 621 <li><?php bugfix(80376); ?> (last day of the month causes runway cpu usage.</li> 622</ul></li> 623<li>MySQLi: 624<ul> 625 <li><?php bugfix(67983); ?> (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).</li> 626 <li><?php bugfix(64638); ?> (Fetching resultsets from stored procedure with cursor fails).</li> 627 <li><?php bugfix(72862); ?> (segfault using prepared statements on stored procedures that use a cursor).</li> 628 <li><?php bugfix(77935); ?> (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).</li> 629</ul></li> 630<li>Phar: 631<ul> 632 <li><?php bugfix(77565); ?> (Incorrect locator detection in ZIP-based phars).</li> 633 <li><?php bugfix(69279); ?> (Compressed ZIP Phar extractTo() creates garbage files).</li> 634</ul></li> 635<li>SOAP: 636<ul> 637 <li><?php bugfix(80672); ?> (Null Dereference in SoapClient). (CVE-2021-21702)</li> 638</ul></li> 639</ul> 640<!-- }}} --></section> 641 642 643 644<section class="version" id="7.4.14"><!-- {{{ 7.4.14 --> 645<h3>Version 7.4.14</h3> 646<b><?php release_date('07-Jan-2021'); ?></b> 647<ul><li>Core: 648<ul> 649 <li><?php bugfix(74558); ?> (Can't rebind closure returned by Closure::fromCallable()).</li> 650 <li><?php bugfix(80345); ?> (PHPIZE configuration has outdated PHP_RELEASE_VERSION).</li> 651 <li><?php bugfix(72964); ?> (White space not unfolded for CC/Bcc headers).</li> 652 <li><?php bugfix(80362); ?> (Running dtrace scripts can cause php to crash).</li> 653 <li><?php bugfix(80393); ?> (Build of PHP extension fails due to configuration gap with libtool).</li> 654 <li><?php bugfix(80402); ?> (configure filtering out -lpthread).</li> 655 <li><?php bugfix(77069); ?> (stream filter loses final block of data).</li> 656</ul></li> 657<li>Fileinfo: 658<ul> 659 <li><?php bugfix(77961); ?> (finfo_open crafted magic parsing SIGABRT).</li> 660</ul></li> 661<li>FPM: 662<ul> 663 <li><?php bugfix(69625); ?> (FPM returns 200 status on request without SCRIPT_FILENAME env).</li> 664</ul></li> 665<li>Intl: 666<ul> 667 <li><?php bugfix(80425); ?> (MessageFormatAdapter::getArgTypeList redefined).</li> 668</ul></li> 669<li>OpenSSL: 670<ul> 671 <li><?php bugfix(80368); ?> (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).</li> 672</ul></li> 673<li>Phar: 674<ul> 675 <li><?php bugfix(73809); ?> (Phar Zip parse crash - mmap fail).</li> 676 <li><?php bugfix(75102); ?> (`PharData` says invalid checksum for valid tar).</li> 677 <li><?php bugfix(77322); ?> (PharData::addEmptyDir('/') Possible integer overflow).</li> 678</ul></li> 679<li>PDO MySQL: 680<ul> 681 <li><?php bugfix(80458); ?> (PDOStatement::fetchAll() throws for upsert queries).</li> 682 <li><?php bugfix(63185); ?> (nextRowset() ignores MySQL errors with native prepared statements).</li> 683 <li><?php bugfix(78152); ?> (PDO::exec() - Bad error handling with multiple commands).</li> 684 <li><?php bugfix(70066); ?> (Unexpected "Cannot execute queries while other unbuffered queries").</li> 685 <li><?php bugfix(71145); ?> (Multiple statements in init command triggers unbuffered query error).</li> 686 <li><?php bugfix(76815); ?> (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).</li> 687</ul></li> 688<li>Standard: 689<ul> 690 <li><?php bugfix(77423); ?> (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</li> 691 <li><?php bugfix(80366); ?> (Return Value of zend_fstat() not Checked).</li> 692 <li><?php bugfix(80411); ?> (References to null-serialized object break serialize()).</li> 693</ul></li> 694<li>Tidy: 695<ul> 696 <li><?php bugfix(77594); ?> (ob_tidyhandler is never reset).</li> 697</ul></li> 698<li>Zlib: 699<ul> 700 <li><?php bugfix(48725); ?> (Support for flushing in zlib stream).</li> 701</ul></li> 702</ul> 703<!-- }}} --></section> 704 705 706 707<section class="version" id="7.4.13"><!-- {{{ 7.4.13 --> 708<h3>Version 7.4.13</h3> 709<b><?php release_date('26-Nov-2020'); ?></b> 710<ul><li>Core: 711<ul> 712 <li><?php bugfix(80280); ?> (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).</li> 713 <li><?php bugfix(80258); ?> (Windows Deduplication Enabled, randon permission errors).</li> 714</ul></li> 715<li>COM: 716<ul> 717 <li><?php bugfix(62474); ?> (com_event_sink crashes on certain arguments).</li> 718</ul></li> 719<li>DOM: 720<ul> 721 <li><?php bugfix(80268); ?> (loadHTML() truncates at NUL bytes).</li> 722</ul></li> 723<li>FFI: 724<ul> 725 <li><?php bugfix(79177); ?> (FFI doesn't handle well PHP exceptions within callback).</li> 726</ul></li> 727<li>IMAP: 728<ul> 729 <li><?php bugfix(64076); ?> (imap_sort() does not return FALSE on failure).</li> 730 <li><?php bugfix(76618); ?> (segfault on imap_reopen).</li> 731 <li><?php bugfix(80239); ?> (imap_rfc822_write_address() leaks memory).</li> 732 <li>Fixed minor regression caused by fixing bug <?php bugl(80220); ?>.</li> 733 <li><?php bugfix(80242); ?> (imap_mail_compose() segfaults for multipart with rfc822).</li> 734</ul></li> 735<li>MySQLi: 736<ul> 737 <li><?php bugfix(79375); ?> (mysqli_store_result does not report error from lock wait timeout).</li> 738 <li><?php bugfix(76525); ?> (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used).</li> 739 <li><?php bugfix(72413); ?> (mysqlnd segfault (fetch_row second parameter typemismatch)).</li> 740</ul></li> 741<li>ODBC: 742<ul> 743 <li><?php bugfix(44618); ?> (Fetching may rely on uninitialized data).</li> 744</ul></li> 745<li>Opcache: 746<ul> 747 <li><?php bugfix(79643); ?> (PHP with Opcache crashes when a file with specific name is included).</li> 748 <li>Fixed run-time binding of preloaded dynamically declared function.</li> 749</ul></li> 750<li>OpenSSL: 751<ul> 752 <li><?php bugfix(79983); ?> (openssl_encrypt / openssl_decrypt fail with OCB mode).</li> 753</ul></li> 754<li>PDO MySQL: 755<ul> 756 <li><?php bugfix(66528); ?> (No PDOException or errorCode if database becomes unavailable before PDO::commit).</li> 757 <li><?php bugfix(65825); ?> (PDOStatement::fetch() does not throw exception on broken server connection).</li> 758</ul></li> 759<li>SNMP: 760<ul> 761 <li><?php bugfix(70461); ?> (disable md5 code when it is not supported in net-snmp).</li> 762</ul></li> 763<li>Standard: 764<ul> 765 <li><?php bugfix(80266); ?> (parse_url silently drops port number 0).</li> 766</ul></li> 767</ul> 768<!-- }}} --></section> 769 770 771 772<section class="version" id="7.4.12"><!-- {{{ 7.4.12 --> 773<h3>Version 7.4.12</h3> 774<b><?php release_date('29-Oct-2020'); ?></b> 775<ul><li>Core: 776<ul> 777 <li><?php bugfix(80061); ?> (Copying large files may have suboptimal performance).</li> 778 <li><?php bugfix(79423); ?> (copy command is limited to size of file it can copy).</li> 779 <li><?php bugfix(80126); ?> (Covariant return types failing compilation).</li> 780 <li><?php bugfix(80186); ?> (Segfault when iterating over FFI object).</li> 781</ul></li> 782<li>Calendar: 783<ul> 784 <li><?php bugfix(80185); ?> (jdtounix() fails after 2037).</li> 785</ul></li> 786<li>IMAP: 787<ul> 788 <li><?php bugfix(80213); ?> (imap_mail_compose() segfaults on certain $bodies).</li> 789 <li><?php bugfix(80215); ?> (imap_mail_compose() may modify by-val parameters).</li> 790 <li><?php bugfix(80220); ?> (imap_mail_compose() may leak memory).</li> 791 <li><?php bugfix(80223); ?> (imap_mail_compose() leaks envelope on malformed bodies).</li> 792 <li><?php bugfix(80216); ?> (imap_mail_compose() does not validate types/encodings).</li> 793 <li><?php bugfix(80226); ?> (imap_sort() leaks sortpgm memory).</li> 794</ul></li> 795<li>MySQLnd: 796<ul> 797 <li><?php bugfix(80115); ?> (mysqlnd.debug doesn't recognize absolute paths with slashes).</li> 798 <li><?php bugfix(80107); ?> (mysqli_query() fails for ~16 MB long query when compression is enabled).</li> 799</ul></li> 800<li>ODBC: 801<ul> 802 <li><?php bugfix(78470); ?> (odbc_specialcolumns() no longer accepts $nullable).</li> 803 <li><?php bugfix(80147); ?> (BINARY strings may not be properly zero-terminated).</li> 804 <li><?php bugfix(80150); ?> (Failure to fetch error message).</li> 805 <li><?php bugfix(80152); ?> (odbc_execute() moves internal pointer of $params).</li> 806 <li><?php bugfix(46050); ?> (odbc_next_result corrupts prepared resource).</li> 807</ul></li> 808<li>OPcache: 809<ul> 810 <li><?php bugfix(80083); ?> (Optimizer pass 6 removes variables used for ibm_db2 data binding).</li> 811 <li><?php bugfix(80194); ?> (Assertion failure during block assembly of unreachable free with leading nop).</li> 812</ul></li> 813<li>PCRE: 814<ul> 815 <li>Updated to PCRE 10.35.</li> 816 <li><?php bugfix(80118); ?> (Erroneous whitespace match with JIT only).</li> 817</ul></li> 818<li>PDO_ODBC: 819<ul> 820 <li><?php bugfix(67465); ?> (NULL Pointer dereference in odbc_handle_preparer).</li> 821</ul></li> 822<li>Standard: 823<ul> 824 <li><?php bugfix(80114); ?> (parse_url does not accept URLs with port 0).</li> 825 <li><?php bugfix(76943); ?> (Inconsistent stream_wrapper_restore() errors).</li> 826 <li><?php bugfix(76735); ?> (Incorrect message in fopen on invalid mode).</li> 827</ul></li> 828<li>Tidy: 829<ul> 830 <li><?php bugfix(77040); ?> (tidyNode::isHtml() is completely broken).</li> 831</ul></li> 832</ul> 833<!-- }}} --></section> 834 835 836 837<section class="version" id="7.4.11"><!-- {{{ 7.4.11 --> 838<h3>Version 7.4.11</h3> 839<b><?php release_date('01-Oct-2020'); ?></b> 840<ul><li>Core: 841<ul> 842 <li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li> 843 <li><?php bugfix(79979); ?> (passing value to by-ref param via CUFA crashes).</li> 844 <li><?php bugfix(80037); ?> (Typed property must not be accessed before initialization when __get() declared).</li> 845 <li><?php bugfix(80048); ?> (Bug <?php bugl(69100); ?> has not been fixed for Windows).</li> 846 <li><?php bugfix(80049); ?> (Memleak when coercing integers to string via variadic argument).</li> 847</ul></li> 848<li>Calendar: 849<ul> 850 <li><?php bugfix(80007); ?> (Potential type confusion in unixtojd() parameter parsing).</li> 851</ul></li> 852<li>COM: 853<ul> 854 <li><?php bugfix(64130); ?> (COM obj parameters passed by reference are not updated).</li> 855</ul></li> 856<li>OPcache: 857<ul> 858 <li><?php bugfix(80002); ?> (calc free space for new interned string is wrong).</li> 859 <li><?php bugfix(80046); ?> (FREE for SWITCH_STRING optimized away).</li> 860 <li><?php bugfix(79825); ?> (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).</li> 861</ul></li> 862<li>OpenSSL: 863<ul> 864 <li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li> 865</ul></li> 866<li>PDO: 867<ul> 868 <li><?php bugfix(80027); ?> (Terrible performance using $query->fetch on queries with many bind parameters).</li> 869</ul></li> 870<li>SOAP: 871<ul> 872 <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li> 873</ul></li> 874<li>Standard: 875<ul> 876 <li><?php bugfix(79986); ?> (str_ireplace bug with diacritics characters).</li> 877 <li><?php bugfix(80077); ?> (getmxrr test bug).</li> 878 <li><?php bugfix(72941); ?> (Modifying bucket->data by-ref has no effect any longer).</li> 879 <li><?php bugfix(80067); ?> (Omitting the port in bindto setting errors).</li> 880</ul></li> 881</ul> 882<!-- }}} --></section> 883 884 885 886<section class="version" id="7.4.10"><!-- {{{ 7.4.10 --> 887<h3>Version 7.4.10</h3> 888<b><?php release_date('03-Sep-2020'); ?></b> 889<ul><li>Core: 890<ul> 891 <li><?php bugfix(79884); ?> (PHP_CONFIG_FILE_PATH is meaningless).</li> 892 <li><?php bugfix(77932); ?> (File extensions are case-sensitive).</li> 893 <li><?php bugfix(79806); ?> (realpath() erroneously resolves link to link).</li> 894 <li><?php bugfix(79895); ?> (PHP_CHECK_GCC_ARG does not allow flags with equal sign).</li> 895 <li><?php bugfix(79919); ?> (Stack use-after-scope in define()).</li> 896 <li><?php bugfix(79934); ?> (CRLF-only line in heredoc causes parsing error).</li> 897 <li><?php bugfix(79947); ?> (Memory leak on invalid offset type in compound assignment).</li> 898</ul></li> 899<li>COM: 900<ul> 901 <li><?php bugfix(48585); ?> (com_load_typelib holds reference, fails on second call).</li> 902</ul></li> 903<li>Exif: 904<ul> 905 <li><?php bugfix(75785); ?> (Many errors from exif_read_data).</li> 906</ul></li> 907<li>Gettext: 908<ul> 909 <li><?php bugfix(70574); ?> (Tests fail due to relying on Linux fallback behavior for gettext()).</li> 910</ul></li> 911<li>LDAP: 912<ul> 913 <li>Fixed memory leaks.</li> 914</ul></li> 915<li>OPcache: 916<ul> 917 <li><?php bugfix(73060); ?> (php failed with error after temp folder cleaned up).</li> 918 <li><?php bugfix(79917); ?> (File cache segfault with a static variable in inherited method).</li> 919</ul></li> 920<li>PDO: 921<ul> 922 <li><?php bugfix(64705); ?> (errorInfo property of PDOException is null when PDO::__construct() fails).</li> 923</ul></li> 924<li>Session: 925<ul> 926 <li><?php bugfix(79724); ?> (Return type does not match in ext/session/mod_mm.c).</li> 927</ul></li> 928<li>Standard: 929<ul> 930 <li><?php bugfix(79930); ?> (array_merge_recursive() crashes when called with array with single reference).</li> 931 <li><?php bugfix(79944); ?> (getmxrr always returns true on Alpine linux).</li> 932 <li><?php bugfix(79951); ?> (Memory leak in str_replace of empty string).</li> 933</ul></li> 934<li>XML: 935<ul> 936 <li><?php bugfix(79922); ?> (Crash after multiple calls to xml_parser_free()).</li> 937</ul></li> 938</ul> 939<!-- }}} --></section> 940 941 942 943<section class="version" id="7.4.9"><!-- {{{ 7.4.9 --> 944<h3>Version 7.4.9</h3> 945<b><?php release_date('06-Aug-2020'); ?></b> 946<ul><li>Apache: 947<ul> 948 <li><?php bugfix(79030); ?> (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).</li> 949</ul></li> 950<li>COM: 951<ul> 952 <li><?php bugfix(63208); ?> (BSTR to PHP string conversion not binary safe).</li> 953 <li><?php bugfix(63527); ?> (DCOM does not work with Username, Password parameter).</li> 954</ul></li> 955<li>Core: 956<ul> 957 <li><?php bugfix(79740); ?> (serialize() and unserialize() methods can not be called statically).</li> 958 <li><?php bugfix(79783); ?> (Segfault in php_str_replace_common).</li> 959 <li><?php bugfix(79778); ?> (Assertion failure if dumping closure with unresolved static variable).</li> 960 <li><?php bugfix(79779); ?> (Assertion failure when assigning property of string offset by reference).</li> 961 <li><?php bugfix(79792); ?> (HT iterators not removed if empty array is destroyed).</li> 962 <li><?php bugfix(78598); ?> (Changing array during undef index RW error segfaults).</li> 963 <li><?php bugfix(79784); ?> (Use after free if changing array during undef var during array write fetch).</li> 964 <li><?php bugfix(79793); ?> (Use after free if string used in undefined index warning is changed).</li> 965 <li><?php bugfix(79862); ?> (Public non-static property in child should take priority over private static).</li> 966 <li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte) (cmb)</li> 967</ul></li> 968<li>Fileinfo: 969<ul> 970 <li><?php bugfix(79756); ?> (finfo_file crash (FILEINFO_MIME)).</li> 971</ul></li> 972<li>FTP: 973<ul> 974 <li><?php bugfix(55857); ?> (ftp_size on large files).</li> 975</ul></li> 976<li>Mbstring: 977<ul> 978 <li><?php bugfix(79787); ?> (mb_strimwidth does not trim string).</li> 979</ul></li> 980<li>Phar: 981<ul> 982 <li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li> 983</ul></li> 984<li>Reflection: 985<ul> 986 <li><?php bugfix(79487); ?> (::getStaticProperties() ignores property modifications).</li> 987 <li><?php bugfix(69804); ?> (::getStaticPropertyValue() throws on protected props).</li> 988 <li><?php bugfix(79820); ?> (Use after free when type duplicated into ReflectionProperty gets resolved).</li> 989</ul></li> 990<li>Standard: 991<ul> 992 <li><?php bugfix(70362); ?> (Can't copy() large 'data://' with open_basedir).</li> 993 <li><?php bugfix(78008); ?> (dns_check_record() always return true on Alpine).</li> 994 <li><?php bugfix(79839); ?> (array_walk() does not respect property types).</li> 995</ul></li> 996</ul> 997<!-- }}} --></section> 998 999 1000 1001<section class="version" id="7.4.8"><!-- {{{ 7.4.8 --> 1002<h3>Version 7.4.8</h3> 1003<b><?php release_date('09-Jul-2020'); ?></b> 1004<ul><li>Core: 1005<ul> 1006 <li><?php bugfix(79595); ?> (zend_init_fpu() alters FPU precision).</li> 1007 <li><?php bugfix(79650); ?> (php-win.exe 100% cpu lockup).</li> 1008 <li><?php bugfix(79668); ?> (get_defined_functions(true) may miss functions).</li> 1009 <li><?php bugfix(79683); ?> (Fake reflection scope affects __toString()).</li> 1010 <li>Fixed possibly unsupported timercmp() usage.</li> 1011</ul></li> 1012<li>Exif: 1013<ul> 1014 <li><?php bugfix(79687); ?> (Sony picture - PHP Warning - Make, Model, MakerNotes).</li> 1015</ul></li> 1016<li>Fileinfo: 1017<ul> 1018 <li><?php bugfix(79681); ?> (mime_content_type/finfo returning incorrect mimetype).</li> 1019</ul></li> 1020<li>Filter: 1021<ul> 1022 <li><?php bugfix(73527); ?> (Invalid memory access in php_filter_strip).</li> 1023</ul></li> 1024<li>GD: 1025<ul> 1026 <li><?php bugfix(79676); ?> (imagescale adds black border with IMG_BICUBIC).</li> 1027</ul></li> 1028<li>OpenSSL: 1029<ul> 1030 <li><?php bugfix(62890); ?> (default_socket_timeout=-1 causes connection to timeout).</li> 1031</ul></li> 1032<li>PDO SQLite: 1033<ul> 1034 <li><?php bugfix(79664); ?> (PDOStatement::getColumnMeta fails on empty result set).</li> 1035</ul></li> 1036<li>phpdbg: 1037<ul> 1038 <li><?php bugfix(73926); ?> (phpdbg will not accept input on restart execution).</li> 1039 <li><?php bugfix(73927); ?> (phpdbg fails with windows error prompt at "watch array").</li> 1040 <li>Fixed several mostly Windows related phpdbg bugs.</li> 1041</ul></li> 1042<li>SPL: 1043<ul> 1044 <li><?php bugfix(79710); ?> (Reproducible segfault in error_handler during GC involved an SplFileObject).</li> 1045</ul></li> 1046<li>Standard: 1047<ul> 1048 <li><?php bugfix(74267); ?> (segfault with streams and invalid data).</li> 1049</ul></li> 1050</ul> 1051<!-- }}} --></section> 1052 1053 1054<section class="version" id="7.4.7"><!-- {{{ 7.4.7 --> 1055<h3>Version 7.4.7</h3> 1056<b><?php release_date('11-Jun-2020'); ?></b> 1057<ul><li>Core: 1058<ul> 1059 <li><?php bugfix(79599); ?> (coredump in set_error_handler).</li> 1060 <li><?php bugfix(79566); ?> (Private SHM is not private on Windows).</li> 1061 <li><?php bugfix(79489); ?> (.user.ini does not inherit).</li> 1062 <li><?php bugfix(79600); ?> (Regression in 7.4.6 when yielding an array based generator).</li> 1063 <li><?php bugfix(79657); ?> ("yield from" hangs when invalid value encountered).</li> 1064</ul></li> 1065<li>FFI: 1066<ul> 1067 <li><?php bugfix(79571); ?> (FFI: var_dumping unions may segfault).</li> 1068</ul></li> 1069<li>GD: 1070<ul> 1071 <li><?php bugfix(79615); ?> (Wrong GIF header written in GD GIFEncode).</li> 1072</ul></li> 1073<li>MySQLnd: 1074<ul> 1075 <li><?php bugfix(79596); ?> (MySQL FLOAT truncates to int some locales).</li> 1076</ul></li> 1077<li>Opcache: 1078<ul> 1079 <li><?php bugfix(79588); ?> (Boolean opcache settings ignore on/off values).</li> 1080 <li><?php bugfix(79548); ?> (Preloading segfault with inherited method using static variable).</li> 1081 <li><?php bugfix(79603); ?> (RTD collision with opcache).</li> 1082</ul></li> 1083<li>Standard: 1084<ul> 1085 <li><?php bugfix(79561); ?> (dns_get_record() fails with DNS_ALL).</li> 1086</ul></li> 1087</ul> 1088<!-- }}} --></section> 1089 1090<section class="version" id="7.4.6"><!-- {{{ 7.4.6 --> 1091<h3>Version 7.4.6</h3> 1092<b><?php release_date('14-May-2020'); ?></b> 1093<ul><li>Core: 1094<ul> 1095 <li><?php bugfix(78434); ?> (Generator yields no items after valid() call).</li> 1096 <li><?php bugfix(79477); ?> (casting object into array creates references).</li> 1097 <li><?php bugfix(79514); ?> (Memory leaks while including unexistent file).</li> 1098 <li><?php bugfix(79470); ?> (PHP incompatible with 3rd party file system on demand).</li> 1099 <li><?php bugfix(78784); ?> (Unable to interact with files inside a VFS for Git repository).</li> 1100 <li><?php bugfix(78875); ?> (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).</li> 1101 <li><?php bugfix(78876); ?> (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).</li> 1102</ul></li> 1103<li>DOM: 1104<ul> 1105 <li><?php bugfix(78221); ?> (DOMNode::normalize() doesn't remove empty text nodes).</li> 1106</ul></li> 1107<li>EXIF: 1108<ul> 1109 <li><?php bugfix(79336); ?> (ext/exif/tests/bug79046.phpt fails on Big endian arch).</li> 1110</ul></li> 1111<li>FCGI: 1112<ul> 1113 <li><?php bugfix(79491); ?> (Search for .user.ini extends up to root dir).</li> 1114</ul></li> 1115<li>MBString: 1116<ul> 1117 <li><?php bugfix(79441); ?> (Segfault in mb_chr() if internal encoding is unsupported).</li> 1118</ul></li> 1119<li>OpenSSL: 1120<ul> 1121 <li><?php bugfix(79497); ?> (stream_socket_client() throws an unknown error sometimes with <1s timeout).</li> 1122</ul></li> 1123<li>PCRE: 1124<ul> 1125 <li>Upgraded to PCRE2 10.34.</li> 1126</ul></li> 1127<li>Phar: 1128<ul> 1129 <li><?php bugfix(79503); ?> (Memory leak on duplicate metadata).</li> 1130</ul></li> 1131<li>SimpleXML: 1132<ul> 1133 <li><?php bugfix(79528); ?> (Different object of the same xml between 7.4.5 and 7.4.4).</li> 1134</ul></li> 1135<li>SPL: 1136<ul> 1137 <li><?php bugfix(69264); ?> (__debugInfo() ignored while extending SPL classes).</li> 1138 <li><?php bugfix(67369); ?> (ArrayObject serialization drops the iterator class).</li> 1139</ul></li> 1140<li>Standard: 1141<ul> 1142 <li><?php bugfix(79468); ?> (SIGSEGV when closing stream handle with a stream filter appended).</li> 1143 <li><?php bugfix(79447); ?> (Serializing uninitialized typed properties with __sleep should not throw).</li> 1144</ul></li> 1145</ul> 1146<!-- }}} --></section> 1147 1148 1149<section class="version" id="7.4.5"><!-- {{{ 7.4.5 --> 1150<h3>Version 7.4.5</h3> 1151<b><?php release_date('16-Apr-2020'); ?></b> 1152<ul><li>Core: 1153<ul> 1154 <li><?php bugfix(79364); ?> (When copy empty array, next key is unspecified).</li> 1155 <li><?php bugfix(78210); ?> (Invalid pointer address).</li> 1156</ul></li> 1157<li>CURL: 1158<ul> 1159 <li><?php bugfix(79199); ?> (curl_copy_handle() memory leak).</li> 1160</ul></li> 1161<li>Date: 1162<ul> 1163 <li><?php bugfix(79396); ?> (DateTime hour incorrect during DST jump forward).</li> 1164 <li><?php bugfix(74940); ?> (DateTimeZone loose comparison always true).</li> 1165</ul></li> 1166<li>FPM: 1167<ul> 1168 <li><?php implemented(77062); ?> (Allow numeric [UG]ID in FPM listen.{owner,group}) (Andre Nathan)</li> 1169</ul></li> 1170<li>Iconv: 1171<ul> 1172 <li><?php bugfix(79200); ?> (Some iconv functions cut Windows-1258).</li> 1173</ul></li> 1174<li>OPcache: 1175<ul> 1176 <li><?php bugfix(79412); ?> (Opcache chokes and uses 100% CPU on specific script).</li> 1177</ul></li> 1178<li>Session: 1179<ul> 1180 <li><?php bugfix(79413); ?> (session_create_id() fails for active sessions).</li> 1181</ul></li> 1182<li>Shmop: 1183<ul> 1184 <li><?php bugfix(79427); ?> (Integer Overflow in shmop_open()).</li> 1185</ul></li> 1186<li>SimpleXML: 1187<ul> 1188 <li><?php bugfix(61597); ?> (SXE properties may lack attributes and content).</li> 1189</ul></li> 1190<li>SOAP: 1191<ul> 1192 <li><?php bugfix(79357); ?> (SOAP request segfaults when any request parameter is missing).</li> 1193</ul></li> 1194<li>Spl: 1195<ul> 1196 <li><?php bugfix(75673); ?> (SplStack::unserialize() behavior).</li> 1197 <li><?php bugfix(79393); ?> (Null coalescing operator failing with SplFixedArray).</li> 1198</ul></li> 1199<li>Standard: 1200<ul> 1201 <li><?php bugfix(79330); ?> (shell_exec() silently truncates after a null byte).</li> 1202 <li><?php bugfix(79410); ?> (system() swallows last chunk if it is exactly 4095 bytes without newline).</li> 1203 <li><?php bugfix(79465); ?> (OOB Read in urldecode()). (CVE-2020-7067)</li> 1204</ul></li> 1205<li>Zip: 1206<ul> 1207 <li><?php bugfix(79296); ?> (ZipArchive::open fails on empty file).</li> 1208 <li><?php bugfix(79424); ?> (php_zip_glob uses gl_pathc after call to globfree).</li> 1209</ul></li> 1210</ul> 1211<!-- }}} --></section> 1212 1213 1214<section class="version" id="7.4.4"><!-- {{{ 7.4.4 --> 1215<h3>Version 7.4.4</h3> 1216<b><?php release_date('19-Mar-2020'); ?></b> 1217<ul><li>Core: 1218<ul> 1219 <li><?php bugfix(79329); ?> (get_headers() silently truncates after a null byte) (CVE-2020-7066)</li> 1220 <li><?php bugfix(79244); ?> (php crashes during parsing INI file).</li> 1221 <li><?php bugfix(63206); ?> (restore_error_handler does not restore previous errors mask).</li> 1222</ul></li> 1223<li>COM: 1224<ul> 1225 <li><?php bugfix(66322); ?> (COMPersistHelper::SaveToFile can save to wrong location).</li> 1226 <li><?php bugfix(79242); ?> (COM error constants don't match com_exception codes on x86).</li> 1227 <li><?php bugfix(79247); ?> (Garbage collecting variant objects segfaults).</li> 1228 <li><?php bugfix(79248); ?> (Traversing empty VT_ARRAY throws com_exception).</li> 1229 <li><?php bugfix(79299); ?> (com_print_typeinfo prints duplicate variables).</li> 1230 <li><?php bugfix(79332); ?> (php_istreams are never freed).</li> 1231 <li><?php bugfix(79333); ?> (com_print_typeinfo() leaks memory).</li> 1232</ul></li> 1233<li>CURL: 1234<ul> 1235 <li><?php bugfix(79019); ?> (Copied cURL handles upload empty file).</li> 1236 <li><?php bugfix(79013); ?> (Content-Length missing when posting a curlFile with curl).</li> 1237</ul></li> 1238<li>DOM: 1239<ul> 1240 <li><?php bugfix(77569); ?>: (Write Access Violation in DomImplementation).</li> 1241 <li><?php bugfix(79271); ?> (DOMDocumentType::$childNodes is NULL).</li> 1242</ul></li> 1243<li>Enchant: 1244<ul> 1245 <li><?php bugfix(79311); ?> (enchant_dict_suggest() fails on big endian architecture).</li> 1246</ul></li> 1247<li>EXIF: 1248<ul> 1249 <li><?php bugfix(79282); ?> (Use-of-uninitialized-value in exif) (CVE-2020-7064).</li> 1250</ul></li> 1251<li>Fileinfo: 1252<ul> 1253 <li><?php bugfix(79283); ?> (Segfault in libmagic patch contains a buffer overflow).</li> 1254</ul></li> 1255<li>FPM: 1256<ul> 1257 <li><?php bugfix(77653); ?> (operator displayed instead of the real error message).</li> 1258 <li><?php bugfix(79014); ?> (PHP-FPM & Primary script unknown).</li> 1259</ul></li> 1260<li>MBstring: 1261<ul> 1262 <li><?php bugfix(79371); ?> (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065).</li> 1263</ul></li> 1264<li>MySQLi: 1265<ul> 1266 <li><?php bugfix(64032); ?> (mysqli reports different client_version).</li> 1267</ul></li> 1268<li>MySQLnd: 1269<ul> 1270 <li><?php implemented(79275); ?> (Support auth_plugin_caching_sha2_password on Windows).</li> 1271</ul></li> 1272<li>Opcache: 1273<ul> 1274 <li><?php bugfix(79252); ?> (preloading causes php-fpm to segfault during exit).</li> 1275</ul></li> 1276<li>PCRE: 1277<ul> 1278 <li><?php bugfix(79188); ?> (Memory corruption in preg_replace/preg_replace_callback and unicode).</li> 1279 <li><?php bugfix(79241); ?> (Segmentation fault on preg_match()).</li> 1280 <li><?php bugfix(79257); ?> (Duplicate named groups (?J) prefer last alternative even if not matched).</li> 1281</ul></li> 1282<li>PDO_ODBC: 1283<ul> 1284 <li><?php bugfix(79038); ?> (PDOStatement::nextRowset() leaks column values).</li> 1285</ul></li> 1286<li>Reflection: 1287<ul> 1288 <li><?php bugfix(79062); ?> (Property with heredoc default value returns false for getDocComment).</li> 1289</ul></li> 1290<li>SQLite3: 1291<ul> 1292 <li><?php bugfix(79294); ?> (::columnType() may fail after SQLite3Stmt::reset()).</li> 1293</ul></li> 1294<li>Standard: 1295<ul> 1296 <li><?php bugfix(79254); ?> (getenv() w/o arguments not showing changes).</li> 1297 <li><?php bugfix(79265); ?> (Improper injection of Host header when using fopen for http requests).</li> 1298</ul></li> 1299<li>Zip: 1300<ul> 1301 <li><?php bugfix(79315); ?> (ZipArchive::addFile doesn't honor start/length parameters).</li> 1302</ul></li> 1303</ul> 1304<!-- }}} --></section> 1305 1306 1307<section class="version" id="7.4.3"><!-- {{{ 7.4.3 --> 1308<h3>Version 7.4.3</h3> 1309<b><?php release_date('20-Feb-2020'); ?></b> 1310<ul><li>Core: 1311<ul> 1312 <li><?php bugfix(79146); ?> (cscript can fail to run on some systems).</li> 1313 <li><?php bugfix(79155); ?> (Property nullability lost when using multiple property definition).</li> 1314 <li><?php bugfix(78323); ?> (Code 0 is returned on invalid options).</li> 1315 <li><?php bugfix(78989); ?> (Delayed variance check involving trait segfaults).</li> 1316 <li><?php bugfix(79174); ?> (cookie values with spaces fail to round-trip).</li> 1317 <li><?php bugfix(76047); ?> (Use-after-free when accessing already destructed backtrace arguments).</li> 1318</ul></li> 1319<li>COM: 1320<ul> 1321 <li><?php bugfix(79247); ?> (Garbage collecting variant objects segfaults).</li> 1322</ul></li> 1323<li>CURL: 1324<ul> 1325 <li><?php bugfix(79078); ?> (Hypothetical use-after-free in curl_multi_add_handle()).</li> 1326</ul></li> 1327<li>FFI: 1328<ul> 1329 <li><?php bugfix(79096); ?> (FFI Struct Segfault).</li> 1330</ul></li> 1331<li>IMAP: 1332<ul> 1333 <li><?php bugfix(79112); ?> (IMAP extension can't find OpenSSL libraries at configure time).</li> 1334</ul></li> 1335<li>Intl: 1336<ul> 1337 <li><?php bugfix(79212); ?> (NumberFormatter::format() may detect wrong type).</li> 1338</ul></li> 1339<li>Libxml: 1340<ul> 1341 <li><?php bugfix(79191); ?> (Error in SoapClient ctor disables DOMDocument::save()).</li> 1342</ul></li> 1343<li>MBString: 1344<ul> 1345 <li><?php bugfix(79149); ?> (SEGV in mb_convert_encoding with non-string encodings).</li> 1346</ul></li> 1347<li>MySQLi: 1348<ul> 1349 <li><?php bugfix(78666); ?> (Properties may emit a warning on var_dump()).</li> 1350</ul></li> 1351<li>MySQLnd: 1352<ul> 1353 <li><?php bugfix(79084); ?> (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).</li> 1354 <li><?php bugfix(79011); ?> (MySQL caching_sha2_password Access denied for password with more than 20 chars).</li> 1355</ul></li> 1356<li>Opcache: 1357<ul> 1358 <li><?php bugfix(79114); ?> (Eval class during preload causes class to be only half available).</li> 1359 <li><?php bugfix(79128); ?> (Preloading segfaults if preload_user is used).</li> 1360 <li><?php bugfix(79193); ?> (Incorrect type inference for self::$field =& $field).</li> 1361</ul></li> 1362<li>OpenSSL: 1363<ul> 1364 <li><?php bugfix(79145); ?> (openssl memory leak).</li> 1365</ul></li> 1366<li>Phar: 1367<ul> 1368 <li><?php bugfix(79082); ?> (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)</li> 1369 <li><?php bugfix(79171); ?> (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)</li> 1370 <li><?php bugfix(76584); ?> (PharFileInfo::decompress not working).</li> 1371</ul></li> 1372<li>Reflection: 1373<ul> 1374 <li><?php bugfix(79115); ?> (ReflectionClass::isCloneable call reflected class __destruct).</li> 1375</ul></li> 1376<li>Session: 1377<ul> 1378 <li><?php bugfix(79221); ?> (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)</li> 1379</ul></li> 1380<li>Standard: 1381<ul> 1382 <li><?php bugfix(78902); ?> (Memory leak when using stream_filter_append).</li> 1383 <li><?php bugfix(78969); ?> (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).</li> 1384</ul></li> 1385<li>Testing: 1386<ul> 1387 <li><?php bugfix(78090); ?> (bug45161.phpt takes forever to finish).</li> 1388</ul></li> 1389<li>XSL: 1390<ul> 1391 <li><?php bugfix(70078); ?> (XSL callbacks with nodes as parameter leak memory).</li> 1392</ul></li> 1393<li>Zip: 1394<ul> 1395 <li>Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0).</li> 1396 <li>Add ZipArchive::RDONLY (since libzip 1.0.0).</li> 1397 <li>Add ZipArchive::ER_* missing constants.</li> 1398 <li>Add ZipArchive::LIBZIP_VERSION constant.</li> 1399 <li><?php bugfix(73119); ?> (Wrong return for ZipArchive::addEmptyDir Method).</li> 1400</ul></li> 1401</ul> 1402<!-- }}} --></section> 1403 1404 1405<section class="version" id="7.4.2"><!-- {{{ 7.4.2 --> 1406<h3>Version 7.4.2</h3> 1407<b><?php release_date('23-Jan-2020'); ?></b> 1408<ul><li>Core: 1409<ul> 1410 <li>Preloading support on Windows has been disabled.</li> 1411 <li><?php bugfix(79022); ?> (class_exists returns True for classes that are not ready to be used).</li> 1412 <li><?php bugfix(78929); ?> (plus signs in cookie values are converted to spaces).</li> 1413 <li><?php bugfix(78973); ?> (Destructor during CV freeing causes segfault if opline never saved).</li> 1414 <li><?php bugfix(78776); ?> (Abstract method implementation from trait does not check "static").</li> 1415 <li><?php bugfix(78999); ?> (Cycle leak when using function result as temporary).</li> 1416 <li><?php bugfix(79008); ?> (General performance regression with PHP 7.4 on Windows).</li> 1417 <li><?php bugfix(79002); ?> (Serializing uninitialized typed properties with __sleep makes unserialize throw).</li> 1418</ul></li> 1419<li>CURL: 1420<ul> 1421 <li><?php bugfix(79033); ?> (Curl timeout error with specific url and post).</li> 1422 <li><?php bugfix(79063); ?> (curl openssl does not respect PKG_CONFIG_PATH).</li> 1423</ul></li> 1424<li>Date: 1425<ul> 1426 <li><?php bugfix(79015); ?> (undefined-behavior in php_date.c).</li> 1427</ul></li> 1428<li>DBA: 1429<ul> 1430 <li><?php bugfix(78808); ?> ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).</li> 1431</ul></li> 1432<li>Exif: 1433<ul> 1434 <li><?php bugfix(79046); ?> (NaN to int cast undefined behavior in exif).</li> 1435</ul></li> 1436<li>Fileinfo: 1437<ul> 1438 <li><?php bugfix(74170); ?> (locale information change after mime_content_type).</li> 1439</ul></li> 1440<li>GD: 1441<ul> 1442 <li><?php bugfix(79067); ?> (gdTransformAffineCopy() may use unitialized values).</li> 1443 <li><?php bugfix(79068); ?> (gdTransformAffineCopy() changes interpolation method).</li> 1444</ul></li> 1445<li>Libxml: 1446<ul> 1447 <li><?php bugfix(79029); ?> (Use After Free's in XMLReader / XMLWriter).</li> 1448</ul></li> 1449<li>Mbstring: 1450<ul> 1451 <li><?php bugfix(79037); ?> (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)</li> 1452</ul></li> 1453<li>OPcache: 1454<ul> 1455 <li><?php bugfix(78961); ?> (erroneous optimization of re-assigned $GLOBALS).</li> 1456 <li><?php bugfix(78950); ?> (Preloading trait method with static variables).</li> 1457 <li><?php bugfix(78903); ?> (Conflict in RTD key for closures results in crash).</li> 1458 <li><?php bugfix(78986); ?> (Opcache segfaults when inheriting ctor from immutable into mutable class).</li> 1459 <li><?php bugfix(79040); ?> (Warning Opcode handlers are unusable due to ASLR).</li> 1460 <li><?php bugfix(79055); ?> (Typed property become unknown with OPcache file cache).</li> 1461</ul></li> 1462<li>Pcntl: 1463<ul> 1464 <li><?php bugfix(78402); ?> (Converting null to string in error message is bad DX).</li> 1465</ul></li> 1466<li>PDO_PgSQL: 1467<ul> 1468 <li><?php bugfix(78983); ?> (pdo_pgsql config.w32 cannot find libpq-fe.h).</li> 1469 <li><?php bugfix(78980); ?> (pgsqlGetNotify() overlooks dead connection).</li> 1470 <li><?php bugfix(78982); ?> (pdo_pgsql returns dead persistent connection).</li> 1471</ul></li> 1472<li>Session: 1473<ul> 1474 <li><?php bugfix(79091); ?> (heap use-after-free in session_create_id()).</li> 1475 <li><?php bugfix(79031); ?> (Session unserialization problem).</li> 1476</ul></li> 1477<li>Shmop: 1478<ul> 1479 <li><?php bugfix(78538); ?> (shmop memory leak).</li> 1480</ul></li> 1481<li>Sqlite3: 1482<ul> 1483 <li><?php bugfix(79056); ?> (sqlite does not respect PKG_CONFIG_PATH during compilation).</li> 1484</ul></li> 1485<li>Spl: 1486<ul> 1487 <li><?php bugfix(78976); ?> (SplFileObject::fputcsv returns -1 on failure).</li> 1488</ul></li> 1489<li>Standard: 1490<ul> 1491 <li><?php bugfix(79099); ?> (OOB read in php_strip_tags_ex). (CVE-2020-7059)</li> 1492 <li><?php bugfix(79000); ?> (Non-blocking socket stream reports EAGAIN as error).</li> 1493 <li><?php bugfix(54298); ?> (Using empty additional_headers adding extraneous CRLF).</li> 1494</ul></li> 1495</ul> 1496<!-- }}} --></section> 1497 1498 1499<section class="version" id="7.4.1"><!-- {{{ 7.4.1 --> 1500<h3>Version 7.4.1</h3> 1501<b><?php release_date('18-Dec-2019'); ?></b> 1502<ul><li>Bcmath: 1503<ul> 1504 <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).</li> 1505</ul></li> 1506<li>Core: 1507<ul> 1508 <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044).</li> 1509 <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).</li> 1510 <li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049).</li> 1511 <li><?php bugfix(78810); ?> (RW fetches do not throw "uninitialized property" exception).</li> 1512 <li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li> 1513 <li><?php bugfix(78296); ?> (is_file fails to detect file).</li> 1514 <li><?php bugfix(78883); ?> (fgets(STDIN) fails on Windows).</li> 1515 <li><?php bugfix(78898); ?> (call_user_func(['parent', ...]) fails while other succeed).</li> 1516 <li><?php bugfix(78904); ?> (Uninitialized property triggers __get()).</li> 1517 <li><?php bugfix(78926); ?> (Segmentation fault on Symfony cache:clear).</li> 1518</ul></li> 1519<li>GD: 1520<ul> 1521 <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li> 1522 <li><?php bugfix(78923); ?> (Artifacts when convoluting image with transparency).</li> 1523</ul></li> 1524<li>EXIF: 1525<ul> 1526 <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).</li> 1527 <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif). (CVE-2019-11047).</li> 1528</ul></li> 1529<li>FPM: 1530<ul> 1531 <li><?php bugfix(76601); ?> (Partially working php-fpm ater incomplete reload).</li> 1532 <li><?php bugfix(78889); ?> (php-fpm service fails to start).</li> 1533 <li><?php bugfix(78916); ?> (php-fpm 7.4.0 don't send mail via mail()).</li> 1534</ul></li> 1535<li>Intl: 1536<ul> 1537 <li><?php implemented(78912); ?> (INTL Support for accounting format).</li> 1538</ul></li> 1539<li>Mysqlnd: 1540<ul> 1541 <li><?php bugfix(78823); ?> (ZLIB_LIBS not added to EXTRA_LIBS).</li> 1542</ul></li> 1543<li>OPcache: 1544<ul> 1545 <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li> 1546 <li><?php bugfix(78935); ?> (Preloading removes classes that have dependencies).</li> 1547</ul></li> 1548<li>PCRE: 1549<ul> 1550 <li><?php bugfix(78853); ?> (preg_match() may return integer > 1).</li> 1551</ul></li> 1552<li>Reflection: 1553<ul> 1554 <li><?php bugfix(78895); ?> (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).</li> 1555</ul></li> 1556<li>Standard: 1557<ul> 1558 <li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li> 1559 <li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li> 1560 <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li> 1561 <li><?php bugfix(78814); ?> (strip_tags allows / in tag name => whitelist bypass).</li> 1562</ul></li> 1563</ul> 1564<!-- }}} --></section> 1565 1566 1567<section class="version" id="7.4.0"><!-- {{{ 7.4.0 --> 1568<h3>Version 7.4.0</h3> 1569<b><?php release_date('28-Nov-2019'); ?></b> 1570<ul> 1571<li>Core: 1572 <ul> 1573 <li>Implemented RFC: <a href="https://wiki.php.net/rfc/deprecate_curly_braces_array_access">Deprecate curly brace syntax for accessing array elements and string offsets</a>.</li> 1574 <li>Implemented RFC: <a href="https://wiki.php.net/rfc/deprecations_php_7_4">Deprecations for PHP 7.4</a>.</li> 1575 <li><?php bugfix(52752); ?> (Crash when lexing).</li> 1576 <li><?php bugfix(60677); ?> (CGI doesn't properly validate shebang line contains #!).</li> 1577 <li><?php bugfix(71030); ?> (Self-assignment in list() may have inconsistent behavior).</li> 1578 <li><?php bugfix(72530); ?> (Use After Free in GC with Certain Destructors).</li> 1579 <li><?php bugfix(75921); ?> (Inconsistent: No warning in some cases when stdObj is created on the fly).</li> 1580 <li><?php implemented(76148); ?> (Add array_key_exists() to the list of specially compiled functions).</li> 1581 <li><?php bugfix(76430); ?> (__METHOD__ inconsistent outside of method).</li> 1582 <li><?php bugfix(76451); ?> (Aliases during inheritance type checks affected by opcache).</li> 1583 <li><?php implemented(77230); ?> (Support custom CFLAGS and LDFLAGS from environment).</li> 1584 <li><?php bugfix(77345); ?> (Stack Overflow caused by circular reference in garbage collection).</li> 1585 <li><?php bugfix(77812); ?> (Interactive mode does not support PHP 7.3-style heredoc).</li> 1586 <li><?php bugfix(77877); ?> (call_user_func() passes $this to static methods).</li> 1587 <li><?php bugfix(78066); ?> (PHP eats the first byte of a program that comes from process substitution).</li> 1588 <li><?php bugfix(78151); ?> (Segfault caused by indirect expressions in PHP 7.4a1).</li> 1589 <li><?php bugfix(78154); ?> (SEND_VAR_NO_REF does not always send reference).</li> 1590 <li><?php bugfix(78182); ?> (Segmentation fault during by-reference property assignment).</li> 1591 <li><?php bugfix(78212); ?> (Segfault in built-in webserver).</li> 1592 <li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li> 1593 <li><?php bugfix(78226); ?> (Unexpected __set behavior with typed properties).</li> 1594 <li><?php bugfix(78239); ?> (Deprecation notice during string conversion converted to exception hangs).</li> 1595 <li><?php bugfix(78335); ?> (Static properties/variables containing cycles report as leak).</li> 1596 <li><?php bugfix(78340); ?> (Include of stream wrapper not reading whole file).</li> 1597 <li><?php bugfix(78344); ?> (Segmentation fault on zend_check_protected).</li> 1598 <li><?php bugfix(78356); ?> (Array returned from ArrayAccess is incorrectly unpacked as argument).</li> 1599 <li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li> 1600 <li><?php bugfix(78386); ?> (fstat mode has unexpected value on PHP 7.4).</li> 1601 <li><?php bugfix(78396); ?> (Second file_put_contents in Shutdown hangs script).</li> 1602 <li><?php bugfix(78406); ?> (Broken file includes with user-defined stream filters).</li> 1603 <li><?php bugfix(78438); ?> (Corruption when __unserializing deeply nested structures).</li> 1604 <li><?php bugfix(78441); ?> (Parse error due to heredoc identifier followed by digit).</li> 1605 <li><?php bugfix(78454); ?> (Consecutive numeric separators cause OOM error).</li> 1606 <li><?php bugfix(78460); ?> (PEAR installation failure).</li> 1607 <li><?php bugfix(78531); ?> (Crash when using undefined variable as object).</li> 1608 <li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li> 1609 <li><?php bugfix(78604); ?> (token_get_all() does not properly tokenize FOO<?php with short_open_tag=0).</li> 1610 <li><?php bugfix(78614); ?> (Does not compile with DTRACE anymore).</li> 1611 <li><?php bugfix(78620); ?> (Out of memory error).</li> 1612 <li><?php bugfix(78632); ?> (method_exists() in php74 works differently from php73 in checking priv. methods).</li> 1613 <li><?php bugfix(78644); ?> (SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER).</li> 1614 <li><?php bugfix(78658); ?> (Memory corruption using Closure::bindTo).</li> 1615 <li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li> 1616 <li><?php bugfix(78662); ?> (stream_write bad error detection).</li> 1617 <li><?php bugfix(78768); ?> (redefinition of typedef zend_property_info).</li> 1618 <li><?php bugfix(78788); ?> (./configure generates invalid php_version.h).</li> 1619 <li>Fixed incorrect usage of QM_ASSIGN instruction. It must not return IS_VAR. As a side effect, this allowed passing left hand list() "by reference", instead of compile-time error.</li> 1620 </ul> 1621 1622<li>CLI: 1623 <ul> 1624 <li>The built-in CLI server now reports the request method in log files.</li> 1625 </ul> 1626 1627<li>COM: 1628 <ul> 1629 <li>Deprecated registering of case-insensitive constants from typelibs.</li> 1630 <li><?php bugfix(78650); ?> (new COM Crash).</li> 1631 <li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li> 1632 </ul> 1633 1634<li>CURL: 1635 <ul> 1636 <li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li> 1637 <li><?php implemented(77711); ?> (CURLFile should support UNICODE filenames).</li> 1638 <li>Deprecated CURLPIPE_HTTP1.</li> 1639 <li>Deprecated $version parameter of curl_version().</li> 1640 </ul> 1641 1642<li>Date: 1643 <ul> 1644 <li>Updated timelib to 2018.02.</li> 1645 <li><?php bugfix(69044); ?> (discrepency between time and microtime).</li> 1646 <li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li> 1647 <li><?php bugfix(75232); ?> (print_r of DateTime creating side-effect).</li> 1648 <li><?php bugfix(78383); ?> (Casting a DateTime to array no longer returns its properties).</li> 1649 <li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li> 1650 </ul> 1651 1652<li>Exif: 1653 <ul> 1654 <li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li> 1655 <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li> 1656 <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li> 1657 </ul> 1658 1659<li>Fileinfo: 1660 <ul> 1661 <li><?php bugfix(78075); ?> (finfo_file treats JSON file as text/plain).</li> 1662 <li><?php bugfix(78183); ?> (finfo_file shows wrong mime-type for .tga file).</li> 1663 </ul> 1664 1665<li>Filter: 1666 <ul> 1667 <li>The filter extension no longer has the --with-pcre-dir on Unix builds, allowing the extension to be once more compiled as shared using ./configure.</li> 1668 <li>Added min_range and max_range options for FILTER_VALIDATE_FLOAT.</li> 1669 </ul> 1670 1671<li>FFI: 1672 <ul> 1673 <li>Added FFI extension.</li> 1674 <li><?php bugfix(78488); ?> (OOB in ZEND_FUNCTION(ffi_trampoline)).</li> 1675 <li><?php bugfix(78543); ?> (is_callable() on FFI\CData throws Exception).</li> 1676 <li><?php bugfix(78716); ?> (Function name mangling is wrong for some parameter types).</li> 1677 <li><?php bugfix(78762); ?> (Failing FFI::cast() may leak memory).</li> 1678 <li><?php bugfix(78761); ?> (Zend memory heap corruption with preload and casting).</li> 1679 <li><?php implemented(78270); ?> (Support __vectorcall convention with FFI).</li> 1680 <li>Added missing FFI::isNull().</li> 1681 </ul> 1682 1683<li>FPM: 1684 <ul> 1685 <li><?php implemented(72510); ?> (systemd service should be hardened).</li> 1686 <li><?php bugfix(74083); ?> (master PHP-fpm is stopped on multiple reloads).</li> 1687 <li><?php bugfix(78334); ?> (fpm log prefix message includes wrong stdout/stderr notation).</li> 1688 <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li> 1689 </ul> 1690 1691<li>GD: 1692 <ul> 1693 <li>Implemented the scatter filter (IMG_FILTER_SCATTER).</li> 1694 <li>The bundled libgd behaves now like system libgd wrt. IMG_CROP_DEFAULT never falling back to IMG_CROP_SIDES.</li> 1695 <li>The default $mode parameter of imagecropauto() has been changed to IMG_CROP_DEFAULT; passing -1 is now deprecated.</li> 1696 <li>Added support for aspect ratio preserving scaling to a fixed height for imagescale().</li> 1697 <li>Added TGA read support.</li> 1698 <li><?php bugfix(73291); ?> (imagecropauto() $threshold differs from external libgd).</li> 1699 <li><?php bugfix(76324); ?> (cannot detect recent versions of freetype with pkg-config).</li> 1700 <li><?php bugfix(78314); ?> (missing freetype support/functions with external gd).</li> 1701 </ul> 1702 1703<li>GMP: 1704 <ul> 1705 <li><?php bugfix(78574); ?> (broken shared build).</li> 1706 </ul> 1707 1708<li>Hash: 1709 <ul> 1710 <li>Implemented RFC: <a href="https://wiki.php.net/rfc/permanent_hash_ext">The hash extension is now an integral part of PHP and cannot be disabled</a>.</li> 1711 <li><?php implemented(71890); ?> (crc32c checksum algorithm).</li> 1712 </ul> 1713 1714<li>Iconv: 1715 <ul> 1716 <li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li> 1717 <li><?php bugfix(78642); ?> (Wrong libiconv version displayed).</li> 1718 </ul> 1719 1720<li>Libxml: 1721 <ul> 1722 <li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li> 1723 </ul> 1724 1725<li>InterBase: 1726 <ul> 1727 <li>Unbundled the InterBase extension and moved it to PECL.</li> 1728 </ul> 1729 1730<li>Intl: 1731 <ul> 1732 <li>Raised requirements to ICU ≥ 50.1.</li> 1733 <li>Changed ResourceBundle to implement Countable.</li> 1734 <li>Changed default of $variant parameter of idn_to_ascii() and idn_to_utf8().</li> 1735 </ul> 1736 1737<li>LDAP: 1738 <ul> 1739 <li>Deprecated ldap_control_paged_result_response and ldap_control_paged_result</li> 1740 </ul> 1741 1742<li>LiteSpeed: 1743 <ul> 1744 <li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li> 1745 <li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li> 1746 <li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li> 1747 </ul> 1748 1749<li>MBString: 1750 <ul> 1751 <li><?php bugfix(77907); ?> (mb-functions do not respect default_encoding).</li> 1752 <li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li> 1753 <li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li> 1754 </ul> 1755 1756<li>MySQLi: 1757 <ul> 1758 <li><?php bugfix(67348); ?> (Reading $dbc->stat modifies $dbc->affected_rows).</li> 1759 <li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li> 1760 <li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li> 1761 <li><?php bugfix(78213); ?> (Empty row pocket).</li> 1762 </ul> 1763 1764<li>MySQLnd: 1765 <ul> 1766 <li>Fixed connect_attr issues and added the _server_host connection attribute.</li> 1767 <li><?php bugfix(60594); ?> (mysqlnd exposes 160 lines of stats in phpinfo).</li> 1768 </ul> 1769 1770<li>ODBC: 1771 <ul> 1772 <li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li> 1773 </ul> 1774 1775<li>Opcache: 1776 <ul> 1777 <li>Implemented <a href="https://wiki.php.net/rfc/preload">preloading RFC</a>.</li> 1778 <li>Add opcache.preload_user INI directive.</li> 1779 <li>Added new INI directive opcache.cache_id (Windows only).</li> 1780 <li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li> 1781 <li><?php bugfix(78175); ?> (Preloading segfaults at preload time and at runtime).</li> 1782 <li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li> 1783 <li><?php bugfix(78271); ?> (Invalid result of if-else).</li> 1784 <li><?php bugfix(78341); ?> (Failure to detect smart branch in DFA pass).</li> 1785 <li><?php bugfix(78376); ?> (Incorrect preloading of constant static properties).</li> 1786 <li><?php bugfix(78429); ?> (opcache_compile_file(__FILE__); segfaults).</li> 1787 <li><?php bugfix(78512); ?> (Cannot make preload work).</li> 1788 <li><?php bugfix(78514); ?> (Preloading segfaults with inherited typed property).</li> 1789 <li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li> 1790 </ul> 1791 1792<li>OpenSSL: 1793 <ul> 1794 <li>Added TLS 1.3 support to streams including new tlsv1.3 stream.</li> 1795 <li>Added openssl_x509_verify function.</li> 1796 <li>openssl_random_pseudo_bytes() now throws in error conditions.</li> 1797 <li>Changed the default config path (Windows only).</li> 1798 <li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li> 1799 <li><?php bugfix(78391); ?> (Assertion failure in openssl_random_pseudo_bytes).</li> 1800 <li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li> 1801 </ul> 1802 1803<li>Pcntl: 1804 <ul> 1805 <li><?php bugfix(77335); ?> (PHP is preventing SIGALRM from specifying SA_RESTART).</li> 1806 </ul> 1807 1808<li>PCRE: 1809 <ul> 1810 <li><?php implemented(77094); ?> (Support flags in preg_replace_callback).</li> 1811 <li><?php bugfix(72685); ?> (Repeated UTF-8 validation of same string in UTF-8 mode).</li> 1812 <li><?php bugfix(73948); ?> (Preg_match_all should return NULLs on trailing optional capture groups).</li> 1813 <li><?php bugfix(78338); ?> (Array cross-border reading in PCRE).</li> 1814 <li><?php bugfix(78349); ?> (Bundled pcre2 library missing LICENCE file).</li> 1815 </ul> 1816 1817<li>PDO: 1818 <ul> 1819 <li><?php implemented(71885); ?> (Allow escaping question mark placeholders). https://wiki.php.net/rfc/pdo_escape_placeholders</li> 1820 <li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li> 1821 <li><?php implemented(78033); ?> (PDO - support username and password specified in DSN).</li> 1822 </ul> 1823 1824<li>PDO_Firebird: 1825 <ul> 1826 <li><?php implemented(65690); ?> (PDO_Firebird should also support dialect 1).</li> 1827 <li><?php implemented(77863); ?> (PDO firebird support type Boolean in input parameters).</li> 1828 </ul> 1829 1830<li>PDO_MySQL: 1831 <ul> 1832 <li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li> 1833 <li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li> 1834 </ul> 1835 1836<li>PDO_OCI: 1837 <ul> 1838 <li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li> 1839 <li><?php implemented(76908); ?> (PDO_OCI getColumnMeta() not implemented).</li> 1840 </ul> 1841 1842<li>PDO_SQLite: 1843 <ul> 1844 <li>Implemented sqlite_stmt_readonly in PDO_SQLite.</li> 1845 <li>Raised requirements to SQLite 3.5.0.</li> 1846 <li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li> 1847 <li><?php bugfix(78348); ?> (Remove -lrt from pdo_sqlite.so).</li> 1848 </ul> 1849 1850<li>Phar: 1851 <ul> 1852 <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li> 1853 </ul> 1854 1855<li>phpdbg: 1856 <ul> 1857 <li><?php bugfix(76596); ?> (phpdbg support for display_errors=stderr).</li> 1858 <li><?php bugfix(76801); ?> (too many open files).</li> 1859 <li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li> 1860 <li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li> 1861 </ul> 1862 1863<li>Recode: 1864 <ul> 1865 <li>Unbundled the recode extension.</li> 1866 </ul> 1867 1868<li>Reflection: 1869 <ul> 1870 <li><?php bugfix(76737); ?> (Unserialized reflection objects are broken, they shouldn't be serializable).</li> 1871 <li><?php bugfix(78263); ?> (\ReflectionReference::fromArrayElement() returns null while item is a reference).</li> 1872 <li><?php bugfix(78410); ?> (Cannot "manually" unserialize class that is final and extends an internal one).</li> 1873 <li><?php bugfix(78697); ?> (ReflectionClass::implementsInterface - inaccurate error message with traits).</li> 1874 <li><?php bugfix(78774); ?> (ReflectionNamedType on Typed Properties Crash).</li> 1875 </ul> 1876 1877<li>Session: 1878 <ul> 1879 <li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li> 1880 </ul> 1881 1882<li>SimpleXML: 1883 <ul> 1884 <li><?php implemented(65215); ?> (SimpleXMLElement could register as implementing Countable).</li> 1885 <li><?php bugfix(75245); ?> (Don't set content of elements with only whitespaces).</li> 1886 </ul> 1887 1888<li>Sockets: 1889 <ul> 1890 <li><?php bugfix(67619); ?> (Validate length on socket_write).</li> 1891 <li><?php bugfix(78665); ?> (Multicasting may leak memory).</li> 1892 </ul> 1893 1894<li>sodium: 1895 <ul> 1896 <li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li> 1897 <li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li> 1898 <li><?php bugfix(78516); ?> (password_hash(): Memory cost is not in allowed range).</li> 1899 </ul> 1900 1901<li>SPL: 1902 <ul> 1903 <li><?php bugfix(77518); ?> (SeekableIterator::seek() should accept 'int' typehint as documented).</li> 1904 <li><?php bugfix(78409); ?> (Segfault when creating instance of ArrayIterator without constructor).</li> 1905 <li><?php bugfix(78436); ?> (Missing addref in SplPriorityQueue EXTR_BOTH mode).</li> 1906 <li><?php bugfix(78456); ?> (Segfault when serializing SplDoublyLinkedList).</li> 1907 </ul> 1908 1909<li>SQLite3: 1910 <ul> 1911 <li>Unbundled libsqlite.</li> 1912 <li>Raised requirements to SQLite 3.7.4.</li> 1913 <li>Forbid (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result.</li> 1914 <li>Added support for the SQLite @name notation.</li> 1915 <li>Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement.</li> 1916 <li><?php implemented(70950); ?> (Make SQLite3 Online Backup API available).</li> 1917 </ul> 1918 1919<li>Standard: 1920 <ul> 1921 <li>Implemented RFC <a href="https://wiki.php.net/rfc/password_registry">password hashing registry</a>.</li> 1922 <li>Implemented RFC where password_hash() has <a href="https://wiki.php.net/rfc/sodium.argon.hash">argon2i(d) implementations</a> from ext/sodium when PHP is built without libargon.</li> 1923 <li><?php implemented(38301); ?> (field enclosure behavior in fputcsv).</li> 1924 <li><?php implemented(51496); ?> (fgetcsv should take empty string as an escape).</li> 1925 <li><?php bugfix(73535); ?> (php_sockop_write() returns 0 on error, can be used to trigger Denial of Service).</li> 1926 <li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li> 1927 <li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li> 1928 <li><?php implemented(77377); ?> (No way to handle CTRL+C in Windows).</li> 1929 <li><?php bugfix(77930); ?> (stream_copy_to_stream should use mmap more often).</li> 1930 <li><?php implemented(78177); ?> (Make proc_open accept command array).</li> 1931 <li><?php bugfix(78208); ?> (password_needs_rehash() with an unknown algo should always return true).</li> 1932 <li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li> 1933 <li><?php bugfix(78282); ?> (atime and mtime mismatch).</li> 1934 <li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li> 1935 <li><?php bugfix(78346); ?> (strip_tags no longer handling nested php tags).</li> 1936 <li><?php bugfix(78506); ?> (Error in a php_user_filter::filter() is not reported).</li> 1937 <li><?php bugfix(78549); ?> (Stack overflow due to nested serialized input).</li> 1938 <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li> 1939 </ul> 1940 1941<li>Testing: 1942 <ul> 1943 <li><?php bugfix(78684); ?> (PCRE bug72463_2 test is sending emails on Linux).</li> 1944 </ul> 1945 1946<li>Tidy: 1947 <ul> 1948 <li>Added TIDY_TAG_* constants for HTML5 elements.</li> 1949 <li><?php bugfix(76736); ?> (wrong reflection for tidy_get_head, tidy_get_html, tidy_get_root, and tidy_getopt)</li> 1950 </ul> 1951 1952<li>WDDX: 1953 <ul> 1954 <li>Deprecated and unbundled the WDDX extension.</li> 1955 </ul> 1956 1957<li>Zip: 1958 <ul> 1959 <li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li> 1960 </ul> 1961</ul> 1962 1963<!-- }}} --></section> 1964 1965<a id="PHP_7_3"></a> 1966 1967<section class="version" id="7.3.33"><!-- {{{ 7.3.33 --> 1968<h3>Version 7.3.33</h3> 1969<b><?php release_date('18-Nov-2021'); ?></b> 1970<ul><li>XML: 1971<ul> 1972 <li><?php bugfix(79971); ?> (special character is breaking the path in xml function). (CVE-2021-21707)</li> 1973</ul></li> 1974</ul> 1975<!-- }}} --></section> 1976 1977 1978 1979<section class="version" id="7.3.32"><!-- {{{ 7.3.32 --> 1980<h3>Version 7.3.32</h3> 1981<b><?php release_date('28-Oct-2021'); ?></b> 1982<ul><li>FPM: 1983<ul> 1984 <li><?php bugfix(81026); ?> (PHP-FPM oob R/W in root process leading to privilege escalation). (CVE-2021-21703)</li> 1985</ul></li> 1986</ul> 1987<!-- }}} --></section> 1988 1989 1990 1991<section class="version" id="7.3.31"><!-- {{{ 7.3.31 --> 1992<h3>Version 7.3.31</h3> 1993<b><?php release_date('23-Sep-2021'); ?></b> 1994<ul><li>Zip: 1995<ul> 1996 <li><?php bugfix(81420); ?> (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)</li> 1997</ul></li> 1998</ul> 1999<!-- }}} --></section> 2000 2001 2002 2003<section class="version" id="7.3.30"><!-- {{{ 7.3.30 --> 2004<h3>Version 7.3.30</h3> 2005<b><?php release_date('26-Aug-2021'); ?></b> 2006<ul><li>Phar: 2007<ul> 2008 <li><?php bugfix(81211); ?>: Symlinks are followed when creating PHAR archive.</li> 2009</ul></li> 2010</ul> 2011<!-- }}} --></section> 2012 2013 2014 2015<section class="version" id="7.3.29"><!-- {{{ 7.3.29 --> 2016<h3>Version 7.3.29</h3> 2017<b><?php release_date('01-Jul-2021'); ?></b> 2018<ul><li>Core: 2019<ul> 2020 <li><?php bugfix(81122); ?>: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)</li> 2021</ul></li> 2022<li>PDO_Firebird: 2023<ul> 2024 <li><?php bugfix(76448); ?>: Stack buffer overflow in firebird_info_cb. (CVE-2021-21704)</li> 2025 <li><?php bugfix(76449); ?>: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)</li> 2026 <li><?php bugfix(76450); ?>: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)</li> 2027 <li><?php bugfix(76452); ?>: Crash while parsing blob data in firebird_fetch_blob. (CVE-2021-21704)</li> 2028</ul></li> 2029</ul> 2030<!-- }}} --></section> 2031 2032 2033 2034<section class="version" id="7.3.28"><!-- {{{ 7.3.28 --> 2035<h3>Version 7.3.28</h3> 2036<b><?php release_date('29-Apr-2021'); ?></b> 2037<ul><li>Imap: 2038<ul> 2039 <li><?php bugfix(80710); ?> (imap_mail_compose() header injection).</li> 2040</ul></li> 2041</ul> 2042<!-- }}} --></section> 2043 2044 2045 2046<section class="version" id="7.3.27"><!-- {{{ 7.3.27 --> 2047<h3>Version 7.3.27</h3> 2048<b><?php release_date('04-Feb-2021'); ?></b> 2049<ul><li>SOAP: 2050<ul> 2051 <li><?php bugfix(80672); ?> (Null Dereference in SoapClient). (CVE-2021-21702)</li> 2052</ul></li> 2053</ul> 2054<!-- }}} --></section> 2055 2056 2057 2058<section class="version" id="7.3.26"><!-- {{{ 7.3.26 --> 2059<h3>Version 7.3.26</h3> 2060<b><?php release_date('07-Jan-2021'); ?></b> 2061<ul><li>Standard: 2062<ul> 2063 <li><?php bugfix(77423); ?> (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</li> 2064 <li><?php bugfix(80457); ?> (stream_get_contents() fails with maxlength=-1 or default).</li> 2065</ul></li> 2066</ul> 2067<!-- }}} --></section> 2068 2069 2070 2071<section class="version" id="7.3.25"><!-- {{{ 7.3.25 --> 2072<h3>Version 7.3.25</h3> 2073<b><?php release_date('26-Nov-2020'); ?></b> 2074<ul><li>Core: 2075<ul> 2076 <li><?php bugfix(80280); ?> (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).</li> 2077 <li><?php bugfix(80258); ?> (Windows Deduplication Enabled, randon permission errors).</li> 2078</ul></li> 2079<li>COM: 2080<ul> 2081 <li><?php bugfix(62474); ?> (com_event_sink crashes on certain arguments).</li> 2082</ul></li> 2083<li>DOM: 2084<ul> 2085 <li><?php bugfix(80268); ?> (loadHTML() truncates at NUL bytes).</li> 2086</ul></li> 2087<li>IMAP: 2088<ul> 2089 <li><?php bugfix(64076); ?> (imap_sort() does not return FALSE on failure).</li> 2090 <li><?php bugfix(76618); ?> (segfault on imap_reopen).</li> 2091 <li><?php bugfix(80239); ?> (imap_rfc822_write_address() leaks memory).</li> 2092 <li>Fixed minor regression caused by fixing bug <?php bugl(80220); ?>.</li> 2093 <li><?php bugfix(80242); ?> (imap_mail_compose() segfaults for multipart with rfc822).</li> 2094</ul></li> 2095<li>Intl: 2096<ul> 2097 <li><?php bugfix(80310); ?> (ext-intl with icu4c 68.1: use of undeclared identifier 'TRUE').</li> 2098</ul></li> 2099<li>ODBC: 2100<ul> 2101 <li><?php bugfix(44618); ?> (Fetching may rely on uninitialized data).</li> 2102</ul></li> 2103<li>SNMP: 2104<ul> 2105 <li><?php bugfix(70461); ?> (disable md5 code when it is not supported in net-snmp).</li> 2106</ul></li> 2107<li>Standard: 2108<ul> 2109 <li><?php bugfix(80266); ?> (parse_url silently drops port number 0).</li> 2110</ul></li> 2111</ul> 2112<!-- }}} --></section> 2113 2114 2115 2116<section class="version" id="7.3.24"><!-- {{{ 7.3.24 --> 2117<h3>Version 7.3.24</h3> 2118<b><?php release_date('29-Oct-2020'); ?></b> 2119<ul><li>Core: 2120<ul> 2121 <li><?php bugfix(79423); ?> (copy command is limited to size of file it can copy).</li> 2122</ul></li> 2123<li>Calendar: 2124<ul> 2125 <li><?php bugfix(80185); ?> (jdtounix() fails after 2037).</li> 2126</ul></li> 2127<li>IMAP: 2128<ul> 2129 <li><?php bugfix(80213); ?> (imap_mail_compose() segfaults on certain $bodies).</li> 2130 <li><?php bugfix(80215); ?> (imap_mail_compose() may modify by-val parameters).</li> 2131 <li><?php bugfix(80220); ?> (imap_mail_compose() may leak memory).</li> 2132 <li><?php bugfix(80223); ?> (imap_mail_compose() leaks envelope on malformed bodies).</li> 2133 <li><?php bugfix(80216); ?> (imap_mail_compose() does not validate types/encodings).</li> 2134 <li><?php bugfix(80226); ?> (imap_sort() leaks sortpgm memory).</li> 2135</ul></li> 2136<li>MySQLnd: 2137<ul> 2138 <li><?php bugfix(80115); ?> (mysqlnd.debug doesn't recognize absolute paths with slashes).</li> 2139 <li><?php bugfix(80107); ?> (mysqli_query() fails for ~16 MB long query when compression is enabled).</li> 2140</ul></li> 2141<li>ODBC: 2142<ul> 2143 <li><?php bugfix(78470); ?> (odbc_specialcolumns() no longer accepts $nullable).</li> 2144 <li><?php bugfix(80147); ?> (BINARY strings may not be properly zero-terminated).</li> 2145 <li><?php bugfix(80150); ?> (Failure to fetch error message).</li> 2146 <li><?php bugfix(80152); ?> (odbc_execute() moves internal pointer of $params).</li> 2147 <li><?php bugfix(46050); ?> (odbc_next_result corrupts prepared resource).</li> 2148</ul></li> 2149<li>OPcache: 2150<ul> 2151 <li><?php bugfix(80083); ?> (Optimizer pass 6 removes variables used for ibm_db2 data binding).</li> 2152</ul></li> 2153<li>PDO_ODBC: 2154<ul> 2155 <li><?php bugfix(67465); ?> (NULL Pointer dereference in odbc_handle_preparer).</li> 2156</ul></li> 2157<li>Standard: 2158<ul> 2159 <li><?php bugfix(80114); ?> (parse_url does not accept URLs with port 0).</li> 2160 <li><?php bugfix(76943); ?> (Inconsistent stream_wrapper_restore() errors).</li> 2161 <li><?php bugfix(76735); ?> (Incorrect message in fopen on invalid mode).</li> 2162</ul></li> 2163<li>Tidy: 2164<ul> 2165 <li><?php bugfix(77040); ?> (tidyNode::isHtml() is completely broken).</li> 2166</ul></li> 2167</ul> 2168<!-- }}} --></section> 2169 2170 2171 2172<section class="version" id="7.3.23"><!-- {{{ 7.3.23 --> 2173<h3>Version 7.3.23</h3> 2174<b><?php release_date('01-Oct-2020'); ?></b> 2175<ul><li>Core: 2176<ul> 2177 <li><?php bugfix(80048); ?> (Bug <?php bugl(69100); ?> has not been fixed for Windows).</li> 2178 <li><?php bugfix(80049); ?> (Memleak when coercing integers to string via variadic argument).</li> 2179 <li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li> 2180</ul></li> 2181<li>Calendar: 2182<ul> 2183 <li><?php bugfix(80007); ?> (Potential type confusion in unixtojd() parameter parsing).</li> 2184</ul></li> 2185<li>COM: 2186<ul> 2187 <li><?php bugfix(64130); ?> (COM obj parameters passed by reference are not updated).</li> 2188</ul></li> 2189<li>OPcache: 2190<ul> 2191 <li><?php bugfix(80002); ?> (calc free space for new interned string is wrong).</li> 2192 <li><?php bugfix(79825); ?> (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).</li> 2193</ul></li> 2194<li>OpenSSL: 2195<ul> 2196 <li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li> 2197</ul></li> 2198<li>PDO: 2199<ul> 2200 <li><?php bugfix(80027); ?> (Terrible performance using $query->fetch on queries with many bind parameters).</li> 2201</ul></li> 2202<li>SOAP: 2203<ul> 2204 <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li> 2205</ul></li> 2206<li>Standard: 2207<ul> 2208 <li><?php bugfix(79986); ?> (str_ireplace bug with diacritics characters).</li> 2209 <li><?php bugfix(80077); ?> (getmxrr test bug).</li> 2210 <li><?php bugfix(72941); ?> (Modifying bucket->data by-ref has no effect any longer).</li> 2211 <li><?php bugfix(80067); ?> (Omitting the port in bindto setting errors).</li> 2212</ul></li> 2213</ul> 2214<!-- }}} --></section> 2215 2216 2217 2218<section class="version" id="7.3.22"><!-- {{{ 7.3.22 --> 2219<h3>Version 7.3.22</h3> 2220<b><?php release_date('03-Sep-2020'); ?></b> 2221<ul><li>Core: 2222<ul> 2223 <li><?php bugfix(79884); ?> (PHP_CONFIG_FILE_PATH is meaningless).</li> 2224 <li><?php bugfix(77932); ?> (File extensions are case-sensitive).</li> 2225 <li><?php bugfix(79806); ?> (realpath() erroneously resolves link to link).</li> 2226 <li><?php bugfix(79895); ?> (PHP_CHECK_GCC_ARG does not allow flags with equal sign).</li> 2227 <li><?php bugfix(79919); ?> (Stack use-after-scope in define()).</li> 2228 <li><?php bugfix(79934); ?> (CRLF-only line in heredoc causes parsing error).</li> 2229</ul></li> 2230<li>COM: 2231<ul> 2232 <li><?php bugfix(48585); ?> (com_load_typelib holds reference, fails on second call).</li> 2233</ul></li> 2234<li>Exif: 2235<ul> 2236 <li><?php bugfix(75785); ?> (Many errors from exif_read_data).</li> 2237</ul></li> 2238<li>Gettext: 2239<ul> 2240 <li><?php bugfix(70574); ?> (Tests fail due to relying on Linux fallback behavior for gettext()).</li> 2241</ul></li> 2242<li>LDAP: 2243<ul> 2244 <li>Fixed memory leaks.</li> 2245</ul></li> 2246<li>OPcache: 2247<ul> 2248 <li><?php bugfix(73060); ?> (php failed with error after temp folder cleaned up).</li> 2249</ul></li> 2250<li>PDO: 2251<ul> 2252 <li><?php bugfix(64705); ?> (errorInfo property of PDOException is null when PDO::__construct() fails).</li> 2253</ul></li> 2254<li>Standard: 2255<ul> 2256 <li><?php bugfix(79930); ?> (array_merge_recursive() crashes when called with array with single reference).</li> 2257 <li><?php bugfix(79944); ?> (getmxrr always returns true on Alpine linux).</li> 2258 <li><?php bugfix(79951); ?> (Memory leak in str_replace of empty string).</li> 2259</ul></li> 2260<li>XML: 2261<ul> 2262 <li><?php bugfix(79922); ?> (Crash after multiple calls to xml_parser_free()).</li> 2263</ul></li> 2264</ul> 2265<!-- }}} --></section> 2266 2267 2268 2269<section class="version" id="7.3.21"><!-- {{{ 7.3.21 --> 2270<h3>Version 7.3.21</h3> 2271<b><?php release_date('06-Aug-2020'); ?></b> 2272<ul><li>Apache: 2273<ul> 2274 <li><?php bugfix(79030); ?> (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).</li> 2275</ul></li> 2276<li>Core: 2277<ul> 2278 <li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte).</li> 2279 <li><?php bugfix(79778); ?> (Assertion failure if dumping closure with unresolved static variable).</li> 2280 <li><?php bugfix(79792); ?> (HT iterators not removed if empty array is destroyed).</li> 2281</ul></li> 2282<li>COM: 2283<ul> 2284 <li><?php bugfix(63208); ?> (BSTR to PHP string conversion not binary safe).</li> 2285 <li><?php bugfix(63527); ?> (DCOM does not work with Username, Password parameter).</li> 2286</ul></li> 2287<li>Curl: 2288<ul> 2289 <li><?php bugfix(79741); ?> (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties).</li> 2290</ul></li> 2291<li>Fileinfo: 2292<ul> 2293 <li><?php bugfix(79756); ?> (finfo_file crash (FILEINFO_MIME)).</li> 2294</ul></li> 2295<li>FTP: 2296<ul> 2297 <li><?php bugfix(55857); ?> (ftp_size on large files).</li> 2298</ul></li> 2299<li>Mbstring: 2300<ul> 2301 <li><?php bugfix(79787); ?> (mb_strimwidth does not trim string).</li> 2302</ul></li> 2303<li>Phar: 2304<ul> 2305 <li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li> 2306</ul></li> 2307<li>Standard: 2308<ul> 2309 <li><?php bugfix(70362); ?> (Can't copy() large 'data://' with open_basedir).</li> 2310 <li><?php bugfix(79817); ?> (str_replace() does not handle INDIRECT elements).</li> 2311 <li><?php bugfix(78008); ?> (dns_check_record() always return true on Alpine).</li> 2312</ul></li> 2313</ul> 2314<!-- }}} --></section> 2315 2316 2317 2318<section class="version" id="7.3.20"><!-- {{{ 7.3.20 --> 2319<h3>Version 7.3.20</h3> 2320<b><?php release_date('09-Jul-2020'); ?></b> 2321<ul><li>Core: 2322<ul> 2323 <li><?php bugfix(79650); ?> (php-win.exe 100% cpu lockup).</li> 2324 <li><?php bugfix(79668); ?> (get_defined_functions(true) may miss functions).</li> 2325 <li>Fixed possibly unsupported timercmp() usage.</li> 2326</ul></li> 2327<li>Exif: 2328<ul> 2329 <li><?php bugfix(79687); ?> (Sony picture - PHP Warning - Make, Model, MakerNotes).</li> 2330</ul></li> 2331<li>Filter: 2332<ul> 2333 <li><?php bugfix(73527); ?> (Invalid memory access in php_filter_strip).</li> 2334</ul></li> 2335<li>GD: 2336<ul> 2337 <li><?php bugfix(79676); ?> (imagescale adds black border with IMG_BICUBIC).</li> 2338</ul></li> 2339<li>OpenSSL: 2340<ul> 2341 <li><?php bugfix(62890); ?> (default_socket_timeout=-1 causes connection to timeout).</li> 2342</ul></li> 2343<li>PDO SQLite: 2344<ul> 2345 <li><?php bugfix(79664); ?> (PDOStatement::getColumnMeta fails on empty result set).</li> 2346</ul></li> 2347<li>SPL: 2348<ul> 2349 <li><?php bugfix(79710); ?> (Reproducible segfault in error_handler during GC involved an SplFileObject).</li> 2350</ul></li> 2351<li>Standard: 2352<ul> 2353 <li><?php bugfix(74267); ?> (segfault with streams and invalid data).</li> 2354</ul></li> 2355</ul> 2356<!-- }}} --></section> 2357 2358 2359 2360<section class="version" id="7.3.19"><!-- {{{ 7.3.19 --> 2361<h3>Version 7.3.19</h3> 2362<b><?php release_date('11-Jun-2020'); ?></b> 2363<ul><li>Core: 2364<ul> 2365 <li><?php bugfix(79566); ?> (Private SHM is not private on Windows).</li> 2366 <li><?php bugfix(79489); ?> (.user.ini does not inherit).</li> 2367</ul></li> 2368<li>GD: 2369<ul> 2370 <li><?php bugfix(79615); ?> (Wrong GIF header written in GD GIFEncode).</li> 2371</ul></li> 2372<li>MySQLnd: 2373<ul> 2374 <li><?php bugfix(79596); ?> (MySQL FLOAT truncates to int some locales).</li> 2375</ul></li> 2376<li>Opcache: 2377<ul> 2378 <li><?php bugfix(79535); ?> (PHP crashes with specific opcache.optimization_level).</li> 2379 <li><?php bugfix(79588); ?> (Boolean opcache settings ignore on/off values).</li> 2380</ul></li> 2381<li>Standard: 2382<ul> 2383 <li><?php bugfix(79561); ?> (dns_get_record() fails with DNS_ALL).</li> 2384</ul></li> 2385</ul> 2386<!-- }}} --></section> 2387 2388 2389 2390<section class="version" id="7.3.18"><!-- {{{ 7.3.18 --> 2391<h3>Version 7.3.18</h3> 2392<b><?php release_date('14-May-2020'); ?></b> 2393<ul><li>Core: 2394<ul> 2395 <li><?php bugfix(78875); ?> (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)</li> 2396 <li><?php bugfix(78876); ?> (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)</li> 2397 <li><?php bugfix(79434); ?> (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).</li> 2398 <li><?php bugfix(79477); ?> (casting object into array creates references).</li> 2399 <li><?php bugfix(79470); ?> (PHP incompatible with 3rd party file system on demand).</li> 2400 <li><?php bugfix(78784); ?> (Unable to interact with files inside a VFS for Git repository).</li> 2401</ul></li> 2402<li>DOM: 2403<ul> 2404 <li><?php bugfix(78221); ?> (DOMNode::normalize() doesn't remove empty text nodes).</li> 2405</ul></li> 2406<li>FCGI: 2407<ul> 2408 <li><?php bugfix(79491); ?> (Search for .user.ini extends up to root dir).</li> 2409</ul></li> 2410<li>MBString: 2411<ul> 2412 <li><?php bugfix(79441); ?> (Segfault in mb_chr() if internal encoding is unsupported).</li> 2413</ul></li> 2414<li>OpenSSL: 2415<ul> 2416 <li><?php bugfix(79497); ?> (stream_socket_client() throws an unknown error sometimes with <1s timeout).</li> 2417</ul></li> 2418<li>Phar: 2419<ul> 2420 <li><?php bugfix(79503); ?> (Memory leak on duplicate metadata).</li> 2421</ul></li> 2422<li>SimpleXML: 2423<ul> 2424 <li><?php bugfix(79528); ?> (Different object of the same xml between 7.4.5 and 7.4.4).</li> 2425</ul></li> 2426<li>Standard: 2427<ul> 2428 <li><?php bugfix(79468); ?> (SIGSEGV when closing stream handle with a stream filter appended).</li> 2429</ul></li> 2430</ul> 2431<!-- }}} --></section> 2432 2433 2434 2435<section class="version" id="7.3.17"><!-- {{{ 7.3.17 --> 2436<h3>Version 7.3.17</h3> 2437<b><?php release_date('16-Apr-2020'); ?></b> 2438<ul><li>Core: 2439<ul> 2440 <li><?php bugfix(79364); ?> (When copy empty array, next key is unspecified).</li> 2441 <li><?php bugfix(78210); ?> (Invalid pointer address).</li> 2442</ul></li> 2443<li>CURL: 2444<ul> 2445 <li><?php bugfix(79199); ?> (curl_copy_handle() memory leak).</li> 2446</ul></li> 2447<li>Date: 2448<ul> 2449 <li><?php bugfix(79396); ?> (DateTime hour incorrect during DST jump forward).</li> 2450</ul></li> 2451<li>Iconv: 2452<ul> 2453 <li><?php bugfix(79200); ?> (Some iconv functions cut Windows-1258).</li> 2454</ul></li> 2455<li>OPcache: 2456<ul> 2457 <li><?php bugfix(79412); ?> (Opcache chokes and uses 100% CPU on specific script).</li> 2458</ul></li> 2459<li>Session: 2460<ul> 2461 <li><?php bugfix(79413); ?> (session_create_id() fails for active sessions).</li> 2462</ul></li> 2463<li>Shmop: 2464<ul> 2465 <li><?php bugfix(79427); ?> (Integer Overflow in shmop_open()).</li> 2466</ul></li> 2467<li>SimpleXML: 2468<ul> 2469 <li><?php bugfix(61597); ?> (SXE properties may lack attributes and content).</li> 2470</ul></li> 2471<li>Spl: 2472<ul> 2473 <li><?php bugfix(75673); ?> (SplStack::unserialize() behavior).</li> 2474 <li><?php bugfix(79393); ?> (Null coalescing operator failing with SplFixedArray).</li> 2475</ul></li> 2476<li>Standard: 2477<ul> 2478 <li><?php bugfix(79330); ?> (shell_exec() silently truncates after a null byte).</li> 2479 <li><?php bugfix(79465); ?> (OOB Read in urldecode()). (CVE-2020-7067)</li> 2480 <li><?php bugfix(79410); ?> (system() swallows last chunk if it is exactly 4095 bytes without newline).</li> 2481</ul></li> 2482<li>Zip: 2483<ul> 2484 <li><?php bugfix(79296); ?> (ZipArchive::open fails on empty file).</li> 2485 <li><?php bugfix(79424); ?> (php_zip_glob uses gl_pathc after call to globfree).</li> 2486</ul></li> 2487</ul> 2488<!-- }}} --></section> 2489 2490 2491 2492<section class="version" id="7.3.16"><!-- {{{ 7.3.16 --> 2493<h3>Version 7.3.16</h3> 2494<b><?php release_date('19-Mar-2020'); ?></b> 2495<ul><li>Core: 2496<ul> 2497 <li><?php bugfix(63206); ?> (restore_error_handler does not restore previous errors mask).</li> 2498</ul></li> 2499<li>COM: 2500<ul> 2501 <li><?php bugfix(66322); ?> (COMPersistHelper::SaveToFile can save to wrong location).</li> 2502 <li><?php bugfix(79242); ?> (COM error constants don't match com_exception codes on x86).</li> 2503 <li><?php bugfix(79248); ?> (Traversing empty VT_ARRAY throws com_exception).</li> 2504 <li><?php bugfix(79299); ?> (com_print_typeinfo prints duplicate variables).</li> 2505 <li><?php bugfix(79332); ?> (php_istreams are never freed).</li> 2506 <li><?php bugfix(79333); ?> (com_print_typeinfo() leaks memory).</li> 2507</ul></li> 2508<li>DOM: 2509<ul> 2510 <li><?php bugfix(77569); ?>: (Write Access Violation in DomImplementation).</li> 2511 <li><?php bugfix(79271); ?> (DOMDocumentType::$childNodes is NULL).</li> 2512</ul></li> 2513<li>Enchant: 2514<ul> 2515 <li><?php bugfix(79311); ?> (enchant_dict_suggest() fails on big endian architecture).</li> 2516</ul></li> 2517<li>EXIF: 2518<ul> 2519 <li><?php bugfix(79282); ?> (Use-of-uninitialized-value in exif). (CVE-2020-7064)</li> 2520</ul></li> 2521<li>MBstring: 2522<ul> 2523 <li><?php bugfix(79371); ?> (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)</li> 2524</ul></li> 2525<li>MySQLi: 2526<ul> 2527 <li><?php bugfix(64032); ?> (mysqli reports different client_version).</li> 2528</ul></li> 2529<li>PCRE: 2530<ul> 2531 <li><?php bugfix(79188); ?> (Memory corruption in preg_replace/preg_replace_callback and unicode).</li> 2532</ul></li> 2533<li>PDO_ODBC: 2534<ul> 2535 <li><?php bugfix(79038); ?> (PDOStatement::nextRowset() leaks column values).</li> 2536</ul></li> 2537<li>Reflection: 2538<ul> 2539 <li><?php bugfix(79062); ?> (Property with heredoc default value returns false for getDocComment).</li> 2540</ul></li> 2541<li>SQLite3: 2542<ul> 2543 <li><?php bugfix(79294); ?> (::columnType() may fail after SQLite3Stmt::reset()).</li> 2544</ul></li> 2545<li>Standard: 2546<ul> 2547 <li><?php bugfix(79329); ?> (get_headers() silently truncates after a null byte). (CVE-2020-7066)</li> 2548 <li><?php bugfix(79254); ?> (getenv() w/o arguments not showing changes).</li> 2549 <li><?php bugfix(79265); ?> (Improper injection of Host header when using fopen for http requests).</li> 2550</ul></li> 2551</ul> 2552<!-- }}} --></section> 2553 2554 2555 2556<section class="version" id="7.3.15"><!-- {{{ 7.3.15 --> 2557<h3>Version 7.3.15</h3> 2558<b><?php release_date('20-Feb-2020'); ?></b> 2559<ul><li>Core: 2560<ul> 2561 <li><?php bugfix(71876); ?> (Memory corruption htmlspecialchars(): charset `*' not supported).</li> 2562 <li><?php bugfix(79146); ?> (cscript can fail to run on some systems).</li> 2563 <li><?php bugfix(78323); ?> (Code 0 is returned on invalid options).</li> 2564 <li><?php bugfix(76047); ?> (Use-after-free when accessing already destructed backtrace arguments).</li> 2565</ul></li> 2566<li>CURL: 2567<ul> 2568 <li><?php bugfix(79078); ?> (Hypothetical use-after-free in curl_multi_add_handle()).</li> 2569</ul></li> 2570<li>Intl: 2571<ul> 2572 <li><?php bugfix(79212); ?> (NumberFormatter::format() may detect wrong type).</li> 2573</ul></li> 2574<li>Libxml: 2575<ul> 2576 <li><?php bugfix(79191); ?> (Error in SoapClient ctor disables DOMDocument::save()).</li> 2577</ul></li> 2578<li>MBString: 2579<ul> 2580 <li><?php bugfix(79154); ?> (mb_convert_encoding() can modify $from_encoding).</li> 2581</ul></li> 2582<li>MySQLnd: 2583<ul> 2584 <li><?php bugfix(79084); ?> (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).</li> 2585</ul></li> 2586<li>OpenSSL: 2587<ul> 2588 <li><?php bugfix(79145); ?> (openssl memory leak).</li> 2589</ul></li> 2590<li>Phar: 2591<ul> 2592 <li><?php bugfix(79082); ?> (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)</li> 2593 <li><?php bugfix(79171); ?> (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)</li> 2594 <li><?php bugfix(76584); ?> (PharFileInfo::decompress not working).</li> 2595</ul></li> 2596<li>Reflection: 2597<ul> 2598 <li><?php bugfix(79115); ?> (ReflectionClass::isCloneable call reflected class __destruct).</li> 2599</ul></li> 2600<li>Session: 2601<ul> 2602 <li><?php bugfix(79221); ?> (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)</li> 2603</ul></li> 2604<li>SPL: 2605<ul> 2606 <li><?php bugfix(79151); ?> (heap use after free caused by spl_dllist_it_helper_move_forward).</li> 2607</ul></li> 2608<li>Standard: 2609<ul> 2610 <li><?php bugfix(78902); ?> (Memory leak when using stream_filter_append).</li> 2611</ul></li> 2612<li>Testing: 2613<ul> 2614 <li><?php bugfix(78090); ?> (bug45161.phpt takes forever to finish).</li> 2615</ul></li> 2616<li>XSL: 2617<ul> 2618 <li><?php bugfix(70078); ?> (XSL callbacks with nodes as parameter leak memory).</li> 2619</ul></li> 2620</ul> 2621<!-- }}} --></section> 2622 2623 2624 2625<section class="version" id="7.3.14"><!-- {{{ 7.3.14 --> 2626<h3>Version 7.3.14</h3> 2627<b><?php release_date('23-Jan-2020'); ?></b> 2628<ul><li>Core: 2629<ul> 2630 <li><?php bugfix(78999); ?> (Cycle leak when using function result as temporary).</li> 2631</ul></li> 2632<li>CURL: 2633<ul> 2634 <li><?php bugfix(79033); ?> (Curl timeout error with specific url and post).</li> 2635</ul></li> 2636<li>Date: 2637<ul> 2638 <li><?php bugfix(79015); ?> (undefined-behavior in php_date.c).</li> 2639</ul></li> 2640<li>DBA: 2641<ul> 2642 <li><?php bugfix(78808); ?> ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).</li> 2643</ul></li> 2644<li>Fileinfo: 2645<ul> 2646 <li><?php bugfix(74170); ?> (locale information change after mime_content_type).</li> 2647</ul></li> 2648<li>GD: 2649<ul> 2650 <li><?php bugfix(78923); ?> (Artifacts when convoluting image with transparency).</li> 2651 <li><?php bugfix(79067); ?> (gdTransformAffineCopy() may use unitialized values).</li> 2652 <li><?php bugfix(79068); ?> (gdTransformAffineCopy() changes interpolation method).</li> 2653</ul></li> 2654<li>Libxml: 2655<ul> 2656 <li><?php bugfix(79029); ?> (Use After Free's in XMLReader / XMLWriter).</li> 2657</ul></li> 2658<li>Mbstring: 2659<ul> 2660 <li><?php bugfix(79037); ?> (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)</li> 2661</ul></li> 2662<li>OPcache: 2663<ul> 2664 <li><?php bugfix(79040); ?> (Warning Opcode handlers are unusable due to ASLR).</li> 2665</ul></li> 2666<li>Pcntl: 2667<ul> 2668 <li><?php bugfix(78402); ?> (Converting null to string in error message is bad DX).</li> 2669</ul></li> 2670<li>PDO_PgSQL: 2671<ul> 2672 <li><?php bugfix(78983); ?> (pdo_pgsql config.w32 cannot find libpq-fe.h).</li> 2673 <li><?php bugfix(78980); ?> (pgsqlGetNotify() overlooks dead connection).</li> 2674 <li><?php bugfix(78982); ?> (pdo_pgsql returns dead persistent connection).</li> 2675</ul></li> 2676<li>Session: 2677<ul> 2678 <li><?php bugfix(79091); ?> (heap use-after-free in session_create_id()).</li> 2679</ul></li> 2680<li>Shmop: 2681<ul> 2682 <li><?php bugfix(78538); ?> (shmop memory leak).</li> 2683</ul></li> 2684<li>Standard: 2685<ul> 2686 <li><?php bugfix(79099); ?> (OOB read in php_strip_tags_ex). (CVE-2020-7059)</li> 2687 <li><?php bugfix(54298); ?> (Using empty additional_headers adding extraneous CRLF).</li> 2688</ul></li> 2689</ul> 2690<!-- }}} --></section> 2691 2692 2693 2694<section class="version" id="7.3.13"><!-- {{{ 7.3.13 --> 2695<h3>Version 7.3.13</h3> 2696<b><?php release_date('18-Dec-2019'); ?></b> 2697<ul><li>Bcmath: 2698<ul> 2699 <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)</li> 2700</ul></li> 2701<li>Core: 2702<ul> 2703 <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044)</li> 2704 <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)</li> 2705 <li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049)</li> 2706 <li><?php bugfix(78787); ?> (Segfault with trait overriding inherited private shadow property).</li> 2707 <li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li> 2708 <li><?php bugfix(78296); ?> (is_file fails to detect file).</li> 2709</ul></li> 2710<li>EXIF: 2711<ul> 2712 <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)</li> 2713 <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif) (CVE-2019-11047).</li> 2714</ul></li> 2715<li>GD: 2716<ul> 2717 <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li> 2718</ul></li> 2719<li>MBString: 2720<ul> 2721 <li>Upgraded bundled Oniguruma to 6.9.4.</li> 2722</ul></li> 2723<li>OPcache: 2724<ul> 2725 <li>Fixed potential ASLR related invalid opline handler issues.</li> 2726 <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li> 2727</ul></li> 2728<li>PCRE: 2729<ul> 2730 <li><?php bugfix(78853); ?> (preg_match() may return integer > 1).</li> 2731</ul></li> 2732<li>Standard: 2733<ul> 2734 <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li> 2735 <li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li> 2736 <li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li> 2737 <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li> 2738 <li><?php bugfix(78814); ?> (strip_tags allows / in tag name => whitelist bypass).</li> 2739</ul></li> 2740</ul> 2741<!-- }}} --></section> 2742 2743 2744 2745<section class="version" id="7.3.12"><!-- {{{ 7.3.12 --> 2746<h3>Version 7.3.12</h3> 2747<b><?php release_date('21-Nov-2019'); ?></b> 2748<ul><li>Core: 2749<ul> 2750 <li><?php bugfix(78658); ?> (Memory corruption using Closure::bindTo).</li> 2751 <li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li> 2752 <li><?php bugfix(78752); ?> (Segfault if GC triggered while generator stack frame is being destroyed).</li> 2753 <li><?php bugfix(78689); ?> (Closure::fromCallable() doesn't handle [Closure, '__invoke']).</li> 2754</ul></li> 2755<li>COM: 2756<ul> 2757 <li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li> 2758</ul></li> 2759<li>Date: 2760<ul> 2761 <li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li> 2762 <li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li> 2763</ul></li> 2764<li>Iconv: 2765<ul> 2766 <li><?php bugfix(78642); ?> (Wrong libiconv version displayed).</li> 2767</ul></li> 2768<li>OpCache: 2769<ul> 2770 <li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li> 2771 <li><?php bugfix(78747); ?> (OpCache corrupts custom extension result).</li> 2772</ul></li> 2773<li>OpenSSL: 2774<ul> 2775 <li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li> 2776</ul></li> 2777<li>Reflection: 2778<ul> 2779 <li><?php bugfix(78697); ?> (ReflectionClass::ImplementsInterface - inaccurate error message with traits).</li> 2780</ul></li> 2781<li>Sockets: 2782<ul> 2783 <li><?php bugfix(78665); ?> (Multicasting may leak memory).</li> 2784</ul></li> 2785</ul> 2786<!-- }}} --></section> 2787 2788 2789 2790<section class="version" id="7.3.11"><!-- {{{ 7.3.11 --> 2791<h3>Version 7.3.11</h3> 2792<b><?php release_date('24-Oct-2019'); ?></b> 2793<ul><li>Core: 2794<ul> 2795 <li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li> 2796 <li><?php bugfix(78620); ?> (Out of memory error).</li> 2797</ul></li> 2798<li>Exif: 2799<ul> 2800 <li><?php bugfix(78442); ?> ('Illegal component' on exif_read_data since PHP7) (Kalle)</li> 2801</ul></li> 2802<li>FPM: 2803<ul> 2804 <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li> 2805 <li><?php bugfix(78413); ?> (request_terminate_timeout does not take effect after fastcgi_finish_request).</li> 2806</ul></li> 2807<li>MBString: 2808<ul> 2809 <li><?php bugfix(78633); ?> (Heap buffer overflow (read) in mb_eregi).</li> 2810 <li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li> 2811 <li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li> 2812</ul></li> 2813<li>MySQLi: 2814<ul> 2815 <li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li> 2816</ul></li> 2817<li>Mysqlnd: 2818<ul> 2819 <li><?php bugfix(78525); ?> (Memory leak in pdo when reusing native prepared statements).</li> 2820</ul></li> 2821<li>PCRE: 2822<ul> 2823 <li><?php bugfix(78272); ?> (calling preg_match() before pcntl_fork() will freeze child process).</li> 2824</ul></li> 2825<li>PDO_MySQL: 2826<ul> 2827 <li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li> 2828</ul></li> 2829<li>Session: 2830<ul> 2831 <li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li> 2832</ul></li> 2833<li>Standard: 2834<ul> 2835 <li><?php bugfix(76342); ?> (file_get_contents waits twice specified timeout).</li> 2836 <li><?php bugfix(78612); ?> (strtr leaks memory when integer keys are used and the subject string shorter).</li> 2837 <li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li> 2838</ul></li> 2839<li>Zip: 2840<ul> 2841 <li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li> 2842</ul></li> 2843</ul> 2844<!-- }}} --></section> 2845 2846 2847 2848<section class="version" id="7.3.10"><!-- {{{ 7.3.10 --> 2849<h3>Version 7.3.10</h3> 2850<b><?php release_date('26-Sep-2019'); ?></b> 2851<ul><li>Core: 2852<ul> 2853 <li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li> 2854 <li><?php bugfix(77922); ?> (Double release of doc comment on inherited shadow property).</li> 2855 <li><?php bugfix(78441); ?> (Parse error due to heredoc identifier followed by digit).</li> 2856 <li><?php bugfix(77812); ?> (Interactive mode does not support PHP 7.3-style heredoc).</li> 2857</ul></li> 2858<li>FastCGI: 2859<ul> 2860 <li><?php bugfix(78469); ?> (FastCGI on_accept hook is not called when using named pipes on Windows).</li> 2861</ul></li> 2862<li>FPM: 2863<ul> 2864 <li><?php bugfix(78334); ?> (fpm log prefix message includes wrong stdout/stderr notation).</li> 2865</ul></li> 2866<li>Intl: 2867<ul> 2868 <li>Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested.</li> 2869</ul></li> 2870<li>MBString: 2871<ul> 2872 <li><?php bugfix(78559); ?> (Heap buffer overflow in mb_eregi).</li> 2873</ul></li> 2874<li>MySQLnd: 2875<ul> 2876 <li>Fixed connect_attr issues and added the _server_host connection attribute.</li> 2877</ul></li> 2878<li>ODBC: 2879<ul> 2880 <li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li> 2881</ul></li> 2882<li>PDO_MySQL: 2883<ul> 2884 <li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li> 2885</ul></li> 2886<li>sodium: 2887<ul> 2888 <li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li> 2889</ul></li> 2890</ul> 2891<!-- }}} --></section> 2892 2893 2894 2895<section class="version" id="7.3.9"><!-- {{{ 7.3.9 --> 2896<h3>Version 7.3.9</h3> 2897<b><?php release_date('29-Aug-2019'); ?></b> 2898<ul><li>Core: 2899<ul> 2900 <li><?php bugfix(78363); ?> (Buffer overflow in zendparse).</li> 2901 <li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li> 2902 <li><?php bugfix(78412); ?> (Generator incorrectly reports non-releasable $this as GC child).</li> 2903</ul></li> 2904<li>Curl: 2905<ul> 2906 <li><?php bugfix(77946); ?> (Bad cURL resources returned by curl_multi_info_read()).</li> 2907</ul></li> 2908<li>Exif: 2909<ul> 2910 <li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li> 2911</ul></li> 2912<li>FPM: 2913<ul> 2914 <li><?php bugfix(77185); ?> (Use-after-free in FPM master event handling).</li> 2915</ul></li> 2916<li>Iconv: 2917<ul> 2918 <li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li> 2919</ul></li> 2920<li>LiteSpeed: 2921<ul> 2922 <li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li> 2923</ul></li> 2924<li>MBString: 2925<ul> 2926 <li><?php bugfix(78380); ?> (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224)</li> 2927</ul></li> 2928<li>MySQLnd: 2929<ul> 2930 <li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li> 2931 <li><?php bugfix(78213); ?> (Empty row pocket).</li> 2932</ul></li> 2933<li>Opcache: 2934<ul> 2935 <li><?php bugfix(77191); ?> (Assertion failure in dce_live_ranges() when silencing is used).</li> 2936</ul></li> 2937<li>Standard: 2938<ul> 2939 <li><?php bugfix(69100); ?> (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).</li> 2940 <li><?php bugfix(78282); ?> (atime and mtime mismatch).</li> 2941 <li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li> 2942 <li><?php bugfix(78346); ?> (strip_tags no longer handling nested php tags).</li> 2943</ul></li> 2944</ul> 2945<!-- }}} --></section> 2946 2947 2948 2949<section class="version" id="7.3.8"><!-- {{{ 7.3.8 --> 2950<h3>Version 7.3.8</h3> 2951<b><?php release_date('01-Aug-2019'); ?></b> 2952<ul><li>Core: 2953<ul> 2954 <li>Added syslog.filter=raw option.</li> 2955 <li><?php bugfix(78212); ?> (Segfault in built-in webserver).</li> 2956</ul></li> 2957<li>Date: 2958<ul> 2959 <li><?php bugfix(69044); ?> (discrepency between time and microtime).</li> 2960 <li>Updated timelib to 2018.02.</li> 2961</ul></li> 2962<li>EXIF: 2963<ul> 2964 <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li> 2965 <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li> 2966</ul></li> 2967<li>FTP: 2968<ul> 2969 <li><?php bugfix(78039); ?> (FTP with SSL memory leak).</li> 2970</ul></li> 2971<li>Libxml: 2972<ul> 2973 <li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li> 2974</ul></li> 2975<li>LiteSpeed: 2976<ul> 2977 <li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li> 2978 <li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li> 2979</ul></li> 2980<li>Openssl: 2981<ul> 2982 <li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li> 2983</ul></li> 2984<li>Opcache: 2985<ul> 2986 <li><?php bugfix(78341); ?> (Failure to detect smart branch in DFA pass).</li> 2987 <li><?php bugfix(78189); ?> (file cache strips last character of uname hash).</li> 2988 <li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li> 2989 <li><?php bugfix(78271); ?> (Invalid result of if-else).</li> 2990 <li><?php bugfix(78291); ?> (opcache_get_configuration doesn't list all directives).</li> 2991</ul></li> 2992<li>PCRE: 2993<ul> 2994 <li><?php bugfix(78338); ?> (Array cross-border reading in PCRE).</li> 2995 <li><?php bugfix(78197); ?> (PCRE2 version check in configure fails for "##.##-xxx" version strings).</li> 2996</ul></li> 2997<li>PDO_Sqlite: 2998<ul> 2999 <li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li> 3000</ul></li> 3001<li>Phar: 3002<ul> 3003 <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li> 3004</ul></li> 3005<li>Phpdbg: 3006<ul> 3007 <li><?php bugfix(78297); ?> (Include unexistent file memory leak).</li> 3008</ul></li> 3009<li>SQLite: 3010<ul> 3011 <li>Upgraded to SQLite 3.28.0.</li> 3012</ul></li> 3013<li>Standard: 3014<ul> 3015 <li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li> 3016 <li><?php bugfix(78269); ?> (password_hash uses weak options for argon2).</li> 3017</ul></li> 3018</ul> 3019<!-- }}} --></section> 3020 3021 3022 3023<section class="version" id="7.3.7"><!-- {{{ 7.3.7 --> 3024<h3>Version 7.3.7</h3> 3025<b><?php release_date('04-Jul-2019'); ?></b> 3026<ul><li>Core: 3027<ul> 3028 <li><?php bugfix(76980); ?> (Interface gets skipped if autoloader throws an exception).</li> 3029</ul></li> 3030<li>DOM: 3031<ul> 3032 <li><?php bugfix(78025); ?> (segfault when accessing properties of DOMDocumentType).</li> 3033</ul></li> 3034<li>MySQLi: 3035<ul> 3036 <li><?php bugfix(77956); ?> (When mysqli.allow_local_infile = Off, use a meaningful error message).</li> 3037 <li><?php bugfix(38546); ?> (bindParam incorrect processing of bool types).</li> 3038</ul></li> 3039<li>MySQLnd: 3040<ul> 3041 <li><?php bugfix(77955); ?> (Random segmentation fault in mysqlnd from php-fpm).</li> 3042</ul></li> 3043<li>Opcache: 3044<ul> 3045 <li><?php bugfix(78015); ?> (Incorrect evaluation of expressions involving partials arrays in SCCP).</li> 3046 <li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li> 3047</ul></li> 3048<li>OpenSSL: 3049<ul> 3050 <li><?php bugfix(78079); ?> (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).</li> 3051</ul></li> 3052<li>phpdbg: 3053<ul> 3054 <li><?php bugfix(78050); ?> (SegFault phpdbg + opcache on include file twice).</li> 3055</ul></li> 3056<li>Sockets: 3057<ul> 3058 <li><?php bugfix(78038); ?> (Socket_select fails when resource array contains references).</li> 3059</ul></li> 3060<li>Sodium: 3061<ul> 3062 <li><?php bugfix(78114); ?> (segfault when calling sodium_* functions from eval).</li> 3063</ul></li> 3064<li>Standard: 3065<ul> 3066 <li><?php bugfix(77135); ?> (Extract with EXTR_SKIP should skip $this).</li> 3067 <li><?php bugfix(77937); ?> (preg_match failed).</li> 3068</ul></li> 3069<li>Zip: 3070<ul> 3071 <li><?php bugfix(76345); ?> (zip.h not found).</li> 3072</ul></li> 3073</ul> 3074<!-- }}} --></section> 3075 3076 3077<section class="version" id="7.3.6"><!-- {{{ 7.3.6 --> 3078<h3>Version 7.3.6</h3> 3079<b><?php release_date('30-May-2019'); ?></b> 3080<ul><li>cURL: 3081<ul> 3082 <li><?php implemented(72189); ?> (Add missing CURL_VERSION_* constants).</li> 3083</ul></li> 3084<li>Date: 3085<ul> 3086 <li><?php bugfix(77909); ?> (DatePeriod::__construct() with invalid recurrence count value).</li> 3087</ul></li> 3088<li>EXIF: 3089<ul> 3090 <li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li> 3091</ul></li> 3092<li>FPM: 3093<ul> 3094 <li><?php bugfix(77934); ?> (php-fpm kill -USR2 not working).</li> 3095 <li><?php bugfix(77921); ?> (static.php.net doesn't work anymore).</li> 3096</ul></li> 3097<li>GD: 3098<ul> 3099 <li><?php bugfix(77943); ?> (imageantialias($image, false); does not work).</li> 3100 <li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li> 3101</ul></li> 3102<li>Iconv: 3103<ul> 3104 <li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li> 3105</ul></li> 3106<li>JSON: 3107<ul> 3108 <li><?php bugfix(77843); ?> (Use after free with json serializer).</li> 3109</ul></li> 3110<li>Opcache: 3111<ul> 3112 <li>Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.</li> 3113</ul></li> 3114<li>PDO_MySQL: 3115<ul> 3116 <li><?php bugfix(77944); ?> (Wrong meta pdo_type for bigint on LLP64).</li> 3117</ul></li> 3118<li>Reflection: 3119<ul> 3120 <li><?php bugfix(75186); ?> (Inconsistent reflection of Closure:::__invoke()).</li> 3121</ul></li> 3122<li>Session: 3123<ul> 3124 <li><?php bugfix(77911); ?> (Wrong warning for session.sid_bits_per_character).</li> 3125</ul></li> 3126<li>SOAP: 3127<ul> 3128 <li><?php bugfix(77945); ?> (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).</li> 3129</ul></li> 3130<li>SPL: 3131<ul> 3132 <li><?php bugfix(77024); ?> (SplFileObject::__toString() may return array).</li> 3133</ul></li> 3134<li>SQLite: 3135<ul> 3136 <li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li> 3137</ul></li> 3138<li>Standard: 3139<ul> 3140 <li><?php bugfix(77931); ?> (Warning for array_map mentions wrong type).</li> 3141 <li><?php bugfix(78003); ?> (strip_tags output change since PHP 7.3).</li> 3142</ul></li> 3143</ul> 3144<!-- }}} --></section> 3145<section class="version" id="7.3.5"><!-- {{{ 7.3.5 --> 3146<h3>Version 7.3.5</h3> 3147<b><?php release_date('02-May-2019'); ?></b> 3148<ul><li>Core: 3149<ul> 3150 <li><?php bugfix(77903); ?> (ArrayIterator stops iterating after offsetSet call).</li> 3151</ul></li> 3152<li>CLI: 3153<ul> 3154 <li><?php bugfix(77794); ?> (Incorrect Date header format in built-in server).</li> 3155</ul></li> 3156<li>EXIF: 3157<ul> 3158 <li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li> 3159</ul></li> 3160<li>Interbase: 3161<ul> 3162 <li><?php bugfix(72175); ?> (Impossibility of creating multiple connections to Interbase with php 7.x).</li> 3163</ul></li> 3164<li>Intl: 3165<ul> 3166 <li><?php bugfix(77895); ?> (IntlDateFormatter::create fails in strict mode if $locale = null).</li> 3167</ul></li> 3168<li>litespeed: 3169<ul> 3170 <li>LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().</li> 3171</ul></li> 3172<li>LDAP: 3173<ul> 3174 <li><?php bugfix(77869); ?> (Core dump when using server controls) (mcmic)</li> 3175</ul></li> 3176<li>Mail: 3177<ul> 3178 <li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li> 3179</ul></li> 3180<li>mbstring: 3181<ul> 3182 <li><?php implemented(72777); ?> (Implement regex stack limits for mbregex functions).</li> 3183</ul></li> 3184<li>MySQLi: 3185<ul> 3186 <li><?php bugfix(77773); ?> (Unbuffered queries leak memory - MySQLi / mysqlnd).</li> 3187</ul></li> 3188<li>PCRE: 3189<ul> 3190 <li><?php bugfix(77827); ?> (preg_match does not ignore \r in regex flags).</li> 3191</ul></li> 3192<li>PDO: 3193<ul> 3194 <li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li> 3195</ul></li> 3196<li>phpdbg: 3197<ul> 3198 <li><?php bugfix(76801); ?> (too many open files).</li> 3199 <li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li> 3200 <li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li> 3201</ul></li> 3202<li>Reflection: 3203<ul> 3204 <li><?php bugfix(77772); ?> (ReflectionClass::getMethods(null) doesn't work).</li> 3205 <li><?php bugfix(77882); ?> (Different behavior: always calls destructor).</li> 3206</ul></li> 3207<li>Standard: 3208<ul> 3209 <li><?php bugfix(77793); ?> (Segmentation fault in extract() when overwriting reference with itself).</li> 3210 <li><?php bugfix(77844); ?> (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).</li> 3211 <li><?php bugfix(77853); ?> (Inconsistent substr_compare behaviour with empty haystack).</li> 3212</ul></li> 3213</ul> 3214<!-- }}} --></section> 3215 3216<section class="version" id="7.3.4"><!-- {{{ 7.3.4 --> 3217<h3>Version 7.3.4</h3> 3218<b><?php release_date('04-Apr-2019'); ?></b> 3219<ul><li>Core: 3220<ul> 3221 <li><?php bugfix(77738); ?> (Nullptr deref in zend_compile_expr).</li> 3222 <li><?php bugfix(77660); ?> (Segmentation fault on break 2147483648).</li> 3223 <li><?php bugfix(77652); ?> (Anonymous classes can lose their interface information).</li> 3224 <li><?php bugfix(77345); ?> (Stack Overflow caused by circular reference in garbage collection).</li> 3225 <li><?php bugfix(76956); ?> (Wrong value for 'syslog.filter' documented in php.ini).</li> 3226</ul></li> 3227<li>Apache2Handler: 3228<ul> 3229 <li><?php bugfix(77648); ?> (BOM in sapi/apache2handler/php_functions.c).</li> 3230</ul></li> 3231<li>Bcmath: 3232<ul> 3233 <li><?php bugfix(77742); ?> (bcpow() implementation related to gcc compiler optimization).</li> 3234</ul></li> 3235<li>CLI Server: 3236<ul> 3237 <li><?php bugfix(77722); ?> (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).</li> 3238</ul></li> 3239<li>COM: 3240<ul> 3241 <li><?php bugfix(77578); ?> (Crash when php unload).</li> 3242</ul></li> 3243<li>EXIF: 3244<ul> 3245 <li><?php bugfix(77753); ?> (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)</li> 3246 <li><?php bugfix(77831); ?> (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)</li> 3247</ul></li> 3248<li>FPM: 3249<ul> 3250 <li><?php bugfix(77677); ?> (FPM fails to build on AIX due to missing WCOREDUMP).</li> 3251</ul></li> 3252<li>GD: 3253<ul> 3254 <li><?php bugfix(77700); ?> (Writing truecolor images as GIF ignores interlace flag).</li> 3255</ul></li> 3256<li>MySQLi: 3257<ul> 3258 <li><?php bugfix(77597); ?> (mysqli_fetch_field hangs scripts).</li> 3259</ul></li> 3260<li>Opcache: 3261<ul> 3262 <li><?php bugfix(77743); ?> (Incorrect pi node insertion for jmpznz with identical successors).</li> 3263</ul></li> 3264<li>PCRE: 3265<ul> 3266 <li><?php bugfix(76127); ?> (preg_split does not raise an error on invalid UTF-8).</li> 3267</ul></li> 3268<li>Phar: 3269<ul> 3270 <li><?php bugfix(77697); ?> (Crash on Big_Endian platform).</li> 3271</ul></li> 3272<li>phpdbg: 3273<ul> 3274 <li><?php bugfix(77767); ?> (phpdbg break cmd aliases listed in help do not match actual aliases).</li> 3275</ul></li> 3276<li>sodium: 3277<ul> 3278 <li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li> 3279</ul></li> 3280<li>SQLite3: 3281<ul> 3282 <li>Added sqlite3.defensive INI directive.</li> 3283</ul></li> 3284<li>Standard: 3285<ul> 3286 <li><?php bugfix(77664); ?> (Segmentation fault when using undefined constant in custom wrapper).</li> 3287 <li><?php bugfix(77669); ?> (Crash in extract() when overwriting extracted array).</li> 3288 <li><?php bugfix(76717); ?> (var_export() does not create a parsable value for PHP_INT_MIN).</li> 3289 <li><?php bugfix(77765); ?> (FTP stream wrapper should set the directory as executable).</li> 3290</ul></li> 3291</ul> 3292<!-- }}} --></section> 3293 3294<section class="version" id="7.3.3"><!-- {{{ 7.3.3 --> 3295<h3>Version 7.3.3</h3> 3296<b><?php release_date('07-Mar-2019'); ?></b> 3297<ul><li>Core: 3298<ul> 3299 <li><?php bugfix(77589); ?> (Core dump using parse_ini_string with numeric sections).</li> 3300 <li><?php bugfix(77329); ?> (Buffer Overflow via overly long Error Messages).</li> 3301 <li><?php bugfix(77494); ?> (Disabling class causes segfault on member access).</li> 3302 <li><?php bugfix(77498); ?> (Custom extension Segmentation fault when declare static property).</li> 3303 <li><?php bugfix(77530); ?> (PHP crashes when parsing `(2)::class`).</li> 3304 <li><?php bugfix(77546); ?> (iptcembed broken function).</li> 3305 <li><?php bugfix(77630); ?> (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)</li> 3306</ul></li> 3307<li>COM: 3308<ul> 3309 <li><?php bugfix(77621); ?> (Already defined constants are not properly reported).</li> 3310 <li><?php bugfix(77626); ?> (Persistence confusion in php_com_import_typelib()).</li> 3311</ul></li> 3312<li>EXIF: 3313<ul> 3314 <li><?php bugfix(77509); ?> (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)</li> 3315 <li><?php bugfix(77540); ?> (Invalid Read on exif_process_SOFn). (CVE-2019-9640)</li> 3316 <li><?php bugfix(77563); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)</li> 3317 <li><?php bugfix(77659); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)</li> 3318</ul></li> 3319<li>Mbstring: 3320<ul> 3321 <li><?php bugfix(77514); ?> (mb_ereg_replace() with trailing backslash adds null byte).</li> 3322</ul></li> 3323<li>MySQL: 3324<ul> 3325 <li>Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.</li> 3326</ul></li> 3327<li>OpenSSL: 3328<ul> 3329 <li><?php bugfix(77390); ?> (feof might hang on TLS streams in case of fragmented TLS records).</li> 3330</ul></li> 3331<li>PDO_OCI: 3332<ul> 3333 <li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li> 3334</ul></li> 3335<li>PHAR: 3336<ul> 3337 <li><?php bugfix(77396); ?> (Null Pointer Dereference in phar_create_or_parse_filename).</li> 3338 <li><?php bugfix(77586); ?> (phar_tar_writeheaders_int() buffer overflow).</li> 3339</ul></li> 3340<li>phpdbg: 3341<ul> 3342 <li><?php bugfix(76596); ?> (phpdbg support for display_errors=stderr).</li> 3343</ul></li> 3344<li>SPL: 3345<ul> 3346 <li><?php bugfix(51068); ?> (DirectoryIterator glob:// don't support current path relative queries).</li> 3347 <li><?php bugfix(77431); ?> (openFile() silently truncates after a null byte).</li> 3348</ul></li> 3349<li>Standard: 3350<ul> 3351 <li><?php bugfix(77552); ?> (Unintialized php_stream_statbuf in stat functions).</li> 3352 <li><?php bugfix(77612); ?> (setcookie() sets incorrect SameSite header if all of its options filled).</li> 3353</ul></li> 3354</ul> 3355<!-- }}} --></section> 3356 3357<section class="version" id="7.3.2"><!-- {{{ 7.3.2 --> 3358<h3>Version 7.3.2</h3> 3359<b><?php release_date('07-Feb-2019'); ?></b> 3360<ul><li>Core: 3361<ul> 3362 <li><?php bugfix(77369); ?> (memcpy with negative length via crafted DNS response). (CVE-2019-9022)</li> 3363 <li><?php bugfix(77387); ?> (Recursion detection broken when printing GLOBALS).</li> 3364 <li><?php bugfix(77376); ?> ("undefined function" message no longer includes namespace).</li> 3365 <li><?php bugfix(77357); ?> (base64_encode / base64_decode doest not work on nested VM).</li> 3366 <li><?php bugfix(77339); ?> (__callStatic may get incorrect arguments).</li> 3367 <li><?php bugfix(77317); ?> (__DIR__, __FILE__, realpath() reveal physical path for subst virtual drive).</li> 3368 <li><?php bugfix(77263); ?> (Segfault when using 2 RecursiveFilterIterator).</li> 3369 <li><?php bugfix(77447); ?> (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).</li> 3370 <li><?php bugfix(77484); ?> (Zend engine crashes when calling realpath in invalid working dir).</li> 3371</ul></li> 3372<li>Curl: 3373<ul> 3374 <li><?php bugfix(76675); ?> (Segfault with H2 server push).</li> 3375</ul></li> 3376<li>Fileinfo: 3377<ul> 3378 <li><?php bugfix(77346); ?> (webm files incorrectly detected as application/octet-stream).</li> 3379</ul></li> 3380<li>FPM: 3381<ul> 3382 <li><?php bugfix(77430); ?> (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).</li> 3383</ul></li> 3384<li>GD: 3385<ul> 3386 <li><?php bugfix(73281); ?> (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).</li> 3387 <li><?php bugfix(73614); ?> (gdImageFilledArc() doesn't properly draw pies).</li> 3388 <li><?php bugfix(77272); ?> (imagescale() may return image resource on failure).</li> 3389 <li><?php bugfix(77391); ?> (1bpp BMPs may fail to be loaded).</li> 3390 <li><?php bugfix(77479); ?> (imagewbmp() segfaults with very large images).</li> 3391</ul></li> 3392<li>ldap: 3393<ul> 3394 <li><?php bugfix(77440); ?> (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).</li> 3395</ul></li> 3396<li>Mbstring: 3397<ul> 3398 <li><?php bugfix(77428); ?> (mb_ereg_replace() doesn't replace a substitution variable).</li> 3399 <li><?php bugfix(77454); ?> (mb_scrub() silently truncates after a null byte).</li> 3400</ul></li> 3401<li>MySQLnd: 3402<ul> 3403 <li><?php bugfix(77308); ?> (Unbuffered queries memory leak).</li> 3404 <li><?php bugfix(75684); ?> (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).</li> 3405</ul></li> 3406<li>Opcache: 3407<ul> 3408 <li><?php bugfix(77266); ?> (Assertion failed in dce_live_ranges).</li> 3409 <li><?php bugfix(77257); ?> (value of variable assigned in a switch() construct gets lost).</li> 3410 <li><?php bugfix(77434); ?> (php-fpm workers are segfaulting in zend_gc_addre).</li> 3411 <li><?php bugfix(77361); ?> (configure fails on 64-bit AIX when opcache enabled).</li> 3412 <li><?php bugfix(77287); ?> (Opcache literal compaction is incompatible with EXT opcodes).</li> 3413</ul></li> 3414<li>PCRE: 3415<ul> 3416 <li><?php bugfix(77338); ?> (get_browser with empty string).</li> 3417</ul></li> 3418<li>PDO: 3419<ul> 3420 <li><?php bugfix(77273); ?> (array_walk_recursive corrupts value types leading to PDO failure).</li> 3421</ul></li> 3422<li>PDO MySQL: 3423<ul> 3424 <li><?php bugfix(77289); ?> (PDO MySQL segfaults with persistent connection).</li> 3425</ul></li> 3426<li>SOAP: 3427<ul> 3428 <li><?php bugfix(77410); ?> (Segmentation Fault when executing method with an empty parameter).</li> 3429</ul></li> 3430<li>Sockets: 3431<ul> 3432 <li><?php bugfix(76839); ?> (socket_recvfrom may return an invalid 'from' address on MacOS).</li> 3433</ul></li> 3434<li>SPL: 3435<ul> 3436 <li><?php bugfix(77298); ?> (segfault occurs when add property to unserialized empty ArrayObject).</li> 3437</ul></li> 3438<li>Standard: 3439<ul> 3440 <li><?php bugfix(77395); ?> (segfault about array_multisort).</li> 3441 <li><?php bugfix(77439); ?> (parse_str segfaults when inserting item into existing array).</li> 3442</ul></li> 3443</ul> 3444<!-- }}} --></section> 3445 3446<section class="version" id="7.3.1"><!-- {{{ 7.3.1 --> 3447<h3>Version 7.3.1</h3> 3448<b><?php release_date('10-Jan-2019'); ?></b> 3449<ul><li>Core: 3450<ul> 3451 <li><?php bugfix(76654); ?> (Build failure on Mac OS X on 32-bit Intel).</li> 3452 <li><?php bugfix(71041); ?> (zend_signal_startup() needs ZEND_API).</li> 3453 <li><?php bugfix(76046); ?> (PHP generates "FE_FREE" opcode on the wrong line).</li> 3454 <li><?php bugfix(77291); ?> (magic methods inherited from a trait may be ignored).</li> 3455</ul></li> 3456<li>CURL: 3457<ul> 3458 <li><?php bugfix(77264); ?> (curl_getinfo returning microseconds, not seconds).</li> 3459</ul></li> 3460<li>COM: 3461<ul> 3462 <li><?php bugfix(77177); ?> (Serializing or unserializing COM objects crashes).</li> 3463</ul></li> 3464<li>Exif: 3465<ul> 3466 <li><?php bugfix(77184); ?> (Unsigned rational numbers are written out as signed rationals).</li> 3467</ul></li> 3468<li>GD: 3469<ul> 3470 <li><?php bugfix(77195); ?> (Incorrect error handling of imagecreatefromjpeg()).</li> 3471 <li><?php bugfix(77198); ?> (auto cropping has insufficient precision).</li> 3472 <li><?php bugfix(77200); ?> (imagecropauto(…, GD_CROP_SIDES) crops left but not right).</li> 3473 <li><?php bugfix(77269); ?> (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)</li> 3474 <li><?php bugfix(77270); ?> (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)</li> 3475</ul></li> 3476<li>MBString: 3477<ul> 3478 <li><?php bugfix(77367); ?> (Negative size parameter in mb_split). (CVE-2019-9025)</li> 3479 <li><?php bugfix(77370); ?> (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)</li> 3480 <li><?php bugfix(77371); ?> (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)</li> 3481 <li><?php bugfix(77381); ?> (heap buffer overflow in multibyte match_at). (CVE-2019-9023)</li> 3482 <li><?php bugfix(77382); ?> (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)</li> 3483 <li><?php bugfix(77385); ?> (buffer overflow in fetch_token). (CVE-2019-9023)</li> 3484 <li><?php bugfix(77394); ?> (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)</li> 3485 <li><?php bugfix(77418); ?> (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)</li> 3486</ul></li> 3487<li>OCI8: 3488<ul> 3489 <li><?php bugfix(76804); ?> (oci_pconnect with OCI_CRED_EXT not working).</li> 3490 <li>Added oci_set_call_timeout() for call timeouts.</li> 3491 <li>Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.</li> 3492</ul></li> 3493<li>Opcache: 3494<ul> 3495 <li><?php bugfix(77215); ?> (CFG assertion failure on multiple finalizing switch frees in one block).</li> 3496 <li><?php bugfix(77275); ?> (OPcache optimization problem for ArrayAccess->offsetGet).</li> 3497</ul></li> 3498<li>PCRE: 3499<ul> 3500 <li><?php bugfix(77193); ?> (Infinite loop in preg_replace_callback).</li> 3501</ul></li> 3502<li>PDO: 3503<ul> 3504 <li>Handle invalid index passed to PDOStatement::fetchColumn() as error.</li> 3505</ul></li> 3506<li>Phar: 3507<ul> 3508 <li><?php bugfix(77247); ?> (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)</li> 3509</ul></li> 3510<li>Soap: 3511<ul> 3512 <li><?php bugfix(77088); ?> (Segfault when using SoapClient with null options).</li> 3513</ul></li> 3514<li>Sockets: 3515<ul> 3516 <li><?php bugfix(77136); ?> (Unsupported IPV6_RECVPKTINFO constants on macOS).</li> 3517</ul></li> 3518<li>Sodium: 3519<ul> 3520 <li><?php bugfix(77297); ?> (SodiumException segfaults on PHP 7.3).</li> 3521</ul></li> 3522<li>SPL: 3523<ul> 3524 <li><?php bugfix(77359); ?> (spl_autoload causes segfault).</li> 3525 <li><?php bugfix(77360); ?> (class_uses causes segfault).</li> 3526</ul></li> 3527<li>SQLite3: 3528<ul> 3529 <li><?php bugfix(77051); ?> (Issue with re-binding on SQLite3).</li> 3530</ul></li> 3531<li>Xmlrpc: 3532<ul> 3533 <li><?php bugfix(77242); ?> (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)</li> 3534 <li><?php bugfix(77380); ?> (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)</li> 3535</ul></li> 3536</ul> 3537<!-- }}} --></section> 3538 3539<section class="version" id="7.3.0"><!-- {{{ 7.3.0 --> 3540<h3>Version 7.3.0</h3> 3541<b><?php release_date('06-Dec-2018'); ?></b> 3542<ul><li>Core: 3543<ul> 3544 <li>Improved PHP GC.</li> 3545 <li>Redesigned the old ext_skel program written in PHP, run: 'php ext_skel.php' for all options. This means there are no dependencies, thus making it work on Windows out of the box.</li> 3546 <li>Removed support for BeOS.</li> 3547 <li>Add PHP_VERSION to phpinfo() <title/>.</li> 3548 <li>Add net_get_interfaces().</li> 3549 <li>Implemented flexible heredoc and nowdoc syntax, per RFC https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes.</li> 3550 <li>Added support for references in list() and array destructuring, per RFC https://wiki.php.net/rfc/list_reference_assignment.</li> 3551 <li>Improved effectiveness of ZEND_SECURE_ZERO for NetBSD and systems without native similar feature.</li> 3552 <li>Added syslog.facility and syslog.ident INI entries for customizing syslog logging.</li> 3553 <li><?php bugfix(75683); ?> (Memory leak in zend_register_functions() in ZTS mode).</li> 3554 <li><?php bugfix(75031); ?> (support append mode in temp/memory streams).</li> 3555 <li><?php bugfix(74860); ?> (Uncaught exceptions not being formatted properly when error_log set to "syslog").</li> 3556 <li><?php bugfix(75220); ?> (Segfault when calling is_callable on parent).</li> 3557 <li><?php bugfix(69954); ?> (broken links and unused config items in distributed ini files).</li> 3558 <li><?php bugfix(74922); ?> (Composed class has fatal error with duplicate, equal const properties).</li> 3559 <li><?php bugfix(63911); ?> (identical trait methods raise errors during composition).</li> 3560 <li><?php bugfix(75677); ?> (Clang ignores fastcall calling convention on variadic function).</li> 3561 <li><?php bugfix(54043); ?> (Remove inconsitency of internal exceptions and user defined exceptions).</li> 3562 <li><?php bugfix(53033); ?> (Mathematical operations convert objects to integers).</li> 3563 <li><?php bugfix(73108); ?> (Internal class cast handler uses integer instead of float).</li> 3564 <li><?php bugfix(75765); ?> (Fatal error instead of Error exception when base class is not found).</li> 3565 <li><?php bugfix(76198); ?> (Wording: "iterable" is not a scalar type).</li> 3566 <li><?php bugfix(76137); ?> (config.guess/config.sub do not recognize RISC-V).</li> 3567 <li><?php bugfix(76427); ?> (Segfault in zend_objects_store_put).</li> 3568 <li><?php bugfix(76422); ?> (ftruncate fails on files > 2GB).</li> 3569 <li><?php bugfix(76509); ?> (Inherited static properties can be desynchronized from their parent by ref).</li> 3570 <li><?php bugfix(76439); ?> (Changed behaviour in unclosed HereDoc).</li> 3571 <li><?php bugfix(63217); ?> (Constant numeric strings become integers when used as ArrayAccess offset).</li> 3572 <li><?php bugfix(33502); ?> (Some nullary functions don't check the number of arguments).</li> 3573 <li><?php bugfix(76392); ?> (Error relocating sapi/cli/php: unsupported relocation type 37).</li> 3574 <li>The declaration and use of case-insensitive constants has been deprecated.</li> 3575 <li>Added syslog.filter INI entry for syslog filtering.</li> 3576 <li><?php bugfix(76667); ?> (Segfault with divide-assign op and __get + __set).</li> 3577 <li><?php bugfix(76030); ?> (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)</li> 3578 <li>Fixed broken zend_read_static_property (Laruence)</li> 3579 <li><?php bugfix(76773); ?> (Traits used on the parent are ignored for child classes).</li> 3580 <li><?php bugfix(76767); ?> (‘asm’ operand has impossible constraints in zend_operators.h).</li> 3581 <li><?php bugfix(76752); ?> (Crash in ZEND_COALESCE_SPEC_TMP_HANDLER - assertion in _get_zval_ptr_tmp failed).</li> 3582 <li><?php bugfix(76820); ?> (Z_COPYABLE invalid definition).</li> 3583 <li><?php bugfix(76510); ?> (file_exists() stopped working for phar://).</li> 3584 <li><?php bugfix(76869); ?> (Incorrect bypassing protected method accessibilty check).</li> 3585 <li><?php bugfix(72635); ?> (Undefined class used by class constant in constexpr generates fatal error).</li> 3586 <li><?php bugfix(76947); ?> (file_put_contents() blocks the directory of the file (__DIR__)).</li> 3587 <li><?php bugfix(76979); ?> (define() error message does not mention resources as valid values).</li> 3588 <li><?php bugfix(76825); ?> (Undefined symbols ___cpuid_count).</li> 3589 <li><?php bugfix(77110); ?> (undefined symbol zend_string_equal_val in C++ build).</li> 3590 <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li> 3591</ul></li> 3592<li>BCMath: 3593<ul> 3594 <li><?php implemented(67855); ?> (No way to get current scale in use).</li> 3595 <li><?php bugfix(66364); ?> (BCMath bcmul ignores scale parameter).</li> 3596 <li><?php bugfix(75164); ?> (split_bc_num() is pointless).</li> 3597 <li><?php bugfix(75169); ?> (BCMath errors/warnings bypass PHP's error handling).</li> 3598</ul></li> 3599<li>CLI: 3600<ul> 3601 <li><?php bugfix(44217); ?> (Output after stdout/stderr closed cause immediate exit with status 0).</li> 3602 <li><?php bugfix(77111); ?> (php-win.exe corrupts unicode symbols from cli parameters).</li> 3603</ul></li> 3604<li>cURL: 3605<ul> 3606 <li>Expose curl constants from curl 7.50 to 7.61.</li> 3607 <li><?php bugfix(74125); ?> (Fixed finding CURL on systems with multiarch support).</li> 3608</ul></li> 3609<li>Date: 3610<ul> 3611 <li><?php implemented(74668); ?>: Add DateTime::createFromImmutable() method.</li> 3612 <li><?php bugfix(75222); ?> (DateInterval microseconds property always 0).</li> 3613 <li><?php bugfix(68406); ?> (calling var_dump on a DateTimeZone object modifies it).</li> 3614 <li><?php bugfix(76131); ?> (mismatch arginfo for date_create).</li> 3615 <li>Updated timelib to 2018.01RC1 to address several bugs:</li> 3616 <li><?php bugfix(75577); ?> (DateTime::createFromFormat does not accept 'v' format specifier).</li> 3617 <li><?php bugfix(75642); ?> (Wrap around behaviour for microseconds is not working).</li> 3618 <li><?php bugfix(77097); ?> (DateTime::diff gives wrong diff when the actual diff is less than 1 second).</li> 3619</ul></li> 3620<li>DBA: 3621<ul> 3622 <li><?php bugfix(75264); ?> (compiler warnings emitted).</li> 3623</ul></li> 3624<li>DOM: 3625<ul> 3626 <li><?php bugfix(76285); ?> (DOMDocument::formatOutput attribute sometimes ignored).</li> 3627</ul></li> 3628<li>Fileinfo: 3629<ul> 3630 <li><?php bugfix(77095); ?> (slowness regression in 7.2/7.3 (compared to 7.1)).</li> 3631</ul></li> 3632<li>Filter: 3633<ul> 3634 <li>Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).</li> 3635</ul></li> 3636<li>FPM: 3637<ul> 3638 <li>Added fpm_get_status function.</li> 3639 <li><?php bugfix(62596); ?> (getallheaders() missing with PHP-FPM).</li> 3640 <li><?php bugfix(69031); ?> (Long messages into stdout/stderr are truncated incorrectly) - added new log related FPM configuration options: log_limit, log_buffering and decorate_workers_output.</li> 3641</ul></li> 3642<li>ftp: 3643<ul> 3644 <li><?php bugfix(77151); ?> (ftp_close(): SSL_read on shutdown).</li> 3645</ul></li> 3646<li>GD: 3647<ul> 3648 <li>Added support for WebP in imagecreatefromstring().</li> 3649</ul></li> 3650<li>GMP: 3651<ul> 3652 <li>Export internal structures and accessor helpers for GMP object.</li> 3653 <li>Added gmp_binomial(n, k).</li> 3654 <li>Added gmp_lcm(a, b).</li> 3655 <li>Added gmp_perfect_power(a).</li> 3656 <li>Added gmp_kronecker(a, b).</li> 3657</ul></li> 3658<li>iconv: 3659<ul> 3660 <li><?php bugfix(53891); ?> (iconv_mime_encode() fails to Q-encode UTF-8 string).</li> 3661 <li><?php bugfix(77147); ?> (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).</li> 3662</ul></li> 3663<li>IMAP: 3664<ul> 3665 <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li> 3666 <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li> 3667</ul></li> 3668<li>Interbase: 3669<ul> 3670 <li><?php bugfix(75453); ?> (Incorrect reflection for ibase_[p]connect).</li> 3671 <li><?php bugfix(76443); ?> (php+php_interbase.dll crash on module_shutdown).</li> 3672</ul></li> 3673<li>intl: 3674<ul> 3675 <li><?php bugfix(75317); ?> (UConverter::setDestinationEncoding changes source instead of destination).</li> 3676 <li><?php bugfix(76829); ?> (Incorrect validation of domain on idn_to_utf8() function).</li> 3677</ul></li> 3678<li>JSON: 3679<ul> 3680 <li>Added JSON_THROW_ON_ERROR flag.</li> 3681</ul></li> 3682<li>LDAP: 3683<ul> 3684 <li>Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay.</li> 3685 <li>Added full support for sending and parsing ldap controls.</li> 3686 <li><?php bugfix(49876); ?> (Fix LDAP path lookup on 64-bit distros).</li> 3687</ul></li> 3688<li>libxml2: 3689<ul> 3690 <li><?php bugfix(75871); ?> (use pkg-config where available).</li> 3691</ul></li> 3692<li>litespeed: 3693<ul> 3694 <li><?php bugfix(75248); ?> (Binary directory doesn't get created when building only litespeed SAPI).</li> 3695 <li><?php bugfix(75251); ?> (Missing program prefix and suffix).</li> 3696</ul></li> 3697<li>MBstring: 3698<ul> 3699 <li>Updated to Oniguruma 6.9.0.</li> 3700 <li><?php bugfix(65544); ?> (mb title case conversion-first word in quotation isn't capitalized).</li> 3701 <li><?php bugfix(71298); ?> (MB_CASE_TITLE misbehaves with curled apostrophe/quote).</li> 3702 <li><?php bugfix(73528); ?> (Crash in zif_mb_send_mail).</li> 3703 <li><?php bugfix(74929); ?> (mbstring functions version 7.1.1 are slow compared to 5.3 on Windows).</li> 3704 <li><?php bugfix(76319); ?> (mb_strtolower with invalid UTF-8 causes segmentation fault).</li> 3705 <li><?php bugfix(76574); ?> (use of undeclared identifiers INT_MAX and LONG_MAX).</li> 3706 <li><?php bugfix(76594); ?> (Bus Error due to unaligned access in zend_ini.c OnUpdateLong).</li> 3707 <li><?php bugfix(76706); ?> (mbstring.http_output_conv_mimetypes is ignored).</li> 3708 <li><?php bugfix(76958); ?> (Broken UTF7-IMAP conversion).</li> 3709 <li><?php bugfix(77025); ?> (mb_strpos throws Unknown encoding or conversion error).</li> 3710 <li><?php bugfix(77165); ?> (mb_check_encoding crashes when argument given an empty array).</li> 3711</ul></li> 3712<li>Mysqlnd: 3713<ul> 3714 <li><?php bugfix(76386); ?> (Prepared Statement formatter truncates fractional seconds from date/time column).</li> 3715</ul></li> 3716<li>ODBC: 3717<ul> 3718 <li>Removed support for ODBCRouter.</li> 3719 <li>Removed support for Birdstep.</li> 3720 <li><?php bugfix(77079); ?> (odbc_fetch_object has incorrect type signature).</li> 3721</ul></li> 3722<li>Opcache: 3723<ul> 3724 <li><?php bugfix(76466); ?> (Loop variable confusion).</li> 3725 <li><?php bugfix(76463); ?> (var has array key type but not value type).</li> 3726 <li><?php bugfix(76446); ?> (zend_variables.c:73: zend_string_destroy: Assertion `!(zval_gc_flags((str)->gc)).</li> 3727 <li><?php bugfix(76711); ?> (OPcache enabled triggers false-positive "Illegal string offset").</li> 3728 <li><?php bugfix(77058); ?> (Type inference in opcache causes side effects).</li> 3729 <li><?php bugfix(77092); ?> (array_diff_key() - segmentation fault).</li> 3730</ul></li> 3731<li>OpenSSL: 3732<ul> 3733 <li>Added openssl_pkey_derive function.</li> 3734 <li>Add min_proto_version and max_proto_version ssl stream options as well as related constants for possible TLS protocol values.</li> 3735</ul></li> 3736<li>PCRE: 3737<ul> 3738 <li>Implemented https://wiki.php.net/rfc/pcre2-migration.</li> 3739 <li>Upgrade PCRE2 to 10.32.</li> 3740 <li><?php bugfix(75355); ?> (preg_quote() does not quote # control character).</li> 3741 <li><?php bugfix(76512); ?> (\w no longer includes unicode characters).</li> 3742 <li><?php bugfix(76514); ?> (Regression in preg_match makes it fail with PREG_JIT_STACKLIMIT_ERROR).</li> 3743 <li><?php bugfix(76909); ?> (preg_match difference between 7.3 and < 7.3).</li> 3744</ul></li> 3745<li>PDO_DBlib: 3746<ul> 3747 <li><?php implemented(69592); ?> (allow 0-column rowsets to be skipped automatically).</li> 3748 <li>Expose TDS version as \PDO::DBLIB_ATTR_TDS_VERSION attribute on \PDO instance.</li> 3749 <li>Treat DATETIME2 columns like DATETIME.</li> 3750 <li><?php bugfix(74243); ?> (allow locales.conf to drive datetime format).</li> 3751</ul></li> 3752<li>PDO_Firebird: 3753<ul> 3754 <li><?php bugfix(74462); ?> (PDO_Firebird returns only NULLs for results with boolean for FIREBIRD >= 3.0).</li> 3755</ul></li> 3756<li>PDO_OCI: 3757<ul> 3758 <li><?php bugfix(74631); ?> (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).</li> 3759</ul></li> 3760<li>PDO SQLite: 3761<ul> 3762 <li>Add support for additional open flags</li> 3763</ul></li> 3764<li>pgsql: 3765<ul> 3766 <li>Added new error constants for pg_result_error(): PGSQL_DIAG_SCHEMA_NAME, PGSQL_DIAG_TABLE_NAME, PGSQL_DIAG_COLUMN_NAME, PGSQL_DIAG_DATATYPE_NAME, PGSQL_DIAG_CONSTRAINT_NAME and PGSQL_DIAG_SEVERITY_NONLOCALIZED.</li> 3767 <li><?php bugfix(77047); ?> (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).</li> 3768</ul></li> 3769<li>phar: 3770<ul> 3771 <li><?php bugfix(74991); ?> (include_path has a 4096 char limit in some cases).</li> 3772 <li><?php bugfix(65414); ?> (deal with leading slash when adding files correctly).</li> 3773 <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li> 3774 <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li> 3775</ul></li> 3776<li>readline: 3777<ul> 3778 <li>Added completion_append_character and completion_suppress_append options to readline_info() if linked against libreadline.</li> 3779</ul></li> 3780<li>Session: 3781<ul> 3782 <li><?php bugfix(74941); ?> (session fails to start after having headers sent).</li> 3783</ul></li> 3784<li>SimpleXML: 3785<ul> 3786 <li><?php bugfix(54973); ?> (SimpleXML casts integers wrong).</li> 3787 <li><?php bugfix(76712); ?> (Assignment of empty string creates extraneous text node).</li> 3788</ul></li> 3789<li>Sockets: 3790<ul> 3791 <li><?php bugfix(67619); ?> (Validate length on socket_write).</li> 3792</ul></li> 3793<li>SOAP: 3794<ul> 3795 <li><?php bugfix(75464); ?> (Wrong reflection on SoapClient::__setSoapHeaders).</li> 3796 <li><?php bugfix(70469); ?> (SoapClient generates E_ERROR even if exceptions=1 is used).</li> 3797 <li><?php bugfix(50675); ?> (SoapClient can't handle object references correctly).</li> 3798 <li><?php bugfix(76348); ?> (WSDL_CACHE_MEMORY causes Segmentation fault).</li> 3799 <li><?php bugfix(77141); ?> (Signedness issue in SOAP when precision=-1).</li> 3800</ul></li> 3801<li>SPL: 3802<ul> 3803 <li><?php bugfix(74977); ?> (Appending AppendIterator leads to segfault).</li> 3804 <li><?php bugfix(75173); ?> (incorrect behavior of AppendIterator::append in foreach loop).</li> 3805 <li><?php bugfix(74372); ?> (autoloading file with syntax error uses next autoloader, may hide parse error).</li> 3806 <li><?php bugfix(75878); ?> (RecursiveTreeIterator::setPostfix has wrong signature).</li> 3807 <li><?php bugfix(74519); ?> (strange behavior of AppendIterator).</li> 3808 <li><?php bugfix(76131); ?> (mismatch arginfo for splarray constructor).</li> 3809</ul></li> 3810<li>SQLite3: 3811<ul> 3812 <li>Updated bundled libsqlite to 3.24.0.</li> 3813</ul></li> 3814<li>Standard: 3815<ul> 3816 <li>Added is_countable() function.</li> 3817 <li>Added support for the SameSite cookie directive, including an alternative signature for setcookie(), setrawcookie() and session_set_cookie_params().</li> 3818 <li>Remove superfluous warnings from inet_ntop()/inet_pton().</li> 3819 <li><?php bugfix(75916); ?> (DNS_CAA record results contain garbage).</li> 3820 <li>Fixed unserialize(), to disable creation of unsupported data structures through manually crafted strings.</li> 3821 <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li> 3822 <li><?php bugfix(74719); ?> (fopen() should accept NULL as context).</li> 3823 <li><?php bugfix(69948); ?> (path/domain are not sanitized in setcookie).</li> 3824 <li><?php bugfix(75996); ?> (incorrect url in header for mt_rand).</li> 3825 <li>Added hrtime() function, to get high resolution time.</li> 3826 <li><?php bugfix(48016); ?> (stdClass::__setState is not defined although var_export() uses it).</li> 3827 <li><?php bugfix(76136); ?> (stream_socket_get_name should enclose IPv6 in brackets).</li> 3828 <li><?php bugfix(76688); ?> (Disallow excessive parameters after options array).</li> 3829 <li><?php bugfix(76713); ?> (Segmentation fault caused by property corruption).</li> 3830 <li><?php bugfix(76755); ?> (setcookie does not accept "double" type for expire time).</li> 3831 <li><?php bugfix(76674); ?> (improve array_* failure messages exposing what was passed instead of an array).</li> 3832 <li><?php bugfix(76803); ?> (ftruncate changes file pointer).</li> 3833 <li><?php bugfix(76818); ?> (Memory corruption and segfault).</li> 3834 <li><?php bugfix(77081); ?> (ftruncate() changes seek pointer in c mode).</li> 3835</ul></li> 3836<li>Testing: 3837<ul> 3838 <li><?php implemented(62055); ?> (Make run-tests.php support --CGI-- sections).</li> 3839</ul></li> 3840<li>Tidy: 3841<ul> 3842 <li>Support using tidyp instead of tidy.</li> 3843 <li><?php bugfix(74707); ?> (Tidy has incorrect ReflectionFunction param counts for functions taking tidy).</li> 3844 <li>Fixed arginfo for tidy::__construct().</li> 3845</ul></li> 3846<li>Tokenizer: 3847<ul> 3848 <li><?php bugfix(76437); ?> (token_get_all with TOKEN_PARSE flag fails to recognise close tag).</li> 3849 <li><?php bugfix(75218); ?> (Change remaining uncatchable fatal errors for parsing into ParseError).</li> 3850 <li><?php bugfix(76538); ?> (token_get_all with TOKEN_PARSE flag fails to recognise close tag with newline).</li> 3851 <li><?php bugfix(76991); ?> (Incorrect tokenization of multiple invalid flexible heredoc strings).</li> 3852</ul></li> 3853<li>XML: 3854<ul> 3855 <li><?php bugfix(71592); ?> (External entity processing never fails).</li> 3856</ul></li> 3857<li>Zlib: 3858<ul> 3859 <li>Added zlib/level context option for compress.zlib wrapper.</li> 3860</ul></li> 3861</ul> 3862<!-- }}} --></section> 3863 3864<a id="PHP_7_2"></a> 3865 3866<section class="version" id="7.2.34"><!-- {{{ 7.2.34 --> 3867<h3>Version 7.2.34</h3> 3868<b><?php release_date('01-Oct-2020'); ?></b> 3869<ul><li>Core: 3870<ul> 3871 <li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li> 3872</ul></li> 3873<li>OpenSSL: 3874<ul> 3875 <li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li> 3876</ul></li> 3877</ul> 3878<!-- }}} --></section> 3879 3880<section class="version" id="7.2.33"><!-- {{{ 7.2.33 --> 3881<h3>Version 7.2.33</h3> 3882<b><?php release_date('06-Aug-2020'); ?></b> 3883<ul><li>Core: 3884<ul> 3885 <li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte) (cmb)</li> 3886</ul></li> 3887<li>Phar: 3888<ul> 3889 <li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li> 3890</ul></li> 3891</ul> 3892<!-- }}} --></section> 3893 3894<section class="version" id="7.2.32"><!-- {{{ 7.2.32 --> 3895<h3>Version 7.2.32</h3> 3896<b><?php release_date('09-Jul-2020'); ?></b> 3897<ul><li>Windows: 3898<ul> 3899 <li>Rebuild of official Windows binaries with patched libcurl. No PHP source changes.</li> 3900</ul></li> 3901</ul> 3902<!-- }}} --></section> 3903 3904 3905 3906<section class="version" id="7.2.31"><!-- {{{ 7.2.31 --> 3907<h3>Version 7.2.31</h3> 3908<b><?php release_date('14-May-2020'); ?></b> 3909<ul><li>Core: 3910<ul> 3911 <li><?php bugfix(78875); ?> (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)</li> 3912 <li><?php bugfix(78876); ?> (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)</li> 3913</ul></li> 3914</ul> 3915<!-- }}} --></section> 3916 3917<section class="version" id="7.2.30"><!-- {{{ 7.2.30 --> 3918<h3>Version 7.2.30</h3> 3919<b><?php release_date('16-Apr-2020'); ?></b> 3920<ul><li>Standard: 3921<ul> 3922 <li><?php bugfix(79468); ?> (SIGSEGV when closing stream handle with a stream filter appended).</li> 3923 <li><?php bugfix(79330); ?> (shell_exec() silently truncates after a null byte).</li> 3924 <li><?php bugfix(79465); ?> (OOB Read in urldecode()).</li> 3925</ul></li> 3926</ul> 3927<!-- }}} --></section> 3928 3929 3930 3931<section class="version" id="7.2.29"><!-- {{{ 7.2.29 --> 3932<h3>Version 7.2.29</h3> 3933<b><?php release_date('19-Mar-2020'); ?></b> 3934<ul><li>Core: 3935<ul> 3936 <li><?php bugfix(79329); ?> (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)</li> 3937</ul></li> 3938<li>EXIF: 3939<ul> 3940 <li><?php bugfix(79282); ?> (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)</li> 3941</ul></li> 3942</ul> 3943<!-- }}} --></section> 3944 3945<section class="version" id="7.2.28"><!-- {{{ 7.2.28 --> 3946<h3>Version 7.2.28</h3> 3947<b><?php release_date('20-Feb-2020'); ?></b> 3948<ul><li>DOM: 3949<ul> 3950 <li><?php bugfix(77569); ?>: (Write Access Violation in DomImplementation).</li> 3951</ul></li> 3952<li>Phar: 3953<ul> 3954 <li><?php bugfix(79082); ?> (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)</li> 3955</ul></li> 3956<li>Session: 3957<ul> 3958 <li><?php bugfix(79221); ?> (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)</li> 3959</ul></li> 3960</ul> 3961<!-- }}} --></section> 3962 3963<section class="version" id="7.2.27"><!-- {{{ 7.2.27 --> 3964<h3>Version 7.2.27</h3> 3965<b><?php release_date('23-Jan-2020'); ?></b> 3966<ul><li>Mbstring: 3967<ul> 3968 <li><?php bugfix(79037); ?> (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)</li> 3969</ul></li> 3970<li>Session: 3971<ul> 3972 <li><?php bugfix(79091); ?> (heap use-after-free in session_create_id()).</li> 3973</ul></li> 3974<li>Standard: 3975<ul> 3976 <li><?php bugfix(79099); ?> (OOB read in php_strip_tags_ex). (CVE-2020-7059)</li> 3977</ul></li> 3978</ul> 3979<!-- }}} --></section> 3980 3981<section class="version" id="7.2.26"><!-- {{{ 7.2.26 --> 3982<h3>Version 7.2.26</h3> 3983<b><?php release_date('18-Dec-2019'); ?></b> 3984<ul><li>Bcmath: 3985<ul> 3986 <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)</li> 3987</ul></li> 3988<li>Core: 3989<ul> 3990 <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044)</li> 3991 <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)</li> 3992</ul></li> 3993<li>EXIF: 3994<ul> 3995 <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)</li> 3996 <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif). (CVE-2019-11047)</li> 3997</ul></li> 3998<li>GD: 3999<ul> 4000 <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li> 4001</ul></li> 4002<li>Intl: 4003<ul> 4004 <li><?php bugfix(78804); ?> (Segmentation fault in Locale::filterMatches).</li> 4005</ul></li> 4006<li>OPcache: 4007<ul> 4008 <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li> 4009</ul></li> 4010<li>Standard: 4011<ul> 4012 <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li> 4013 <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li> 4014 <li><?php bugfix(78814); ?> (strip_tags allows / in tag name => whitelist bypass).</li> 4015</ul></li> 4016</ul> 4017<!-- }}} --></section> 4018 4019 4020<section class="version" id="7.2.25"><!-- {{{ 7.2.25 --> 4021<h3>Version 7.2.25</h3> 4022<b><?php release_date('21-Nov-2019'); ?></b> 4023<ul><li>Core: 4024<ul> 4025 <li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li> 4026 <li><?php bugfix(78752); ?> (Segfault if GC triggered while generator stack frame is being destroyed).</li> 4027 <li><?php bugfix(78689); ?> (Closure::fromCallable() doesn't handle [Closure, '__invoke']).</li> 4028</ul></li> 4029<li>COM: 4030<ul> 4031 <li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li> 4032</ul></li> 4033<li>Date: 4034<ul> 4035 <li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li> 4036 <li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li> 4037</ul></li> 4038<li>Iconv: 4039<ul> 4040 <li><?php bugfix(78642); ?> (Wrong libiconv version displayed). (gedas at martynas, cmb).</li> 4041</ul></li> 4042<li>OpCache: 4043<ul> 4044 <li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li> 4045 <li><?php bugfix(78747); ?> (OpCache corrupts custom extension result).</li> 4046</ul></li> 4047<li>OpenSSL: 4048<ul> 4049 <li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li> 4050</ul></li> 4051<li>Reflection: 4052<ul> 4053 <li><?php bugfix(78697); ?> (ReflectionClass::ImplementsInterface - inaccurate error message with traits).</li> 4054</ul></li> 4055<li>Sockets: 4056<ul> 4057 <li><?php bugfix(78665); ?> (Multicasting may leak memory).</li> 4058</ul></li> 4059</ul> 4060<!-- }}} --></section> 4061 4062 4063 4064<section class="version" id="7.2.24"><!-- {{{ 7.2.24 --> 4065<h3>Version 7.2.24</h3> 4066<b><?php release_date('24-Oct-2019'); ?></b> 4067<ul><li>Core: 4068<ul> 4069 <li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li> 4070 <li><?php bugfix(78620); ?> (Out of memory error).</li> 4071</ul></li> 4072<li>Exif: 4073<ul> 4074 <li><?php bugfix(78442); ?> ('Illegal component' on exif_read_data since PHP7) (Kalle)</li> 4075</ul></li> 4076<li>FPM: 4077<ul> 4078 <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li> 4079</ul></li> 4080<li>MBString: 4081<ul> 4082 <li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li> 4083 <li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li> 4084</ul></li> 4085<li>MySQLi: 4086<ul> 4087 <li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li> 4088</ul></li> 4089<li>PDO_MySQL: 4090<ul> 4091 <li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li> 4092</ul></li> 4093<li>Session: 4094<ul> 4095 <li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li> 4096</ul></li> 4097<li>Standard: 4098<ul> 4099 <li><?php bugfix(76342); ?> (file_get_contents waits twice specified timeout).</li> 4100 <li><?php bugfix(78612); ?> (strtr leaks memory when integer keys are used and the subject string shorter).</li> 4101 <li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li> 4102</ul></li> 4103<li>Zip: 4104<ul> 4105 <li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li> 4106</ul></li> 4107</ul> 4108<!-- }}} --></section> 4109 4110<section class="version" id="7.2.23"><!-- {{{ 7.2.23 --> 4111<h3>Version 7.2.23</h3> 4112<b><?php release_date('26-Sep-2019'); ?></b> 4113<ul><li>Core: 4114<ul> 4115 <li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li> 4116 <li><?php bugfix(78412); ?> (Generator incorrectly reports non-releasable $this as GC child).</li> 4117</ul></li> 4118<li>FastCGI: 4119<ul> 4120 <li><?php bugfix(78469); ?> (FastCGI on_accept hook is not called when using named pipes on Windows).</li> 4121</ul></li> 4122<li>MySQLnd: 4123<ul> 4124 <li>Fixed connect_attr issues and added the _server_host connection attribute.</li> 4125</ul></li> 4126<li>ODBC: 4127<ul> 4128 <li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li> 4129</ul></li> 4130<li>PDO_MySQL: 4131<ul> 4132 <li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li> 4133</ul></li> 4134<li>sodium: 4135<ul> 4136 <li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li> 4137</ul></li> 4138<li>SPL: 4139<ul> 4140 <li><?php bugfix(72884); ?> (SplObject isCloneable() returns true but errs on clone).</li> 4141</ul></li> 4142</ul> 4143<!-- }}} --></section> 4144 4145 4146 4147<section class="version" id="7.2.22"><!-- {{{ 7.2.22 --> 4148<h3>Version 7.2.22</h3> 4149<b><?php release_date('29-Aug-2019'); ?></b> 4150<ul><li>Core: 4151<ul> 4152 <li><?php bugfix(78363); ?> (Buffer overflow in zendparse).</li> 4153 <li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li> 4154</ul></li> 4155<li>Curl: 4156<ul> 4157 <li><?php bugfix(77946); ?> (Bad cURL resources returned by curl_multi_info_read()).</li> 4158</ul></li> 4159<li>Exif: 4160<ul> 4161 <li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li> 4162</ul></li> 4163<li>Iconv: 4164<ul> 4165 <li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li> 4166</ul></li> 4167<li>LiteSpeed: 4168<ul> 4169 <li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li> 4170</ul></li> 4171<li>MySQLnd: 4172<ul> 4173 <li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li> 4174</ul></li> 4175<li>Opcache: 4176<ul> 4177 <li><?php bugfix(77191); ?> (Assertion failure in dce_live_ranges() when silencing is used).</li> 4178</ul></li> 4179<li>Standard: 4180<ul> 4181 <li><?php bugfix(69100); ?> (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).</li> 4182 <li><?php bugfix(78282); ?> (atime and mtime mismatch).</li> 4183 <li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li> 4184</ul></li> 4185</ul> 4186<!-- }}} --></section> 4187 4188 4189 4190<section class="version" id="7.2.21"><!-- {{{ 7.2.21 --> 4191<h3>Version 7.2.21</h3> 4192<b><?php release_date('01-Aug-2019'); ?></b> 4193<ul><li>Date: 4194<ul> 4195 <li><?php bugfix(69044); ?> (discrepency between time and microtime).</li> 4196</ul></li> 4197<li>EXIF: 4198<ul> 4199 <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li> 4200 <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li> 4201</ul></li> 4202<li>Fileinfo: 4203<ul> 4204 <li><?php bugfix(78183); ?> (finfo_file shows wrong mime-type for .tga file).</li> 4205</ul></li> 4206<li>FTP: 4207<ul> 4208 <li><?php bugfix(77124); ?> (FTP with SSL memory leak).</li> 4209</ul></li> 4210<li>Libxml: 4211<ul> 4212 <li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li> 4213</ul></li> 4214<li>LiteSpeed: 4215<ul> 4216 <li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li> 4217 <li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li> 4218</ul></li> 4219<li>Openssl: 4220<ul> 4221 <li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li> 4222</ul></li> 4223<li>OPcache: 4224<ul> 4225 <li><?php bugfix(78189); ?> (file cache strips last character of uname hash).</li> 4226 <li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li> 4227 <li><?php bugfix(78291); ?> (opcache_get_configuration doesn't list all directives).</li> 4228</ul></li> 4229<li>Phar: 4230<ul> 4231 <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li> 4232</ul></li> 4233<li>Phpdbg: 4234<ul> 4235 <li><?php bugfix(78297); ?> (Include unexistent file memory leak).</li> 4236</ul></li> 4237<li>PDO_Sqlite: 4238<ul> 4239 <li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li> 4240</ul></li> 4241<li>SQLite: 4242<ul> 4243 <li>Upgraded to SQLite 3.28.0.</li> 4244</ul></li> 4245<li>Standard: 4246<ul> 4247 <li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li> 4248 <li><?php bugfix(78269); ?> (password_hash uses weak options for argon2).</li> 4249</ul></li> 4250<li>XMLRPC: 4251<ul> 4252 <li><?php bugfix(78173); ?> (XML-RPC mutates immutable objects during encoding).</li> 4253</ul></li> 4254</ul> 4255<!-- }}} --></section> 4256 4257<section class="version" id="7.2.20"><!-- {{{ 7.2.20 --> 4258<h3>Version 7.2.20</h3> 4259<b><?php release_date('04-Jul-2019'); ?></b> 4260<ul><li>Core: 4261<ul> 4262 <li><?php bugfix(76980); ?> (Interface gets skipped if autoloader throws an exception).</li> 4263</ul></li> 4264<li>DOM: 4265<ul> 4266 <li><?php bugfix(78025); ?> (segfault when accessing properties of DOMDocumentType).</li> 4267</ul></li> 4268<li>MySQLi: 4269<ul> 4270 <li><?php bugfix(77956); ?> (When mysqli.allow_local_infile = Off, use a meaningful error message).</li> 4271 <li><?php bugfix(38546); ?> (bindParam incorrect processing of bool types).</li> 4272</ul></li> 4273<li>Opcache: 4274<ul> 4275 <li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li> 4276</ul></li> 4277<li>OpenSSL: 4278<ul> 4279 <li><?php bugfix(78079); ?> (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).</li> 4280</ul></li> 4281<li>Sockets: 4282<ul> 4283 <li><?php bugfix(78038); ?> (Socket_select fails when resource array contains references).</li> 4284</ul></li> 4285<li>Standard: 4286<ul> 4287 <li><?php bugfix(77135); ?> (Extract with EXTR_SKIP should skip $this).</li> 4288 <li><?php bugfix(77937); ?> (preg_match failed).</li> 4289</ul></li> 4290<li>Zip: 4291<ul> 4292 <li><?php bugfix(76345); ?> (zip.h not found).</li> 4293</ul></li> 4294</ul> 4295<!-- }}} --></section> 4296 4297<section class="version" id="7.2.19"><!-- {{{ 7.2.19 --> 4298<h3>Version 7.2.19</h3> 4299<b><?php release_date('30-May-2019'); ?></b> 4300<ul><li>Date: 4301<ul> 4302 <li><?php bugfix(77909); ?> (DatePeriod::__construct() with invalid recurrence count value).</li> 4303</ul></li> 4304<li>EXIF: 4305<ul> 4306 <li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li> 4307</ul></li> 4308<li>FPM: 4309<ul> 4310 <li><?php bugfix(77934); ?> (php-fpm kill -USR2 not working).</li> 4311 <li><?php bugfix(77921); ?> (static.php.net doesn't work anymore).</li> 4312</ul></li> 4313<li>GD: 4314<ul> 4315 <li><?php bugfix(77943); ?> (imageantialias($image, false); does not work).</li> 4316 <li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li> 4317</ul></li> 4318<li>Iconv: 4319<ul> 4320 <li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li> 4321</ul></li> 4322<li>JSON: 4323<ul> 4324 <li><?php bugfix(77843); ?> (Use after free with json serializer).</li> 4325</ul></li> 4326<li>Opcache: 4327<ul> 4328 <li>Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.</li> 4329</ul></li> 4330<li>PDO_MySQL: 4331<ul> 4332 <li><?php bugfix(77944); ?> (Wrong meta pdo_type for bigint on LLP64).</li> 4333</ul></li> 4334<li>Reflection: 4335<ul> 4336 <li><?php bugfix(75186); ?> (Inconsistent reflection of Closure:::__invoke()).</li> 4337</ul></li> 4338<li>Session: 4339<ul> 4340 <li><?php bugfix(77911); ?> (Wrong warning for session.sid_bits_per_character).</li> 4341</ul></li> 4342<li>SPL: 4343<ul> 4344 <li><?php bugfix(77024); ?> (SplFileObject::__toString() may return array).</li> 4345</ul></li> 4346<li>SQLite: 4347<ul> 4348 <li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li> 4349</ul></li> 4350</ul> 4351<!-- }}} --></section> 4352 4353<section class="version" id="7.2.18"><!-- {{{ 7.2.18 --> 4354<h3>Version 7.2.18</h3> 4355<b><?php release_date('02-May-2019'); ?></b> 4356<ul><li>CLI: 4357<ul> 4358 <li><?php bugfix(77794); ?> (Incorrect Date header format in built-in server).</li> 4359</ul></li> 4360<li>EXIF: 4361<ul> 4362 <li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li> 4363</ul></li> 4364<li>Interbase: 4365<ul> 4366 <li><?php bugfix(72175); ?> (Impossibility of creating multiple connections to Interbase with php 7.x).</li> 4367</ul></li> 4368<li>Intl: 4369<ul> 4370 <li><?php bugfix(77895); ?> (IntlDateFormatter::create fails in strict mode if $locale = null).</li> 4371</ul></li> 4372<li>litespeed: 4373<ul> 4374 <li>LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().</li> 4375</ul></li> 4376<li>Mail: 4377<ul> 4378 <li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li> 4379</ul></li> 4380<li>PCRE: 4381<ul> 4382 <li><?php bugfix(77827); ?> (preg_match does not ignore \r in regex flags).</li> 4383</ul></li> 4384<li>PDO: 4385<ul> 4386 <li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li> 4387</ul></li> 4388<li>phpdbg: 4389<ul> 4390 <li><?php bugfix(76801); ?> (too many open files).</li> 4391 <li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li> 4392 <li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li> 4393</ul></li> 4394<li>Reflection: 4395<ul> 4396 <li><?php bugfix(77772); ?> (ReflectionClass::getMethods(null) doesn't work).</li> 4397 <li><?php bugfix(77882); ?> (Different behavior: always calls destructor).</li> 4398</ul></li> 4399<li>Standard: 4400<ul> 4401 <li><?php bugfix(77680); ?> (recursive mkdir on ftp stream wrapper is incorrect).</li> 4402 <li><?php bugfix(77844); ?> (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).</li> 4403 <li><?php bugfix(77853); ?> (Inconsistent substr_compare behaviour with empty haystack).</li> 4404</ul></li> 4405</ul> 4406<!-- }}} --></section> 4407 4408<section class="version" id="7.2.17"><!-- {{{ 7.2.17 --> 4409<h3>Version 7.2.17</h3> 4410<b><?php release_date('04-Apr-2019'); ?></b> 4411<ul><li>Core: 4412<ul> 4413 <li><?php bugfix(77738); ?> (Nullptr deref in zend_compile_expr).</li> 4414 <li><?php bugfix(77660); ?> (Segmentation fault on break 2147483648).</li> 4415 <li><?php bugfix(77652); ?> (Anonymous classes can lose their interface information).</li> 4416 <li><?php bugfix(77676); ?> (Unable to run tests when building shared extension on AIX).</li> 4417</ul></li> 4418<li>Bcmath: 4419<ul> 4420 <li><?php bugfix(77742); ?> (bcpow() implementation related to gcc compiler optimization).</li> 4421</ul></li> 4422<li>COM: 4423<ul> 4424 <li><?php bugfix(77578); ?> (Crash when php unload).</li> 4425</ul></li> 4426<li>Date: 4427<ul> 4428 <li><?php bugfix(50020); ?> (DateInterval:createDateFromString() silently fails).</li> 4429 <li><?php bugfix(75113); ?> (Added DatePeriod::getRecurrences() method).</li> 4430</ul></li> 4431<li>EXIF: 4432<ul> 4433 <li><?php bugfix(77753); ?> (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)</li> 4434 <li><?php bugfix(77831); ?> (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)</li> 4435</ul></li> 4436<li>FPM: 4437<ul> 4438 <li><?php bugfix(77677); ?> (FPM fails to build on AIX due to missing WCOREDUMP).</li> 4439</ul></li> 4440<li>GD: 4441<ul> 4442 <li><?php bugfix(77700); ?> (Writing truecolor images as GIF ignores interlace flag).</li> 4443</ul></li> 4444<li>MySQLi: 4445<ul> 4446 <li><?php bugfix(77597); ?> (mysqli_fetch_field hangs scripts).</li> 4447</ul></li> 4448<li>Opcache: 4449<ul> 4450 <li><?php bugfix(77691); ?> (Opcache passes wrong value for inline array push assignments).</li> 4451 <li><?php bugfix(77743); ?> (Incorrect pi node insertion for jmpznz with identical successors).</li> 4452</ul></li> 4453<li>phpdbg: 4454<ul> 4455 <li><?php bugfix(77767); ?> (phpdbg break cmd aliases listed in help do not match actual aliases).</li> 4456</ul></li> 4457<li>sodium: 4458<ul> 4459 <li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li> 4460</ul></li> 4461<li>SQLite3: 4462<ul> 4463 <li>Added sqlite3.defensive INI directive.</li> 4464</ul></li> 4465<li>Standard: 4466<ul> 4467 <li><?php bugfix(77664); ?> (Segmentation fault when using undefined constant in custom wrapper).</li> 4468 <li><?php bugfix(77669); ?> (Crash in extract() when overwriting extracted array).</li> 4469 <li><?php bugfix(76717); ?> (var_export() does not create a parsable value for PHP_INT_MIN).</li> 4470 <li><?php bugfix(77765); ?> (FTP stream wrapper should set the directory as executable).</li> 4471</ul></li> 4472</ul> 4473<!-- }}} --></section> 4474 4475<section class="version" id="7.2.16"><!-- {{{ 7.2.16 --> 4476<h3>Version 7.2.16</h3> 4477<b><?php release_date('07-Mar-2019'); ?></b> 4478<ul><li>Core: 4479<ul> 4480 <li><?php bugfix(77589); ?> (Core dump using parse_ini_string with numeric sections).</li> 4481 <li><?php bugfix(77630); ?> (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)</li> 4482</ul></li> 4483<li>COM: 4484<ul> 4485 <li><?php bugfix(77621); ?> (Already defined constants are not properly reported).</li> 4486</ul></li> 4487<li>EXIF: 4488<ul> 4489 <li><?php bugfix(77509); ?> (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)</li> 4490 <li><?php bugfix(77540); ?> (Invalid Read on exif_process_SOFn). (CVE-2019-9640)</li> 4491 <li><?php bugfix(77563); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)</li> 4492 <li><?php bugfix(77659); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)</li> 4493</ul></li> 4494<li>PDO_OCI: 4495<ul> 4496 <li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li> 4497</ul></li> 4498<li>PHAR: 4499<ul> 4500 <li><?php bugfix(77396); ?> (Null Pointer Dereference in phar_create_or_parse_filename).</li> 4501</ul></li> 4502<li>SPL: 4503<ul> 4504 <li><?php bugfix(51068); ?> (DirectoryIterator glob:// don't support current path relative queries).</li> 4505 <li><?php bugfix(77431); ?> (openFile() silently truncates after a null byte).</li> 4506</ul></li> 4507<li>Standard: 4508<ul> 4509 <li><?php bugfix(77552); ?> (Unintialized php_stream_statbuf in stat functions).</li> 4510</ul></li> 4511<li>MySQL: 4512<ul> 4513 <li>Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.</li> 4514</ul></li> 4515</ul> 4516<!-- }}} --></section> 4517 4518<section class="version" id="7.2.15"><!-- {{{ 7.2.15 --> 4519<h3>Version 7.2.15</h3> 4520<b><?php release_date('07-Feb-2019'); ?></b> 4521<ul><li>Core: 4522<ul> 4523 <li><?php bugfix(77339); ?> (__callStatic may get incorrect arguments).</li> 4524 <li><?php bugfix(77494); ?> (Disabling class causes segfault on member access).</li> 4525 <li><?php bugfix(77530); ?> (PHP crashes when parsing `(2)::class`).</li> 4526</ul></li> 4527<li>Curl: 4528<ul> 4529 <li><?php bugfix(76675); ?> (Segfault with H2 server push).</li> 4530</ul></li> 4531<li>GD: 4532<ul> 4533 <li><?php bugfix(73281); ?> (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).</li> 4534 <li><?php bugfix(73614); ?> (gdImageFilledArc() doesn't properly draw pies).</li> 4535 <li><?php bugfix(77272); ?> (imagescale() may return image resource on failure).</li> 4536 <li><?php bugfix(77391); ?> (1bpp BMPs may fail to be loaded).</li> 4537 <li><?php bugfix(77479); ?> (imagewbmp() segfaults with very large images).</li> 4538</ul></li> 4539<li>ldap: 4540<ul> 4541 <li><?php bugfix(77440); ?> (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).</li> 4542</ul></li> 4543<li>Mbstring: 4544<ul> 4545 <li><?php bugfix(77454); ?> (mb_scrub() silently truncates after a null byte).</li> 4546</ul></li> 4547<li>MySQLnd: 4548<ul> 4549 <li><?php bugfix(75684); ?> (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).</li> 4550</ul></li> 4551<li>Opcache: 4552<ul> 4553 <li><?php bugfix(77361); ?> (configure fails on 64-bit AIX when opcache enabled).</li> 4554</ul></li> 4555<li>OpenSSL: 4556<ul> 4557 <li><?php bugfix(77390); ?> (feof might hang on TLS streams in case of fragmented TLS records).</li> 4558</ul></li> 4559<li>PDO: 4560<ul> 4561 <li><?php bugfix(77273); ?> (array_walk_recursive corrupts value types leading to PDO failure).</li> 4562</ul></li> 4563<li>Sockets: 4564<ul> 4565 <li><?php bugfix(76839); ?> (socket_recvfrom may return an invalid 'from' address on MacOS).</li> 4566</ul></li> 4567<li>Standard: 4568<ul> 4569 <li><?php bugfix(77395); ?> (segfault about array_multisort).</li> 4570 <li><?php bugfix(77439); ?> (parse_str segfaults when inserting item into existing array).</li> 4571</ul></li> 4572</ul> 4573<!-- }}} --></section> 4574 4575<section class="version" id="7.2.14"><!-- {{{ 7.2.14 --> 4576<h3>Version 7.2.14</h3> 4577<b><?php release_date('10-Jan-2019'); ?></b> 4578<ul><li>Core: 4579<ul> 4580 <li><?php bugfix(77369); ?> (memcpy with negative length via crafted DNS response). (CVE-2019-9022)</li> 4581 <li><?php bugfix(71041); ?> (zend_signal_startup() needs ZEND_API).</li> 4582 <li><?php bugfix(76046); ?> (PHP generates "FE_FREE" opcode on the wrong line).</li> 4583</ul></li> 4584<li>COM: 4585<ul> 4586 <li><?php bugfix(77177); ?> (Serializing or unserializing COM objects crashes).</li> 4587</ul></li> 4588<li>Date: 4589<ul> 4590 <li><?php bugfix(77097); ?> (DateTime::diff gives wrong diff when the actual diff is less than 1 second).</li> 4591</ul></li> 4592<li>Exif: 4593<ul> 4594 <li><?php bugfix(77184); ?> (Unsigned rational numbers are written out as signed rationals).</li> 4595</ul></li> 4596<li>GD: 4597<ul> 4598 <li><?php bugfix(77269); ?> (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)</li> 4599 <li><?php bugfix(77270); ?> (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)</li> 4600 <li><?php bugfix(77195); ?> (Incorrect error handling of imagecreatefromjpeg()).</li> 4601 <li><?php bugfix(77198); ?> (auto cropping has insufficient precision).</li> 4602 <li><?php bugfix(77200); ?> (imagecropauto(…, GD_CROP_SIDES) crops left but not right).</li> 4603</ul></li> 4604<li>IMAP: 4605<ul> 4606 <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li> 4607</ul></li> 4608<li>Mbstring: 4609<ul> 4610 <li><?php bugfix(77370); ?> (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)</li> 4611 <li><?php bugfix(77371); ?> (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)</li> 4612 <li><?php bugfix(77381); ?> (heap buffer overflow in multibyte match_at). (CVE-2019-9023)</li> 4613 <li><?php bugfix(77382); ?> (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)</li> 4614 <li><?php bugfix(77385); ?> (buffer overflow in fetch_token). (CVE-2019-9023)</li> 4615 <li><?php bugfix(77394); ?> (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)</li> 4616 <li><?php bugfix(77418); ?> (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)</li> 4617</ul></li> 4618<li>OCI8: 4619<ul> 4620 <li><?php bugfix(76804); ?> (oci_pconnect with OCI_CRED_EXT not working).</li> 4621 <li>Added oci_set_call_timeout() for call timeouts.</li> 4622 <li>Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.</li> 4623</ul></li> 4624<li>Opcache: 4625<ul> 4626 <li><?php bugfix(77215); ?> (CFG assertion failure on multiple finalizing switch frees in one block).</li> 4627</ul></li> 4628<li>PDO: 4629<ul> 4630 <li>Handle invalid index passed to PDOStatement::fetchColumn() as error.</li> 4631</ul></li> 4632<li>Phar: 4633<ul> 4634 <li><?php bugfix(77247); ?> (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)</li> 4635</ul></li> 4636<li>Sockets: 4637<ul> 4638 <li><?php bugfix(77136); ?> (Unsupported IPV6_RECVPKTINFO constants on macOS).</li> 4639</ul></li> 4640<li>SQLite3: 4641<ul> 4642 <li><?php bugfix(77051); ?> (Issue with re-binding on SQLite3).</li> 4643</ul></li> 4644<li>Xmlrpc: 4645<ul> 4646 <li><?php bugfix(77242); ?> (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)</li> 4647 <li><?php bugfix(77380); ?> (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)</li> 4648</ul></li> 4649</ul> 4650<!-- }}} --></section> 4651 4652<section class="version" id="7.2.13"><!-- {{{ 7.2.13 --> 4653<h3>Version 7.2.13</h3> 4654<b><?php release_date('06-Dec-2018'); ?></b> 4655<ul><li>ftp: 4656<ul> 4657 <li><?php bugfix(77151); ?> (ftp_close(): SSL_read on shutdown).</li> 4658</ul></li> 4659<li>CLI: 4660<ul> 4661 <li><?php bugfix(77111); ?> (php-win.exe corrupts unicode symbols from cli parameters).</li> 4662</ul></li> 4663<li>Fileinfo: 4664<ul> 4665 <li><?php bugfix(77095); ?> (slowness regression in 7.2/7.3 (compared to 7.1)).</li> 4666</ul></li> 4667<li>iconv: 4668<ul> 4669 <li><?php bugfix(77147); ?> (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).</li> 4670</ul></li> 4671<li>Core: 4672<ul> 4673 <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li> 4674</ul></li> 4675<li>IMAP: 4676<ul> 4677 <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li> 4678</ul></li> 4679<li>ODBC: 4680<ul> 4681 <li><?php bugfix(77079); ?> (odbc_fetch_object has incorrect type signature).</li> 4682</ul></li> 4683<li>Opcache: 4684<ul> 4685 <li><?php bugfix(77058); ?> (Type inference in opcache causes side effects).</li> 4686 <li><?php bugfix(77092); ?> (array_diff_key() - segmentation fault).</li> 4687</ul></li> 4688<li>Phar: 4689<ul> 4690 <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li> 4691 <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li> 4692</ul></li> 4693<li>PGSQL: 4694<ul> 4695 <li><?php bugfix(77047); ?> (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).</li> 4696</ul></li> 4697<li>SOAP: 4698<ul> 4699 <li><?php bugfix(50675); ?> (SoapClient can't handle object references correctly).</li> 4700 <li><?php bugfix(76348); ?> (WSDL_CACHE_MEMORY causes Segmentation fault).</li> 4701 <li><?php bugfix(77141); ?> (Signedness issue in SOAP when precision=-1).</li> 4702</ul></li> 4703<li>Sockets: 4704<ul> 4705 <li><?php bugfix(67619); ?> (Validate length on socket_write).</li> 4706</ul></li> 4707</ul> 4708<!-- }}} --></section> 4709 4710<section class="version" id="7.2.12"><!-- {{{ 7.2.12 --> 4711<h3>Version 7.2.12</h3> 4712<b><?php release_date('08-Nov-2018'); ?></b> 4713<ul><li>Core: 4714<ul> 4715 <li><?php bugfix(76846); ?> (Segfault in shutdown function after memory limit error).</li> 4716 <li><?php bugfix(76946); ?> (Cyclic reference in generator not detected).</li> 4717 <li><?php bugfix(77035); ?> (The phpize and ./configure create redundant .deps file).</li> 4718 <li><?php bugfix(77041); ?> (buildconf should output error messages to stderr) (Mizunashi Mana)</li> 4719</ul></li> 4720<li>Date: 4721<ul> 4722 <li>Upgraded timelib to 2017.08.</li> 4723 <li><?php bugfix(75851); ?> (Year component overflow with date formats "c", "o", "r" and "y").</li> 4724 <li><?php bugfix(77007); ?> (fractions in `diff()` are not correctly normalized).</li> 4725</ul></li> 4726<li>FCGI: 4727<ul> 4728 <li><?php bugfix(76948); ?> (Failed shutdown/reboot or end session in Windows).</li> 4729 <li><?php bugfix(76954); ?> (apache_response_headers removes last character from header name).</li> 4730</ul></li> 4731<li>FTP: 4732<ul> 4733 <li><?php bugfix(76972); ?> (Data truncation due to forceful ssl socket shutdown).</li> 4734</ul></li> 4735<li>intl: 4736<ul> 4737 <li><?php bugfix(76942); ?> (U_ARGUMENT_TYPE_MISMATCH).</li> 4738</ul></li> 4739<li>Reflection: 4740<ul> 4741 <li><?php bugfix(76936); ?> (Objects cannot access their private attributes while handling reflection errors).</li> 4742 <li><?php bugfix(66430); ?> (ReflectionFunction::invoke does not invoke closure with object scope).</li> 4743</ul></li> 4744<li>Sodium: 4745<ul> 4746 <li>Some base64 outputs were truncated; this is not the case any more.</li> 4747 <li>block sizes >= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed.</li> 4748 <li><?php bugfix(77008); ?> (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input).</li> 4749</ul></li> 4750<li>Standard: 4751<ul> 4752 <li><?php bugfix(76965); ?> (INI_SCANNER_RAW doesn't strip trailing whitespace).</li> 4753</ul></li> 4754<li>Tidy: 4755<ul> 4756 <li><?php bugfix(77027); ?> (tidy::getOptDoc() not available on Windows).</li> 4757</ul></li> 4758<li>XML: 4759<ul> 4760 <li><?php bugfix(30875); ?> (xml_parse_into_struct() does not resolve entities).</li> 4761 <li>Add support for getting SKIP_TAGSTART and SKIP_WHITE options.</li> 4762</ul></li> 4763<li>XMLRPC: 4764<ul> 4765 <li><?php bugfix(75282); ?> (xmlrpc_encode_request() crashes).</li> 4766</ul></li> 4767</ul> 4768<!-- }}} --></section> 4769 4770<section class="version" id="7.2.11"><!-- {{{ 7.2.11 --> 4771<h3>Version 7.2.11</h3> 4772<b><?php release_date('11-Oct-2018'); ?></b> 4773<ul><li>Core: 4774<ul> 4775 <li><?php bugfix(76800); ?> (foreach inconsistent if array modified during loop).</li> 4776 <li><?php bugfix(76901); ?> (method_exists on SPL iterator passthrough method corrupts memory).</li> 4777</ul></li> 4778<li>CURL: 4779<ul> 4780 <li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li> 4781</ul></li> 4782<li>iconv: 4783<ul> 4784 <li><?php bugfix(66828); ?> (iconv_mime_encode Q-encoding longer than it should be).</li> 4785</ul></li> 4786<li>Opcache: 4787<ul> 4788 <li><?php bugfix(76832); ?> (ZendOPcache.MemoryBase periodically deleted by the OS).</li> 4789 <li><?php bugfix(76796); ?> (Compile-time evaluation of disabled function in opcache causes segfault).</li> 4790</ul></li> 4791<li>POSIX: 4792<ul> 4793 <li><?php bugfix(75696); ?> (posix_getgrnam fails to print details of group).</li> 4794</ul></li> 4795<li>Reflection: 4796<ul> 4797 <li><?php bugfix(74454); ?> (Wrong exception being thrown when using ReflectionMethod).</li> 4798</ul></li> 4799<li>Standard: 4800<ul> 4801 <li><?php bugfix(73457); ?> (Wrong error message when fopen FTP wrapped fails to open data connection).</li> 4802 <li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li> 4803 <li><?php bugfix(75533); ?> (array_reduce is slow when $carry is large array).</li> 4804</ul></li> 4805<li>XMLRPC: 4806<ul> 4807 <li><?php bugfix(76886); ?> (Can't build xmlrpc with expat).</li> 4808</ul></li> 4809<li>Zlib: 4810<ul> 4811 <li><?php bugfix(75273); ?> (php_zlib_inflate_filter() may not update bytes_consumed).</li> 4812</ul></li> 4813</ul> 4814<!-- }}} --></section> 4815 4816<section class="version" id="7.2.10"><!-- {{{ 7.2.10 --> 4817<h3>Version 7.2.10</h3> 4818<b><?php release_date('13-Sep-2018'); ?></b> 4819<ul><li>Core: 4820<ul> 4821 <li><?php bugfix(76754); ?> (parent private constant in extends class memory leak).</li> 4822 <li><?php bugfix(72443); ?> (Generate enabled extension).</li> 4823 <li><?php bugfix(75797); ?> (Memory leak when using class_alias() in non-debug mode).</li> 4824</ul></li> 4825<li>Apache2: 4826<ul> 4827 <li><?php bugfix(76582); ?> (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)</li> 4828</ul></li> 4829<li>Bz2: 4830<ul> 4831 <li>Fixed arginfo for bzcompress.</li> 4832</ul></li> 4833<li>gettext: 4834<ul> 4835 <li><?php bugfix(76517); ?> (incorrect restoring of LDFLAGS).</li> 4836</ul></li> 4837<li>iconv: 4838<ul> 4839 <li><?php bugfix(68180); ?> (iconv_mime_decode can return extra characters in a header).</li> 4840 <li><?php bugfix(63839); ?> (iconv_mime_decode_headers function is skipping headers).</li> 4841 <li><?php bugfix(60494); ?> (iconv_mime_decode does ignore special characters).</li> 4842 <li><?php bugfix(55146); ?> (iconv_mime_decode_headers() skips some headers).</li> 4843</ul></li> 4844<li>intl: 4845<ul> 4846 <li><?php bugfix(74484); ?> (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).</li> 4847</ul></li> 4848<li>libxml: 4849<ul> 4850 <li><?php bugfix(76777); ?> ("public id" parameter of libxml_set_external_entity_loader callback undefined).</li> 4851</ul></li> 4852<li>mbstring: 4853<ul> 4854 <li><?php bugfix(76704); ?> (mb_detect_order return value varies based on argument type).</li> 4855</ul></li> 4856<li>Opcache: 4857<ul> 4858 <li><?php bugfix(76747); ?> (Opcache treats path containing "test.pharma.tld" as a phar file).</li> 4859</ul></li> 4860<li>OpenSSL: 4861<ul> 4862 <li><?php bugfix(76705); ?> (unusable ssl => peer_fingerprint in stream_context_create()).</li> 4863</ul></li> 4864<li>phpdbg: 4865<ul> 4866 <li><?php bugfix(76595); ?> (phpdbg man page contains outdated information).</li> 4867</ul></li> 4868<li>SPL: 4869<ul> 4870 <li><?php bugfix(68825); ?> (Exception in DirectoryIterator::getLinkTarget()).</li> 4871 <li><?php bugfix(68175); ?> (RegexIterator pregFlags are NULL instead of 0).</li> 4872</ul></li> 4873<li>Standard: 4874<ul> 4875 <li><?php bugfix(76778); ?> (array_reduce leaks memory if callback throws exception).</li> 4876</ul></li> 4877<li>zlib: 4878<ul> 4879 <li><?php bugfix(65988); ?> (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).</li> 4880 <li><?php bugfix(76709); ?> (Minimal required zlib library is 1.2.0.4).</li> 4881</ul></li> 4882</ul> 4883<!-- }}} --></section> 4884 4885<section class="version" id="7.2.9"><!-- {{{ 7.2.9 --> 4886<h3>Version 7.2.9</h3> 4887<b><?php release_date('16-Aug-2018'); ?></b> 4888<ul><li>Calendar: 4889<ul> 4890 <li><?php bugfix(52974); ?> (jewish.c: compile error under Windows with GBK charset).</li> 4891</ul></li> 4892<li>Filter: 4893<ul> 4894 <li><?php bugfix(76366); ?> (References in sub-array for filtering breaks the filter).</li> 4895</ul></li> 4896<li>PDO_Firebird: 4897<ul> 4898 <li><?php bugfix(76488); ?> (Memory leak when fetching a BLOB field).</li> 4899</ul></li> 4900<li>PDO_PgSQL: 4901<ul> 4902 <li><?php bugfix(75402); ?> (Possible Memory Leak using PDO::CURSOR_SCROLL option).</li> 4903</ul></li> 4904<li>SQLite3: 4905<ul> 4906 <li><?php bugfix(76665); ?> (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).</li> 4907</ul></li> 4908<li>Standard: 4909<ul> 4910 <li><?php bugfix(73817); ?> (Incorrect entries in get_html_translation_table).</li> 4911 <li><?php bugfix(68553); ?> (array_column: null values in $index_key become incrementing keys in result).</li> 4912 <li><?php bugfix(76643); ?> (Segmentation fault when using `output_add_rewrite_var`).</li> 4913</ul></li> 4914<li>Zip: 4915<ul> 4916 <li><?php bugfix(76524); ?> (ZipArchive memory leak (OVERWRITE flag and empty archive)).</li> 4917</ul></li> 4918</ul> 4919<!-- }}} --></section> 4920 4921<section class="version" id="7.2.8"><!-- {{{ 7.2.8 --> 4922<h3>Version 7.2.8</h3> 4923<b><?php release_date('19-Jul-2018'); ?></b> 4924<ul><li>Core: 4925<ul> 4926 <li><?php bugfix(76534); ?> (PHP hangs on 'illegal string offset on string references with an error handler).</li> 4927 <li><?php bugfix(76520); ?> (Object creation leaks memory when executed over HTTP).</li> 4928 <li><?php bugfix(76502); ?> (Chain of mixed exceptions and errors does not serialize properly).</li> 4929</ul></li> 4930<li>Date: 4931<ul> 4932 <li><?php bugfix(76462); ?> (Undefined property: DateInterval::$f).</li> 4933</ul></li> 4934<li>EXIF: 4935<ul> 4936 <li><?php bugfix(76409); ?> (heap use after free in _php_stream_free). (CVE-2018-12882)</li> 4937 <li><?php bugfix(76423); ?> (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)</li> 4938 <li><?php bugfix(76557); ?> (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)</li> 4939</ul></li> 4940<li>FPM: 4941<ul> 4942 <li><?php bugfix(73342); ?> (Vulnerability in php-fpm by changing stdin to non-blocking).</li> 4943</ul></li> 4944<li>GMP: 4945<ul> 4946 <li><?php bugfix(74670); ?> (Integer Underflow when unserializing GMP and possible other classes).</li> 4947</ul></li> 4948<li>intl: 4949<ul> 4950 <li><?php bugfix(76556); ?> (get_debug_info handler for BreakIterator shows wrong type).</li> 4951</ul></li> 4952<li>mbstring: 4953<ul> 4954 <li><?php bugfix(76532); ?> (Integer overflow and excessive memory usage in mb_strimwidth).</li> 4955</ul></li> 4956<li>Opcache: 4957<ul> 4958 <li><?php bugfix(76477); ?> (Opcache causes empty return value).</li> 4959</ul></li> 4960<li>PGSQL: 4961<ul> 4962 <li><?php bugfix(76548); ?> (pg_fetch_result did not fetch the next row).</li> 4963</ul></li> 4964<li>phpdbg: 4965<ul> 4966 <li>Fix arginfo wrt. optional/required parameters.</li> 4967</ul></li> 4968<li>Reflection: 4969<ul> 4970 <li><?php bugfix(76536); ?> (PHP crashes with core dump when throwing exception in error handler).</li> 4971 <li><?php bugfix(75231); ?> (ReflectionProperty#getValue() incorrectly works with inherited classes).</li> 4972</ul></li> 4973<li>Standard: 4974<ul> 4975 <li><?php bugfix(76505); ?> (array_merge_recursive() is duplicating sub-array keys).</li> 4976 <li><?php bugfix(71848); ?> (getimagesize with $imageinfo returns false).</li> 4977</ul></li> 4978<li>Win32: 4979<ul> 4980 <li><?php bugfix(76459); ?> (windows linkinfo lacks openbasedir check). (CVE-2018-15132)</li> 4981</ul></li> 4982<li>ZIP: 4983<ul> 4984 <li><?php bugfix(76461); ?> (OPSYS_Z_CPM defined instead of OPSYS_CPM).</li> 4985</ul></li> 4986</ul> 4987<!-- }}} --></section> 4988 4989<section class="version" id="7.2.7"><!-- {{{ 7.2.7 --> 4990<h3>Version 7.2.7</h3> 4991<b><?php release_date('21-Jun-2018'); ?></b> 4992<ul><li>Core: 4993<ul> 4994 <li><?php bugfix(76337); ?> (segfault when opcache enabled + extension use zend_register_class_alias).</li> 4995</ul></li> 4996<li>CLI Server: 4997<ul> 4998 <li><?php bugfix(76333); ?> (PHP built-in server does not find files if root path contains special characters).</li> 4999</ul></li> 5000<li>OpenSSL: 5001<ul> 5002 <li><?php bugfix(76296); ?> (openssl_pkey_get_public does not respect open_basedir).</li> 5003 <li><?php bugfix(76174); ?> (openssl extension fails to build with LibreSSL 2.7).</li> 5004</ul></li> 5005<li>SPL: 5006<ul> 5007 <li><?php bugfix(76367); ?> (NoRewindIterator segfault 11).</li> 5008</ul></li> 5009<li>Standard: 5010<ul> 5011 <li><?php bugfix(76410); ?> (SIGV in zend_mm_alloc_small).</li> 5012 <li><?php bugfix(76335); ?> ("link(): Bad file descriptor" with non-ASCII path).</li> 5013</ul></li> 5014</ul> 5015<!-- }}} --></section> 5016 5017<section class="version" id="7.2.6"><!-- {{{ 7.2.6 --> 5018<h3>Version 7.2.6</h3> 5019<b><?php release_date('24-May-2018'); ?></b> 5020<ul><li>EXIF: 5021<ul> 5022 <li><?php bugfix(76164); ?> (exif_read_data zend_mm_heap corrupted).</li> 5023</ul></li> 5024<li>FPM: 5025<ul> 5026 <li><?php bugfix(76075); ?> --with-fpm-acl wrongly tries to find libacl on FreeBSD.</li> 5027</ul></li> 5028<li>intl: 5029<ul> 5030 <li><?php bugfix(74385); ?> (Locale::parseLocale() broken with some arguments).</li> 5031</ul></li> 5032<li>Opcache: 5033<ul> 5034 <li><?php bugfix(76205); ?> (PHP-FPM sporadic crash when running Infinitewp).</li> 5035 <li><?php bugfix(76275); ?> (Assertion failure in file cache when unserializing empty try_catch_array).</li> 5036 <li><?php bugfix(76281); ?> (Opcache causes incorrect "undefined variable" errors).</li> 5037</ul></li> 5038<li>Reflection: 5039<ul> 5040 <li>Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).</li> 5041</ul></li> 5042<li>Session: 5043<ul> 5044 <li><?php bugfix(74892); ?> (Url Rewriting (trans_sid) not working on urls that start with "#").</li> 5045</ul></li> 5046</ul> 5047<!-- }}} --></section> 5048 5049<section class="version" id="7.2.5"><!-- {{{ 7.2.5 --> 5050<h3>Version 7.2.5</h3> 5051<b><?php release_date('26-Apr-2018'); ?></b> 5052<ul><li>Core: 5053<ul> 5054 <li><?php bugfix(75722); ?> (Convert valgrind detection to configure option).</li> 5055</ul></li> 5056<li>Date: 5057<ul> 5058 <li><?php bugfix(76131); ?> (mismatch arginfo for date_create).</li> 5059</ul></li> 5060<li>Exif: 5061<ul> 5062 <li><?php bugfix(76130); ?> (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)</li> 5063</ul></li> 5064<li>FPM: 5065<ul> 5066 <li><?php bugfix(68440); ?> (ERROR: failed to reload: execvp() failed: Argument list too long).</li> 5067 <li>Fixed incorrect write to getenv result in FPM reload.</li> 5068</ul></li> 5069<li>GD: 5070<ul> 5071 <li><?php bugfix(52070); ?> (imagedashedline() - dashed line sometimes is not visible).</li> 5072</ul></li> 5073<li>iconv: 5074<ul> 5075 <li><?php bugfix(76249); ?> (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)</li> 5076</ul></li> 5077<li>intl: 5078<ul> 5079 <li><?php bugfix(76153); ?> (Intl compilation fails with icu4c 61.1).</li> 5080</ul></li> 5081<li>ldap: 5082<ul> 5083 <li><?php bugfix(76248); ?> (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)</li> 5084</ul></li> 5085<li>mbstring: 5086<ul> 5087 <li><?php bugfix(75944); ?> (Wrong cp1251 detection).</li> 5088 <li><?php bugfix(76113); ?> (mbstring does not build with Oniguruma 6.8.1).</li> 5089</ul></li> 5090<li>ODBC: 5091<ul> 5092 <li><?php bugfix(76088); ?> (ODBC functions are not available by default on Windows).</li> 5093</ul></li> 5094<li>Opcache: 5095<ul> 5096 <li><?php bugfix(76094); ?> (Access violation when using opcache).</li> 5097</ul></li> 5098<li>Phar: 5099<ul> 5100 <li><?php bugfix(76129); ?> (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)</li> 5101</ul></li> 5102<li>phpdbg: 5103<ul> 5104 <li><?php bugfix(76143); ?> (Memory corruption: arbitrary NUL overwrite).</li> 5105</ul></li> 5106<li>SPL: 5107<ul> 5108 <li><?php bugfix(76131); ?> (mismatch arginfo for splarray constructor).</li> 5109</ul></li> 5110<li>standard: 5111<ul> 5112 <li><?php bugfix(74139); ?> (mail.add_x_header default inconsistent with docs).</li> 5113 <li><?php bugfix(75996); ?> (incorrect url in header for mt_rand).</li> 5114</ul></li> 5115</ul> 5116<!-- }}} --></section> 5117 5118<section class="version" id="7.2.4"><!-- {{{ 7.2.4 --> 5119<h3>Version 7.2.4</h3> 5120<b><?php release_date('29-Mar-2018'); ?></b> 5121<ul><li>Core: 5122<ul> 5123 <li><?php bugfix(76025); ?> (Segfault while throwing exception in error_handler).</li> 5124 <li><?php bugfix(76044); ?> ('date: illegal option -- -' in ./configure on FreeBSD).</li> 5125</ul></li> 5126<li>FPM: 5127<ul> 5128 <li><?php bugfix(75605); ?> (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)</li> 5129</ul></li> 5130<li>FTP: 5131<ul> 5132 <li>Fixed ftp_pasv arginfo.</li> 5133</ul></li> 5134<li>GD: 5135<ul> 5136 <li><?php bugfix(73957); ?> (signed integer conversion in imagescale()).</li> 5137 <li><?php bugfix(76041); ?> (null pointer access crashed php).</li> 5138 <li>Fixed imagesetinterpolation arginfo.</li> 5139</ul></li> 5140<li>iconv: 5141<ul> 5142 <li><?php bugfix(75867); ?> (Freeing uninitialized pointer).</li> 5143</ul></li> 5144<li>Mbstring: 5145<ul> 5146 <li><?php bugfix(62545); ?> (wrong unicode mapping in some charsets).</li> 5147</ul></li> 5148<li>Opcache: 5149<ul> 5150 <li><?php bugfix(75969); ?> (Assertion failure in live range DCE due to block pass misoptimization).</li> 5151</ul></li> 5152<li>OpenSSL: 5153<ul> 5154 <li>Fixed openssl_* arginfos.</li> 5155</ul></li> 5156<li>PCNTL: 5157<ul> 5158 <li><?php bugfix(75873); ?> (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)).</li> 5159</ul></li> 5160<li>Phar: 5161<ul> 5162 <li><?php bugfix(76085); ?> (Segmentation fault in buildFromIterator when directory name contains a \n).</li> 5163</ul></li> 5164<li>Standard: 5165<ul> 5166 <li><?php bugfix(75961); ?> (Strange references behavior).</li> 5167 <li>Fixed some arginfos.</li> 5168 <li><?php bugfix(76068); ?> (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).</li> 5169</ul></li> 5170</ul> 5171<!-- }}} --></section> 5172 5173<section class="version" id="7.2.3"><!-- {{{ 7.2.3 --> 5174<h3>Version 7.2.3</h3> 5175<b><?php release_date('01-Mar-2018'); ?></b> 5176<ul><li>Core: 5177<ul> 5178 <li><?php bugfix(75864); ?> ("stream_isatty" returns wrong value on s390x).</li> 5179</ul></li> 5180<li>Apache2Handler: 5181<ul> 5182 <li><?php bugfix(75882); ?> (a simple way for segfaults in threadsafe php just with configuration).</li> 5183</ul></li> 5184<li>Date: 5185<ul> 5186 <li><?php bugfix(75857); ?> (Timezone gets truncated when formatted).</li> 5187 <li><?php bugfix(75928); ?> (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).</li> 5188 <li><?php bugfix(68406); ?> (calling var_dump on a DateTimeZone object modifies it).</li> 5189</ul></li> 5190<li>LDAP: 5191<ul> 5192 <li><?php bugfix(49876); ?> (Fix LDAP path lookup on 64-bit distros).</li> 5193</ul></li> 5194<li>libxml2: 5195<ul> 5196 <li><?php bugfix(75871); ?> (use pkg-config where available).</li> 5197</ul></li> 5198<li>PGSQL: 5199<ul> 5200 <li><?php bugfix(75838); ?> (Memory leak in pg_escape_bytea()).</li> 5201</ul></li> 5202<li>Phar: 5203<ul> 5204 <li><?php bugfix(54289); ?> (Phar::extractTo() does not accept specific directories to be extracted).</li> 5205 <li><?php bugfix(65414); ?> (deal with leading slash while adding files correctly).</li> 5206 <li><?php bugfix(65414); ?> (deal with leading slash when adding files correctly).</li> 5207</ul></li> 5208<li>ODBC: 5209<ul> 5210 <li><?php bugfix(73725); ?> (Unable to retrieve value of varchar(max) type).</li> 5211</ul></li> 5212<li>Opcache: 5213<ul> 5214 <li><?php bugfix(75729); ?> (opcache segfault when installing Bitrix).</li> 5215 <li><?php bugfix(75893); ?> (file_get_contents $http_response_header variable bugged with opcache).</li> 5216 <li><?php bugfix(75938); ?> (Modulus value not stored in variable).</li> 5217</ul></li> 5218<li>SPL: 5219<ul> 5220 <li><?php bugfix(74519); ?> (strange behavior of AppendIterator).</li> 5221</ul></li> 5222<li>Standard: 5223<ul> 5224 <li><?php bugfix(75916); ?> (DNS_CAA record results contain garbage).</li> 5225 <li><?php bugfix(75981); ?> (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)</li> 5226</ul></li> 5227</ul> 5228<!-- }}} --></section> 5229 5230<section class="version" id="7.2.2"><!-- {{{ 7.2.2 --> 5231<h3>Version 7.2.2</h3> 5232<b><?php release_date('01-Feb-2018'); ?></b> 5233<ul><li>Core: 5234<ul> 5235 <li><?php bugfix(75742); ?> (potential memleak in internal classes's static members).</li> 5236 <li><?php bugfix(75679); ?> (Path 260 character problem).</li> 5237 <li><?php bugfix(75614); ?> (Some non-portable == in shell scripts).</li> 5238 <li><?php bugfix(75786); ?> (segfault when using spread operator on generator passed by reference).</li> 5239 <li><?php bugfix(75799); ?> (arg of get_defined_functions is optional).</li> 5240 <li><?php bugfix(75396); ?> (Exit inside generator finally results in fatal error).</li> 5241</ul></li> 5242<li>FCGI: 5243<ul> 5244 <li><?php bugfix(75794); ?> (getenv() crashes on Windows 7.2.1 when second parameter is false).</li> 5245</ul></li> 5246<li>IMAP: 5247<ul> 5248 <li><?php bugfix(75774); ?> (imap_append HeapCorruction).</li> 5249</ul></li> 5250<li>Opcache: 5251<ul> 5252 <li><?php bugfix(75720); ?> (File cache not populated after SHM runs full).</li> 5253 <li><?php bugfix(75687); ?> (var 8 (TMP) has array key type but not value type).</li> 5254 <li><?php bugfix(75698); ?> (Using @ crashes php7.2-fpm).</li> 5255 <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li> 5256</ul></li> 5257<li>PDO: 5258<ul> 5259 <li><?php bugfix(75616); ?> (PDO extension doesn't allow to be built shared on Darwin).</li> 5260</ul></li> 5261<li>PDO MySQL: 5262<ul> 5263 <li><?php bugfix(75615); ?> (PDO Mysql module can't be built as module).</li> 5264</ul></li> 5265<li>PGSQL: 5266<ul> 5267 <li><?php bugfix(75671); ?> (pg_version() crashes when called on a connection to cockroach).</li> 5268</ul></li> 5269<li>Readline: 5270<ul> 5271 <li><?php bugfix(75775); ?> (readline_read_history segfaults with empty file).</li> 5272</ul></li> 5273<li>SAPI: 5274<ul> 5275 <li><?php bugfix(75735); ?> ([embed SAPI] Segmentation fault in sapi_register_post_entry).</li> 5276</ul></li> 5277<li>SOAP: 5278<ul> 5279 <li><?php bugfix(70469); ?> (SoapClient generates E_ERROR even if exceptions=1 is used).</li> 5280 <li><?php bugfix(75502); ?> (Segmentation fault in zend_string_release).</li> 5281</ul></li> 5282<li>SPL: 5283<ul> 5284 <li><?php bugfix(75717); ?> (RecursiveArrayIterator does not traverse arrays by reference).</li> 5285 <li><?php bugfix(75242); ?> (RecursiveArrayIterator doesn't have constants from parent class).</li> 5286 <li><?php bugfix(73209); ?> (RecursiveArrayIterator does not iterate object properties).</li> 5287</ul></li> 5288<li>Standard: 5289<ul> 5290 <li><?php bugfix(75781); ?> (substr_count incorrect result).</li> 5291 <li><?php bugfix(75653); ?> (array_values don't work on empty array).</li> 5292</ul></li> 5293<li>Zip: 5294<ul> 5295 <li>Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1).</li> 5296</ul></li> 5297</ul> 5298<!-- }}} --></section> 5299 5300<section class="version" id="7.2.1"><!-- {{{ 7.2.1 --> 5301<h3>Version 7.2.1</h3> 5302<b><?php release_date('04-Jan-2018'); ?></b> 5303<ul><li>Core: 5304<ul> 5305 <li><?php bugfix(75573); ?> (Segmentation fault in 7.1.12 and 7.0.26).</li> 5306 <li><?php bugfix(75384); ?> (PHP seems incompatible with OneDrive files on demand).</li> 5307 <li><?php bugfix(75525); ?> (Access Violation in vcruntime140.dll).</li> 5308 <li><?php bugfix(74862); ?> (Unable to clone instance when private __clone defined).</li> 5309 <li><?php bugfix(75074); ?> (php-process crash when is_file() is used with strings longer 260 chars).</li> 5310</ul></li> 5311<li>CLI server: 5312<ul> 5313 <li><?php bugfix(73830); ?> (Directory does not exist).</li> 5314</ul></li> 5315<li>FPM: 5316<ul> 5317 <li><?php bugfix(64938); ?> (libxml_disable_entity_loader setting is shared between requests).</li> 5318</ul></li> 5319<li>GD: 5320<ul> 5321 <li><?php bugfix(75571); ?> (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)</li> 5322</ul></li> 5323<li>Opcache: 5324<ul> 5325 <li><?php bugfix(75608); ?> ("Narrowing occurred during type inference" error).</li> 5326 <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li> 5327 <li><?php bugfix(75570); ?> ("Narrowing occurred during type inference" error).</li> 5328 <li><?php bugfix(75556); ?> (Invalid opcode 138/1/1).</li> 5329</ul></li> 5330<li>PCRE: 5331<ul> 5332 <li><?php bugfix(74183); ?> (preg_last_error not returning error code after error).</li> 5333</ul></li> 5334<li>Phar: 5335<ul> 5336 <li><?php bugfix(74782); ?> (Reflected XSS in .phar 404 page). (CVE-2018-5712)</li> 5337</ul></li> 5338<li>Standard: 5339<ul> 5340 <li><?php bugfix(75511); ?> (fread not free unused buffer).</li> 5341 <li><?php bugfix(75514); ?> (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)</li> 5342 <li><?php bugfix(75535); ?> (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)</li> 5343 <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li> 5344 <li><?php bugfix(73124); ?> (php_ini_scanned_files() not reporting correctly).</li> 5345 <li><?php bugfix(75574); ?> (putenv does not work properly if parameter contains non-ASCII unicode character).</li> 5346</ul></li> 5347<li>Zip: 5348<ul> 5349 <li><?php bugfix(75540); ?> (Segfault with libzip 1.3.1).</li> 5350</ul></li> 5351</ul> 5352<!-- }}} --></section> 5353 5354<section class="version" id="7.2.0"><!-- {{{ 7.2.0 --> 5355<h3>Version 7.2.0</h3> 5356<b><?php release_date('30-Nov-2017'); ?></b> 5357<ul><li>BCMath: 5358<ul> 5359 <li><?php bugfix(46564); ?> (bcmod truncates fractionals).</li> 5360</ul></li> 5361<li>CLI: 5362<ul> 5363 <li><?php bugfix(74849); ?> (Process is started as interactive shell in PhpStorm).</li> 5364 <li><?php bugfix(74979); ?> (Interactive shell opening instead of script execution with -f flag).</li> 5365</ul></li> 5366<li>CLI server: 5367<ul> 5368 <li><?php bugfix(60471); ?> (Random "Invalid request (unexpected EOF)" using a router script).</li> 5369</ul></li> 5370<li>Core: 5371<ul> 5372 <li>Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions.</li> 5373 <li>"Countable" interface is moved from SPL to Core.</li> 5374 <li>Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array.</li> 5375 <li>Removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE & !REFCOUNTED).</li> 5376 <li>Removed the sql.safe_mode directive.</li> 5377 <li>Removed support for Netware.</li> 5378 <li>Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC).</li> 5379 <li><?php bugfix(54535); ?> (WSA cleanup executes before MSHUTDOWN).</li> 5380 <li><?php implemented(69791); ?> (Disallow mail header injections by extra headers) (Yasuo)</li> 5381 <li><?php implemented(49806); ?> (proc_nice() for Windows).</li> 5382 <li>Fix pthreads detection when cross-compiling (ffontaine)</li> 5383 <li>Fixed memory leaks caused by exceptions thrown from destructors. (Bob, Dmitry).</li> 5384 <li><?php bugfix(73215); ?> (uniqid() should use better random source).</li> 5385 <li><?php implemented(72768); ?> (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe).</li> 5386 <li>Implemented "Convert numeric keys in object/array casts" RFC, fixes bugs <?php bugl(53838); ?>, <?php bugl(61655); ?>, <?php bugl(66173); ?>, <?php bugl(70925); ?>, <?php bugl(72254); ?>, etc.</li> 5387 <li>Implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC.</li> 5388 <li>Raised minimum supported Windows versions to Windows 7/Server 2008 R2.</li> 5389 <li>Implemented minor optimization in array_keys/array_values().</li> 5390 <li>Added PHP_OS_FAMILY constant to determine on which OS we are.</li> 5391 <li><?php bugfix(73987); ?> (Method compatibility check looks to original definition and not parent).</li> 5392 <li><?php bugfix(73991); ?> (JSON_OBJECT_AS_ARRAY not respected).</li> 5393 <li><?php bugfix(74053); ?> (Corrupted class entries on shutdown when a destructor spawns another object).</li> 5394 <li><?php bugfix(73971); ?> (Filename got limited to MAX_PATH on Win32 when scan directory).</li> 5395 <li><?php bugfix(72359); ?>, bug <?php bugl(72451); ?>, bug <?php bugl(73706); ?>, bug <?php bugl(71115); ?> and others related to interned strings handling in TS builds.</li> 5396 <li>Implemented "Trailing Commas In List Syntax" RFC for group use lists only.</li> 5397 <li><?php bugfix(74269); ?> (It's possible to override trait property with different loosely-equal value).</li> 5398 <li><?php bugfix(61970); ?> (Restraining __construct() access level in subclass gives a fatal error).</li> 5399 <li><?php bugfix(63384); ?> (Cannot override an abstract method with an abstract method).</li> 5400 <li><?php bugfix(74607); ?> (Traits enforce different inheritance rules).</li> 5401 <li>Fixed misparsing of abstract unix domain socket names.</li> 5402 <li>Change PHP_OS_FAMILY value from "OSX" to "Darwin".</li> 5403 <li>Allow loading PHP/Zend extensions by name in ini files (extension=<name>).</li> 5404 <li>Added object type annotation.</li> 5405 <li><?php bugfix(74815); ?> (crash with a combination of INI entries at startup).</li> 5406 <li><?php bugfix(74836); ?> (isset on zero-prefixed numeric indexes in array broken).</li> 5407 <li>Added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with ZEND_QUICK_SET flag.</li> 5408 <li><?php bugfix(49649); ?> (unserialize() doesn't handle changes in property visibility).</li> 5409 <li><?php bugfix(74866); ?> (extension_dir = "./ext" now use current directory for base).</li> 5410 <li><?php implemented(74963); ?> (Improved error message on fetching property of non-object).</li> 5411 <li><?php bugfix(75142); ?> (buildcheck.sh check for autoconf version needs to be updated for v2.64).</li> 5412 <li><?php bugfix(74878); ?> (Data race in ZTS builds).</li> 5413 <li><?php bugfix(75515); ?> ("stream_copy_to_stream" doesn't stream anymore).</li> 5414</ul></li> 5415<li>cURL: 5416<ul> 5417 <li><?php bugfix(75093); ?> (OpenSSL support not detected).</li> 5418 <li>Better fix for <?php bugl(74125); ?> (use pkg-config instead of curl-config).</li> 5419</ul></li> 5420<li>Date: 5421<ul> 5422 <li><?php bugfix(55407); ?> (Impossible to prototype DateTime::createFromFormat).</li> 5423 <li><?php implemented(71520); ?> (Adding the DateTime constants to the DateTimeInterface interface).</li> 5424 <li><?php bugfix(75055); ?> (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)</li> 5425 <li><?php bugfix(75149); ?> (redefinition of typedefs ttinfo and t1info).</li> 5426 <li><?php bugfix(75222); ?> (DateInterval microseconds property always 0).</li> 5427</ul></li> 5428<li>Dba: 5429<ul> 5430 <li><?php bugfix(72885); ?> (flatfile: dba_fetch() fails to read replaced entry).</li> 5431</ul></li> 5432<li>DOM: 5433<ul> 5434 <li><?php implemented(74837); ?> (Implement Countable for DomNodeList and DOMNamedNodeMap).</li> 5435</ul></li> 5436<li>EXIF: 5437<ul> 5438 <li>Added support for vendor specific tags for the following formats: Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA, Kyocera, Ricoh & Epson.</li> 5439 <li><?php bugfix(72682); ?> (exif_read_data() fails to read all data for some images).</li> 5440 <li><?php bugfix(71534); ?> (Type confusion in exif_read_data() leading to heap overflow in debug mode).</li> 5441 <li><?php bugfix(68547); ?> (Exif Header component value check error).</li> 5442 <li><?php bugfix(66443); ?> (Corrupt EXIF header: maximum directory nesting level reached for some cameras).</li> 5443 <li>Fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function).</li> 5444 <li><?php implemented(65187); ?> (exif_read_data/thumbnail: add support for stream resource).</li> 5445 <li>Deprecated the read_exif_data() alias.</li> 5446 <li><?php bugfix(74428); ?> (exif_read_data(): "Illegal IFD size" warning occurs with correct exif format).</li> 5447 <li><?php bugfix(72819); ?> (EXIF thumbnails not read anymore).</li> 5448 <li><?php bugfix(62523); ?> (php crashes with segfault when exif_read_data called).</li> 5449 <li><?php bugfix(50660); ?> (exif_read_data(): Illegal IFD offset (works fine with other exif readers).</li> 5450</ul></li> 5451<li>Fileinfo: 5452<ul> 5453 <li>Upgrade bundled libmagic to 5.31.</li> 5454</ul></li> 5455<li>FPM: 5456<ul> 5457 <li>Configuration to limit fpm slow log trace callers.</li> 5458 <li><?php bugfix(75212); ?> (php_value acts like php_admin_value).</li> 5459</ul></li> 5460<li>FTP: 5461<ul> 5462 <li>Implement MLSD for structured listing of directories.</li> 5463 <li>Added ftp_append() function.</li> 5464</ul></li> 5465<li>GD: 5466<ul> 5467 <li>Implemented imageresolution as getter and setter (Christoph)</li> 5468 <li><?php bugfix(74744); ?> (gd.h: stdarg.h include missing for va_list use in gdErrorMethod).</li> 5469 <li><?php bugfix(75111); ?> (Memory disclosure or DoS via crafted .bmp image).</li> 5470</ul></li> 5471<li>GMP: 5472<ul> 5473 <li><?php bugfix(70896); ?> (gmp_fact() silently ignores non-integer input).</li> 5474</ul></li> 5475<li>Hash: 5476<ul> 5477 <li>Changed HashContext from resource to object.</li> 5478 <li>Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.</li> 5479 <li><?php bugfix(75284); ?> (sha3 is not supported on bigendian machine).</li> 5480</ul></li> 5481<li>IMAP: 5482<ul> 5483 <li><?php bugfix(72324); ?> (imap_mailboxmsginfo() return wrong size).</li> 5484</ul></li> 5485<li>Intl: 5486<ul> 5487 <li><?php bugfix(63790); ?> (test using Spoofchecker which may be unavailable).</li> 5488 <li><?php bugfix(75378); ?> ([REGRESSION] IntlDateFormatter::parse() does not change $position argument).</li> 5489</ul></li> 5490<li>JSON: 5491<ul> 5492 <li>Add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for json_encode and json_decode to ignore or replace invalid UTF-8 byte sequences - it addresses request <?php bugl(65082); ?>.</li> 5493 <li><?php bugfix(75185); ?> (Buffer overflow in json_decode() with JSON_INVALID_UTF8_IGNORE or JSON_INVALID).</li> 5494 <li><?php bugfix(68567); ?> (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key).</li> 5495</ul></li> 5496<li>LDAP: 5497<ul> 5498 <li><?php implemented(69445); ?> (Support for LDAP EXOP operations)</li> 5499 <li>Fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_option</li> 5500 <li>Fixed passing an empty array to ldap_set_option for client or server controls.</li> 5501</ul></li> 5502<li>Mbstring: 5503<ul> 5504 <li><?php implemented(66024); ?> (mb_chr() and mb_ord()).</li> 5505 <li><?php implemented(65081); ?> (mb_scrub()).</li> 5506 <li><?php implemented(69086); ?> (enhancement for mb_convert_encoding() that handles multibyte replacement char nicely).</li> 5507 <li>Added array input support to mb_convert_encoding().</li> 5508 <li>Added array input support to mb_check_encoding().</li> 5509 <li><?php bugfix(69079); ?> (enhancement for mb_substitute_character).</li> 5510 <li>Update to oniguruma version 6.3.0.</li> 5511 <li><?php bugfix(69267); ?> (mb_strtolower fails on titlecase characters).</li> 5512</ul></li> 5513<li>Mcrypt: 5514<ul> 5515 <li>The deprecated mcrypt extension has been moved to PECL.</li> 5516</ul></li> 5517<li>Opcache: 5518<ul> 5519 <li>Added global optimisation passes based on data flow analysis using Single Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP), Dead Code Elimination (DCE), and removal of unused local variables (Nikita, Dmitry)</li> 5520 <li>Fixed incorect constant conditional jump elimination.</li> 5521 <li><?php bugfix(75230); ?> (Invalid opcode 49/1/8 using opcache).</li> 5522 <li>Fixed bug (assertion fails with extended info generated).</li> 5523 <li>Fixed bug (Phi sources removel).</li> 5524 <li><?php bugfix(75370); ?> (Webserver hangs on valid PHP text).</li> 5525 <li><?php bugfix(75357); ?> (segfault loading WordPress wp-admin).</li> 5526</ul></li> 5527<li>OpenSSL: 5528<ul> 5529 <li>Use TLS_ANY for default ssl:// and tls:// negotiation.</li> 5530 <li>Fix leak in openssl_spki_new().</li> 5531 <li>Added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify().</li> 5532 <li>Add ssl security_level stream option to support OpenSSL security levels. (Jakub Zelenka).</li> 5533 <li>Allow setting SNI cert and private key in separate files.</li> 5534 <li><?php bugfix(74903); ?> (openssl_pkcs7_encrypt() uses different EOL than before).</li> 5535 <li>Automatically load OpenSSL configuration file.</li> 5536</ul></li> 5537<li>PCRE: 5538<ul> 5539 <li>Added support for PCRE JIT fast path API.</li> 5540 <li><?php bugfix(61780); ?> (Inconsistent PCRE captures in match results).</li> 5541 <li><?php bugfix(74873); ?> (Minor BC break: PCRE_JIT changes output of preg_match()).</li> 5542 <li><?php bugfix(75089); ?> (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string).</li> 5543 <li><?php bugfix(75223); ?> (PCRE JIT broken in 7.2).</li> 5544 <li><?php bugfix(75285); ?> (Broken build when system libpcre don't have jit support).</li> 5545</ul></li> 5546<li>phar: 5547<ul> 5548 <li><?php bugfix(74196); ?> (phar does not correctly handle names containing dots).</li> 5549</ul></li> 5550<li>PDO: 5551<ul> 5552 <li><?php bugfix(73234); ?> (Emulated statements let value dictate parameter type).</li> 5553 <li>Add "Sent SQL" to debug dump for emulated prepares.</li> 5554 <li>Add parameter types for national character set strings.</li> 5555</ul></li> 5556<li>PDO_DBlib: 5557<ul> 5558 <li><?php bugfix(73396); ?> (bigint columns are returned as strings).</li> 5559 <li>Expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO instance.</li> 5560 <li>Add test coverage for bug <?php bugl(72969); ?>.</li> 5561</ul></li> 5562<li>PDO_OCI: 5563<ul> 5564 <li><?php bugfix(74537); ?> (Align --with-pdo-oci configure option with --with-oci8 syntax).</li> 5565</ul></li> 5566<li>PDO_Sqlite: 5567<ul> 5568 <li>Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)</li> 5569</ul></li> 5570<li>PHPDBG: 5571<ul> 5572 <li>Added extended_value to opcode dump output.</li> 5573</ul></li> 5574<li>Session: 5575<ul> 5576 <li><?php bugfix(73461); ?> (Prohibit session save handler recursion).</li> 5577 <li>PR <?php githubissuel('php/php-src', 2233); ?> Removed register_globals related code and "!" can be used as $_SESSION key name.</li> 5578 <li>Improved bug <?php bugl(73100); ?> fix. 'user' save handler can only be set by session_set_save_handler()</li> 5579 <li><?php bugfix(74514); ?> (5 session functions incorrectly warn when calling in read-only/getter mode).</li> 5580 <li><?php bugfix(74936); ?> (session_cache_expire/cache_limiter/save_path() trigger a warning in read mode).</li> 5581 <li><?php bugfix(74941); ?> (session fails to start after having headers sent).</li> 5582</ul></li> 5583<li>Sodium: 5584<ul> 5585 <li>New cryptographic extension</li> 5586 <li>Added missing bindings for libsodium > 1.0.13.</li> 5587</ul></li> 5588<li>SPL: 5589<ul> 5590 <li><?php bugfix(71412); ?> (Incorrect arginfo for ArrayIterator::__construct).</li> 5591 <li>Added spl_object_id().</li> 5592</ul></li> 5593<li>SQLite3: 5594<ul> 5595 <li>Implement writing to blobs.</li> 5596 <li>Update to Sqlite 3.20.1.</li> 5597</ul></li> 5598<li>Standard: 5599<ul> 5600 <li><?php bugfix(69442); ?> (closing of fd incorrect when PTS enabled).</li> 5601 <li><?php bugfix(74300); ?> (unserialize accepts two plus/minus signs for float number exponent part).</li> 5602 <li>Compatibility with libargon2 versions 20161029 and 20160821.</li> 5603 <li><?php bugfix(74737); ?> (mysqli_get_client_info reflection info).</li> 5604 <li>Add support for extension name as argument to dl().</li> 5605 <li><?php bugfix(74851); ?> (uniqid() without more_entropy performs badly).</li> 5606 <li><?php bugfix(74103); ?> (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)</li> 5607 <li><?php bugfix(75054); ?> (A Denial of Service Vulnerability was found when performing deserialization).</li> 5608 <li><?php bugfix(75170); ?> (mt_rand() bias on 64-bit machines).</li> 5609 <li><?php bugfix(75221); ?> (Argon2i always throws NUL at the end).</li> 5610</ul></li> 5611<li>Streams: 5612<ul> 5613 <li>Default ssl/single_dh_use and ssl/honor_cipher_order to true.</li> 5614</ul></li> 5615<li>XML: 5616<ul> 5617 <li>Moved utf8_encode() and utf8_decode() to the Standard extension.</li> 5618</ul></li> 5619<li>XMLRPC: 5620<ul> 5621 <li>Use Zend MM for allocation in bundled libxmlrpc (Joe)</li> 5622</ul></li> 5623<li>ZIP: 5624<ul> 5625 <li>Add support for encrypted archives.</li> 5626 <li>Use of bundled libzip is deprecated, --with-libzip option is recommended.</li> 5627 <li><?php bugfix(73803); ?> (Reflection of ZipArchive does not show public properties).</li> 5628 <li>ZipArchive implements countable, added ZipArchive::count() method.</li> 5629 <li>Fix segfault in php_stream_context_get_option call.</li> 5630 <li><?php bugfix(75143); ?> (new method setEncryptionName() seems not to exist in ZipArchive).</li> 5631</ul></li> 5632<li>zlib: 5633<ul> 5634 <li>Expose inflate_get_status() and inflate_get_read_len() functions.</li> 5635</ul></li> 5636</ul> 5637<!-- }}} --></section> 5638 5639<a id="PHP_7_1"></a> 5640<section class="version" id="7.1.33"><!-- {{{ 7.1.33 --> 5641<h3>Version 7.1.33</h3> 5642<b><?php release_date('24-Oct-2019'); ?></b> 5643<ul><li>FPM: 5644<ul> 5645 <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li> 5646</ul></li> 5647</ul> 5648<!-- }}} --></section> 5649 5650<section class="version" id="7.1.32"><!-- {{{ 7.1.32 --> 5651<h3>Version 7.1.32</h3> 5652<b><?php release_date('29-Aug-2019'); ?></b> 5653<ul><li>mbstring: 5654<ul> 5655 <li>Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)</li> 5656</ul></li> 5657<li>pcre: 5658<ul> 5659 <li><?php bugfix(75457); ?> (heap use-after-free in pcrelib) (cmb)</li> 5660</ul></li> 5661</ul> 5662<!-- }}} --></section> 5663 5664<section class="version" id="7.1.31"><!-- {{{ 7.1.31 --> 5665<h3>Version 7.1.31</h3> 5666<b><?php release_date('01-Aug-2019'); ?></b> 5667<ul><li>SQLite: 5668<ul> 5669 <li>Upgraded to SQLite 3.28.0.</li> 5670</ul></li> 5671<li>EXIF: 5672<ul> 5673 <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li> 5674 <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li> 5675</ul></li> 5676<li>Phar: 5677<ul> 5678 <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li> 5679</ul></li> 5680</ul> 5681<!-- }}} --></section> 5682 5683<section class="version" id="7.1.30"><!-- {{{ 7.1.30 --> 5684<h3>Version 7.1.30</h3> 5685<b><?php release_date('30-May-2019'); ?></b> 5686<ul><li>EXIF: 5687<ul> 5688 <li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li> 5689</ul></li> 5690<li>GD: 5691<ul> 5692 <li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li> 5693</ul></li> 5694<li>Iconv: 5695<ul> 5696 <li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li> 5697</ul></li> 5698<li>SQLite: 5699<ul> 5700 <li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li> 5701</ul></li> 5702</ul> 5703<!-- }}} --></section> 5704 5705<section class="version" id="7.1.29"><!-- {{{ 7.1.29 --> 5706<h3>Version 7.1.29</h3> 5707<b><?php release_date('02-May-2019'); ?></b> 5708<ul><li>EXIF: 5709<ul> 5710 <li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li> 5711</ul></li> 5712<li>Mail: 5713<ul> 5714 <li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li> 5715</ul></li> 5716</ul> 5717<!-- }}} --></section> 5718 5719<section class="version" id="7.1.28"><!-- {{{ 7.1.28 --> 5720<h3>Version 7.1.28</h3> 5721<b><?php release_date('04-Apr-2019'); ?></b> 5722<ul><li>EXIF: 5723<ul> 5724 <li><?php bugfix(77753); ?> (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)</li> 5725 <li><?php bugfix(77831); ?> (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)</li> 5726</ul></li> 5727<li>SQLite3: 5728<ul> 5729 <li>Added sqlite3.defensive INI directive.</li> 5730</ul></li> 5731</ul> 5732<!-- }}} --></section> 5733 5734<section class="version" id="7.1.27"><!-- {{{ 7.1.27 --> 5735<h3>Version 7.1.27</h3> 5736<b><?php release_date('07-Mar-2019'); ?></b> 5737<ul><li>Core: 5738<ul> 5739 <li><?php bugfix(77630); ?> (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)</li> 5740</ul></li> 5741<li>EXIF: 5742<ul> 5743 <li><?php bugfix(77509); ?> (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)</li> 5744 <li><?php bugfix(77540); ?> (Invalid Read on exif_process_SOFn). (CVE-2019-9640)</li> 5745 <li><?php bugfix(77563); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)</li> 5746 <li><?php bugfix(77659); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)</li> 5747</ul></li> 5748<li>PHAR: 5749<ul> 5750 <li><?php bugfix(77396); ?> (Null Pointer Dereference in phar_create_or_parse_filename).</li> 5751 <li><?php bugfix(77586); ?> (phar_tar_writeheaders_int() buffer overflow).</li> 5752</ul></li> 5753<li>SPL: 5754<ul> 5755 <li><?php bugfix(77431); ?> (openFile() silently truncates after a null byte).</li> 5756</ul></li> 5757</ul> 5758<!-- }}} --></section> 5759 5760<section class="version" id="7.1.26"><!-- {{{ 7.1.26 --> 5761<h3>Version 7.1.26</h3> 5762<b><?php release_date('10-Jan-2019'); ?></b> 5763<ul><li>Core: 5764<ul> 5765 <li><?php bugfix(77369); ?> (memcpy with negative length via crafted DNS response). (CVE-2019-9022)</li> 5766</ul></li> 5767<li>GD: 5768<ul> 5769 <li><?php bugfix(77269); ?> (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)</li> 5770 <li><?php bugfix(77270); ?> (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)</li> 5771</ul></li> 5772<li>IMAP: 5773<ul> 5774 <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li> 5775</ul></li> 5776<li>Mbstring: 5777<ul> 5778 <li><?php bugfix(77370); ?> (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)</li> 5779 <li><?php bugfix(77371); ?> (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)</li> 5780 <li><?php bugfix(77381); ?> (heap buffer overflow in multibyte match_at). (CVE-2019-9023)</li> 5781 <li><?php bugfix(77382); ?> (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)</li> 5782 <li><?php bugfix(77385); ?> (buffer overflow in fetch_token). (CVE-2019-9023)</li> 5783 <li><?php bugfix(77394); ?> (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)</li> 5784 <li><?php bugfix(77418); ?> (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)</li> 5785</ul></li> 5786<li>Phar: 5787<ul> 5788 <li><?php bugfix(77247); ?> (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)</li> 5789</ul></li> 5790<li>Xmlrpc: 5791<ul> 5792 <li><?php bugfix(77242); ?> (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)</li> 5793 <li><?php bugfix(77380); ?> (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)</li> 5794</ul></li> 5795</ul> 5796<!-- }}} --></section> 5797 5798 5799<section class="version" id="7.1.25"><!-- {{{ 7.1.25 --> 5800<h3>Version 7.1.25</h3> 5801<b><?php release_date('06-Dec-2018'); ?></b> 5802<ul><li>Core: 5803<ul> 5804 <li><?php bugfix(71041); ?> (zend_signal_startup() needs ZEND_API).</li> 5805 <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li> 5806</ul></li> 5807<li>ftp: 5808<ul> 5809 <li><?php bugfix(77151); ?> (ftp_close(): SSL_read on shutdown).</li> 5810</ul></li> 5811<li>iconv: 5812<ul> 5813 <li><?php bugfix(77147); ?> (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).</li> 5814</ul></li> 5815<li>IMAP: 5816<ul> 5817 <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li> 5818</ul></li> 5819<li>ODBC: 5820<ul> 5821 <li><?php bugfix(77079); ?> (odbc_fetch_object has incorrect type signature).</li> 5822</ul></li> 5823<li>Opcache: 5824<ul> 5825 <li><?php bugfix(77058); ?> (Type inference in opcache causes side effects).</li> 5826</ul></li> 5827<li>Phar: 5828<ul> 5829 <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li> 5830 <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li> 5831</ul></li> 5832<li>PGSQL: 5833<ul> 5834 <li><?php bugfix(77047); ?> (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).</li> 5835</ul></li> 5836<li>SOAP: 5837<ul> 5838 <li><?php bugfix(76348); ?> (WSDL_CACHE_MEMORY causes Segmentation fault).</li> 5839 <li><?php bugfix(77141); ?> (Signedness issue in SOAP when precision=-1).</li> 5840</ul></li> 5841<li>Sockets: 5842<ul> 5843 <li><?php bugfix(67619); ?> (Validate length on socket_write).</li> 5844</ul></li> 5845</ul> 5846<!-- }}} --></section> 5847 5848<section class="version" id="7.1.24"><!-- {{{ 7.1.24 --> 5849<h3>Version 7.1.24</h3> 5850<b><?php release_date('08-Nov-2018'); ?></b> 5851<ul><li>Core: 5852<ul> 5853 <li><?php bugfix(76946); ?> (Cyclic reference in generator not detected).</li> 5854 <li><?php bugfix(77035); ?> (The phpize and ./configure create redundant .deps file).</li> 5855 <li><?php bugfix(77041); ?> (buildconf should output error messages to stderr) (Mizunashi Mana)</li> 5856</ul></li> 5857<li>Date: 5858<ul> 5859 <li><?php bugfix(75851); ?> (Year component overflow with date formats "c", "o", "r" and "y").</li> 5860</ul></li> 5861<li>FCGI: 5862<ul> 5863 <li><?php bugfix(76948); ?> (Failed shutdown/reboot or end session in Windows).</li> 5864 <li><?php bugfix(76954); ?> (apache_response_headers removes last character from header name).</li> 5865</ul></li> 5866<li>FTP: 5867<ul> 5868 <li><?php bugfix(76972); ?> (Data truncation due to forceful ssl socket shutdown).</li> 5869</ul></li> 5870<li>intl: 5871<ul> 5872 <li><?php bugfix(76942); ?> (U_ARGUMENT_TYPE_MISMATCH).</li> 5873</ul></li> 5874<li>Standard: 5875<ul> 5876 <li><?php bugfix(76965); ?> (INI_SCANNER_RAW doesn't strip trailing whitespace).</li> 5877</ul></li> 5878<li>Tidy: 5879<ul> 5880 <li><?php bugfix(77027); ?> (tidy::getOptDoc() not available on Windows).</li> 5881</ul></li> 5882<li>XML: 5883<ul> 5884 <li><?php bugfix(30875); ?> (xml_parse_into_struct() does not resolve entities).</li> 5885 <li>Add support for getting SKIP_TAGSTART and SKIP_WHITE options.</li> 5886</ul></li> 5887</ul> 5888<!-- }}} --></section> 5889 5890<section class="version" id="7.1.23"><!-- {{{ 7.1.23 --> 5891<h3>Version 7.1.23</h3> 5892<b><?php release_date('11-Oct-2018'); ?></b> 5893<ul><li>Core: 5894<ul> 5895 <li><?php bugfix(76901); ?> (method_exists on SPL iterator passthrough method corrupts memory).</li> 5896 <li><?php bugfix(76846); ?> (Segfault in shutdown function after memory limit error).</li> 5897</ul></li> 5898<li>CURL: 5899<ul> 5900 <li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li> 5901</ul></li> 5902<li>iconv: 5903<ul> 5904 <li><?php bugfix(66828); ?> (iconv_mime_encode Q-encoding longer than it should be).</li> 5905</ul></li> 5906<li>Opcache: 5907<ul> 5908 <li><?php bugfix(76832); ?> (ZendOPcache.MemoryBase periodically deleted by the OS).</li> 5909</ul></li> 5910<li>POSIX: 5911<ul> 5912 <li><?php bugfix(75696); ?> (posix_getgrnam fails to print details of group).</li> 5913</ul></li> 5914<li>Reflection: 5915<ul> 5916 <li><?php bugfix(74454); ?> (Wrong exception being thrown when using ReflectionMethod).</li> 5917</ul></li> 5918<li>Standard: 5919<ul> 5920 <li><?php bugfix(73457); ?> (Wrong error message when fopen FTP wrapped fails to open data connection).</li> 5921 <li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li> 5922 <li><?php bugfix(75533); ?> (array_reduce is slow when $carry is large array).</li> 5923</ul></li> 5924<li>Zlib: 5925<ul> 5926 <li><?php bugfix(75273); ?> (php_zlib_inflate_filter() may not update bytes_consumed).</li> 5927</ul></li> 5928</ul> 5929<!-- }}} --></section> 5930 5931<section class="version" id="7.1.22"><!-- {{{ 7.1.22 --> 5932<h3>Version 7.1.22</h3> 5933<b><?php release_date('13-Sep-2018'); ?></b> 5934<ul><li>Core: 5935<ul> 5936 <li><?php bugfix(76754); ?> (parent private constant in extends class memory leak).</li> 5937 <li><?php bugfix(72443); ?> (Generate enabled extension).</li> 5938</ul></li> 5939<li>Apache2: 5940<ul> 5941 <li><?php bugfix(76582); ?> (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)</li> 5942</ul></li> 5943<li>Bz2: 5944<ul> 5945 <li>Fixed arginfo for bzcompress.</li> 5946</ul></li> 5947<li>gettext: 5948<ul> 5949 <li><?php bugfix(76517); ?> (incorrect restoring of LDFLAGS).</li> 5950</ul></li> 5951<li>iconv: 5952<ul> 5953 <li><?php bugfix(68180); ?> (iconv_mime_decode can return extra characters in a header).</li> 5954 <li><?php bugfix(63839); ?> (iconv_mime_decode_headers function is skipping headers).</li> 5955 <li><?php bugfix(60494); ?> (iconv_mime_decode does ignore special characters).</li> 5956 <li><?php bugfix(55146); ?> (iconv_mime_decode_headers() skips some headers).</li> 5957</ul></li> 5958<li>intl: 5959<ul> 5960 <li><?php bugfix(74484); ?> (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).</li> 5961</ul></li> 5962<li>libxml: 5963<ul> 5964 <li><?php bugfix(76777); ?> ("public id" parameter of libxml_set_external_entity_loader callback undefined).</li> 5965</ul></li> 5966<li>mbstring: 5967<ul> 5968 <li><?php bugfix(76704); ?> (mb_detect_order return value varies based on argument type).</li> 5969</ul></li> 5970<li>Opcache: 5971<ul> 5972 <li><?php bugfix(76747); ?> (Opcache treats path containing "test.pharma.tld" as a phar file).</li> 5973</ul></li> 5974<li>OpenSSL: 5975<ul> 5976 <li><?php bugfix(76705); ?> (unusable ssl => peer_fingerprint in stream_context_create()).</li> 5977</ul></li> 5978<li>phpdbg: 5979<ul> 5980 <li><?php bugfix(76595); ?> (phpdbg man page contains outdated information).</li> 5981</ul></li> 5982<li>SPL: 5983<ul> 5984 <li><?php bugfix(68825); ?> (Exception in DirectoryIterator::getLinkTarget()).</li> 5985 <li><?php bugfix(68175); ?> (RegexIterator pregFlags are NULL instead of 0).</li> 5986</ul></li> 5987<li>Standard: 5988<ul> 5989 <li><?php bugfix(76778); ?> (array_reduce leaks memory if callback throws exception).</li> 5990</ul></li> 5991<li>zlib: 5992<ul> 5993 <li><?php bugfix(65988); ?> (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).</li> 5994 <li><?php bugfix(76709); ?> (Minimal required zlib library is 1.2.0.4).</li> 5995</ul></li> 5996</ul> 5997<!-- }}} --></section> 5998 5999<section class="version" id="7.1.21"><!-- {{{ 7.1.21 --> 6000<h3>Version 7.1.21</h3> 6001<b><?php release_date('16-Aug-2018'); ?></b> 6002<ul><li>Calendar: 6003<ul> 6004 <li><?php bugfix(52974); ?> (jewish.c: compile error under Windows with GBK charset).</li> 6005</ul></li> 6006<li>Filter: 6007<ul> 6008 <li><?php bugfix(76366); ?> (References in sub-array for filtering breaks the filter).</li> 6009</ul></li> 6010<li>PDO_Firebird: 6011<ul> 6012 <li><?php bugfix(76488); ?> (Memory leak when fetching a BLOB field).</li> 6013</ul></li> 6014<li>PDO_PgSQL: 6015<ul> 6016 <li><?php bugfix(75402); ?> (Possible Memory Leak using PDO::CURSOR_SCROLL option).</li> 6017</ul></li> 6018<li>SQLite3: 6019<ul> 6020 <li><?php bugfix(76665); ?> (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).</li> 6021</ul></li> 6022<li>Standard: 6023<ul> 6024 <li><?php bugfix(68553); ?> (array_column: null values in $index_key become incrementing keys in result).</li> 6025 <li><?php bugfix(73817); ?> (Incorrect entries in get_html_translation_table).</li> 6026 <li><?php bugfix(76643); ?> (Segmentation fault when using `output_add_rewrite_var`).</li> 6027</ul></li> 6028<li>Zip: 6029<ul> 6030 <li><?php bugfix(76524); ?> (ZipArchive memory leak (OVERWRITE flag and empty archive)).</li> 6031</ul></li> 6032</ul> 6033<!-- }}} --></section> 6034 6035<section class="version" id="7.1.20"><!-- {{{ 7.1.20 --> 6036<h3>Version 7.1.20</h3> 6037<b><?php release_date('19-Jul-2018'); ?></b> 6038<ul><li>Core: 6039<ul> 6040 <li><?php bugfix(76534); ?> (PHP hangs on 'illegal string offset on string references with an error handler).</li> 6041 <li><?php bugfix(76502); ?> (Chain of mixed exceptions and errors does not serialize properly).</li> 6042</ul></li> 6043<li>Date: 6044<ul> 6045 <li><?php bugfix(76462); ?> (Undefined property: DateInterval::$f).</li> 6046</ul></li> 6047<li>exif: 6048<ul> 6049 <li><?php bugfix(76423); ?> (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)</li> 6050 <li><?php bugfix(76557); ?> (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)</li> 6051</ul></li> 6052<li>FPM: 6053<ul> 6054 <li><?php bugfix(73342); ?> (Vulnerability in php-fpm by changing stdin to non-blocking).</li> 6055</ul></li> 6056<li>GMP: 6057<ul> 6058 <li><?php bugfix(74670); ?> (Integer Underflow when unserializing GMP and possible other classes).</li> 6059</ul></li> 6060<li>intl: 6061<ul> 6062 <li><?php bugfix(76556); ?> (get_debug_info handler for BreakIterator shows wrong type).</li> 6063</ul></li> 6064<li>mbstring: 6065<ul> 6066 <li><?php bugfix(76532); ?> (Integer overflow and excessive memory usage in mb_strimwidth).</li> 6067</ul></li> 6068<li>PGSQL: 6069<ul> 6070 <li><?php bugfix(76548); ?> (pg_fetch_result did not fetch the next row).</li> 6071</ul></li> 6072<li>phpdbg: 6073<ul> 6074 <li>Fix arginfo wrt. optional/required parameters.</li> 6075</ul></li> 6076<li>Reflection: 6077<ul> 6078 <li><?php bugfix(76536); ?> (PHP crashes with core dump when throwing exception in error handler).</li> 6079 <li><?php bugfix(75231); ?> (ReflectionProperty#getValue() incorrectly works with inherited classes).</li> 6080</ul></li> 6081<li>Standard: 6082<ul> 6083 <li><?php bugfix(76505); ?> (array_merge_recursive() is duplicating sub-array keys).</li> 6084 <li><?php bugfix(71848); ?> (getimagesize with $imageinfo returns false).</li> 6085</ul></li> 6086<li>Win32: 6087<ul> 6088 <li><?php bugfix(76459); ?> (windows linkinfo lacks openbasedir check). (CVE-2018-15132)</li> 6089</ul></li> 6090</ul> 6091<!-- }}} --></section> 6092 6093<section class="version" id="7.1.19"><!-- {{{ 7.1.19 --> 6094<h3>Version 7.1.19</h3> 6095<b><?php release_date('22-Jun-2018'); ?></b> 6096<ul><li>CLI Server: 6097<ul> 6098 <li><?php bugfix(76333); ?> (PHP built-in server does not find files if root path contains special characters).</li> 6099</ul></li> 6100<li>OpenSSL: 6101<ul> 6102 <li><?php bugfix(76296); ?> (openssl_pkey_get_public does not respect open_basedir).</li> 6103 <li><?php bugfix(76174); ?> (openssl extension fails to build with LibreSSL 2.7).</li> 6104</ul></li> 6105<li>SPL: 6106<ul> 6107 <li><?php bugfix(76367); ?> (NoRewindIterator segfault 11).</li> 6108</ul></li> 6109<li>Standard: 6110<ul> 6111 <li><?php bugfix(76335); ?> ("link(): Bad file descriptor" with non-ASCII path).</li> 6112 <li><?php bugfix(76383); ?> (array_map on $GLOBALS returns IS_INDIRECT).</li> 6113</ul></li> 6114</ul> 6115<!-- }}} --></section> 6116 6117<section class="version" id="7.1.18"><!-- {{{ 7.1.18 --> 6118<h3>Version 7.1.18</h3> 6119<b><?php release_date('24-May-2018'); ?></b> 6120<ul><li>FPM: 6121<ul> 6122 <li><?php bugfix(76075); ?> --with-fpm-acl wrongly tries to find libacl on FreeBSD.</li> 6123</ul></li> 6124<li>intl: 6125<ul> 6126 <li><?php bugfix(74385); ?> (Locale::parseLocale() broken with some arguments).</li> 6127</ul></li> 6128<li>Opcache: 6129<ul> 6130 <li><?php bugfix(76205); ?> (PHP-FPM sporadic crash when running Infinitewp).</li> 6131 <li><?php bugfix(76275); ?> (Assertion failure in file cache when unserializing empty try_catch_array).</li> 6132 <li><?php bugfix(76281); ?> (Opcache causes incorrect "undefined variable" errors).</li> 6133</ul></li> 6134<li>Reflection: 6135<ul> 6136 <li>Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).</li> 6137</ul></li> 6138</ul> 6139<!-- }}} --></section> 6140 6141<section class="version" id="7.1.17"><!-- {{{ 7.1.17 --> 6142<h3>Version 7.1.17</h3> 6143<b><?php release_date('26-Apr-2018'); ?></b> 6144<ul><li>Date: 6145<ul> 6146 <li><?php bugfix(76131); ?> (mismatch arginfo for date_create).</li> 6147</ul></li> 6148<li>Exif: 6149<ul> 6150 <li><?php bugfix(76130); ?> (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)</li> 6151</ul></li> 6152<li>FPM: 6153<ul> 6154 <li><?php bugfix(68440); ?> (ERROR: failed to reload: execvp() failed: Argument list too long).</li> 6155 <li>Fixed incorrect write to getenv result in FPM reload.</li> 6156</ul></li> 6157<li>GD: 6158<ul> 6159 <li><?php bugfix(52070); ?> (imagedashedline() - dashed line sometimes is not visible).</li> 6160</ul></li> 6161<li>iconv: 6162<ul> 6163 <li><?php bugfix(76249); ?> (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)</li> 6164</ul></li> 6165<li>intl: 6166<ul> 6167 <li><?php bugfix(76153); ?> (Intl compilation fails with icu4c 61.1).</li> 6168</ul></li> 6169<li>ldap: 6170<ul> 6171 <li><?php bugfix(76248); ?> (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)</li> 6172</ul></li> 6173<li>mbstring: 6174<ul> 6175 <li><?php bugfix(75944); ?> (Wrong cp1251 detection).</li> 6176 <li><?php bugfix(76113); ?> (mbstring does not build with Oniguruma 6.8.1).</li> 6177</ul></li> 6178<li>Phar: 6179<ul> 6180 <li><?php bugfix(76129); ?> (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)</li> 6181</ul></li> 6182<li>phpdbg: 6183<ul> 6184 <li><?php bugfix(76143); ?> (Memory corruption: arbitrary NUL overwrite).</li> 6185</ul></li> 6186<li>SPL: 6187<ul> 6188 <li><?php bugfix(76131); ?> (mismatch arginfo for splarray constructor).</li> 6189</ul></li> 6190<li>standard: 6191<ul> 6192 <li><?php bugfix(75996); ?> (incorrect url in header for mt_rand).</li> 6193</ul></li> 6194</ul> 6195<!-- }}} --></section> 6196 6197<section class="version" id="7.1.16"><!-- {{{ 7.1.16 --> 6198<h3>Version 7.1.16</h3> 6199<b><?php release_date('29-Mar-2018'); ?></b> 6200<ul><li>Core: 6201<ul> 6202 <li><?php bugfix(76025); ?> (Segfault while throwing exception in error_handler).</li> 6203 <li><?php bugfix(76044); ?> ('date: illegal option -- -' in ./configure on FreeBSD).</li> 6204</ul></li> 6205<li>FPM: 6206<ul> 6207 <li><?php bugfix(75605); ?> (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)</li> 6208</ul></li> 6209<li>GD: 6210<ul> 6211 <li><?php bugfix(73957); ?> (signed integer conversion in imagescale()).</li> 6212</ul></li> 6213<li>ODBC: 6214<ul> 6215 <li><?php bugfix(76088); ?> (ODBC functions are not available by default on Windows).</li> 6216</ul></li> 6217<li>Opcache: 6218<ul> 6219 <li><?php bugfix(76074); ?> (opcache corrupts variable in for-loop).</li> 6220</ul></li> 6221<li>Phar: 6222<ul> 6223 <li><?php bugfix(76085); ?> (Segmentation fault in buildFromIterator when directory name contains a \n).</li> 6224</ul></li> 6225<li>Standard: 6226<ul> 6227 <li><?php bugfix(74139); ?> (mail.add_x_header default inconsistent with docs).</li> 6228 <li><?php bugfix(76068); ?> (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).</li> 6229</ul></li> 6230</ul> 6231<!-- }}} --></section> 6232 6233<section class="version" id="7.1.15"><!-- {{{ 7.1.15 --> 6234<h3>Version 7.1.15</h3> 6235<b><?php release_date('01-Mar-2018'); ?></b> 6236<ul><li>Apache2Handler: 6237<ul> 6238 <li><?php bugfix(75882); ?> (a simple way for segfaults in threadsafe php just with configuration).</li> 6239</ul></li> 6240<li>Date: 6241<ul> 6242 <li><?php bugfix(75857); ?> (Timezone gets truncated when formatted).</li> 6243 <li><?php bugfix(75928); ?> (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).</li> 6244 <li><?php bugfix(68406); ?> (calling var_dump on a DateTimeZone object modifies it).</li> 6245</ul></li> 6246<li>PGSQL: 6247<ul> 6248 <li><?php bugfix(75838); ?> (Memory leak in pg_escape_bytea()).</li> 6249</ul></li> 6250<li>ODBC: 6251<ul> 6252 <li><?php bugfix(73725); ?> (Unable to retrieve value of varchar(max) type).</li> 6253</ul></li> 6254<li>LDAP: 6255<ul> 6256 <li><?php bugfix(49876); ?> (Fix LDAP path lookup on 64-bit distros).</li> 6257</ul></li> 6258<li>libxml2: 6259<ul> 6260 <li><?php bugfix(75871); ?> (use pkg-config where available).</li> 6261</ul></li> 6262<li>Phar: 6263<ul> 6264 <li><?php bugfix(65414); ?> (deal with leading slash when adding files correctly).</li> 6265</ul></li> 6266<li>SPL: 6267<ul> 6268 <li><?php bugfix(74519); ?> (strange behavior of AppendIterator).</li> 6269</ul></li> 6270<li>Standard: 6271<ul> 6272 <li><?php bugfix(75916); ?> (DNS_CAA record results contain garbage).</li> 6273 <li><?php bugfix(75981); ?> (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)</li> 6274</ul></li> 6275</ul> 6276<!-- }}} --></section> 6277 6278<section class="version" id="7.1.14"><!-- {{{ 7.1.14 --> 6279<h3>Version 7.1.14</h3> 6280<b><?php release_date('01-Feb-2018'); ?></b> 6281<ul><li>Core: 6282<ul> 6283 <li><?php bugfix(75679); ?> (Path 260 character problem).</li> 6284 <li><?php bugfix(75786); ?> (segfault when using spread operator on generator passed by reference).</li> 6285 <li><?php bugfix(75799); ?> (arg of get_defined_functions is optional).</li> 6286 <li><?php bugfix(75396); ?> (Exit inside generator finally results in fatal error).</li> 6287 <li><?php bugfix(75079); ?> (self keyword leads to incorrectly generated TypeError when in closure in trait).</li> 6288</ul></li> 6289<li>FCGI: 6290<ul> 6291 <li><?php bugfix(75794); ?> (getenv() crashes on Windows 7.2.1 when second parameter is false).</li> 6292</ul></li> 6293<li>IMAP: 6294<ul> 6295 <li><?php bugfix(75774); ?> (imap_append HeapCorruction).</li> 6296</ul></li> 6297<li>Opcache: 6298<ul> 6299 <li><?php bugfix(75720); ?> (File cache not populated after SHM runs full).</li> 6300 <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li> 6301</ul></li> 6302<li>PGSQL: 6303<ul> 6304 <li><?php bugfix(75671); ?> (pg_version() crashes when called on a connection to cockroach).</li> 6305</ul></li> 6306<li>Readline: 6307<ul> 6308 <li><?php bugfix(75775); ?> (readline_read_history segfaults with empty file).</li> 6309</ul></li> 6310<li>SAPI: 6311<ul> 6312 <li><?php bugfix(75735); ?> ([embed SAPI] Segmentation fault in sapi_register_post_entry).</li> 6313</ul></li> 6314<li>SOAP: 6315<ul> 6316 <li><?php bugfix(70469); ?> (SoapClient generates E_ERROR even if exceptions=1 is used).</li> 6317 <li><?php bugfix(75502); ?> (Segmentation fault in zend_string_release).</li> 6318</ul></li> 6319<li>SPL: 6320<ul> 6321 <li><?php bugfix(75717); ?> (RecursiveArrayIterator does not traverse arrays by reference).</li> 6322 <li><?php bugfix(75242); ?> (RecursiveArrayIterator doesn't have constants from parent class).</li> 6323 <li><?php bugfix(73209); ?> (RecursiveArrayIterator does not iterate object properties).</li> 6324</ul></li> 6325<li>Standard: 6326<ul> 6327 <li><?php bugfix(75781); ?> (substr_count incorrect result).</li> 6328</ul></li> 6329</ul> 6330<!-- }}} --></section> 6331 6332<section class="version" id="7.1.13"><!-- {{{ 7.1.13 --> 6333<h3>Version 7.1.13</h3> 6334<b><?php release_date('04-Jan-2018'); ?></b> 6335<ul><li>Core: 6336<ul> 6337 <li><?php bugfix(75573); ?> (Segmentation fault in 7.1.12 and 7.0.26).</li> 6338 <li><?php bugfix(75384); ?> (PHP seems incompatible with OneDrive files on demand).</li> 6339 <li><?php bugfix(74862); ?> (Unable to clone instance when private __clone defined).</li> 6340 <li><?php bugfix(75074); ?> (php-process crash when is_file() is used with strings longer 260 chars).</li> 6341</ul></li> 6342<li>CLI Server: 6343<ul> 6344 <li><?php bugfix(60471); ?> (Random "Invalid request (unexpected EOF)" using a router script).</li> 6345 <li><?php bugfix(73830); ?> (Directory does not exist).</li> 6346</ul></li> 6347<li>FPM: 6348<ul> 6349 <li><?php bugfix(64938); ?> (libxml_disable_entity_loader setting is shared between requests).</li> 6350</ul></li> 6351<li>GD: 6352<ul> 6353 <li><?php bugfix(75571); ?> (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)</li> 6354</ul></li> 6355<li>Opcache: 6356<ul> 6357 <li><?php bugfix(75608); ?> ("Narrowing occurred during type inference" error).</li> 6358 <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li> 6359 <li><?php bugfix(75570); ?> ("Narrowing occurred during type inference" error).</li> 6360</ul></li> 6361<li>PCRE: 6362<ul> 6363 <li><?php bugfix(74183); ?> (preg_last_error not returning error code after error).</li> 6364</ul></li> 6365<li>Phar: 6366<ul> 6367 <li><?php bugfix(74782); ?> (Reflected XSS in .phar 404 page). (CVE-2018-5712)</li> 6368</ul></li> 6369<li>Standard: 6370<ul> 6371 <li><?php bugfix(75511); ?> (fread not free unused buffer).</li> 6372 <li><?php bugfix(75514); ?> (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)</li> 6373 <li><?php bugfix(75535); ?> (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)</li> 6374 <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li> 6375 <li><?php bugfix(73124); ?> (php_ini_scanned_files() not reporting correctly).</li> 6376 <li><?php bugfix(75574); ?> (putenv does not work properly if parameter contains non-ASCII unicode character).</li> 6377</ul></li> 6378<li>Zip: 6379<ul> 6380 <li><?php bugfix(75540); ?> (Segfault with libzip 1.3.1).</li> 6381</ul></li> 6382</ul> 6383<!-- }}} --></section> 6384 6385 6386<section class="version" id="7.1.12"><!-- {{{ 7.1.12 --> 6387<h3>Version 7.1.12</h3> 6388<b><?php release_date('23-Nov-2017'); ?></b> 6389<ul><li>Core: 6390<ul> 6391 <li><?php bugfix(75420); ?> (Crash when modifing property name in __isset for BP_VAR_IS).</li> 6392 <li><?php bugfix(75368); ?> (mmap/munmap trashing on unlucky allocations).</li> 6393</ul></li> 6394<li>CLI: 6395<ul> 6396 <li><?php bugfix(75287); ?> (Builtin webserver crash after chdir in a shutdown function).</li> 6397</ul></li> 6398<li>Enchant: 6399<ul> 6400 <li><?php bugfix(53070); ?> (enchant_broker_get_path crashes if no path is set).</li> 6401 <li><?php bugfix(75365); ?> (Enchant still reports version 1.1.0).</li> 6402</ul></li> 6403<li>Exif: 6404<ul> 6405 <li><?php bugfix(75301); ?> (Exif extension has built in revision version).</li> 6406</ul></li> 6407<li>GD: 6408<ul> 6409 <li><?php bugfix(65148); ?> (imagerotate may alter image dimensions).</li> 6410 <li><?php bugfix(75437); ?> (Wrong reflection on imagewebp).</li> 6411</ul></li> 6412<li>intl: 6413<ul> 6414 <li><?php bugfix(75317); ?> (UConverter::setDestinationEncoding changes source instead of destination).</li> 6415</ul></li> 6416<li>interbase: 6417<ul> 6418 <li><?php bugfix(75453); ?> (Incorrect reflection for ibase_[p]connect).</li> 6419</ul></li> 6420<li>Mysqli: 6421<ul> 6422 <li><?php bugfix(75434); ?> (Wrong reflection for mysqli_fetch_all function).</li> 6423</ul></li> 6424<li>OCI8: 6425<ul> 6426 <li>Fixed valgrind issue.</li> 6427</ul></li> 6428<li>OpenSSL: 6429<ul> 6430 <li><?php bugfix(75363); ?> (openssl_x509_parse leaks memory).</li> 6431 <li><?php bugfix(75307); ?> (Wrong reflection for openssl_open function).</li> 6432</ul></li> 6433<li>Opcache: 6434<ul> 6435 <li><?php bugfix(75373); ?> (Warning Internal error: wrong size calculation).</li> 6436</ul></li> 6437<li>PGSQL: 6438<ul> 6439 <li><?php bugfix(75419); ?> (Default link incorrectly cleared/linked by pg_close()).</li> 6440</ul></li> 6441<li>SOAP: 6442<ul> 6443 <li><?php bugfix(75464); ?> (Wrong reflection on SoapClient::__setSoapHeaders).</li> 6444</ul></li> 6445<li>Zlib: 6446<ul> 6447 <li><?php bugfix(75299); ?> (Wrong reflection on inflate_init and inflate_add).</li> 6448</ul></li> 6449</ul> 6450<!-- }}} --></section> 6451 6452<section class="version" id="7.1.11"><!-- {{{ 7.1.11 --> 6453<h3>Version 7.1.11</h3> 6454<b><?php release_date('26-Oct-2017'); ?></b> 6455<ul><li>Core: 6456<ul> 6457 <li><?php bugfix(75241); ?> (Null pointer dereference in zend_mm_alloc_small()).</li> 6458 <li><?php bugfix(75236); ?> (infinite loop when printing an error-message).</li> 6459 <li><?php bugfix(75252); ?> (Incorrect token formatting on two parse errors in one request).</li> 6460 <li><?php bugfix(75220); ?> (Segfault when calling is_callable on parent).</li> 6461 <li><?php bugfix(75290); ?> (debug info of Closures of internal functions contain garbage argument names).</li> 6462</ul></li> 6463<li>Date: 6464<ul> 6465 <li><?php bugfix(75055); ?> (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)</li> 6466</ul></li> 6467<li>Apache2Handler: 6468<ul> 6469 <li><?php bugfix(75311); ?> (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).</li> 6470</ul></li> 6471<li>Hash: 6472<ul> 6473 <li><?php bugfix(75303); ?> (sha3 hangs on bigendian).</li> 6474</ul></li> 6475<li>Intl: 6476<ul> 6477 <li><?php bugfix(75318); ?> (The parameter of UConverter::getAliases() is not optional).</li> 6478</ul></li> 6479<li>litespeed: 6480<ul> 6481 <li><?php bugfix(75248); ?> (Binary directory doesn't get created when building only litespeed SAPI).</li> 6482 <li><?php bugfix(75251); ?> (Missing program prefix and suffix).</li> 6483</ul></li> 6484<li>mcrypt: 6485<ul> 6486 <li><?php bugfix(72535); ?> (arcfour encryption stream filter crashes php).</li> 6487</ul></li> 6488<li>MySQLi: 6489<ul> 6490 <li><?php bugfix(75018); ?> (Data corruption when reading fields of bit type).</li> 6491</ul></li> 6492<li>OCI8: 6493<ul> 6494 <li>Fixed incorrect reference counting.</li> 6495</ul></li> 6496<li>Opcache: 6497<ul> 6498 <li><?php bugfix(75255); ?> (Request hangs and not finish).</li> 6499</ul></li> 6500<li>PCRE: 6501<ul> 6502 <li><?php bugfix(75207); ?> (applied upstream patch for CVE-2016-1283).</li> 6503</ul></li> 6504<li>PDO_mysql: 6505<ul> 6506 <li><?php bugfix(75177); ?> (Type 'bit' is fetched as unexpected string).</li> 6507</ul></li> 6508<li>SPL: 6509<ul> 6510 <li><?php bugfix(73629); ?> (SplDoublyLinkedList::setIteratorMode masks intern flags).</li> 6511</ul></li> 6512</ul> 6513<!-- }}} --></section> 6514 6515<section class="version" id="7.1.10"><!-- {{{ 7.1.10 --> 6516<h3>Version 7.1.10</h3> 6517<b><?php release_date('28-Sep-2017'); ?></b> 6518<ul><li>Core: 6519<ul> 6520 <li><?php bugfix(75042); ?> (run-tests.php issues with EXTENSION block).</li> 6521</ul></li> 6522<li>BCMath: 6523<ul> 6524 <li><?php bugfix(44995); ?> (bcpowmod() fails if scale != 0).</li> 6525 <li><?php bugfix(46781); ?> (BC math handles minus zero incorrectly).</li> 6526 <li><?php bugfix(54598); ?> (bcpowmod() may return 1 if modulus is 1).</li> 6527 <li><?php bugfix(75178); ?> (bcpowmod() misbehaves for non-integer base or modulus).</li> 6528</ul></li> 6529<li>CLI server: 6530<ul> 6531 <li><?php bugfix(70470); ?> (Built-in server truncates headers spanning over TCP packets).</li> 6532</ul></li> 6533<li>CURL: 6534<ul> 6535 <li><?php bugfix(75093); ?> (OpenSSL support not detected).</li> 6536</ul></li> 6537<li>GD: 6538<ul> 6539 <li><?php bugfix(75124); ?> (gdImageGrayScale() may produce colors).</li> 6540 <li><?php bugfix(75139); ?> (libgd/gd_interpolation.c:1786: suspicious if ?).</li> 6541</ul></li> 6542<li>Gettext: 6543<ul> 6544 <li><?php bugfix(73730); ?> (textdomain(null) throws in strict mode).</li> 6545</ul></li> 6546<li>Intl: 6547<ul> 6548 <li><?php bugfix(75090); ?> (IntlGregorianCalendar doesn't have constants from parent class).</li> 6549 <li><?php bugfix(75193); ?> (segfault in collator_convert_object_to_string).</li> 6550</ul></li> 6551<li>PDO_OCI: 6552<ul> 6553 <li><?php bugfix(74631); ?> (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).</li> 6554</ul></li> 6555<li>SPL: 6556<ul> 6557 <li><?php bugfix(75155); ?> (AppendIterator::append() is broken when appending another AppendIterator).</li> 6558 <li><?php bugfix(75173); ?> (incorrect behavior of AppendIterator::append in foreach loop).</li> 6559</ul></li> 6560<li>Standard: 6561<ul> 6562 <li><?php bugfix(75152); ?> (signed integer overflow in parse_iv).</li> 6563 <li><?php bugfix(75097); ?> (gethostname fails if your host name is 64 chars long).</li> 6564</ul></li> 6565</ul> 6566<!-- }}} --></section> 6567 6568<section class="version" id="7.1.9"><!-- {{{ 7.1.9 --> 6569<h3>Version 7.1.9</h3> 6570<b><?php release_date('31-Aug-2017'); ?></b> 6571<ul><li>Core: 6572<ul> 6573 <li><?php bugfix(74947); ?> (Segfault in scanner on INF number).</li> 6574 <li><?php bugfix(74954); ?> (null deref and segfault in zend_generator_resume()).</li> 6575 <li><?php bugfix(74725); ?> (html_errors=1 breaks unhandled exceptions).</li> 6576 <li><?php bugfix(75063); ?> (Main CWD initialized with wrong codepage).</li> 6577 <li><?php bugfix(75349); ?> (NAN comparison).</li> 6578</ul></li> 6579<li>cURL: 6580<ul> 6581 <li><?php bugfix(74125); ?> (Fixed finding CURL on systems with multiarch support).</li> 6582</ul></li> 6583<li>Date: 6584<ul> 6585 <li><?php bugfix(75002); ?> (Null Pointer Dereference in timelib_time_clone).</li> 6586</ul></li> 6587<li>Intl: 6588<ul> 6589 <li><?php bugfix(74993); ?> (Wrong reflection on some locale_* functions).</li> 6590</ul></li> 6591<li>Mbstring: 6592<ul> 6593 <li><?php bugfix(71606); ?> (Segmentation fault mb_strcut with HTML-ENTITIES encoding).</li> 6594 <li><?php bugfix(62934); ?> (mb_convert_kana() does not convert iteration marks).</li> 6595 <li><?php bugfix(75001); ?> (Wrong reflection on mb_eregi_replace).</li> 6596</ul></li> 6597<li>MySQLi: 6598<ul> 6599 <li><?php bugfix(74968); ?> (PHP crashes when calling mysqli_result::fetch_object with an abstract class).</li> 6600</ul></li> 6601<li>OCI8: 6602<ul> 6603 <li>Expose oci_unregister_taf_callback() (Tianfang Yang)</li> 6604</ul></li> 6605<li>Opcache: 6606<ul> 6607 <li><?php bugfix(74980); ?> (Narrowing occurred during type inference).</li> 6608</ul></li> 6609<li>phar: 6610<ul> 6611 <li><?php bugfix(74991); ?> (include_path has a 4096 char limit in some cases).</li> 6612</ul></li> 6613<li>Reflection: 6614<ul> 6615 <li><?php bugfix(74949); ?> (null pointer dereference in _function_string).</li> 6616</ul></li> 6617<li>Session: 6618<ul> 6619 <li><?php bugfix(74892); ?> (Url Rewriting (trans_sid) not working on urls that start with "#").</li> 6620 <li><?php bugfix(74833); ?> (SID constant created with wrong module number).</li> 6621</ul></li> 6622<li>SimpleXML: 6623<ul> 6624 <li><?php bugfix(74950); ?> (nullpointer deref in simplexml_element_getDocNamespaces).</li> 6625</ul></li> 6626<li>SPL: 6627<ul> 6628 <li><?php bugfix(75049); ?> (spl_autoload_unregister can't handle spl_autoload_functions results).</li> 6629 <li><?php bugfix(74669); ?> (Unserialize ArrayIterator broken).</li> 6630 <li><?php bugfix(74977); ?> (Appending AppendIterator leads to segfault).</li> 6631 <li><?php bugfix(75015); ?> (Crash in recursive iterator destructors).</li> 6632</ul></li> 6633<li>Standard: 6634<ul> 6635 <li><?php bugfix(75075); ?> (unpack with X* causes infinity loop).</li> 6636 <li><?php bugfix(74103); ?> (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)</li> 6637 <li><?php bugfix(75054); ?> (A Denial of Service Vulnerability was found when performing deserialization).</li> 6638</ul></li> 6639<li>WDDX: 6640<ul> 6641 <li><?php bugfix(73793); ?> (WDDX uses wrong decimal seperator).</li> 6642</ul></li> 6643<li>XMLRPC: 6644<ul> 6645 <li><?php bugfix(74975); ?> (Incorrect xmlrpc serialization for classes with declared properties).</li> 6646</ul></li> 6647</ul> 6648<!-- }}} --></section> 6649 6650 6651<section class="version" id="7.1.8"><!-- {{{ 7.1.8 --> 6652<h3>Version 7.1.8</h3> 6653<b><?php release_date('03-Aug-2017'); ?></b> 6654<ul><li>Core: 6655<ul> 6656 <li><?php bugfix(74832); ?> (Loading PHP extension with already registered function name leads to a crash).</li> 6657 <li><?php bugfix(74780); ?> (parse_url() broken when query string contains colon).</li> 6658 <li><?php bugfix(74761); ?> (Unary operator expected error on some systems).</li> 6659 <li><?php bugfix(73900); ?> (Use After Free in unserialize() SplFixedArray).</li> 6660 <li><?php bugfix(74923); ?> (Crash when crawling through network share).</li> 6661 <li><?php bugfix(74913); ?> (fixed incorrect poll.h include).</li> 6662 <li><?php bugfix(74906); ?> (fixed incorrect errno.h include).</li> 6663</ul></li> 6664<li>Date: 6665<ul> 6666 <li><?php bugfix(74852); ?> (property_exists returns true on unknown DateInterval property).</li> 6667</ul></li> 6668<li>OCI8: 6669<ul> 6670 <li><?php bugfix(74625); ?> (Integer overflow in oci_bind_array_by_name).</li> 6671</ul></li> 6672<li>Opcache: 6673<ul> 6674 <li><?php bugfix(74623); ?> (Infinite loop in type inference when using HTMLPurifier).</li> 6675</ul></li> 6676<li>OpenSSL: 6677<ul> 6678 <li><?php bugfix(74798); ?> (pkcs7_en/decrypt does not work if \x0a is used in content).</li> 6679 <li>Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug <?php bugl(71917); ?> (openssl_open() returns junk on envelope < 16 bytes) and bug <?php bugl(72362); ?> (OpenSSL Blowfish encryption is incorrect for short keys).</li> 6680</ul></li> 6681<li>PDO: 6682<ul> 6683 <li><?php bugfix(69356); ?> (PDOStatement::debugDumpParams() truncates query).</li> 6684</ul></li> 6685<li>SPL: 6686<ul> 6687 <li><?php bugfix(73471); ?> (PHP freezes with AppendIterator).</li> 6688</ul></li> 6689<li>SQLite3: 6690<ul> 6691 <li><?php bugfix(74883); ?> (SQLite3::__construct() produces "out of memory" exception with invalid flags).</li> 6692</ul></li> 6693<li>Wddx: 6694<ul> 6695 <li><?php bugfix(73173); ?> (huge memleak when wddx_unserialize).</li> 6696 <li><?php bugfix(74145); ?> (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)</li> 6697</ul></li> 6698<li>zlib: 6699<ul> 6700 <li><?php bugfix(73944); ?> (dictionary option of inflate_init() does not work).</li> 6701</ul></li> 6702</ul> 6703<!-- }}} --></section> 6704 6705<section class="version" id="7.1.7"><!-- {{{ 7.1.7 --> 6706<h3>Version 7.1.7</h3> 6707<b><?php release_date('06-Jul-2017'); ?></b> 6708<ul><li>Core: 6709<ul> 6710 <li><?php bugfix(74738); ?> (Multiple [PATH=] and [HOST=] sections not properly parsed).</li> 6711 <li><?php bugfix(74658); ?> (Undefined constants in array properties result in broken properties).</li> 6712 <li>Fixed misparsing of abstract unix domain socket names.</li> 6713 <li><?php bugfix(74603); ?> (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)</li> 6714 <li><?php bugfix(74101); ?> (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)</li> 6715 <li><?php bugfix(74111); ?> (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)</li> 6716 <li><?php bugfix(74819); ?> (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)</li> 6717</ul></li> 6718<li>Date: 6719<ul> 6720 <li><?php bugfix(74639); ?> (implement clone for DatePeriod and DateInterval).</li> 6721</ul></li> 6722<li>DOM: 6723<ul> 6724 <li><?php bugfix(69373); ?> (References to deleted XPath query results).</li> 6725</ul></li> 6726<li>GD: 6727<ul> 6728 <li><?php bugfix(74435); ?> (Buffer over-read into uninitialized memory). (CVE-2017-7890)</li> 6729</ul></li> 6730<li>Intl: 6731<ul> 6732 <li><?php bugfix(73473); ?> (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)</li> 6733 <li><?php bugfix(74705); ?> (Wrong reflection on Collator::getSortKey and collator_get_sort_key).</li> 6734</ul></li> 6735<li>Mbstring: 6736<ul> 6737 <li>Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)</li> 6738</ul></li> 6739<li>OCI8: 6740<ul> 6741 <li>Add TAF callback (PR <?php githubissuel('php/php-src', 2459); ?>).</li> 6742</ul></li> 6743<li>Opcache: 6744<ul> 6745 <li><?php bugfix(74663); ?> (Segfault with opcache.memory_protect and validate_timestamp).</li> 6746 <li>Revert opcache.enable_cli to default disabled.</li> 6747</ul></li> 6748<li>OpenSSL: 6749<ul> 6750 <li><?php bugfix(74720); ?> (pkcs7_en/decrypt does not work if \x1a is used in content).</li> 6751 <li><?php bugfix(74651); ?> (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)</li> 6752</ul></li> 6753<li>PDO_OCI: 6754<ul> 6755 <li>Support Instant Client 12.2 in --with-pdo-oci configure option.</li> 6756</ul></li> 6757<li>Reflection: 6758<ul> 6759 <li><?php bugfix(74673); ?> (Segfault when cast Reflection object to string with undefined constant).</li> 6760</ul></li> 6761<li>SPL: 6762<ul> 6763 <li><?php bugfix(74478); ?> (null coalescing operator failing with SplFixedArray).</li> 6764</ul></li> 6765<li>FTP: 6766<ul> 6767 <li><?php bugfix(74598); ?> (ftp:// wrapper ignores context arg).</li> 6768</ul></li> 6769<li>PHAR: 6770<ul> 6771 <li><?php bugfix(74386); ?> (Phar::__construct reflection incorrect).</li> 6772</ul></li> 6773<li>SOAP: 6774<ul> 6775 <li><?php bugfix(74679); ?> (Incorrect conversion array with WSDL_CACHE_MEMORY).</li> 6776</ul></li> 6777<li>Streams: 6778<ul> 6779 <li><?php bugfix(74556); ?> (stream_socket_get_name() returns '\0').</li> 6780</ul></li> 6781</ul> 6782<!-- }}} --></section> 6783 6784<section class="version" id="7.1.6"><!-- {{{ 7.1.6 --> 6785<h3>Version 7.1.6</h3> 6786<b><?php release_date('07-Jun-2017'); ?></b> 6787<ul><li>Core: 6788<ul> 6789 <li><?php bugfix(74600); ?> (crash (SIGSEGV) in _zend_hash_add_or_update_i).</li> 6790 <li><?php bugfix(74546); ?> (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).</li> 6791 <li><?php bugfix(74589); ?> (__DIR__ wrong for unicode character).</li> 6792</ul></li> 6793<li>intl: 6794<ul> 6795 <li><?php bugfix(74468); ?> (wrong reflection on Collator::sortWithSortKeys).</li> 6796</ul></li> 6797<li>MySQLi: 6798<ul> 6799 <li><?php bugfix(74547); ?> (mysqli::change_user() doesn't accept null as $database argument w/strict_types).</li> 6800</ul></li> 6801<li>Opcache: 6802<ul> 6803 <li><?php bugfix(74596); ?> (SIGSEGV with opcache.revalidate_path enabled).</li> 6804</ul></li> 6805<li>phar: 6806<ul> 6807 <li><?php bugfix(51918); ?> (Phar::webPhar() does not handle requests sent through PUT and DELETE method).</li> 6808</ul></li> 6809<li>Readline: 6810<ul> 6811 <li><?php bugfix(74490); ?> (readline() moves the cursor to the beginning of the line).</li> 6812</ul></li> 6813<li>Standard: 6814<ul> 6815 <li><?php bugfix(74510); ?> (win32/sendmail.c anchors CC header but not BCC).</li> 6816</ul></li> 6817<li>xmlreader: 6818<ul> 6819 <li><?php bugfix(74457); ?> (Wrong reflection on XMLReader::expand).</li> 6820</ul></li> 6821</ul> 6822<!-- }}} --></section> 6823 6824<section class="version" id="7.1.5"><!-- {{{ 7.1.5 --> 6825<h3>Version 7.1.5</h3> 6826<b><?php release_date('11-May-2017'); ?></b> 6827<ul><li>Core: 6828<ul> 6829 <li><?php bugfix(74408); ?> (Endless loop bypassing execution time limit).</li> 6830 <li><?php bugfix(74353); ?> (Segfault when killing within bash script trap code).</li> 6831 <li><?php bugfix(74340); ?> (Magic function __get has different behavior in php 7.1.x).</li> 6832 <li><?php bugfix(74188); ?> (Null coalescing operator fails for undeclared static class properties).</li> 6833 <li><?php bugfix(74444); ?> (multiple catch freezes in some cases).</li> 6834 <li><?php bugfix(74410); ?> (stream_select() is broken on Windows Nanoserver).</li> 6835 <li><?php bugfix(74337); ?> (php-cgi.exe crash on facebook callback).</li> 6836</ul></li> 6837<li>Date: 6838<ul> 6839 <li><?php bugfix(74404); ?> (Wrong reflection on DateTimeZone::getTransitions).</li> 6840 <li><?php bugfix(74080); ?> (add constant for RFC7231 format datetime).</li> 6841</ul></li> 6842<li>DOM: 6843<ul> 6844 <li><?php bugfix(74416); ?> (Wrong reflection on DOMNode::cloneNode).</li> 6845</ul></li> 6846<li>Fileinfo: 6847<ul> 6848 <li><?php bugfix(74379); ?> (syntax error compile error in libmagic/apprentice.c).</li> 6849</ul></li> 6850<li>GD: 6851<ul> 6852 <li><?php bugfix(74343); ?> (compile fails on solaris 11 with system gd2 library).</li> 6853</ul></li> 6854<li>MySQLnd: 6855<ul> 6856 <li><?php bugfix(74376); ?> (Invalid free of persistent results on error/connection loss).</li> 6857</ul></li> 6858<li>Intl: 6859<ul> 6860 <li><?php bugfix(65683); ?> (Intl does not support DateTimeImmutable).</li> 6861 <li><?php bugfix(74298); ?> (IntlDateFormatter->format() doesn't return microseconds/fractions).</li> 6862 <li><?php bugfix(74433); ?> (wrong reflection for Normalizer methods).</li> 6863 <li><?php bugfix(74439); ?> (wrong reflection for Locale methods).</li> 6864</ul></li> 6865<li>Opcache: 6866<ul> 6867 <li><?php bugfix(74456); ?> (Segmentation error while running a script in CLI mode).</li> 6868 <li><?php bugfix(74431); ?> (foreach infinite loop).</li> 6869 <li><?php bugfix(74442); ?> (Opcached version produces a nested array).</li> 6870</ul></li> 6871<li>OpenSSL: 6872<ul> 6873 <li><?php bugfix(73833); ?> (null character not allowed in openssl_pkey_get_private).</li> 6874 <li><?php bugfix(73711); ?> (Segfault in openssl_pkey_new when generating DSA or DH key).</li> 6875 <li><?php bugfix(74341); ?> (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).</li> 6876</ul></li> 6877<li>phar: 6878<ul> 6879 <li><?php bugfix(74383); ?> (phar method parameters reflection correction).</li> 6880</ul></li> 6881<li>Readline: 6882<ul> 6883 <li><?php bugfix(74489); ?> (readline() immediately returns false in interactive console mode).</li> 6884</ul></li> 6885<li>Standard: 6886<ul> 6887 <li><?php bugfix(72071); ?> (setcookie allows max-age to be negative).</li> 6888 <li><?php bugfix(74361); ?> (Compaction in array_rand() violates COW).</li> 6889</ul></li> 6890<li>Streams: 6891<ul> 6892 <li><?php bugfix(74429); ?> (Remote socket URI with unique persistence identifier broken).</li> 6893</ul></li> 6894</ul> 6895<!-- }}} --></section> 6896 6897<section class="version" id="7.1.4"><!-- {{{ 7.1.4 --> 6898<h3>Version 7.1.4</h3> 6899<b><?php release_date('13-Apr-2017'); ?></b> 6900<ul><li>Core: 6901<ul> 6902 <li><?php bugfix(74149); ?> (static embed SAPI linkage error).</li> 6903 <li><?php bugfix(73370); ?> (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).</li> 6904 <li><?php bugfix(73960); ?> (Leak with instance method calling static method with referenced return).</li> 6905 <li><?php bugfix(69676); ?> (Resolution of self::FOO in class constants not correct).</li> 6906 <li><?php bugfix(74265); ?> (Build problems after 7.0.17 release: undefined reference to `isfinite').</li> 6907 <li><?php bugfix(74302); ?> (yield fromLABEL is over-greedy).</li> 6908</ul></li> 6909<li>Apache: 6910<ul> 6911 <li>Reverted patch for bug <?php bugl(61471); ?>, fixes bug <?php bugl(74318); ?>.</li> 6912</ul></li> 6913<li>Date: 6914<ul> 6915 <li><?php bugfix(72096); ?> (Swatch time value incorrect for dates before 1970).</li> 6916</ul></li> 6917<li>DOM: 6918<ul> 6919 <li><?php bugfix(74004); ?> (LIBXML_NOWARNING flag ingnored on loadHTML*).</li> 6920</ul></li> 6921<li>iconv: 6922<ul> 6923 <li><?php bugfix(74230); ?> (iconv fails to fail on surrogates).</li> 6924</ul></li> 6925<li>Opcache: 6926<ul> 6927 <li><?php bugfix(74250); ?> (OPcache compilation performance regression in PHP 5.6/7 with huge classes).</li> 6928</ul></li> 6929<li>OpenSSL: 6930<ul> 6931 <li><?php bugfix(72333); ?> (fwrite() on non-blocking SSL sockets doesn't work).</li> 6932</ul></li> 6933<li>PDO MySQL: 6934<ul> 6935 <li><?php bugfix(71003); ?> (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).</li> 6936</ul></li> 6937<li>SPL: 6938<ul> 6939 <li><?php bugfix(74058); ?> (ArrayObject can not notice changes).</li> 6940</ul></li> 6941<li>SQLite: 6942<ul> 6943 <li><?php bugfix(74217); ?> (Allow creation of deterministic sqlite functions).</li> 6944</ul></li> 6945<li>Streams: 6946<ul> 6947 <li><?php bugfix(74216); ?> (Correctly fail on invalid IP address ports).</li> 6948</ul></li> 6949<li>zlib: 6950<ul> 6951 <li><?php bugfix(74240); ?> (deflate_add can allocate too much memory).</li> 6952</ul></li> 6953</ul> 6954<!-- }}} --></section> 6955 6956<section class="version" id="7.1.3"><!-- {{{ 7.1.3 --> 6957<h3>Version 7.1.3</h3> 6958<b><?php release_date('16-Mar-2017'); ?></b> 6959<ul><li>Core: 6960<ul> 6961 <li><?php bugfix(74157); ?> (Segfault with nested generators).</li> 6962 <li><?php bugfix(74164); ?> (PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg).</li> 6963 <li><?php bugfix(74093); ?> (Maximum execution time of n+2 seconds exceed not written in error_log).</li> 6964 <li><?php bugfix(73989); ?> (PHP 7.1 Segfaults within Symfony test suite).</li> 6965 <li><?php bugfix(74084); ?> (Out of bound read - zend_mm_alloc_small).</li> 6966 <li><?php bugfix(73807); ?> (Performance problem with processing large post request). (CVE-2017-11142)</li> 6967 <li><?php bugfix(73998); ?> (array_key_exists fails on arrays created by get_object_vars).</li> 6968 <li><?php bugfix(73954); ?> (NAN check fails on Alpine Linux with musl).</li> 6969 <li><?php bugfix(73677); ?> (Generating phar.phar core dump with gcc ASAN enabled build).</li> 6970</ul></li> 6971<li>Apache: 6972<ul> 6973 <li><?php bugfix(61471); ?> (Incomplete POST does not timeout but is passed to PHP).</li> 6974</ul></li> 6975<li>Date: 6976<ul> 6977 <li><?php bugfix(73837); ?> ("new DateTime()" sometimes returns 1 second ago value).</li> 6978</ul></li> 6979<li>FPM: 6980<ul> 6981 <li><?php bugfix(69860); ?> (php-fpm process accounting is broken with keepalive).</li> 6982</ul></li> 6983<li>Hash: 6984<ul> 6985 <li><?php bugfix(73127); ?> (gost-crypto hash incorrect if input data contains long 0xFF sequence).</li> 6986</ul></li> 6987<li>GD: 6988<ul> 6989 <li><?php bugfix(74031); ?> (ReflectionFunction for imagepng is missing last two parameters).</li> 6990</ul></li> 6991<li>Mysqlnd: 6992<ul> 6993 <li><?php bugfix(74021); ?> (fetch_array broken data. Data more then MEDIUMBLOB).</li> 6994</ul></li> 6995<li>Opcache: 6996<ul> 6997 <li><?php bugfix(74019); ?> (Segfault with list).</li> 6998</ul></li> 6999<li>OpenSSL: 7000<ul> 7001 <li><?php bugfix(74022); ?> (PHP Fast CGI crashes when reading from a pfx file).</li> 7002 <li><?php bugfix(74099); ?> (Memory leak with openssl_encrypt()).</li> 7003</ul></li> 7004<li>Standard: 7005<ul> 7006 <li><?php bugfix(74005); ?> (mail.add_x_header causes RFC-breaking lone line feed).</li> 7007 <li><?php bugfix(74041); ?> (substr_count with length=0 broken).</li> 7008 <li><?php bugfix(73118); ?> (is_callable callable name reports misleading value for anonymous classes).</li> 7009 <li><?php bugfix(74105); ?> (PHP on Linux should use /dev/urandom when getrandom is not available).</li> 7010</ul></li> 7011<li>Streams: 7012<ul> 7013 <li><?php bugfix(73496); ?> (Invalid memory access in zend_inline_hash_func).</li> 7014 <li><?php bugfix(74090); ?> (stream_get_contents maxlength>-1 returns empty string).</li> 7015</ul></li> 7016</ul> 7017<!-- }}} --></section> 7018 7019<section class="version" id="7.1.2"><!-- {{{ 7.1.2 --> 7020<h3>Version 7.1.2</h3> 7021<b><?php release_date('16-Feb-2017'); ?></b> 7022<ul><li>Core: 7023<ul> 7024 <li>Improved GENERATOR_CREATE opcode handler.</li> 7025 <li><?php bugfix(73877); ?> (readlink() returns garbage for UTF-8 paths).</li> 7026 <li><?php bugfix(73876); ?> (Crash when exporting **= in expansion of assign op).</li> 7027 <li><?php bugfix(73962); ?> (bug with symlink related to cyrillic directory).</li> 7028 <li><?php bugfix(73969); ?> (segfault in debug_print_backtrace).</li> 7029 <li><?php bugfix(73994); ?> (arginfo incorrect for unpack).</li> 7030 <li><?php bugfix(73973); ?> (assertion error in debug_zval_dump).</li> 7031</ul></li> 7032<li>DOM: 7033<ul> 7034 <li><?php bugfix(54382); ?> (getAttributeNodeNS doesn't get xmlns* attributes).</li> 7035</ul></li> 7036<li>DTrace: 7037<ul> 7038 <li><?php bugfix(73965); ?> (DTrace reported as enabled when disabled).</li> 7039</ul></li> 7040<li>FCGI: 7041<ul> 7042 <li><?php bugfix(73904); ?> (php-cgi fails to load -c specified php.ini file).</li> 7043 <li><?php bugfix(72898); ?> (PHP_FCGI_CHILDREN is not included in phpinfo()).</li> 7044</ul></li> 7045<li>FPM: 7046<ul> 7047 <li><?php bugfix(69865); ?> (php-fpm does not close stderr when using syslog).</li> 7048</ul></li> 7049<li>GD: 7050<ul> 7051 <li><?php bugfix(73968); ?> (Premature failing of XBM reading).</li> 7052</ul></li> 7053<li>GMP: 7054<ul> 7055 <li><?php bugfix(69993); ?> (test for gmp.h needs to test machine includes).</li> 7056</ul></li> 7057<li>Hash: 7058<ul> 7059 <li>Added hash_hkdf() function.</li> 7060 <li><?php bugfix(73961); ?> (environmental build dependency in hash sha3 source).</li> 7061</ul></li> 7062<li>Intl: 7063<ul> 7064 <li><?php bugfix(73956); ?> (Link use CC instead of CXX).</li> 7065</ul></li> 7066<li>LDAP: 7067<ul> 7068 <li><?php bugfix(73933); ?> (error/segfault with ldap_mod_replace and opcache).</li> 7069</ul></li> 7070<li>MySQLi: 7071<ul> 7072 <li><?php bugfix(73949); ?> (leak in mysqli_fetch_object).</li> 7073</ul></li> 7074<li>Mysqlnd: 7075<ul> 7076 <li><?php bugfix(69899); ?> (segfault on close() after free_result() with mysqlnd).</li> 7077</ul></li> 7078<li>Opcache: 7079<ul> 7080 <li><?php bugfix(73983); ?> (crash on finish work with phar in cli + opcache).</li> 7081</ul></li> 7082<li>OpenSSL: 7083<ul> 7084 <li><?php bugfix(71519); ?> (add serial hex to return value array).</li> 7085 <li><?php bugfix(73692); ?> (Compile ext/openssl with openssl 1.1.0 on Win).</li> 7086 <li><?php bugfix(73978); ?> (openssl_decrypt triggers bug in PDO).</li> 7087</ul></li> 7088<li>PDO_Firebird: 7089<ul> 7090 <li><?php implemented(72583); ?> (All data are fetched as strings).</li> 7091</ul></li> 7092<li>PDO_PgSQL: 7093<ul> 7094 <li><?php bugfix(73959); ?> (lastInsertId fails to throw an exception for wrong sequence name).</li> 7095</ul></li> 7096<li>Phar: 7097<ul> 7098 <li><?php bugfix(70417); ?> (PharData::compress() doesn't close temp file).</li> 7099</ul></li> 7100<li>posix: 7101<ul> 7102 <li><?php bugfix(71219); ?> (configure script incorrectly checks for ttyname_r).</li> 7103</ul></li> 7104<li>Session: 7105<ul> 7106 <li><?php bugfix(69582); ?> (session not readable by root in CLI).</li> 7107</ul></li> 7108<li>SPL: 7109<ul> 7110 <li><?php bugfix(73896); ?> (spl_autoload() crashes when calls magic _call()).</li> 7111</ul></li> 7112<li>Standard: 7113<ul> 7114 <li><?php bugfix(69442); ?> (closing of fd incorrect when PTS enabled).</li> 7115 <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li> 7116 <li><?php bugfix(72974); ?> (imap is undefined service on AIX).</li> 7117 <li><?php bugfix(72979); ?> (money_format stores wrong length AIX).</li> 7118 <li><?php bugfix(73374); ?> (intval() with base 0 should detect binary).</li> 7119 <li><?php bugfix(69061); ?> (mail.log = syslog contains double information).</li> 7120</ul></li> 7121<li>ZIP: 7122<ul> 7123 <li><?php bugfix(70103); ?> (ZipArchive::addGlob ignores remove_all_path option).</li> 7124</ul></li> 7125</ul> 7126<!-- }}} --></section> 7127 7128<section class="version" id="7.1.1"><!-- {{{ 7.1.1 --> 7129<h3>Version 7.1.1</h3> 7130<b><?php release_date('19-Jan-2017'); ?></b> 7131<ul> 7132 <li> 7133 Core 7134 <ul> 7135 <li><?php bugfix(73792); ?> (invalid foreach loop hangs script).</li> 7136 <li><?php bugfix(73686); ?> (Adding settype()ed values to ArrayObject results in references).</li> 7137 <li><?php bugfix(73663); ?> ("Invalid opcode 65/16/8" occurs with a variable created with list()).</li> 7138 <li><?php bugfix(73727); ?> (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h).</li> 7139 <li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li> 7140 <li><?php bugfix(73783); ?> (SIG_IGN doesn't work when Zend Signals is enabled).</li> 7141 <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li> 7142 <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li> 7143 <li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()). (CVE-2017-5340)</li> 7144 <li><?php bugfix(73092); ?> (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)</li> 7145 </ul> 7146 </li> 7147 <li> 7148 CLI 7149 <ul> 7150 <li><?php bugfix(72555); ?> (CLI output(japanese) on Windows).</li> 7151 </ul> 7152 </li> 7153 <li> 7154 COM 7155 <ul> 7156 <li><?php bugfix(73679); ?> (DOTNET read access violation using invalid codepage).</li> 7157 </ul> 7158 </li> 7159 <li> 7160 DOM 7161 <ul> 7162 <li><?php bugfix(67474); ?> (getElementsByTagNameNS filter on default ns).</li> 7163 </ul> 7164 </li> 7165 <li> 7166 EXIF 7167 <ul> 7168 <li><?php bugfix(73737); ?> (FPE when parsing a tag format). (CVE-2016-10158)</li> 7169 </ul> 7170 </li> 7171 <li> 7172 GD 7173 <ul> 7174 <li><?php bugfix(73869); ?> (Signed Integer Overflow gd_io.c). (CVE-2016-10168)</li> 7175 <li><?php bugfix(73868); ?> (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)</li> 7176 </ul> 7177 </li> 7178 <li> 7179 mbstring 7180 <ul> 7181 <li><?php bugfix(73646); ?> (mb_ereg_search_init null pointer dereference).</li> 7182 </ul> 7183 </li> 7184 <li> 7185 MySQLi 7186 <ul> 7187 <li><?php bugfix(73462); ?> (Persistent connections don't set $connect_errno).</li> 7188 </ul> 7189 </li> 7190 <li> 7191 mysqlnd 7192 <ul> 7193 <li>Optimized handling of BIT fields - less memory copies and lower memory usage.</li> 7194 <li><?php bugfix(73800); ?> (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).</li> 7195 </ul> 7196 </li> 7197 <li> 7198 opcache 7199 <ul> 7200 <li><?php bugfix(73789); ?> (Strange behavior of class constants in switch/case block).</li> 7201 <li><?php bugfix(73746); ?> (Method that returns string returns UNKNOWN:0 instead).</li> 7202 <li><?php bugfix(73654); ?> (Segmentation fault in zend_call_function).</li> 7203 <li><?php bugfix(73668); ?> ("SIGFPE Arithmetic exception" in opcache when divide by minus 1).</li> 7204 <li><?php bugfix(73847); ?> (Recursion when a variable is redefined as array).</li> 7205 </ul> 7206 </li> 7207 <li> 7208 PDO Firebird 7209 <ul> 7210 <li><?php bugfix(72931); ?> (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).</li> 7211 </ul> 7212 </li> 7213 <li>Phar: 7214 <ul> 7215 <li><?php bugfix(73773); ?> (Seg fault when loading hostile phar). (CVE-2017-11147)</li> 7216 <li><?php bugfix(73768); ?> (Memory corruption when loading hostile phar). (CVE-2016-10160)</li> 7217 <li><?php bugfix(73764); ?> (Crash while loading hostile phar archive). (CVE-2016-10159)</li> 7218 </ul></li> 7219 <li> 7220 phpdbg 7221 <ul> 7222 <li><?php bugfix(73794); ?> (Crash (out of memory) when using run and # command separator).</li> 7223 <li><?php bugfix(73704); ?> (phpdbg shows the wrong line in files with shebang).</li> 7224 </ul> 7225 </li> 7226 <li> 7227 SQLite3 7228 <ul> 7229 <li>Reverted fix for <?php bugfix(73530); ?> (Unsetting result set may reset other result set).</li> 7230 </ul> 7231 </li> 7232 <li> 7233 Standard 7234 <ul> 7235 <li><?php bugfix(73594); ?> (dns_get_record does not populate $additional out parameter).</li> 7236 <li><?php bugfix(70213); ?> (Unserialize context shared on double class lookup).</li> 7237 <li><?php bugfix(73154); ?> (serialize object with __sleep function crash).</li> 7238 <li><?php bugfix(70490); ?> (get_browser function is very slow).</li> 7239 <li><?php bugfix(73265); ?> (Loading browscap.ini at startup causes high memory usage).</li> 7240 <li>(add subject to mail log).</li> 7241 <li><?php bugfix(31875); ?> (get_defined_functions additional param to exclude disabled functions).</li> 7242 </ul> 7243 </li> 7244 <li> 7245 zlib 7246 <ul> 7247 <li><?php bugfix(73373); ?> (deflate_add does not verify that output was not truncated).</li> 7248 </ul> 7249 </li> 7250</ul> 7251<!-- }}} --></section> 7252 7253<section class="version" id="7.1.0"><!-- {{{ 7.1.0 --> 7254<h3>Version 7.1.0</h3> 7255<b><?php release_date('01-Dec-2016'); ?></b> 7256<ul><li>Core: 7257 <ul> 7258 <li>Added nullable types.</li> 7259 <li>Added DFA optimization framework based on e-SSA form.</li> 7260 <li>Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW).</li> 7261 <li>Added [] = as alternative construct to list() =.</li> 7262 <li>Added void return type.</li> 7263 <li>Added support for negative string offsets in string offset syntax and various string functions.</li> 7264 <li>Added a form of the list() construct where keys can be specified.</li> 7265 <li>Implemented safe execution timeout handling, that prevents random crashes after "Maximum execution time exceeded" error.</li> 7266 <li>Implemented the RFC `Support Class Constant Visibility`.</li> 7267 <li>Implemented the RFC `Catching multiple exception types`.</li> 7268 <li>Implemented logging to syslog with dynamic error levels.</li> 7269 <li><?php implemented(72614); ?> (Support "nmake test" on building extensions by phpize).</li> 7270 <li>Implemented RFC: Iterable.</li> 7271 <li>Implemented RFC: Closure::fromCallable (Danack)</li> 7272 <li>Implemented RFC: Replace "Missing argument" warning with "\ArgumentCountError" exception.</li> 7273 <li>Implemented RFC: Fix inconsistent behavior of $this variable.</li> 7274 <li><?php bugfix(73585); ?> (Logging of "Internal Zend error - Missing class information" missing class name).</li> 7275 <li>Fixed memory leak(null coalescing operator with Spl hash).</li> 7276 <li><?php bugfix(72736); ?> (Slow performance when fetching large dataset with mysqli / PDO).</li> 7277 <li><?php bugfix(72978); ?> (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)</li> 7278 <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li> 7279 <li><?php bugfix(72696); ?> (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)</li> 7280 <li><?php bugfix(73350); ?> (Exception::__toString() cause circular references).</li> 7281 <li><?php bugfix(73329); ?> ((Float)"Nano" == NAN).</li> 7282 <li><?php bugfix(73288); ?> (Segfault in __clone > Exception.toString > __get).</li> 7283 <li>Fixed for <?php bugl(73240); ?> (Write out of bounds at number_format).</li> 7284 <li>Fix pthreads detection when cross-compiling (ffontaine)</li> 7285 <li><?php bugfix(73337); ?> (try/catch not working with two exceptions inside a same operation).</li> 7286 <li><?php bugfix(73156); ?> (segfault on undefined function).</li> 7287 <li><?php bugfix(73163); ?> (PHP hangs if error handler throws while accessing undef const in default value).</li> 7288 <li><?php bugfix(73172); ?> (parse error: Invalid numeric literal).</li> 7289 <li><?php bugfix(73181); ?> (parse_str() without a second argument leads to crash).</li> 7290 <li><?php bugfix(73025); ?> (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).</li> 7291 <li><?php bugfix(73058); ?> (crypt broken when salt is 'too' long).</li> 7292 <li><?php bugfix(72944); ?> (Null pointer deref in zval_delref_p).</li> 7293 <li><?php bugfix(72943); ?> (assign_dim on string doesn't reset hval).</li> 7294 <li><?php bugfix(72598); ?> (Reference is lost after array_slice()).</li> 7295 <li><?php bugfix(72703); ?> (Out of bounds global memory read in BF_crypt triggered by password_verify).</li> 7296 <li><?php bugfix(72813); ?> (Segfault with __get returned by ref).</li> 7297 <li><?php bugfix(72767); ?> (PHP Segfaults when trying to expand an infinite operator).</li> 7298 <li>TypeError messages for arg_info type checks will now say "must be ... or null" where the parameter or return type accepts null.</li> 7299 <li><?php bugfix(72857); ?> (stream_socket_recvfrom read access violation).</li> 7300 <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).</li> 7301 <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability).</li> 7302 <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one).</li> 7303 <li>Fixed URL rewriter. It would not rewrite '//example.com/' URL unconditionally. URL rewrite target hosts whitelist is implemented.</li> 7304 <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li> 7305 <li><?php bugfix(72683); ?> (getmxrr broken).</li> 7306 <li><?php bugfix(72629); ?> (Caught exception assignment to variables ignores references).</li> 7307 <li><?php bugfix(72594); ?> (Calling an earlier instance of an included anonymous class fatals).</li> 7308 <li><?php bugfix(72581); ?> (previous property undefined in Exception after deserialization).</li> 7309 <li><?php bugfix(72543); ?> (Different references behavior comparing to PHP 5).</li> 7310 <li><?php bugfix(72347); ?> (VERIFY_RETURN type casts visible in finally).</li> 7311 <li><?php bugfix(72216); ?> (Return by reference with finally is not memory safe).</li> 7312 <li><?php bugfix(72215); ?> (Wrong return value if var modified in finally).</li> 7313 <li><?php bugfix(71818); ?> (Memory leak when array altered in destructor).</li> 7314 <li><?php bugfix(71539); ?> (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes).</li> 7315 <li>Added new constant PHP_FD_SETSIZE.</li> 7316 <li>Added optind parameter to getopt().</li> 7317 <li>Added PHP to SAPI error severity mapping for logs.</li> 7318 <li><?php bugfix(71911); ?> (Unable to set --enable-debug on building extensions by phpize on Windows).</li> 7319 <li><?php bugfix(29368); ?> (The destructor is called when an exception is thrown from the constructor).</li> 7320 <li>Implemented RFC: RNG Fixes.</li> 7321 <li>Implemented email validation as per RFC 6531.</li> 7322 <li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex).</li> 7323 <li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications).</li> 7324 <li><?php bugfix(72523); ?> (dtrace issue with reflection (failed test)).</li> 7325 <li><?php bugfix(72508); ?> (strange references after recursive function call and "switch" statement).</li> 7326 <li><?php bugfix(72441); ?> (Segmentation fault: RFC list_keys).</li> 7327 <li><?php bugfix(72395); ?> (list() regression).</li> 7328 <li><?php bugfix(72373); ?> (TypeError after Generator function w/declared return type finishes).</li> 7329 <li><?php bugfix(69489); ?> (tempnam() should raise notice if falling back to temp dir).</li> 7330 <li>Fixed UTF-8 and long path support on Windows.</li> 7331 <li><?php bugfix(53432); ?> (Assignment via string index access on an empty string converts to array).</li> 7332 <li><?php bugfix(62210); ?> (Exceptions can leak temporary variables).</li> 7333 <li><?php bugfix(62814); ?> (It is possible to stiffen child class members visibility).</li> 7334 <li><?php bugfix(69989); ?> (Generators don't participate in cycle GC).</li> 7335 <li><?php bugfix(70228); ?> (Memleak if return in finally block).</li> 7336 <li><?php bugfix(71266); ?> (Missing separation of properties HT in foreach etc).</li> 7337 <li><?php bugfix(71604); ?> (Aborted Generators continue after nested finally).</li> 7338 <li><?php bugfix(71572); ?> (String offset assignment from an empty string inserts null byte).</li> 7339 <li><?php bugfix(71897); ?> (ASCII 0x7F Delete control character permitted in identifiers).</li> 7340 <li><?php bugfix(72188); ?> (Nested try/finally blocks losing return value).</li> 7341 <li><?php bugfix(72213); ?> (Finally leaks on nested exceptions).</li> 7342 <li><?php bugfix(47517); ?> (php-cgi.exe missing UAC manifest).</li> 7343 <li>Change statement and fcall extension handlers to accept frame.</li> 7344 <li>Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs when given malformed numeric strings.</li> 7345 <li>(int), intval() where $base is 10 or unspecified, settype(), decbin(), decoct(), dechex(), integer operators and other conversions now always respect scientific notation in numeric strings.</li> 7346 <li>Raise a compile-time warning on octal escape sequence overflow.</li> 7347 </ul></li> 7348<li>Apache2handler: 7349 <ul> 7350 <li>Enable per-module logging in Apache 2.4+.</li> 7351 </ul></li> 7352<li>BCmath: 7353 <ul> 7354 <li><?php bugfix(73190); ?> (memcpy negative parameter _bc_new_num_ex).</li> 7355 </ul></li> 7356<li>Bz2: 7357 <ul> 7358 <li><?php bugfix(72837); ?> (integer overflow in bzdecompress caused heap corruption).</li> 7359 <li><?php bugfix(72613); ?> (Inadequate error handling in bzread()).</li> 7360 </ul></li> 7361<li>Calendar: 7362 <ul> 7363 <li>Fix integer overflows (Joshua Rogers)</li> 7364 <li><?php bugfix(67976); ?> (cal_days_month() fails for final month of the French calendar).</li> 7365 <li><?php bugfix(71894); ?> (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).</li> 7366 </ul></li> 7367<li>CLI Server: 7368 <ul> 7369 <li><?php bugfix(73360); ?> (Unable to work in root with unicode chars).</li> 7370 <li><?php bugfix(71276); ?> (Built-in webserver does not send Date header).</li> 7371 </ul></li> 7372<li>COM: 7373 <ul> 7374 <li><?php bugfix(73126); ?> (Cannot pass parameter 1 by reference).</li> 7375 <li><?php bugfix(69579); ?> (Invalid free in extension trait).</li> 7376 <li><?php bugfix(72922); ?> (COM called from PHP does not return out parameters).</li> 7377 <li><?php bugfix(72569); ?> (DOTNET/COM array parameters broke in PHP7).</li> 7378 <li><?php bugfix(72498); ?> (variant_date_from_timestamp null dereference).</li> 7379 </ul></li> 7380<li>Curl: 7381 <ul> 7382 <li>Implement support for handling HTTP/2 Server Push.</li> 7383 <li>Add curl_multi_errno(), curl_share_errno() and curl_share_strerror() functions.</li> 7384 <li><?php bugfix(72674); ?> (Heap overflow in curl_escape).</li> 7385 <li><?php bugfix(72541); ?> (size_t overflow lead to heap corruption). (Stas).</li> 7386 <li><?php bugfix(71709); ?> (curl_setopt segfault with empty CURLOPT_HTTPHEADER).</li> 7387 <li><?php bugfix(71929); ?> (CURLINFO_CERTINFO data parsing error).</li> 7388 </ul></li> 7389<li>Date: 7390 <ul> 7391 <li><?php bugfix(69587); ?> (DateInterval properties and isset).</li> 7392 <li><?php bugfix(73426); ?> (createFromFormat with 'z' format char results in incorrect time).</li> 7393 <li><?php bugfix(45554); ?> (Inconsistent behavior of the u format char).</li> 7394 <li><?php bugfix(48225); ?> (DateTime parser doesn't set microseconds for "now").</li> 7395 <li><?php bugfix(52514); ?> (microseconds are missing in DateTime class).</li> 7396 <li><?php bugfix(52519); ?> (microseconds in DateInterval are missing).</li> 7397 <li><?php bugfix(60089); ?> (DateTime::createFromFormat() U after u nukes microtime).</li> 7398 <li><?php bugfix(64887); ?> (Allow DateTime modification with subsecond items).</li> 7399 <li><?php bugfix(68506); ?> (General DateTime improvments needed for microseconds to become useful).</li> 7400 <li><?php bugfix(73109); ?> (timelib_meridian doesn't parse dots correctly).</li> 7401 <li><?php bugfix(73247); ?> (DateTime constructor does not initialise microseconds property).</li> 7402 <li><?php bugfix(73147); ?> (Use After Free in PHP7 unserialize()).</li> 7403 <li><?php bugfix(73189); ?> (Memcpy negative size parameter php_resolve_path).</li> 7404 <li><?php bugfix(66836); ?> (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).</li> 7405 <li>Invalid serialization data for a DateTime or DatePeriod object will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.</li> 7406 <li>Timezone initialization failure from serialized data will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.</li> 7407 <li>Export date_get_interface_ce() for extension use.</li> 7408 <li><?php bugfix(63740); ?> (strtotime seems to use both sunday and monday as start of week).</li> 7409 </ul></li> 7410<li>Dba: 7411 <ul> 7412 <li><?php bugfix(70825); ?> (Cannot fetch multiple values with group in ini file).</li> 7413 <li>Data modification functions (e.g.: dba_insert()) now throw an instance of Error instead of triggering a catchable fatal error if the key is does not contain exactly two elements.</li> 7414 </ul></li> 7415<li>DOM: 7416 <ul> 7417 <li><?php bugfix(73150); ?> (missing NULL check in dom_document_save_html).</li> 7418 <li><?php bugfix(66502); ?> (DOM document dangling reference).</li> 7419 <li>Invalid schema or RelaxNG validation contexts will throw an instance of Error instead of resulting in a fatal error.</li> 7420 <li>Attempting to register a node class that does not extend the appropriate base class will now throw an instance of Error instead of resulting in a fatal error.</li> 7421 <li>Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.</li> 7422 </ul></li> 7423<li>DTrace: 7424 <ul> 7425 <li>Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.</li> 7426 </ul></li> 7427<li>EXIF: 7428 <ul> 7429 <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li> 7430 <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF).</li> 7431 <li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE).</li> 7432 <li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment).</li> 7433 </ul></li> 7434<li>Filter: 7435 <ul> 7436 <li><?php bugfix(72972); ?> (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).</li> 7437 <li><?php bugfix(73054); ?> (default option ignored when object passed to int filter).</li> 7438 <li><?php bugfix(71745); ?> (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).</li> 7439 </ul></li> 7440<li>FPM: 7441 <ul> 7442 <li><?php bugfix(72575); ?> (using --allow-to-run-as-root should ignore missing user).</li> 7443 </ul></li> 7444<li>FTP: 7445 <ul> 7446 <li><?php bugfix(70195); ?> (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).</li> 7447 <li><?php implemented(55651); ?> (Option to ignore the returned FTP PASV address).</li> 7448 </ul></li> 7449<li>GD: 7450 <ul> 7451 <li><?php bugfix(73213); ?> (Integer overflow in imageline() with antialiasing).</li> 7452 <li><?php bugfix(73272); ?> (imagescale() is not affected by, but affects imagesetinterpolation()).</li> 7453 <li><?php bugfix(73279); ?> (Integer overflow in gdImageScaleBilinearPalette()).</li> 7454 <li><?php bugfix(73280); ?> (Stack Buffer Overflow in GD dynamicGetbuf).</li> 7455 <li><?php bugfix(50194); ?> (imagettftext broken on transparent background w/o alphablending).</li> 7456 <li><?php bugfix(73003); ?> (Integer Overflow in gdImageWebpCtx of gd_webp.c).</li> 7457 <li><?php bugfix(53504); ?> (imagettfbbox gives incorrect values for bounding box).</li> 7458 <li><?php bugfix(73157); ?> (imagegd2() ignores 3rd param if 4 are given).</li> 7459 <li><?php bugfix(73155); ?> (imagegd2() writes wrong chunk sizes on boundaries).</li> 7460 <li><?php bugfix(73159); ?> (imagegd2(): unrecognized formats may result in corrupted files).</li> 7461 <li><?php bugfix(73161); ?> (imagecreatefromgd2() may leak memory).</li> 7462 <li><?php bugfix(67325); ?> (imagetruecolortopalette: white is duplicated in palette).</li> 7463 <li><?php bugfix(66005); ?> (imagecopy does not support 1bit transparency on truecolor images).</li> 7464 <li><?php bugfix(72913); ?> (imagecopy() loses single-color transparency on palette images).</li> 7465 <li><?php bugfix(68716); ?> (possible resource leaks in _php_image_convert()).</li> 7466 <li><?php bugfix(72709); ?> (imagesetstyle() causes OOB read for empty $styles).</li> 7467 <li><?php bugfix(72697); ?> (select_colors write out-of-bounds).</li> 7468 <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access).</li> 7469 <li><?php bugfix(72596); ?> (imagetypes function won't advertise WEBP support).</li> 7470 <li><?php bugfix(72604); ?> (imagearc() ignores thickness for full arcs).</li> 7471 <li><?php bugfix(70315); ?> (500 Server Error but page is fully rendered).</li> 7472 <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor in blendingmode).</li> 7473 <li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li> 7474 <li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li> 7475 <li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()).</li> 7476 <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li> 7477 <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access).</li> 7478 <li><?php bugfix(72404); ?> (imagecreatefromjpeg fails on selfie).</li> 7479 <li><?php bugfix(43475); ?> (Thick styled lines have scrambled patterns).</li> 7480 <li><?php bugfix(53640); ?> (XBM images require width to be multiple of 8).</li> 7481 <li><?php bugfix(64641); ?> (imagefilledpolygon doesn't draw horizontal line).</li> 7482 </ul></li> 7483<li>Hash: 7484 <ul> 7485 <li>Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit).</li> 7486 <li>Added SHA512/256 and SHA512/224 algorithms.</li> 7487 </ul></li> 7488<li>iconv: 7489 <ul> 7490 <li><?php bugfix(72320); ?> (iconv_substr returns false for empty strings).</li> 7491 </ul></li> 7492<li>IMAP: 7493 <ul> 7494 <li><?php bugfix(73418); ?> (Integer Overflow in "_php_imap_mail" leads to crash).</li> 7495 <li>An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error.</li> 7496 </ul></li> 7497<li>Interbase: 7498 <ul> 7499 <li><?php bugfix(73512); ?> (Fails to find firebird headers as don't use fb_config output).</li> 7500 </ul></li> 7501<li>Intl: 7502 <ul> 7503 <li><?php bugfix(73007); ?> (add locale length check).</li> 7504 <li><?php bugfix(73218); ?> (add mitigation for ICU int overflow).</li> 7505 <li><?php bugfix(65732); ?> (grapheme_*() is not Unicode compliant on CR LF sequence).</li> 7506 <li><?php bugfix(73007); ?> (add locale length check).</li> 7507 <li><?php bugfix(72639); ?> (Segfault when instantiating class that extends IntlCalendar and adds a property).</li> 7508 <li><?php bugfix(72658); ?> (Locale::lookup() / locale_lookup() hangs if no match found).</li> 7509 <li>Partially fixed <?php bugl(72506); ?> (idn_to_ascii for UTS #46 incorrect for long domain names).</li> 7510 <li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access).</li> 7511 <li>Failure to call the parent constructor in a class extending Collator before invoking the parent methods will throw an instance of Error instead of resulting in a recoverable fatal error.</li> 7512 <li>Cloning a Transliterator object may will now throw an instance of Error instead of resulting in a fatal error if cloning the internal transliterator fails.</li> 7513 <li>Added IntlTimeZone::getWindowsID() and IntlTimeZone::getIDForWindowsID().</li> 7514 <li><?php bugfix(69374); ?> (IntlDateFormatter formatObject returns wrong utf8 value).</li> 7515 <li><?php bugfix(69398); ?> (IntlDateFormatter formatObject returns wrong value when time style is NONE).</li> 7516 </ul></li> 7517<li>JSON: 7518 <ul> 7519 <li>Introduced encoder struct instead of global which fixes bugs <?php bugl(66025); ?> and <?php bugl(73254); ?> related to pretty print indentation.</li> 7520 <li><?php bugfix(73113); ?> (Segfault with throwing JsonSerializable).</li> 7521 <li>Implemented earlier return when json_encode fails, fixes bugs <?php bugl(68992); ?> (Stacking exceptions thrown by JsonSerializable) and <?php bugl(70275); ?> (On recursion error, json_encode can eat up all system memory).</li> 7522 <li><?php implemented(46600); ?> ("_empty_" key in objects).</li> 7523 <li>Exported JSON parser API including json_parser_method that can be used for implementing custom logic when parsing JSON.</li> 7524 <li>Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore the previous behaviour.</li> 7525 </ul></li> 7526<li>LDAP: 7527 <ul> 7528 <li>Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error.</li> 7529 </ul></li> 7530<li>Mbstring: 7531 <ul> 7532 <li><?php bugfix(73532); ?> (Null pointer dereference in mb_eregi).</li> 7533 <li><?php bugfix(66964); ?> (mb_convert_variables() cannot detect recursion).</li> 7534 <li><?php bugfix(72992); ?> (mbstring.internal_encoding doesn't inherit default_charset).</li> 7535 <li><?php bugfix(66797); ?> (mb_substr only takes 32-bit signed integer).</li> 7536 <li><?php bugfix(72711); ?> (`mb_ereg` does not clear the `$regs` parameter on failure).</li> 7537 <li><?php bugfix(72691); ?> (mb_ereg_search raises a warning if a match zero-width).</li> 7538 <li><?php bugfix(72693); ?> (mb_ereg_search increments search position when a match zero-width).</li> 7539 <li><?php bugfix(72694); ?> (mb_ereg_search_setpos does not accept a string's last position).</li> 7540 <li><?php bugfix(72710); ?> (`mb_ereg` causes buffer overflow on regexp compile error).</li> 7541 <li>Deprecated mb_ereg_replace() eval option.</li> 7542 <li><?php bugfix(69151); ?> (mb_ereg should reject ill-formed byte sequence).</li> 7543 <li><?php bugfix(72405); ?> (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).</li> 7544 <li><?php bugfix(72399); ?> (Use-After-Free in MBString (search_re)).</li> 7545 <li>mb_ereg() and mb_eregi() will now throw an instance of ParseError if an invalid PHP expression is provided and the 'e' option is used.</li> 7546 </ul></li> 7547<li>Mcrypt: 7548 <ul> 7549 <li>Deprecated ext/mcrypt.</li> 7550 <li><?php bugfix(72782); ?> (Heap Overflow due to integer overflows).</li> 7551 <li><?php bugfix(72551); ?>, bug <?php bugl(72552); ?> (In correct casting from size_t to int lead to heap overflow in mdecrypt_generic).</li> 7552 <li>mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error instead of resulting in a fatal error if mcrypt cannot be initialized.</li> 7553 </ul></li> 7554<li>Mysqli: 7555 <ul> 7556 <li>Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.</li> 7557 </ul></li> 7558<li>Mysqlnd: 7559 <ul> 7560 <li><?php bugfix(64526); ?> (Add missing mysqlnd.* parameters to php.ini-*).</li> 7561 <li><?php bugfix(71863); ?> (Segfault when EXPLAIN with "Unknown column" error when using MariaDB).</li> 7562 <li><?php bugfix(72701); ?> (mysqli_get_host_info() wrong output).</li> 7563 </ul></li> 7564<li>OCI8: 7565 <ul> 7566 <li><?php bugfix(71148); ?> (Bind reference overwritten on PHP 7).</li> 7567 <li>Fixed invalid handle error with Implicit Result Sets.</li> 7568 <li><?php bugfix(72524); ?> (Binding null values triggers ORA-24816 error).</li> 7569 </ul></li> 7570<li>ODBC: 7571 <ul> 7572 <li><?php bugfix(73448); ?> (odbc_errormsg returns trash, always 513 bytes).</li> 7573 </ul></li> 7574<li>Opcache: 7575 <ul> 7576 <li><?php bugfix(73583); ?> (Segfaults when conditionally declared class and function have the same name).</li> 7577 <li><?php bugfix(69090); ?> (check cached files permissions)</li> 7578 <li><?php bugfix(72982); ?> (Memory leak in zend_accel_blacklist_update_regexp() function).</li> 7579 <li><?php bugfix(72949); ?> (Typo in opcache error message).</li> 7580 <li><?php bugfix(72762); ?> (Infinite loop while parsing a file with opcache enabled).</li> 7581 <li><?php bugfix(72590); ?> (Opcache restart with kill_all_lockers does not work).</li> 7582 </ul></li> 7583<li>OpenSSL: 7584 <ul> 7585 <li><?php bugfix(73478); ?> (openssl_pkey_new() generates wrong pub/priv keys with Diffie Hellman).</li> 7586 <li><?php bugfix(73276); ?> (crash in openssl_random_pseudo_bytes function).</li> 7587 <li><?php bugfix(73072); ?> (Invalid path SNI_server_certs causes segfault).</li> 7588 <li><?php bugfix(72360); ?> (ext/openssl build failure with OpenSSL 1.1.0).</li> 7589 <li>Bumped a minimal version to 1.0.1.</li> 7590 <li>Dropped support for SSL2.</li> 7591 <li><?php implemented(61204); ?> (Add elliptic curve support for OpenSSL).</li> 7592 <li><?php implemented(67304); ?> (Added AEAD support [CCM and GCM modes] to openssl_encrypt and openssl_decrypt).</li> 7593 <li>Implemented error storing to the global queue and cleaning up the OpenSSL error queue (resolves bugs <?php bugl(68276); ?> and <?php bugl(69882); ?>).</li> 7594 </ul></li> 7595<li>Pcntl: 7596 <ul> 7597 <li>Implemented asynchronous signal handling without TICKS.</li> 7598 <li>Added pcntl_signal_get_handler() that returns the current signal handler for a particular signal. Addresses FR <?php bugl(72409); ?>.</li> 7599 <li>Add siginfo to pcntl_signal() handler args (Bishop Bettini, David Walker)</li> 7600 </ul></li> 7601<li>PCRE: 7602 <ul> 7603 <li><?php bugfix(73483); ?> (Segmentation fault on pcre_replace_callback).</li> 7604 <li><?php bugfix(73612); ?> (preg_*() may leak memory).</li> 7605 <li><?php bugfix(73392); ?> (A use-after-free in zend allocator management).</li> 7606 <li><?php bugfix(73121); ?> (Bundled PCRE doesn't compile because JIT isn't supported on s390).</li> 7607 <li><?php bugfix(72688); ?> (preg_match missing group names in matches).</li> 7608 <li>Downgraded to PCRE 8.38.</li> 7609 <li><?php bugfix(72476); ?> (Memleak in jit_stack).</li> 7610 <li><?php bugfix(72463); ?> (mail fails with invalid argument).</li> 7611 <li>Upgraded to PCRE 8.39.</li> 7612 </ul></li> 7613<li>PDO: 7614 <ul> 7615 <li><?php bugfix(72788); ?> (Invalid memory access when using persistent PDO connection).</li> 7616 <li><?php bugfix(72791); ?> (Memory leak in PDO persistent connection handling).</li> 7617 <li><?php bugfix(60665); ?> (call to empty() on NULL result using PDO::FETCH_LAZY returns false).</li> 7618 </ul></li> 7619<li>PDO_DBlib: 7620 <ul> 7621 <li><?php bugfix(72414); ?> (Never quote values as raw binary data).</li> 7622 <li>Allow \PDO::setAttribute() to set query timeouts.</li> 7623 <li>Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.</li> 7624 <li>Add common PDO test suite.</li> 7625 <li>Free error and message strings when cleaning up PDO instances.</li> 7626 <li><?php bugfix(67130); ?> (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).</li> 7627 <li>Ignore potentially misleading dberr values.</li> 7628 <li>Implemented stringify 'uniqueidentifier' fields.</li> 7629 </ul></li> 7630<li>PDO_Firebird: 7631 <ul> 7632 <li><?php bugfix(73087); ?>, <?php bugl(61183) ?>, <?php bugl(71494) ?> (Memory corruption in bindParam).</li> 7633 <li><?php bugfix(60052); ?> (Integer returned as a 64bit integer on X86_64).</li> 7634 </ul></li> 7635<li>PDO_pgsql: 7636 <ul> 7637 <li><?php bugfix(70313); ?> (PDO statement fails to throw exception).</li> 7638 <li><?php bugfix(72570); ?> (Segmentation fault when binding parameters on a query without placeholders).</li> 7639 <li><?php implemented(72633); ?> (Postgres PDO lastInsertId() should work without specifying a sequence).</li> 7640 </ul></li> 7641<li>Phar: 7642 <ul> 7643 <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile).</li> 7644 <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li> 7645 </ul></li> 7646<li>phpdbg: 7647 <ul> 7648 <li>Added generator command for inspection of currently alive generators.</li> 7649 </ul></li> 7650<li>Postgres: 7651 <ul> 7652 <li><?php bugfix(73498); ?> (Incorrect SQL generated for pg_copy_to()).</li> 7653 <li><?php implemented(31021); ?> (pg_last_notice() is needed to get all notice messages).</li> 7654 <li><?php implemented(48532); ?> (Allow pg_fetch_all() to index numerically).</li> 7655 </ul></li> 7656<li>Readline: 7657 <ul> 7658 <li><?php bugfix(72538); ?> (readline_redisplay crashes php).</li> 7659 </ul></li> 7660<li>Reflection: 7661 <ul> 7662 <li>Undo backwards compatiblity break in ReflectionType->__toString() and deprecate via documentation instead.</li> 7663 <li>Reverted prepending \ for class names.</li> 7664 <li><?php implemented(38992); ?> (invoke() and invokeArgs() static method calls should match). (cmb).</li> 7665 <li>Add ReflectionNamedType::getName(). This method should be used instead of ReflectionType::__toString()</li> 7666 <li>Prepend \ for class names and ? for nullable types returned from ReflectionType::__toString().</li> 7667 <li><?php bugfix(72661); ?> (ReflectionType::__toString crashes with iterable).</li> 7668 <li><?php bugfix(72222); ?> (ReflectionClass::export doesn't handle array constants).</li> 7669 <li>Failure to retrieve a reflection object or retrieve an object property will now throw an instance of Error instead of resulting in a fatal error.</li> 7670 <li><?php bugfix(72209); ?> (ReflectionProperty::getValue() doesn't fail if object doesn't match type).</li> 7671 </ul></li> 7672<li>Session: 7673 <ul> 7674 <li><?php bugfix(73273); ?> (session_unset() empties values from all variables in which is $_session stored).</li> 7675 <li><?php bugfix(73100); ?> (session_destroy null dereference in ps_files_path_create).</li> 7676 <li><?php bugfix(68015); ?> (Session does not report invalid uid for files save handler).</li> 7677 <li><?php bugfix(72940); ?> (SID always return "name=ID", even if session cookie exist).</li> 7678 <li>Implemented session_gc() (Yasuo) https://wiki.php.net/rfc/session-create-id</li> 7679 <li>Implemented session_create_id() (Yasuo) https://wiki.php.net/rfc/session-gc</li> 7680 <li>Implemented RFC: Session ID without hashing. (Yasuo) https://wiki.php.net/rfc/session-id-without-hashing</li> 7681 <li><?php bugfix(72531); ?> (ps_files_cleanup_dir Buffer overflow).</li> 7682 <li>Custom session handlers that do not return strings for session IDs will now throw an instance of Error instead of resulting in a fatal error when a function is called that must generate a session ID.</li> 7683 <li>An invalid setting for session.hash_function will throw an instance of Error instead of resulting in a fatal error when a session ID is created.</li> 7684 <li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li> 7685 <li>Improved fix for bug <?php bugl(68063); ?> (Empty session IDs do still start sessions).</li> 7686 <li><?php bugfix(71038); ?> (session_start() returns TRUE on failure). Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value.</li> 7687 <li><?php bugfix(71394); ?> (session_regenerate_id() must close opened session on errors).</li> 7688 </ul></li> 7689<li>SimpleXML: 7690 <ul> 7691 <li><?php bugfix(73293); ?> (NULL pointer dereference in SimpleXMLElement::asXML()).</li> 7692 <li><?php bugfix(72971); ?> (SimpleXML isset/unset do not respect namespace).</li> 7693 <li><?php bugfix(72957); ?> (Null coalescing operator doesn't behave as expected with SimpleXMLElement).</li> 7694 <li><?php bugfix(72588); ?> (Using global var doesn't work while accessing SimpleXML element).</li> 7695 <li>Creating an unnamed or duplicate attribute will throw an instance of Error instead of resulting in a fatal error.</li> 7696 </ul></li> 7697<li>SNMP: 7698 <ul> 7699 <li><?php bugfix(72708); ?> (php_snmp_parse_oid integer overflow in memory allocation).</li> 7700 <li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()).</li> 7701 </ul></li> 7702<li>Soap: 7703 <ul> 7704 <li><?php bugfix(73538); ?> (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).</li> 7705 <li><?php bugfix(73452); ?> (Segfault (Regression for <?php bugl(69152); ?>)).</li> 7706 <li><?php bugfix(73037); ?> (SoapServer reports Bad Request when gzipped).</li> 7707 <li><?php bugfix(73237); ?> (Nested object in "any" element overwrites other fields).</li> 7708 <li><?php bugfix(69137); ?> (Peer verification fails when using a proxy with SoapClient).</li> 7709 <li><?php bugfix(71711); ?> (Soap Server Member variables reference bug).</li> 7710 <li><?php bugfix(71996); ?> (Using references in arrays doesn't work like expected).</li> 7711 </ul></li> 7712<li>SPL: 7713 <ul> 7714 <li><?php bugfix(73423); ?> (Reproducible crash with GDB backtrace).</li> 7715 <li><?php bugfix(72888); ?> (Segfault on clone on splFileObject).</li> 7716 <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray).</li> 7717 <li><?php bugfix(72646); ?> (SplFileObject::getCsvControl does not return the escape character).</li> 7718 <li><?php bugfix(72684); ?> (AppendIterator segfault with closed generator).</li> 7719 <li>Attempting to clone an SplDirectory object will throw an instance of Error instead of resulting in a fatal error.</li> 7720 <li>Calling ArrayIterator::append() when iterating over an object will throw an instance of Error instead of resulting in a fatal error.</li> 7721 <li><?php bugfix(55701); ?> (GlobIterator throws LogicException).</li> 7722 </ul></li> 7723<li>SQLite3: 7724 <ul> 7725 <li>Update to SQLite 3.15.1.</li> 7726 <li><?php bugfix(73530); ?> (Unsetting result set may reset other result set).</li> 7727 <li><?php bugfix(73333); ?> (2147483647 is fetched as string).</li> 7728 <li><?php bugfix(72668); ?> (Spurious warning when exception is thrown in user defined function).</li> 7729 <li><?php implemented(72653); ?> (SQLite should allow opening with empty filename).</li> 7730 <li><?php bugfix(70628); ?> (Clearing bindings on an SQLite3 statement doesn't work).</li> 7731 <li><?php implemented(71159); ?> (Upgraded bundled SQLite lib to 3.9.2).</li> 7732 </ul></li> 7733<li>Standard: 7734 <ul> 7735 <li><?php bugfix(73297); ?> (HTTP stream wrapper should ignore HTTP 100 Continue).</li> 7736 <li><?php bugfix(73303); ?> (Scope not inherited by eval in assert()).</li> 7737 <li><?php bugfix(73192); ?> (parse_url return wrong hostname).</li> 7738 <li><?php bugfix(73203); ?> (passing additional_parameters causes mail to fail).</li> 7739 <li><?php bugfix(73203); ?> (passing additional_parameters causes mail to fail).</li> 7740 <li><?php bugfix(72920); ?> (Accessing a private constant using constant() creates an exception AND warning).</li> 7741 <li><?php bugfix(65550); ?> (get_browser() incorrectly parses entries with "+" sign).</li> 7742 <li><?php bugfix(71882); ?> (Negative ftruncate() on php://memory exhausts memory).</li> 7743 <li><?php bugfix(55451); ?> (substr_compare NULL length interpreted as 0).</li> 7744 <li><?php bugfix(72278); ?> (getimagesize returning FALSE on valid jpg).</li> 7745 <li><?php bugfix(61967); ?> (unset array item in array_walk_recursive cause inconsistent array).</li> 7746 <li><?php bugfix(62607); ?> (array_walk_recursive move internal pointer).</li> 7747 <li><?php bugfix(69068); ?> (Exchanging array during array_walk -> memory errors).</li> 7748 <li><?php bugfix(70713); ?> (Use After Free Vulnerability in array_walk()/ array_walk_recursive()).</li> 7749 <li><?php bugfix(72622); ?> (array_walk + array_replace_recursive create references from nothing).</li> 7750 <li><?php bugfix(72330); ?> (CSV fields incorrectly split if escape char followed by UTF chars).</li> 7751 <li>Implemented RFC: More precise float values.</li> 7752 <li>array_multisort now uses zend_sort instead zend_qsort.</li> 7753 <li><?php bugfix(72505); ?> (readfile() mangles files larger than 2G).</li> 7754 <li>assert() will throw a ParseError when evaluating a string given as the first argument if the PHP code is invalid instead of resulting in a catchable fatal error.</li> 7755 <li>Calling forward_static_call() outside of a class scope will now throw an instance of Error instead of resulting in a fatal error.</li> 7756 <li>Added is_iterable() function.</li> 7757 <li><?php bugfix(72306); ?> (Heap overflow through proc_open and $env parameter).</li> 7758 <li><?php bugfix(71100); ?> (long2ip() doesn't accept integers in strict mode).</li> 7759 <li><?php implemented(55716); ?> (Add an option to pass a custom stream context to get_headers()).</li> 7760 <li>Additional validation for parse_url() for login/pass components).</li> 7761 <li><?php implemented(69359); ?> (Provide a way to fetch the current environment variables).</li> 7762 <li>unpack() function accepts an additional optional argument $offset.</li> 7763 <li><?php implemented(51879); ?> stream context socket option tcp_nodelay (Joe)</li> 7764 </ul></li> 7765<li>Streams: 7766 <ul> 7767 <li><?php bugfix(73586); ?> (php_user_filter::$stream is not set to the stream the filter is working on).</li> 7768 <li><?php bugfix(72853); ?> (stream_set_blocking doesn't work).</li> 7769 <li><?php bugfix(72743); ?> (Out-of-bound read in php_stream_filter_create).</li> 7770 <li><?php implemented(27814); ?> (Multiple small packets send for HTTP request).</li> 7771 <li><?php bugfix(72764); ?> (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).</li> 7772 <li><?php bugfix(72810); ?> (Missing SKIP_ONLINE_TESTS checks).</li> 7773 <li><?php bugfix(41021); ?> (Problems with the ftps wrapper).</li> 7774 <li><?php bugfix(54431); ?> (opendir() does not work with ftps:// wrapper).</li> 7775 <li><?php bugfix(72667); ?> (opendir() with ftp:// attempts to open data stream for non-existent directories).</li> 7776 <li><?php bugfix(72771); ?> (ftps:// wrapper is vulnerable to protocol downgrade attack).</li> 7777 <li><?php bugfix(72534); ?> (stream_socket_get_name crashes).</li> 7778 <li><?php bugfix(72439); ?> (Stream socket with remote address leads to a segmentation fault).</li> 7779 </ul></li> 7780<li>sysvshm: 7781 <ul> 7782 <li><?php bugfix(72858); ?> (shm_attach null dereference).</li> 7783 </ul></li> 7784<li>Tidy: 7785 <ul> 7786 <li>Implemented support for libtidy 5.0.0 and above.</li> 7787 <li>Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error.</li> 7788 </ul></li> 7789<li>Wddx: 7790 <ul> 7791 <li><?php bugfix(73331); ?> (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)</li> 7792 <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li> 7793 <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access).</li> 7794 <li><?php bugfix(72750); ?> (wddx_deserialize null dereference).</li> 7795 <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml).</li> 7796 <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element).</li> 7797 <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free).</li> 7798 <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element).</li> 7799 <li><?php bugfix(72564); ?> (boolean always deserialized as "true").</li> 7800 <li>A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.</li> 7801 </ul></li> 7802<li>XML: 7803 <ul> 7804 <li><?php bugfix(72135); ?> (malformed XML causes fault).</li> 7805 <li><?php bugfix(72714); ?> (_xml_startElementHandler() segmentation fault).</li> 7806 <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li> 7807 </ul></li> 7808<li>XMLRPC: 7809 <ul> 7810 <li><?php bugfix(72647); ?> (xmlrpc_encode() unexpected output after referencing array elements).</li> 7811 <li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c).</li> 7812 <li>A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.</li> 7813 </ul></li> 7814<li>Zip: 7815 <ul> 7816 <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li> 7817 <li><?php bugfix(72660); ?> (NULL Pointer dereference in zend_virtual_cwd).</li> 7818 <li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener).</li> 7819 <li>ZipArchive::addGlob() will throw an instance of Error instead of resulting in a fatal error if glob support is not available.</li> 7820 </ul></li> 7821</ul> 7822<!-- }}} --></section> 7823 7824<a id="PHP_7_0"></a> 7825<section class="version" id="7.0.33"><!-- {{{ 7.0.33 --> 7826<h3>Version 7.0.33</h3> 7827<b><?php release_date('06-Dec-2018'); ?></b> 7828<ul><li>Core: 7829<ul> 7830 <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li> 7831</ul></li> 7832<li>IMAP: 7833<ul> 7834 <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li> 7835 <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li> 7836</ul></li> 7837<li>Phar: 7838<ul> 7839 <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li> 7840 <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li> 7841</ul></li> 7842</ul> 7843<!-- }}} --></section> 7844 7845 7846<section class="version" id="7.0.32"><!-- {{{ 7.0.32 --> 7847<h3>Version 7.0.32</h3> 7848<b><?php release_date('13-Sep-2018'); ?></b> 7849<ul><li>Apache2: 7850<ul> 7851 <li><?php bugfix(76582); ?> (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)</li> 7852</ul></li> 7853</ul> 7854<!-- }}} --></section> 7855 7856<section class="version" id="7.0.31"><!-- {{{ 7.0.31 --> 7857<h3>Version 7.0.31</h3> 7858<b><?php release_date('19-Jul-2018'); ?></b> 7859<ul><li>Exif: 7860<ul> 7861 <li><?php bugfix(76423); ?> (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)</li> 7862 <li><?php bugfix(76557); ?> (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)</li> 7863</ul></li> 7864<li>Win32: 7865<ul> 7866 <li><?php bugfix(76459); ?> (windows linkinfo lacks openbasedir check). (CVE-2018-15132)</li> 7867</ul></li> 7868</ul> 7869<!-- }}} --></section> 7870 7871 7872<section class="version" id="7.0.30"><!-- {{{ 7.0.30 --> 7873<h3>Version 7.0.30</h3> 7874<b><?php release_date('26-Apr-2018'); ?></b> 7875<ul><li>Exif: 7876<ul> 7877 <li><?php bugfix(76130); ?> (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)</li> 7878</ul></li> 7879<li>iconv: 7880<ul> 7881 <li><?php bugfix(76249); ?> (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)</li> 7882</ul></li> 7883<li>LDAP: 7884<ul> 7885 <li><?php bugfix(76248); ?> (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)</li> 7886</ul></li> 7887<li>Phar: 7888<ul> 7889 <li><?php bugfix(76129); ?> (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)</li> 7890</ul></li> 7891</ul> 7892<!-- }}} --></section> 7893 7894<section class="version" id="7.0.29"><!-- {{{ 7.0.29 --> 7895<h3>Version 7.0.29</h3> 7896<b><?php release_date('29-Mar-2018'); ?></b> 7897<ul><li>FPM: 7898<ul> 7899 <li><?php bugfix(75605); ?> (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)</li> 7900</ul></li> 7901</ul> 7902<!-- }}} --></section> 7903 7904 7905<section class="version" id="7.0.28"><!-- {{{ 7.0.28 --> 7906<h3>Version 7.0.28</h3> 7907<b><?php release_date('01-Mar-2018'); ?></b> 7908<ul><li>Standard: 7909<ul> 7910 <li><?php bugfix(75981); ?> (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)</li> 7911</ul></li> 7912</ul> 7913<!-- }}} --></section> 7914 7915<section class="version" id="7.0.27"><!-- {{{ 7.0.27 --> 7916<h3>Version 7.0.27</h3> 7917<b><?php release_date('04-Jan-2018'); ?></b> 7918<ul><li>CLI Server: 7919<ul> 7920 <li><?php bugfix(60471); ?> (Random "Invalid request (unexpected EOF)" using a router script).</li> 7921</ul></li> 7922<li>Core: 7923<ul> 7924 <li><?php bugfix(75384); ?> (PHP seems incompatible with OneDrive files on demand).</li> 7925 <li><?php bugfix(75573); ?> (Segmentation fault in 7.1.12 and 7.0.26).</li> 7926</ul></li> 7927<li>FPM: 7928<ul> 7929 <li><?php bugfix(64938); ?> (libxml_disable_entity_loader setting is shared between requests).</li> 7930</ul></li> 7931<li>GD: 7932<ul> 7933 <li><?php bugfix(75571); ?> (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)</li> 7934</ul></li> 7935<li>Opcache: 7936<ul> 7937 <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li> 7938</ul></li> 7939<li>PCRE: 7940<ul> 7941 <li><?php bugfix(74183); ?> (preg_last_error not returning error code after error).</li> 7942</ul></li> 7943<li>Phar: 7944<ul> 7945 <li><?php bugfix(74782); ?> (Reflected XSS in .phar 404 page). (CVE-2018-5712)</li> 7946</ul></li> 7947<li>Standard: 7948<ul> 7949 <li><?php bugfix(75535); ?> (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)</li> 7950 <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li> 7951</ul></li> 7952<li>Zip: 7953<ul> 7954 <li><?php bugfix(75540); ?> (Segfault with libzip 1.3.1).</li> 7955</ul></li> 7956</ul> 7957<!-- }}} --></section> 7958 7959 7960<section class="version" id="7.0.26"><!-- {{{ 7.0.26 --> 7961<h3>Version 7.0.26</h3> 7962<b><?php release_date('23-Nov-2017'); ?></b> 7963<ul><li>Core: 7964<ul> 7965 <li><?php bugfix(75420); ?> (Crash when modifing property name in __isset for BP_VAR_IS).</li> 7966 <li><?php bugfix(75368); ?> (mmap/munmap trashing on unlucky allocations).</li> 7967</ul></li> 7968<li>CLI: 7969<ul> 7970 <li><?php bugfix(75287); ?> (Builtin webserver crash after chdir in a shutdown function).</li> 7971</ul></li> 7972<li>Enchant: 7973<ul> 7974 <li><?php bugfix(53070); ?> (enchant_broker_get_path crashes if no path is set).</li> 7975 <li><?php bugfix(75365); ?> (Enchant still reports version 1.1.0).</li> 7976</ul></li> 7977<li>Exif: 7978<ul> 7979 <li><?php bugfix(75301); ?> (Exif extension has built in revision version).</li> 7980</ul></li> 7981<li>GD: 7982<ul> 7983 <li><?php bugfix(65148); ?> (imagerotate may alter image dimensions).</li> 7984 <li><?php bugfix(75437); ?> (Wrong reflection on imagewebp).</li> 7985</ul></li> 7986<li>intl: 7987<ul> 7988 <li><?php bugfix(75317); ?> (UConverter::setDestinationEncoding changes source instead of destination).</li> 7989</ul></li> 7990<li>interbase: 7991<ul> 7992 <li><?php bugfix(75453); ?> (Incorrect reflection for ibase_[p]connect).</li> 7993</ul></li> 7994<li>Mysqli: 7995<ul> 7996 <li><?php bugfix(75434); ?> (Wrong reflection for mysqli_fetch_all function).</li> 7997</ul></li> 7998<li>OCI8: 7999<ul> 8000 <li>Fixed valgrind issue.</li> 8001</ul></li> 8002<li>Opcache: 8003<ul> 8004 <li><?php bugfix(75373); ?> (Warning Internal error: wrong size calculation).</li> 8005</ul></li> 8006<li>OpenSSL: 8007<ul> 8008 <li><?php bugfix(75363); ?> (openssl_x509_parse leaks memory).</li> 8009 <li><?php bugfix(75307); ?> (Wrong reflection for openssl_open function).</li> 8010</ul></li> 8011<li>PGSQL: 8012<ul> 8013 <li><?php bugfix(75419); ?> (Default link incorrectly cleared/linked by pg_close()).</li> 8014</ul></li> 8015<li>SOAP: 8016<ul> 8017 <li><?php bugfix(75464); ?> (Wrong reflection on SoapClient::__setSoapHeaders).</li> 8018</ul></li> 8019<li>Zlib: 8020<ul> 8021 <li><?php bugfix(75299); ?> (Wrong reflection on inflate_init and inflate_add).</li> 8022</ul></li> 8023</ul> 8024<!-- }}} --></section> 8025 8026<section class="version" id="7.0.25"><!-- {{{ 7.0.25 --> 8027<h3>Version 7.0.25</h3> 8028<b><?php release_date('26-Oct-2017'); ?></b> 8029<ul><li>Core: 8030<ul> 8031 <li><?php bugfix(75241); ?> (Null pointer dereference in zend_mm_alloc_small()).</li> 8032 <li><?php bugfix(75236); ?> (infinite loop when printing an error-message).</li> 8033 <li><?php bugfix(75252); ?> (Incorrect token formatting on two parse errors in one request).</li> 8034 <li><?php bugfix(75220); ?> (Segfault when calling is_callable on parent).</li> 8035 <li><?php bugfix(75290); ?> (debug info of Closures of internal functions contain garbage argument names).</li> 8036</ul></li> 8037<li>Apache2Handler: 8038<ul> 8039 <li><?php bugfix(75311); ?> (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).</li> 8040</ul></li> 8041<li>Date: 8042<ul> 8043 <li><?php bugfix(75055); ?> (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)</li> 8044</ul></li> 8045<li>Intl: 8046<ul> 8047 <li><?php bugfix(75318); ?> (The parameter of UConverter::getAliases() is not optional).</li> 8048</ul></li> 8049<li>mcrypt: 8050<ul> 8051 <li><?php bugfix(72535); ?> (arcfour encryption stream filter crashes php).</li> 8052</ul></li> 8053<li>OCI8: 8054<ul> 8055 <li>Fixed incorrect reference counting.</li> 8056</ul></li> 8057<li>PCRE: 8058<ul> 8059 <li><?php bugfix(75207); ?> (applied upstream patch for CVE-2016-1283).</li> 8060</ul></li> 8061<li>litespeed: 8062<ul> 8063 <li><?php bugfix(75248); ?> (Binary directory doesn't get created when building only litespeed SAPI).</li> 8064 <li><?php bugfix(75251); ?> (Missing program prefix and suffix).</li> 8065</ul></li> 8066<li>SPL: 8067<ul> 8068 <li><?php bugfix(73629); ?> (SplDoublyLinkedList::setIteratorMode masks intern flags).</li> 8069</ul></li> 8070</ul> 8071<!-- }}} --></section> 8072 8073<section class="version" id="7.0.24"><!-- {{{ 7.0.24 --> 8074<h3>Version 7.0.24</h3> 8075<b><?php release_date('28-Sep-2017'); ?></b> 8076<ul><li>Core: 8077<ul> 8078 <li><?php bugfix(75042); ?> (run-tests.php issues with EXTENSION block).</li> 8079</ul></li> 8080<li>BCMath: 8081<ul> 8082 <li><?php bugfix(44995); ?> (bcpowmod() fails if scale != 0).</li> 8083 <li><?php bugfix(46781); ?> (BC math handles minus zero incorrectly).</li> 8084 <li><?php bugfix(54598); ?> (bcpowmod() may return 1 if modulus is 1).</li> 8085 <li><?php bugfix(75178); ?> (bcpowmod() misbehaves for non-integer base or modulus).</li> 8086</ul></li> 8087<li>CLI server: 8088<ul> 8089 <li><?php bugfix(70470); ?> (Built-in server truncates headers spanning over TCP packets).</li> 8090</ul></li> 8091<li>CURL: 8092<ul> 8093 <li><?php bugfix(75093); ?> (OpenSSL support not detected).</li> 8094</ul></li> 8095<li>GD: 8096<ul> 8097 <li><?php bugfix(75124); ?> (gdImageGrayScale() may produce colors).</li> 8098 <li><?php bugfix(75139); ?> (libgd/gd_interpolation.c:1786: suspicious if ?).</li> 8099</ul></li> 8100<li>Gettext: 8101<ul> 8102 <li><?php bugfix(73730); ?> (textdomain(null) throws in strict mode).</li> 8103</ul></li> 8104<li>Intl: 8105<ul> 8106 <li><?php bugfix(75090); ?> (IntlGregorianCalendar doesn't have constants from parent class).</li> 8107</ul></li> 8108<li>PDO_OCI: 8109<ul> 8110 <li><?php bugfix(74631); ?> (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).</li> 8111</ul></li> 8112<li>SPL: 8113<ul> 8114 <li><?php bugfix(75173); ?> (incorrect behavior of AppendIterator::append in foreach loop).</li> 8115</ul></li> 8116<li>Standard: 8117<ul> 8118 <li><?php bugfix(75097); ?> (gethostname fails if your host name is 64 chars long).</li> 8119</ul></li> 8120</ul> 8121<!-- }}} --></section> 8122 8123<section class="version" id="7.0.23"><!-- {{{ 7.0.23 --> 8124<h3>Version 7.0.23</h3> 8125<b><?php release_date('31-Aug-2017'); ?></b> 8126<ul><li>Core: 8127<ul> 8128 <li><?php bugfix(74947); ?> (Segfault in scanner on INF number).</li> 8129 <li><?php bugfix(74954); ?> (null deref and segfault in zend_generator_resume()).</li> 8130 <li><?php bugfix(74725); ?> (html_errors=1 breaks unhandled exceptions).</li> 8131 <li><?php bugfix(75349); ?> (NAN comparison).</li> 8132</ul></li> 8133<li>cURL: 8134<ul> 8135 <li><?php bugfix(74125); ?> (Fixed finding CURL on systems with multiarch support).</li> 8136</ul></li> 8137<li>Date: 8138<ul> 8139<li><?php bugfix(75002); ?> (Null Pointer Dereference in timelib_time_clone).</li> 8140</ul></li> 8141<li>Intl: 8142<ul> 8143 <li><?php bugfix(74993); ?> (Wrong reflection on some locale_* functions).</li> 8144</ul></li> 8145<li>Mbstring: 8146<ul> 8147 <li><?php bugfix(71606); ?> (Segmentation fault mb_strcut with HTML-ENTITIES encoding).</li> 8148 <li><?php bugfix(62934); ?> (mb_convert_kana() does not convert iteration marks).</li> 8149 <li><?php bugfix(75001); ?> (Wrong reflection on mb_eregi_replace).</li> 8150</ul></li> 8151<li>MySQLi: 8152<ul> 8153 <li><?php bugfix(74968); ?> (PHP crashes when calling mysqli_result::fetch_object with an abstract class).</li> 8154</ul></li> 8155<li>OCI8: 8156<ul> 8157 <li>Expose oci_unregister_taf_callback() (Tianfang Yang)</li> 8158</ul></li> 8159<li>phar: 8160<ul> 8161 <li><?php bugfix(74991); ?> (include_path has a 4096 char limit in some cases).</li> 8162</ul></li> 8163<li>Reflection: 8164<ul> 8165 <li><?php bugfix(74949); ?> (null pointer dereference in _function_string).</li> 8166</ul></li> 8167<li>Session: 8168<ul> 8169 <li><?php bugfix(74833); ?> (SID constant created with wrong module number).</li> 8170</ul></li> 8171<li>SimpleXML: 8172<ul> 8173 <li><?php bugfix(74950); ?> (nullpointer deref in simplexml_element_getDocNamespaces).</li> 8174</ul></li> 8175<li>SPL: 8176<ul> 8177 <li><?php bugfix(75049); ?> (spl_autoload_unregister can't handle spl_autoload_functions results).</li> 8178 <li><?php bugfix(74669); ?> (Unserialize ArrayIterator broken).</li> 8179 <li><?php bugfix(75015); ?> (Crash in recursive iterator destructors).</li> 8180</ul></li> 8181<li>Standard: 8182<ul> 8183 <li><?php bugfix(75075); ?> (unpack with X* causes infinity loop).</li> 8184 <li><?php bugfix(74103); ?> (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)</li> 8185 <li><?php bugfix(75054); ?> (A Denial of Service Vulnerability was found when performing deserialization).</li> 8186</ul></li> 8187<li>WDDX: 8188<ul> 8189 <li><?php bugfix(73793); ?> (WDDX uses wrong decimal seperator).</li> 8190</ul></li> 8191<li>XMLRPC: 8192<ul> 8193 <li><?php bugfix(74975); ?> (Incorrect xmlrpc serialization for classes with declared properties).</li> 8194</ul></li> 8195</ul> 8196<!-- }}} --></section> 8197 8198<section class="version" id="7.0.22"><!-- {{{ 7.0.22 --> 8199<h3>Version 7.0.22</h3> 8200<b><?php release_date('03-Aug-2017'); ?></b> 8201<ul><li>Core: 8202<ul> 8203 <li><?php bugfix(74832); ?> (Loading PHP extension with already registered function name leads to a crash).</li> 8204 <li><?php bugfix(74780); ?> (parse_url() borken when query string contains colon).</li> 8205 <li><?php bugfix(74761); ?> (Unary operator expected error on some systems).</li> 8206 <li><?php bugfix(73900); ?> (Use After Free in unserialize() SplFixedArray).</li> 8207 <li><?php bugfix(74913); ?> (fixed incorrect poll.h include).</li> 8208 <li><?php bugfix(74906); ?> (fixed incorrect errno.h include).</li> 8209</ul></li> 8210<li>Date: 8211<ul> 8212 <li><?php bugfix(74852); ?> (property_exists returns true on unknown DateInterval property).</li> 8213</ul></li> 8214<li>OCI8: 8215<ul> 8216 <li><?php bugfix(74625); ?> (Integer overflow in oci_bind_array_by_name).</li> 8217</ul></li> 8218<li>Opcache: 8219<ul> 8220 <li><?php bugfix(74840); ?> (Opcache overwrites argument of GENERATOR_RETURN within finally).</li> 8221</ul></li> 8222<li>PDO: 8223<ul> 8224 <li><?php bugfix(69356); ?> (PDOStatement::debugDumpParams() truncates query).</li> 8225</ul></li> 8226<li>SPL: 8227<ul> 8228 <li><?php bugfix(73471); ?> (PHP freezes with AppendIterator).</li> 8229</ul></li> 8230<li>SQLite3: 8231<ul> 8232 <li><?php bugfix(74883); ?> (SQLite3::__construct() produces "out of memory" exception with invalid flags).</li> 8233</ul></li> 8234<li>Wddx: 8235<ul> 8236 <li><?php bugfix(73173); ?> (huge memleak when wddx_unserialize).</li> 8237 <li><?php bugfix(74145); ?> (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)</li> 8238</ul></li> 8239<li>zlib: 8240<ul> 8241 <li><?php bugfix(73944); ?> (dictionary option of inflate_init() does not work).</li> 8242</ul></li> 8243</ul> 8244<!-- }}} --></section> 8245 8246<section class="version" id="7.0.21"><!-- {{{ 7.0.21 --> 8247<h3>Version 7.0.21</h3> 8248<b><?php release_date('06-Jul-2017'); ?></b> 8249<ul><li>Core: 8250<ul> 8251 <li><?php bugfix(74738); ?> (Multiple [PATH=] and [HOST=] sections not properly parsed).</li> 8252 <li><?php bugfix(74658); ?> (Undefined constants in array properties result in broken properties).</li> 8253 <li>Fixed misparsing of abstract unix domain socket names.</li> 8254 <li><?php bugfix(74101); ?> (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)</li> 8255 <li><?php bugfix(74111); ?> (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)</li> 8256 <li><?php bugfix(74603); ?> (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)</li> 8257 <li><?php bugfix(74819); ?> (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)</li> 8258</ul></li> 8259<li>DOM: 8260<ul> 8261 <li><?php bugfix(69373); ?> (References to deleted XPath query results).</li> 8262</ul></li> 8263<li>GD: 8264<ul> 8265 <li><?php bugfix(74435); ?> (Buffer over-read into uninitialized memory). (CVE-2017-7890)</li> 8266</ul></li> 8267<li>Intl: 8268<ul> 8269 <li><?php bugfix(73473); ?> (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)</li> 8270 <li><?php bugfix(74705); ?> (Wrong reflection on Collator::getSortKey and collator_get_sort_key).</li> 8271 <li><?php bugfix(73634); ?> (grapheme_strpos illegal memory access).</li> 8272</ul></li> 8273<li>Mbstring: 8274<ul> 8275 <li>Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)</li> 8276</ul></li> 8277<li>OCI8: 8278<ul> 8279 <li>Add TAF callback (PR <?php githubissuel('php/php-src', 2459); ?>).</li> 8280</ul></li> 8281<li>Opcache: 8282<ul> 8283 <li><?php bugfix(74663); ?> (Segfault with opcache.memory_protect and validate_timestamp).</li> 8284</ul></li> 8285<li>OpenSSL: 8286<ul> 8287 <li><?php bugfix(74651); ?> (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)</li> 8288</ul></li> 8289<li>PCRE: 8290<ul> 8291 <li><?php bugfix(74087); ?> (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).</li> 8292</ul></li> 8293<li>PDO_OCI: 8294<ul> 8295 <li>Support Instant Client 12.2 in --with-pdo-oci configure option.</li> 8296</ul></li> 8297<li>Reflection: 8298<ul> 8299 <li><?php bugfix(74673); ?> (Segfault when cast Reflection object to string with undefined constant).</li> 8300</ul></li> 8301<li>SPL: 8302<ul> 8303 <li><?php bugfix(74478); ?> (null coalescing operator failing with SplFixedArray).</li> 8304</ul></li> 8305<li>Standard: 8306<ul> 8307 <li><?php bugfix(74708); ?> (Invalid Reflection signatures for random_bytes and random_int).</li> 8308 <li><?php bugfix(73648); ?> (Heap buffer overflow in substr).</li> 8309</ul></li> 8310<li>FTP: 8311<ul> 8312 <li><?php bugfix(74598); ?> (ftp:// wrapper ignores context arg).</li> 8313</ul></li> 8314<li>PHAR: 8315<ul> 8316 <li><?php bugfix(74386); ?> (Phar::__construct reflection incorrect).</li> 8317</ul></li> 8318<li>SOAP: 8319<ul> 8320 <li><?php bugfix(74679); ?> (Incorrect conversion array with WSDL_CACHE_MEMORY).</li> 8321</ul></li> 8322<li>Streams: 8323<ul> 8324 <li><?php bugfix(74556); ?> (stream_socket_get_name() returns '\0').</li> 8325</ul></li> 8326</ul> 8327<!-- }}} --></section> 8328 8329 8330<section class="version" id="7.0.20"><!-- {{{ 7.0.20 --> 8331<h3>Version 7.0.20</h3> 8332<b><?php release_date('08-Jun-2017'); ?></b> 8333<ul><li>Core: 8334<ul> 8335 <li><?php bugfix(74600); ?> (crash (SIGSEGV) in _zend_hash_add_or_update_i).</li> 8336 <li><?php bugfix(74546); ?> (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).</li> 8337</ul></li> 8338<li>intl: 8339<ul> 8340 <li><?php bugfix(74468); ?> (wrong reflection on Collator::sortWithSortKeys).</li> 8341</ul></li> 8342<li>MySQLi: 8343<ul> 8344 <li><?php bugfix(74547); ?> (mysqli::change_user() doesn't accept null as $database argument w/strict_types).</li> 8345</ul></li> 8346<li>Opcache: 8347<ul> 8348 <li><?php bugfix(74596); ?> (SIGSEGV with opcache.revalidate_path enabled).</li> 8349</ul></li> 8350<li>phar: 8351<ul> 8352 <li><?php bugfix(51918); ?> (Phar::webPhar() does not handle requests sent through PUT and DELETE method).</li> 8353</ul></li> 8354<li>Standard: 8355<ul> 8356 <li><?php bugfix(74510); ?> (win32/sendmail.c anchors CC header but not BCC).</li> 8357</ul></li> 8358<li>xmlreader: 8359<ul> 8360 <li><?php bugfix(74457); ?> (Wrong reflection on XMLReader::expand).</li> 8361</ul></li> 8362</ul> 8363<!-- }}} --></section> 8364 8365<section class="version" id="7.0.19"><!-- {{{ 7.0.19 --> 8366<h3>Version 7.0.19</h3> 8367<b><?php release_date('11-May-2017'); ?></b> 8368<ul><li>Core: 8369<ul> 8370 <li><?php bugfix(74188); ?> (Null coalescing operator fails for undeclared static class properties).</li> 8371 <li><?php bugfix(74408); ?> (Endless loop bypassing execution time limit).</li> 8372 <li><?php bugfix(74410); ?> (stream_select() is broken on Windows Nanoserver).</li> 8373 <li><?php bugfix(74337); ?> (php-cgi.exe crash on facebook callback).</li> 8374 <li>Patch for bug <?php bugl(74216); ?> was reverted.</li> 8375</ul></li> 8376<li>Date: 8377<ul> 8378 <li><?php bugfix(74404); ?> (Wrong reflection on DateTimeZone::getTransitions).</li> 8379 <li><?php bugfix(74080); ?> (add constant for RFC7231 format datetime).</li> 8380</ul></li> 8381<li>DOM: 8382<ul> 8383 <li><?php bugfix(74416); ?> (Wrong reflection on DOMNode::cloneNode).</li> 8384</ul></li> 8385<li>Fileinfo: 8386<ul> 8387 <li><?php bugfix(74379); ?> (syntax error compile error in libmagic/apprentice.c).</li> 8388</ul></li> 8389<li>GD: 8390<ul> 8391 <li><?php bugfix(74343); ?> (compile fails on solaris 11 with system gd2 library).</li> 8392</ul></li> 8393<li>intl: 8394<ul> 8395 <li><?php bugfix(74433); ?> (wrong reflection for Normalizer methods).</li> 8396 <li><?php bugfix(74439); ?> (wrong reflection for Locale methods).</li> 8397</ul></li> 8398<li>MySQLi: 8399<ul> 8400 <li><?php bugfix(74432); ?> (mysqli_connect adding ":3306" to $host if $port parameter not given).</li> 8401</ul></li> 8402<li>MySQLnd: 8403<ul> 8404 <li>Added support for MySQL 8.0 types.</li> 8405 <li><?php bugfix(74376); ?> (Invalid free of persistent results on error/connection loss).</li> 8406</ul></li> 8407<li>OpenSSL: 8408<ul> 8409 <li><?php bugfix(73833); ?> (null character not allowed in openssl_pkey_get_private).</li> 8410 <li><?php bugfix(73711); ?> (Segfault in openssl_pkey_new when generating DSA or DH key).</li> 8411 <li><?php bugfix(74341); ?> (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).</li> 8412 <li>Added OpenSSL 1.1.0 support.</li> 8413</ul></li> 8414<li>phar: 8415<ul> 8416 <li><?php bugfix(74383); ?> (phar method parameters reflection correction).</li> 8417</ul></li> 8418<li>Standard: 8419<ul> 8420 <li><?php bugfix(74409); ?> (Reflection information for ini_get_all() is incomplete).</li> 8421 <li><?php bugfix(72071); ?> (setcookie allows max-age to be negative).</li> 8422</ul></li> 8423<li>Streams: 8424<ul> 8425 <li><?php bugfix(74429); ?> (Remote socket URI with unique persistence identifier broken).</li> 8426</ul></li> 8427<li>SQLite3: 8428<ul> 8429 <li><?php bugfix(74413); ?> (incorrect reflection for SQLite3::enableExceptions).</li> 8430</ul></li> 8431</ul> 8432<!-- }}} --></section> 8433 8434<section class="version" id="7.0.18"><!-- {{{ 7.0.18 --> 8435<h3>Version 7.0.18</h3> 8436<b><?php release_date('13-Apr-2017'); ?></b> 8437<ul><li>Core: 8438<ul> 8439 <li><?php bugfix(73370); ?> (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).</li> 8440 <li><?php bugfix(73960); ?> (Leak with instance method calling static method with referenced return).</li> 8441 <li><?php bugfix(74265); ?> (Build problems after 7.0.17 release: undefined reference to `isfinite').</li> 8442 <li><?php bugfix(74302); ?> (yield fromLABEL is over-greedy).</li> 8443</ul></li> 8444<li>Apache: 8445<ul> 8446 <li>Reverted patch for bug <?php bugl(61471); ?>, fixes bug <?php bugl(74318); ?>.</li> 8447</ul></li> 8448<li>Date: 8449<ul> 8450 <li><?php bugfix(72096); ?> (Swatch time value incorrect for dates before 1970).</li> 8451</ul></li> 8452<li>DOM: 8453<ul> 8454 <li><?php bugfix(74004); ?> (LIBXML_NOWARNING flag ingnored on loadHTML*).</li> 8455</ul></li> 8456<li>iconv: 8457<ul> 8458 <li><?php bugfix(74230); ?> (iconv fails to fail on surrogates).</li> 8459</ul></li> 8460<li>OpenSSL: 8461<ul> 8462 <li><?php bugfix(72333); ?> (fwrite() on non-blocking SSL sockets doesn't work).</li> 8463</ul></li> 8464<li>PDO MySQL: 8465<ul> 8466 <li><?php bugfix(71003); ?> (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).</li> 8467</ul></li> 8468<li>Streams: 8469<ul> 8470 <li><?php bugfix(74216); ?> (Correctly fail on invalid IP address ports).</li> 8471</ul></li> 8472<li>Zlib: 8473<ul> 8474 <li><?php bugfix(74240); ?> (deflate_add can allocate too much memory).</li> 8475</ul></li> 8476</ul> 8477<!-- }}} --></section> 8478 8479<section class="version" id="7.0.17"><!-- {{{ 7.0.17 --> 8480<h3>Version 7.0.17</h3> 8481<b><?php release_date('16-Mar-2017'); ?></b> 8482<ul><li>Core: 8483<ul> 8484 <li><?php bugfix(73989); ?> (PHP 7.1 Segfaults within Symfony test suite).</li> 8485 <li><?php bugfix(74084); ?> (Out of bound read - zend_mm_alloc_small).</li> 8486 <li><?php bugfix(73807); ?> (Performance problem with processing large post request). (CVE-2017-11142)</li> 8487 <li><?php bugfix(73998); ?> (array_key_exists fails on arrays created by get_object_vars).</li> 8488 <li><?php bugfix(73954); ?> (NAN check fails on Alpine Linux with musl).</li> 8489 <li><?php bugfix(74039); ?> (is_infinite(-INF) returns false).</li> 8490 <li><?php bugfix(73677); ?> (Generating phar.phar core dump with gcc ASAN enabled build).</li> 8491</ul></li> 8492<li>Apache: 8493<ul> 8494 <li><?php bugfix(61471); ?> (Incomplete POST does not timeout but is passed to PHP).</li> 8495</ul></li> 8496<li>Date: 8497<ul> 8498 <li><?php bugfix(72719); ?> (Relative datetime format ignores weekday on sundays only).</li> 8499 <li><?php bugfix(73294); ?> (DateTime wrong when date string is negative).</li> 8500 <li><?php bugfix(73489); ?> (wrong timestamp when call setTimeZone multi times with UTC offset).</li> 8501 <li><?php bugfix(73858); ?> (first/last day of' flag is not being reset).</li> 8502 <li><?php bugfix(73942); ?> ($date->modify('Friday this week') doesn't return a Friday if $date is a Sunday).</li> 8503 <li><?php bugfix(74057); ?> (wrong day when using "this week" in strtotime).</li> 8504</ul></li> 8505<li>FPM: 8506<ul> 8507 <li><?php bugfix(69860); ?> (php-fpm process accounting is broken with keepalive).</li> 8508</ul></li> 8509<li>Hash: 8510<ul> 8511 <li><?php bugfix(73127); ?> (gost-crypto hash incorrect if input data contains long 0xFF sequence).</li> 8512</ul></li> 8513<li>GD: 8514<ul> 8515 <li><?php bugfix(74031); ?> (ReflectionFunction for imagepng is missing last two parameters).</li> 8516</ul></li> 8517<li>Mysqlnd: 8518<ul> 8519 <li><?php bugfix(74021); ?> (fetch_array broken data. Data more then MEDIUMBLOB).</li> 8520</ul></li> 8521<li>Opcache: 8522<ul> 8523 <li><?php bugfix(74152); ?> (if statement says true to a null variable).</li> 8524 <li><?php bugfix(74019); ?> (Segfault with list).</li> 8525</ul></li> 8526<li>OpenSSL: 8527<ul> 8528 <li><?php bugfix(74022); ?> (PHP Fast CGI crashes when reading from a pfx file).</li> 8529</ul></li> 8530<li>Standard: 8531<ul> 8532 <li><?php bugfix(74148); ?> (ReflectionFunction incorrectly reports the number of arguments).</li> 8533 <li><?php bugfix(74005); ?> (mail.add_x_header causes RFC-breaking lone line feed).</li> 8534 <li><?php bugfix(73118); ?> (is_callable callable name reports misleading value for anonymous classes).</li> 8535 <li><?php bugfix(74105); ?> (PHP on Linux should use /dev/urandom when getrandom is not available).</li> 8536</ul></li> 8537<li>Streams: 8538<ul> 8539 <li><?php bugfix(73496); ?> (Invalid memory access in zend_inline_hash_func).</li> 8540 <li><?php bugfix(74090); ?> (stream_get_contents maxlength>-1 returns empty string).</li> 8541</ul></li> 8542</ul> 8543<!-- }}} --></section> 8544 8545<section class="version" id="7.0.16"><!-- {{{ 7.0.16 --> 8546<h3>Version 7.0.16</h3> 8547<b><?php release_date('16-Feb-2017'); ?></b> 8548<ul><li>Core: 8549<ul> 8550 <li><?php bugfix(73916); ?> (zend_print_flat_zval_r doesn't consider reference).</li> 8551 <li><?php bugfix(73876); ?> (Crash when exporting **= in expansion of assign op).</li> 8552 <li><?php bugfix(73969); ?> (segfault in debug_print_backtrace).</li> 8553 <li><?php bugfix(73973); ?> (assertion error in debug_zval_dump).</li> 8554</ul></li> 8555<li>DOM: 8556<ul> 8557 <li><?php bugfix(54382); ?> (getAttributeNodeNS doesn't get xmlns* attributes).</li> 8558</ul></li> 8559<li>DTrace: 8560<ul> 8561 <li><?php bugfix(73965); ?> (DTrace reported as enabled when disabled).</li> 8562</ul></li> 8563<li>FPM: 8564<ul> 8565 <li><?php bugfix(67583); ?> (double fastcgi_end_request on max_children limit).</li> 8566 <li><?php bugfix(69865); ?> (php-fpm does not close stderr when using syslog).</li> 8567</ul></li> 8568<li>GD: 8569<ul> 8570 <li><?php bugfix(73968); ?> (Premature failing of XBM reading).</li> 8571</ul></li> 8572<li>GMP: 8573<ul> 8574 <li><?php bugfix(69993); ?> (test for gmp.h needs to test machine includes).</li> 8575</ul></li> 8576<li>Intl: 8577<ul> 8578<li><?php bugfix(73956); ?> (Link use CC instead of CXX).</li> 8579</ul></li> 8580<li>LDAP: 8581<ul> 8582 <li><?php bugfix(73933); ?> (error/segfault with ldap_mod_replace and opcache).</li> 8583</ul></li> 8584<li>MySQLi: 8585<ul> 8586 <li><?php bugfix(73949); ?> (leak in mysqli_fetch_object).</li> 8587</ul></li> 8588<li>Mysqlnd: 8589<ul> 8590 <li><?php bugfix(69899); ?> (segfault on close() after free_result() with mysqlnd).</li> 8591</ul></li> 8592<li>Opcache: 8593<ul> 8594 <li><?php bugfix(73983); ?> (crash on finish work with phar in cli + opcache).</li> 8595</ul></li> 8596<li>OpenSSL: 8597<ul> 8598 <li><?php bugfix(71519); ?> (add serial hex to return value array).</li> 8599</ul></li> 8600<li>PDO_Firebird: 8601<ul> 8602 <li><?php implemented(72583); ?> (All data are fetched as strings).</li> 8603</ul></li> 8604<li>PDO_PgSQL: 8605<ul> 8606 <li><?php bugfix(73959); ?> (lastInsertId fails to throw an exception for wrong sequence name).</li> 8607</ul></li> 8608<li>Phar: 8609<ul> 8610 <li><?php bugfix(70417); ?> (PharData::compress() doesn't close temp file).</li> 8611</ul></li> 8612<li>posix: 8613<ul> 8614 <li><?php bugfix(71219); ?> (configure script incorrectly checks for ttyname_r).</li> 8615</ul></li> 8616<li>Session: 8617<ul> 8618 <li><?php bugfix(69582); ?> (session not readable by root in CLI).</li> 8619</ul></li> 8620<li>SPL: 8621<ul> 8622 <li><?php bugfix(73896); ?> (spl_autoload() crashes when calls magic _call()).</li> 8623</ul></li> 8624<li>Standard: 8625<ul> 8626 <li><?php bugfix(69442); ?> (closing of fd incorrect when PTS enabled).</li> 8627 <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li> 8628 <li><?php bugfix(72974); ?> (imap is undefined service on AIX).</li> 8629 <li><?php bugfix(72979); ?> (money_format stores wrong length AIX).</li> 8630</ul></li> 8631<li>ZIP: 8632<ul> 8633 <li><?php bugfix(70103); ?> (ZipArchive::addGlob ignores remove_all_path option).</li> 8634</ul></li> 8635</ul> 8636<!-- }}} --></section> 8637 8638<section class="version" id="7.0.15"><!-- {{{ 7.0.15 --> 8639<h3>Version 7.0.15</h3> 8640<b><?php release_date('19-Jan-2017'); ?></b> 8641<ul><li>Core: 8642<ul> 8643 <li><?php bugfix(73792); ?> (invalid foreach loop hangs script).</li> 8644 <li><?php bugfix(73663); ?> ("Invalid opcode 65/16/8" occurs with a variable created with list()).</li> 8645 <li><?php bugfix(73585); ?> (Logging of "Internal Zend error - Missing class information" missing class name).</li> 8646 <li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li> 8647 <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li> 8648 <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li> 8649 <li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()). (CVE-2017-5340)</li> 8650 <li><?php bugfix(73092); ?> (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)</li> 8651 <li><?php bugfix(69425); ?> (Use After Free in unserialize()).</li> 8652 <li><?php bugfix(72731); ?> (Type Confusion in Object Deserialization).</li> 8653</ul></li> 8654<li>COM: 8655<ul> 8656 <li><?php bugfix(73679); ?> (DOTNET read access violation using invalid codepage).</li> 8657</ul></li> 8658<li>DOM: 8659<ul> 8660 <li><?php bugfix(67474); ?> (getElementsByTagNameNS filter on default ns).</li> 8661</ul></li> 8662<li>EXIF: 8663<ul> 8664<li><?php bugfix(73737); ?> (FPE when parsing a tag format). (CVE-2016-10158)</li> 8665</ul></li> 8666<li>GD: 8667<ul> 8668 <li><?php bugfix(73869); ?> (Signed Integer Overflow gd_io.c). (CVE-2016-10168)</li> 8669 <li><?php bugfix(73868); ?> (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)</li> 8670</ul></li> 8671<li>GMP: 8672<ul> 8673 <li><?php bugfix(70513); ?> (GMP Deserialization Type Confusion Vulnerability).</li> 8674</ul></li> 8675<li>Mysqli: 8676<ul> 8677 <li><?php bugfix(73462); ?> (Persistent connections don't set $connect_errno).</li> 8678</ul></li> 8679<li>Mysqlnd: 8680<ul> 8681 <li>Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.</li> 8682 <li><?php bugfix(73800); ?> (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).</li> 8683</ul></li> 8684<li>PCRE: 8685<ul> 8686 <li><?php bugfix(73612); ?> (preg_*() may leak memory).</li> 8687</ul></li> 8688<li>PDO_Firebird: 8689<ul> 8690 <li><?php bugfix(72931); ?> (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).</li> 8691</ul></li> 8692<li>Phar: 8693<ul> 8694 <li><?php bugfix(73773); ?> (Seg fault when loading hostile phar). (CVE-2017-11147)</li> 8695 <li><?php bugfix(73768); ?> (Memory corruption when loading hostile phar). (CVE-2016-10160)</li> 8696 <li><?php bugfix(73764); ?> (Crash while loading hostile phar archive). (CVE-2016-10159)</li> 8697</ul></li> 8698<li>Phpdbg: 8699<ul> 8700 <li><?php bugfix(73615); ?> (phpdbg without option never load .phpdbginit at startup).</li> 8701 <li>Fixed issue getting executable lines from custom wrappers.</li> 8702 <li><?php bugfix(73704); ?> (phpdbg shows the wrong line in files with shebang).</li> 8703</ul></li> 8704<li>Reflection: 8705<ul> 8706 <li><?php bugfix(46103); ?> (ReflectionObject memory leak).</li> 8707</ul></li> 8708<li>Streams: 8709<ul> 8710 <li><?php bugfix(73586); ?> (php_user_filter::$stream is not set to the stream the filter is working on).</li> 8711</ul></li> 8712<li>SQLite3: 8713<ul> 8714<li>Reverted fix for <?php bugl(73530); ?> (Unsetting result set may reset other result set).</li> 8715</ul></li> 8716<li>Standard: 8717<ul> 8718 <li><?php bugfix(73594); ?> (dns_get_record does not populate $additional out parameter).</li> 8719 <li><?php bugfix(70213); ?> (Unserialize context shared on double class lookup).</li> 8720 <li><?php bugfix(73154); ?> (serialize object with __sleep function crash).</li> 8721 <li><?php bugfix(70490); ?> (get_browser function is very slow).</li> 8722 <li><?php bugfix(73265); ?> (Loading browscap.ini at startup causes high memory usage).</li> 8723 <li><?php bugfix(31875); ?> (get_defined_functions additional param to exclude disabled functions).</li> 8724</ul></li> 8725<li>Zlib: 8726<ul> 8727 <li><?php bugfix(73373); ?> (deflate_add does not verify that output was not truncated).</li> 8728</ul></li> 8729</ul> 8730<!-- }}} --></section> 8731 8732<section class="version" id="7.0.14"><!-- {{{ 7.0.14 --> 8733<h3>Version 7.0.14</h3> 8734<b><?php release_date('08-Dec-2016'); ?></b> 8735<ul><li>Core: 8736<ul> 8737 <li>Fixed memory leak(null coalescing operator with Spl hash).</li> 8738 <li><?php bugfix(72736); ?> (Slow performance when fetching large dataset with mysqli / PDO).</li> 8739 <li><?php bugfix(72978); ?> (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)</li> 8740</ul></li> 8741<li>Calendar: 8742<ul> 8743 <li>(Fix integer overflows).</li> 8744</ul></li> 8745<li>Date: 8746<ul> 8747 <li><?php bugfix(69587); ?> (DateInterval properties and isset).</li> 8748</ul></li> 8749<li>DTrace: 8750<ul> 8751 <li>Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.</li> 8752</ul></li> 8753<li>JSON: 8754<ul> 8755 <li><?php bugfix(73526); ?> (php_json_encode depth issue).</li> 8756</ul></li> 8757<li>Mysqlnd: 8758<ul> 8759 <li><?php bugfix(64526); ?> (Add missing mysqlnd.* parameters to php.ini-*).</li> 8760</ul></li> 8761<li>ODBC: 8762<ul> 8763 <li><?php bugfix(73448); ?> (odbc_errormsg returns trash, always 513 bytes).</li> 8764</ul></li> 8765<li>Opcache: 8766<ul> 8767 <li><?php bugfix(69090); ?> (check cached files permissions).</li> 8768 <li><?php bugfix(73546); ?> (Logging for opcache has an empty file name).</li> 8769</ul></li> 8770<li>PCRE: 8771<ul> 8772 <li><?php bugfix(73483); ?> (Segmentation fault on pcre_replace_callback).</li> 8773 <li><?php bugfix(73392); ?> (A use-after-free in zend allocator management).</li> 8774</ul></li> 8775<li>PDO_Firebird: 8776<ul> 8777 <li><?php bugfix(73087); ?>, <?php bugl(61183) ?>, <?php bugl(71494) ?> (Memory corruption in bindParam).</li> 8778</ul></li> 8779<li>Phar: 8780<ul> 8781 <li><?php bugfix(73580); ?> (Phar::isValidPharFilename illegal memory access).</li> 8782</ul></li> 8783<li>Postgres: 8784<ul> 8785 <li><?php bugfix(73498); ?> (Incorrect SQL generated for pg_copy_to()).</li> 8786</ul></li> 8787<li>Soap: 8788<ul> 8789 <li><?php bugfix(73538); ?> (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).</li> 8790 <li><?php bugfix(73452); ?> (Segfault (Regression for <?php bugl(69152) ?>)).</li> 8791</ul></li> 8792<li>SPL: 8793<ul> 8794 <li><?php bugfix(73423); ?> (Reproducible crash with GDB backtrace).</li> 8795</ul></li> 8796<li>SQLite3: 8797<ul> 8798 <li><?php bugfix(73530); ?> (Unsetting result set may reset other result set).</li> 8799</ul></li> 8800<li>Standard: 8801<ul> 8802 <li><?php bugfix(73297); ?> (HTTP stream wrapper should ignore HTTP 100 Continue).</li> 8803 <li><?php bugfix(73645); ?> (version_compare illegal write access).</li> 8804</ul></li> 8805<li>Wddx: 8806<ul> 8807 <li><?php bugfix(73631); ?> (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)</li> 8808</ul></li> 8809<li>XML: 8810<ul> 8811 <li><?php bugfix(72135); ?> (malformed XML causes fault).</li> 8812</ul></li> 8813</ul> 8814<!-- }}} --></section> 8815 8816<section class="version" id="7.0.13"><!-- {{{ 7.0.13 --> 8817<h3>Version 7.0.13</h3> 8818<b><?php release_date('10-Nov-2016'); ?></b> 8819<ul><li>Core: 8820<ul> 8821 <li><?php bugfix(73350); ?> (Exception::__toString() cause circular references).</li> 8822 <li><?php bugfix(73181); ?> (parse_str() without a second argument leads to crash).</li> 8823 <li><?php bugfix(66773); ?> (Autoload with Opcache allows importing conflicting class name to namespace).</li> 8824 <li><?php bugfix(66862); ?> ((Sub-)Namespaces unexpected behaviour).</li> 8825 <li>Fix pthreads detection when cross-compiling.</li> 8826 <li><?php bugfix(73337); ?> (try/catch not working with two exceptions inside a same operation).</li> 8827 <li><?php bugfix(73338); ?> (Exception thrown from error handler causes valgrind warnings (and crashes)).</li> 8828 <li><?php bugfix(73329); ?> ((Float)"Nano" == NAN).</li> 8829</ul></li> 8830<li>GD: 8831<ul> 8832 <li><?php bugfix(73213); ?> (Integer overflow in imageline() with antialiasing).</li> 8833 <li><?php bugfix(73272); ?> (imagescale() is not affected by, but affects imagesetinterpolation()).</li> 8834 <li><?php bugfix(73279); ?> (Integer overflow in gdImageScaleBilinearPalette()).</li> 8835 <li><?php bugfix(73280); ?> (Stack Buffer Overflow in GD dynamicGetbuf).</li> 8836 <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li> 8837 <li><?php bugfix(72696); ?> (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)</li> 8838</ul></li> 8839<li>IMAP: 8840<ul> 8841 <li><?php bugfix(73418); ?> (Integer Overflow in "_php_imap_mail" leads to crash).</li> 8842</ul></li> 8843<li>OCI8: 8844<ul> 8845 <li><?php bugfix(71148); ?> (Bind reference overwritten on PHP 7).</li> 8846</ul></li> 8847<li>phpdbg: 8848<ul> 8849 <li>Properly allow for stdin input from a file.</li> 8850 <li>Add -s command line option / stdin command for reading script from stdin.</li> 8851 <li>Ignore non-executable opcodes in line mode of phpdbg_end_oplog().</li> 8852 <li><?php bugfix(70776); ?> (Simple SIGINT does not have any effect with -rr).</li> 8853 <li><?php bugfix(71234); ?> (INI files are loaded even invoked as -n --version).</li> 8854</ul></li> 8855<li>Session: 8856<ul> 8857 <li><?php bugfix(73273); ?> (session_unset() empties values from all variables in which is $_session stored).</li> 8858</ul></li> 8859<li>SOAP: 8860<ul> 8861 <li><?php bugfix(73037); ?> (SoapServer reports Bad Request when gzipped).</li> 8862 <li><?php bugfix(73237); ?> (Nested object in "any" element overwrites other fields).</li> 8863 <li><?php bugfix(69137); ?> (Peer verification fails when using a proxy with SoapClient)</li> 8864</ul></li> 8865<li>SQLite3: 8866<ul> 8867 <li><?php bugfix(73333); ?> (2147483647 is fetched as string).</li> 8868</ul></li> 8869<li>Standard: 8870<ul> 8871 <li><?php bugfix(73203); ?> (passing additional_parameters causes mail to fail).</li> 8872 <li><?php bugfix(71241); ?> (array_replace_recursive sometimes mutates its parameters).</li> 8873 <li><?php bugfix(73192); ?> (parse_url return wrong hostname).</li> 8874</ul></li> 8875<li>Wddx: 8876<ul> 8877 <li><?php bugfix(73331); ?> (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)</li> 8878</ul></li> 8879</ul> 8880<!-- }}} --></section> 8881 8882<section class="version" id="7.0.12"><!-- {{{ 7.0.12 --> 8883<h3>Version 7.0.12</h3> 8884<?php release_date('13-Oct-2016'); ?> 8885<ul><li>Core: 8886<ul> 8887 <li><?php bugfix(73025); ?> (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).</li> 8888 <li><?php bugfix(72703); ?> (Out of bounds global memory read in BF_crypt triggered by password_verify).</li> 8889 <li><?php bugfix(73058); ?> (crypt broken when salt is 'too' long).</li> 8890 <li><?php bugfix(69579); ?> (Invalid free in extension trait).</li> 8891 <li><?php bugfix(73156); ?> (segfault on undefined function).</li> 8892 <li><?php bugfix(73163); ?> (PHP hangs if error handler throws while accessing undef const in default value).</li> 8893 <li><?php bugfix(73172); ?> (parse error: Invalid numeric literal).</li> 8894 <li><?php bugfix(73240); ?> (Write out of bounds at number_format).</li> 8895 <li><?php bugfix(73147); ?> (Use After Free in PHP7 unserialize()).</li> 8896 <li><?php bugfix(73189); ?> (Memcpy negative size parameter php_resolve_path).</li> 8897</ul></li> 8898<li>BCmath: 8899<ul> 8900<li><?php bugfix(73190); ?> (memcpy negative parameter _bc_new_num_ex).</li> 8901</ul></li> 8902<li>COM: 8903<ul> 8904 <li><?php bugfix(73126); ?> (Cannot pass parameter 1 by reference).</li> 8905</ul></li> 8906<li>Date: 8907<ul> 8908 <li><?php bugfix(73091); ?> (Unserializing DateInterval object may lead to __toString invocation).</li> 8909</ul></li> 8910<li>DOM: 8911<ul> 8912 <li><?php bugfix(73150); ?> (missing NULL check in dom_document_save_html).</li> 8913</ul></li> 8914<li>Filter: 8915<ul> 8916 <li><?php bugfix(72972); ?> (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).</li> 8917 <li><?php bugfix(73054); ?> (default option ignored when object passed to int filter).</li> 8918</ul></li> 8919<li>GD: 8920<ul> 8921 <li><?php bugfix(67325); ?> (imagetruecolortopalette: white is duplicated in palette).</li> 8922 <li><?php bugfix(50194); ?> (imagettftext broken on transparent background w/o alphablending).</li> 8923 <li><?php bugfix(73003); ?> (Integer Overflow in gdImageWebpCtx of gd_webp.c).</li> 8924 <li><?php bugfix(53504); ?> (imagettfbbox gives incorrect values for bounding box).</li> 8925 <li><?php bugfix(73157); ?> (imagegd2() ignores 3rd param if 4 are given).</li> 8926 <li><?php bugfix(73155); ?> (imagegd2() writes wrong chunk sizes on boundaries).</li> 8927 <li><?php bugfix(73159); ?> (imagegd2(): unrecognized formats may result in corrupted files).</li> 8928 <li><?php bugfix(73161); ?> (imagecreatefromgd2() may leak memory).</li> 8929</ul></li> 8930<li>Intl: 8931<ul> 8932 <li><?php bugfix(73218); ?> (add mitigation for ICU int overflow).</li> 8933</ul></li> 8934<li>Mbstring: 8935<ul> 8936 <li><?php bugfix(66797); ?> (mb_substr only takes 32-bit signed integer).</li> 8937 <li><?php bugfix(66964); ?> (mb_convert_variables() cannot detect recursion).</li> 8938 <li><?php bugfix(72992); ?> (mbstring.internal_encoding doesn't inherit default_charset).</li> 8939</ul></li> 8940<li>Mysqlnd: 8941<ul> 8942 <li><?php bugfix(72489); ?> (PHP Crashes When Modifying Array Containing MySQLi Result Data).</li> 8943</ul></li> 8944<li>Opcache: 8945<ul> 8946 <li><?php bugfix(72982); ?> (Memory leak in zend_accel_blacklist_update_regexp() function).</li> 8947</ul></li> 8948<li>OpenSSL: 8949<ul> 8950 <li><?php bugfix(73072); ?> (Invalid path SNI_server_certs causes segfault).</li> 8951 <li><?php bugfix(73276); ?> (crash in openssl_random_pseudo_bytes function).</li> 8952 <li><?php bugfix(73275); ?> (crash in openssl_encrypt function).</li> 8953</ul></li> 8954<li>PCRE: 8955<ul> 8956 <li><?php bugfix(73121); ?> (Bundled PCRE doesn't compile because JIT isn't supported on s390).</li> 8957 <li><?php bugfix(73174); ?> (heap overflow in php_pcre_replace_impl).</li> 8958</ul></li> 8959<li>PDO_DBlib: 8960<ul> 8961 <li><?php bugfix(72414); ?> (Never quote values as raw binary data).</li> 8962 <li>Allow \PDO::setAttribute() to set query timeouts.</li> 8963 <li>Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.</li> 8964 <li>Add common PDO test suite.</li> 8965 <li>Free error and message strings when cleaning up PDO instances.</li> 8966 <li><?php bugfix(67130); ?> (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).</li> 8967 <li>Ignore potentially misleading dberr values.</li> 8968</ul></li> 8969<li>phpdbg: 8970<ul> 8971 <li><?php bugfix(72996); ?> (phpdbg_prompt.c undefined reference to DL_LOAD).</li> 8972 <li>Fixed next command not stopping when leaving function.</li> 8973</ul></li> 8974<li>Session: 8975<ul> 8976 <li><?php bugfix(68015); ?> (Session does not report invalid uid for files save handler).</li> 8977 <li><?php bugfix(73100); ?> (session_destroy null dereference in ps_files_path_create).</li> 8978</ul></li> 8979<li>SimpleXML: 8980<ul> 8981 <li><?php bugfix(73293); ?> (NULL pointer dereference in SimpleXMLElement::asXML()).</li> 8982</ul></li> 8983<li>SOAP: 8984<ul> 8985 <li><?php bugfix(71711); ?> (Soap Server Member variables reference bug).</li> 8986 <li><?php bugfix(71996); ?> (Using references in arrays doesn't work like expected).</li> 8987</ul></li> 8988<li>SPL: 8989<ul> 8990<li><?php bugfix(73257); ?>, <?php bugfix(73258); ?> (SplObjectStorage unserialize allows use of non-object as key).</li> 8991</ul></li> 8992<li>SQLite3: 8993<ul> 8994 <li>Updated bundled SQLite3 to 3.14.2.</li> 8995</ul></li> 8996<li>Zip: 8997<ul> 8998 <li><?php bugfix(70752); ?> (Depacking with wrong password leaves 0 length files).</li> 8999</ul></li> 9000</ul> 9001<!-- }}} --></section> 9002 9003<section class="version" id="7.0.11"><!-- {{{ 7.0.11 --> 9004<h3>Version 7.0.11</h3> 9005<?php release_date('15-Sep-2016'); ?> 9006<ul><li>Core: 9007<ul> 9008 <li><?php bugfix(72944); ?> (Null pointer deref in zval_delref_p).</li> 9009 <li><?php bugfix(72943); ?> (assign_dim on string doesn't reset hval).</li> 9010 <li><?php bugfix(72911); ?> (Memleak in zend_binary_assign_op_obj_helper).</li> 9011 <li><?php bugfix(72813); ?> (Segfault with __get returned by ref).</li> 9012 <li><?php bugfix(72767); ?> (PHP Segfaults when trying to expand an infinite operator).</li> 9013 <li><?php bugfix(72854); ?> (PHP Crashes on duplicate destructor call).</li> 9014 <li><?php bugfix(72857); ?> (stream_socket_recvfrom read access violation).</li> 9015</ul></li> 9016<li>COM: 9017<ul> 9018 <li><?php bugfix(72922); ?> (COM called from PHP does not return out parameters).</li> 9019</ul></li> 9020<li>Dba: 9021<ul> 9022 <li><?php bugfix(70825); ?> (Cannot fetch multiple values with group in ini file).</li> 9023</ul></li> 9024<li>FTP: 9025<ul> 9026 <li><?php bugfix(70195); ?> (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).</li> 9027</ul></li> 9028<li>GD: 9029<ul> 9030 <li><?php bugfix(72709); ?> (imagesetstyle() causes OOB read for empty $styles).</li> 9031 <li><?php bugfix(66005); ?> (imagecopy does not support 1bit transparency on truecolor images).</li> 9032 <li><?php bugfix(72913); ?> (imagecopy() loses single-color transparency on palette images).</li> 9033 <li><?php bugfix(68716); ?> (possible resource leaks in _php_image_convert()).</li> 9034</ul></li> 9035<li>iconv: 9036<ul> 9037 <li><?php bugfix(72320); ?> (iconv_substr returns false for empty strings).</li> 9038</ul></li> 9039<li>IMAP: 9040<ul> 9041 <li><?php bugfix(72852); ?> (imap_mail null dereference).</li> 9042</ul></li> 9043<li>Intl: 9044<ul> 9045 <li><?php bugfix(65732); ?> (grapheme_*() is not Unicode compliant on CR LF sequence).</li> 9046 <li><?php bugfix(73007); ?> (add locale length check). (CVE-2016-7416)</li> 9047</ul></li> 9048<li>Mysqlnd: 9049<ul> 9050 <li><?php bugfix(72293); ?> (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)</li> 9051</ul></li> 9052<li>OCI8: 9053<ul> 9054 <li>Fixed invalid handle error with Implicit Result Sets.</li> 9055 <li><?php bugfix(72524); ?> (Binding null values triggers ORA-24816 error).</li> 9056</ul></li> 9057<li>Opcache: 9058<ul> 9059 <li><?php bugfix(72949); ?> (Typo in opcache error message).</li> 9060</ul></li> 9061<li>PDO: 9062<ul> 9063 <li><?php bugfix(72788); ?> (Invalid memory access when using persistent PDO connection).</li> 9064 <li><?php bugfix(72791); ?> (Memory leak in PDO persistent connection handling).</li> 9065 <li><?php bugfix(60665); ?> (call to empty() on NULL result using PDO::FETCH_LAZY returns false).</li> 9066</ul></li> 9067<li>PDO_DBlib: 9068<ul> 9069 <li>Implemented stringify 'uniqueidentifier' fields.</li> 9070</ul></li> 9071<li>PDO_pgsql: 9072<ul> 9073 <li><?php implemented(72633); ?> (Postgres PDO lastInsertId() should work without specifying a sequence).</li> 9074 <li><?php bugfix(72759); ?> (Regression in pgo_pgsql).</li> 9075</ul></li> 9076<li>Phar: 9077<ul> 9078 <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)</li> 9079 <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li> 9080</ul></li> 9081<li>Reflection: 9082<ul> 9083 <li><?php bugfix(72846); ?> (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN).</li> 9084</ul></li> 9085<li>Session: 9086<ul> 9087 <li><?php bugfix(72724); ?> (PHP7: session-uploadprogress kills httpd).</li> 9088 <li><?php bugfix(72940); ?> (SID always return "name=ID", even if session cookie exist).</li> 9089</ul></li> 9090<li>SimpleXML: 9091<ul> 9092 <li><?php bugfix(72971); ?> (SimpleXML isset/unset do not respect namespace).</li> 9093 <li><?php bugfix(72957); ?> (Null coalescing operator doesn't behave as expected with SimpleXMLElement).</li> 9094</ul></li> 9095<li>SPL: 9096<ul> 9097 <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray). (CVE-2016-7417)</li> 9098</ul></li> 9099<li>Standard: 9100<ul> 9101 <li><?php bugfix(55451); ?> (substr_compare NULL length interpreted as 0).</li> 9102 <li><?php bugfix(72278); ?> (getimagesize returning FALSE on valid jpg).</li> 9103 <li><?php bugfix(65550); ?> (get_browser() incorrectly parses entries with "+" sign).</li> 9104</ul></li> 9105<li>Streams: 9106<ul> 9107 <li><?php bugfix(72853); ?> (stream_set_blocking doesn't work).</li> 9108 <li><?php bugfix(72764); ?> (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).</li> 9109 <li><?php bugfix(71882); ?> (Negative ftruncate() on php://memory exhausts memory).</li> 9110</ul></li> 9111<li>SQLite3: 9112<ul> 9113<li>Downgraded bundled SQLite to 3.8.10.2, see <?php bugl(73068); ?></li> 9114</ul></li> 9115<li>Sysvshm: 9116<ul> 9117 <li><?php bugfix(72858); ?> (shm_attach null dereference).</li> 9118</ul></li> 9119<li>Wddx: 9120<ul> 9121 <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free). (CVE-2016-7413)</li> 9122 <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)</li> 9123</ul></li> 9124<li>XML: 9125<ul> 9126 <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li> 9127 <li><?php bugfix(72714); ?> (_xml_startElementHandler() segmentation fault).</li> 9128</ul></li> 9129<li>ZIP: 9130<ul> 9131 <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li> 9132</ul></li> 9133</ul> 9134<!-- }}} --></section> 9135 9136<section class="version" id="7.0.10"><!-- {{{ 7.0.10 --> 9137<h3>Version 7.0.10</h3> 9138<?php release_date('18-Aug-2016'); ?> 9139<ul><li>Core: 9140<ul> 9141 <li><?php bugfix(72629); ?> (Caught exception assignment to variables ignores references).</li> 9142 <li><?php bugfix(72594); ?> (Calling an earlier instance of an included anonymous class fatals).</li> 9143 <li><?php bugfix(72581); ?> (previous property undefined in Exception after deserialization).</li> 9144 <li><?php bugfix(72496); ?> (Cannot declare public method with signature incompatible with parent private method).</li> 9145 <li><?php bugfix(72024); ?> (microtime() leaks memory).</li> 9146 <li><?php bugfix(71911); ?> (Unable to set --enable-debug on building extensions by phpize on Windows).</li> 9147 <li>Fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from.</li> 9148 <li><?php implemented(72614); ?> (Support "nmake test" on building extensions by phpize).</li> 9149 <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li> 9150 <li>Fixed potential segfault in object storage freeing in shutdown sequence.</li> 9151 <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)</li> 9152 <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability). (CVE-2016-7125)</li> 9153 <li><?php bugfix(72683); ?> (getmxrr broken).</li> 9154 <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one). (CVE-2016-7133)</li> 9155</ul></li> 9156<li>Bz2: 9157<ul> 9158 <li><?php bugfix(72837); ?> (integer overflow in bzdecompress caused heap corruption).</li> 9159</ul></li> 9160<li>Calendar: 9161<ul> 9162 <li><?php bugfix(67976); ?> (cal_days_month() fails for final month of the French calendar).</li> 9163 <li><?php bugfix(71894); ?> (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).</li> 9164</ul></li> 9165<li>COM: 9166<ul> 9167 <li><?php bugfix(72569); ?> (DOTNET/COM array parameters broke in PHP7).</li> 9168</ul></li> 9169<li>CURL: 9170<ul> 9171 <li><?php bugfix(71709); ?> (curl_setopt segfault with empty CURLOPT_HTTPHEADER).</li> 9172 <li><?php bugfix(71929); ?> (CURLINFO_CERTINFO data parsing error).</li> 9173 <li><?php bugfix(72674); ?> (Heap overflow in curl_escape). (CVE-2016-7134)</li> 9174</ul></li> 9175<li>DOM: 9176<ul> 9177 <li><?php bugfix(66502); ?> (DOM document dangling reference).</li> 9178</ul></li> 9179<li>EXIF: 9180<ul> 9181 <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li> 9182 <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)</li> 9183</ul></li> 9184<li>Filter: 9185<ul> 9186 <li><?php bugfix(71745); ?> (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).</li> 9187</ul></li> 9188<li>FPM: 9189<ul> 9190 <li><?php bugfix(72575); ?> (using --allow-to-run-as-root should ignore missing user).</li> 9191</ul></li> 9192<li>GD: 9193<ul> 9194 <li><?php bugfix(72596); ?> (imagetypes function won't advertise WEBP support).</li> 9195 <li><?php bugfix(72604); ?> (imagearc() ignores thickness for full arcs).</li> 9196 <li><?php bugfix(70315); ?> (500 Server Error but page is fully rendered).</li> 9197 <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor in blendingmode).</li> 9198 <li><?php bugfix(66555); ?> (Always false condition in ext/gd/libgd/gdkanji.c).</li> 9199 <li><?php bugfix(68712); ?> (suspicious if-else statements).</li> 9200 <li><?php bugfix(72697); ?> (select_colors write out-of-bounds). (CVE-2016-7126)</li> 9201 <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)</li> 9202 <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access)</li> 9203</ul></li> 9204<li>Intl: 9205<ul> 9206 <li><?php bugfix(72639); ?> (Segfault when instantiating class that extends IntlCalendar and adds a property).</li> 9207 <li>Partially fixed <?php bugfix(72506); ?> (idn_to_ascii for UTS #46 incorrect for long domain names).</li> 9208</ul></li> 9209<li>mbstring: 9210<ul> 9211 <li><?php bugfix(72691); ?> (mb_ereg_search raises a warning if a match zero-width).</li> 9212 <li><?php bugfix(72693); ?> (mb_ereg_search increments search position when a match zero-width).</li> 9213 <li><?php bugfix(72694); ?> (mb_ereg_search_setpos does not accept a string's last position).</li> 9214 <li><?php bugfix(72710); ?> (`mb_ereg` causes buffer overflow on regexp compile error).</li> 9215</ul></li> 9216<li>Mcrypt: 9217<ul> 9218 <li><?php bugfix(72782); ?> (Heap Overflow due to integer overflows).</li> 9219</ul></li> 9220<li>Opcache: 9221<ul> 9222 <li><?php bugfix(72590); ?> (Opcache restart with kill_all_lockers does not work).</li> 9223</ul></li> 9224<li>PCRE: 9225<ul> 9226 <li><?php bugfix(72688); ?> (preg_match missing group names in matches).</li> 9227</ul></li> 9228<li>PDO_pgsql: 9229<ul> 9230 <li><?php bugfix(70313); ?> (PDO statement fails to throw exception).</li> 9231</ul></li> 9232<li>Reflection: 9233<ul> 9234 <li><?php bugfix(72222); ?> (ReflectionClass::export doesn't handle array constants).</li> 9235</ul></li> 9236<li>SimpleXML: 9237<ul> 9238 <li><?php bugfix(72588); ?> (Using global var doesn't work while accessing SimpleXML element).</li> 9239</ul></li> 9240<li>SNMP: 9241<ul> 9242 <li><?php bugfix(72708); ?> (php_snmp_parse_oid integer overflow in memory allocation).</li> 9243</ul></li> 9244<li>SPL: 9245<ul> 9246 <li><?php bugfix(55701); ?> (GlobIterator throws LogicException).</li> 9247 <li><?php bugfix(72646); ?> (SplFileObject::getCsvControl does not return the escape character).</li> 9248 <li><?php bugfix(72684); ?> (AppendIterator segfault with closed generator).</li> 9249</ul></li> 9250<li>SQLite3: 9251<ul> 9252 <li><?php bugfix(72668); ?> (Spurious warning when exception is thrown in user defined function).</li> 9253 <li><?php bugfix(72571); ?> (SQLite3::bindValue, SQLite3::bindParam crash).</li> 9254 <li><?php implemented(72653); ?> (SQLite should allow opening with empty filename).</li> 9255 <li>Updated to SQLite3 3.13.0.</li> 9256</ul></li> 9257<li>Standard: 9258<ul> 9259 <li><?php bugfix(72622); ?> (array_walk + array_replace_recursive create references from nothing).</li> 9260 <li><?php bugfix(72152); ?> (base64_decode $strict fails to detect null byte).</li> 9261 <li><?php bugfix(72263); ?> (base64_decode skips a character after padding in strict mode).</li> 9262 <li><?php bugfix(72264); ?> (base64_decode $strict fails with whitespace between padding).</li> 9263 <li><?php bugfix(72330); ?> (CSV fields incorrectly split if escape char followed by UTF chars).</li> 9264</ul></li> 9265<li>Streams: 9266<ul> 9267 <li><?php bugfix(41021); ?> (Problems with the ftps wrapper).</li> 9268 <li><?php bugfix(54431); ?> (opendir() does not work with ftps:// wrapper).</li> 9269 <li><?php bugfix(72667); ?> (opendir() with ftp:// attempts to open data stream for non-existent directories).</li> 9270 <li><?php bugfix(72771); ?> (ftps:// wrapper is vulnerable to protocol downgrade attack).</li> 9271</ul></li> 9272<li>XMLRPC: 9273<ul> 9274 <li><?php bugfix(72647); ?> (xmlrpc_encode() unexpected output after referencing array elements).</li> 9275</ul></li> 9276<li>Wddx: 9277<ul> 9278 <li><?php bugfix(72564); ?> (boolean always deserialized as "true").</li> 9279 <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li> 9280 <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access). (CVE-2016-7129)</li> 9281 <li><?php bugfix(72750); ?> (wddx_deserialize null dereference). (CVE-2016-7130)</li> 9282 <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)</li> 9283 <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)</li> 9284</ul></li> 9285<li>Zip: 9286<ul> 9287 <li><?php bugfix(72660); ?> (NULL Pointer dereference in zend_virtual_cwd).</li> 9288</ul></li> 9289</ul> 9290<!-- }}} --></section> 9291 9292<section class="version" id="7.0.9"><!-- {{{ 7.0.9 --> 9293<h3>Version 7.0.9</h3> 9294<?php release_date('21-Jul-2016'); ?> 9295<ul><li>Core: 9296<ul> 9297 <li><?php bugfix(72508); ?> (strange references after recursive function call and "switch" statement).</li> 9298 <li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)</li> 9299 <li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)</li> 9300</ul></li> 9301<li>bz2: 9302<ul> 9303 <li><?php bugfix(72613); ?> (Inadequate error handling in bzread()). (CVE-2016-5399)</li> 9304</ul></li> 9305<li>CLI: 9306<ul> 9307 <li><?php bugfix(72484); ?> (SCRIPT_FILENAME shows wrong path if the user specify router.php).</li> 9308</ul></li> 9309<li>COM: 9310<ul> 9311 <li><?php bugfix(72498); ?> (variant_date_from_timestamp null dereference).</li> 9312</ul></li> 9313<li>Curl: 9314<ul> 9315 <li><?php bugfix(72541); ?> (size_t overflow lead to heap corruption).</li> 9316</ul></li> 9317<li>Date: 9318<ul> 9319 <li><?php bugfix(66836); ?> (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).</li> 9320</ul></li> 9321<li>Exif: 9322<ul> 9323 <li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)</li> 9324 <li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)</li> 9325</ul></li> 9326<li>GD: 9327<ul> 9328 <li><?php bugfix(43475); ?> (Thick styled lines have scrambled patterns).</li> 9329 <li><?php bugfix(53640); ?> (XBM images require width to be multiple of 8).</li> 9330 <li><?php bugfix(64641); ?> (imagefilledpolygon doesn't draw horizontal line).</li> 9331 <li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li> 9332 <li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li> 9333 <li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)</li> 9334 <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li> 9335 <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access).</li> 9336</ul></li> 9337<li>Intl: 9338<ul> 9339 9340 <li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)</li> 9341</ul></li> 9342<li>Mbstring: 9343<ul> 9344 <li><?php bugfix(72405); ?> (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).</li> 9345 <li><?php bugfix(72399); ?> (Use-After-Free in MBString (search_re)).</li> 9346</ul></li> 9347<li>mcrypt: 9348<ul> 9349 <li><?php bugfix(72551); ?>, bug <?php bugl(72552) ?> (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).</li> 9350</ul></li> 9351<li>PDO_pgsql: 9352<ul> 9353 <li><?php bugfix(72570); ?> (Segmentation fault when binding parameters on a query without placeholders).</li> 9354</ul></li> 9355<li>PCRE: 9356<ul> 9357 <li><?php bugfix(72476); ?> (Memleak in jit_stack).</li> 9358 <li><?php bugfix(72463); ?> (mail fails with invalid argument).</li> 9359</ul></li> 9360<li>Readline: 9361<ul> 9362 <li><?php bugfix(72538); ?> (readline_redisplay crashes php).</li> 9363</ul></li> 9364<li>Standard: 9365<ul> 9366 <li><?php bugfix(72505); ?> (readfile() mangles files larger than 2G).</li> 9367 <li><?php bugfix(72306); ?> (Heap overflow through proc_open and $env parameter).</li> 9368</ul></li> 9369<li>Session: 9370<ul> 9371 <li><?php bugfix(72531); ?> (ps_files_cleanup_dir Buffer overflow).</li> 9372 <li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li> 9373</ul></li> 9374<li>SNMP: 9375<ul> 9376 <li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)</li> 9377</ul></li> 9378<li>Streams: 9379<ul> 9380 <li><?php bugfix(72439); ?> (Stream socket with remote address leads to a segmentation fault).</li> 9381</ul></li> 9382<li>XMLRPC: 9383<ul> 9384 <li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)</li> 9385</ul></li> 9386<li>Zip: 9387<ul> 9388 <li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)</li> 9389</ul></li> 9390</ul> 9391<!-- }}} --></section> 9392 9393<section class="version" id="7.0.8"><!-- {{{ 7.0.8 --> 9394<h3>Version 7.0.8</h3> 9395<?php release_date('23-Jun-2016'); ?> 9396<ul><li>Core: 9397<ul> 9398 <li><?php bugfix(72218); ?> (If host name cannot be resolved then PHP 7 crashes).</li> 9399 <li><?php bugfix(72221); ?> (segfault, past-the-end access).</li> 9400 <li><?php bugfix(72268); ?> (Integer Overflow in nl2br()).</li> 9401 <li><?php bugfix(72275); ?> (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).</li> 9402 <li><?php bugfix(72400); ?> (Integer Overflow in addcslashes/addslashes).</li> 9403 <li><?php bugfix(72403); ?> (Integer Overflow in Length of String-typed ZVAL).</li> 9404</ul></li> 9405<li>Date: 9406<ul> 9407 <li><?php bugfix(63740); ?> (strtotime seems to use both sunday and monday as start of week).</li> 9408</ul></li> 9409<li>FPM: 9410<ul> 9411 <li><?php bugfix(72308); ?> (fastcgi_finish_request and logging environment variables).</li> 9412</ul></li> 9413<li>GD: 9414<ul> 9415 <li><?php bugfix(72298); ?> (pass2_no_dither out-of-bounds access).</li> 9416 <li><?php bugfix(72337); ?> (invalid dimensions can lead to crash).</li> 9417 <li><?php bugfix(72339); ?> (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)</li> 9418 <li><?php bugfix(72407); ?> (NULL Pointer Dereference at _gdScaleVert).</li> 9419 <li><?php bugfix(72446); ?> (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)</li> 9420</ul></li> 9421<li>Intl: 9422<ul> 9423 <li><?php bugfix(70484); ?> (selectordinal doesn't work with named parameters).</li> 9424</ul></li> 9425<li>mbstring: 9426<ul> 9427 <li><?php bugfix(72402); ?> (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)</li> 9428</ul></li> 9429<li>mcrypt: 9430<ul> 9431 <li><?php bugfix(72455); ?> (Heap Overflow due to integer overflows). (CVE-2016-5769)</li> 9432</ul></li> 9433<li>OpenSSL: 9434<ul> 9435 <li><?php bugfix(72140); ?> (segfault after calling ERR_free_strings()).</li> 9436</ul></li> 9437<li>PCRE: 9438<ul> 9439 <li><?php bugfix(72143); ?> (preg_replace uses int instead of size_t).</li> 9440</ul></li> 9441<li>PDO_pgsql: 9442<ul> 9443 <li><?php bugfix(71573); ?> (Segfault (core dumped) if paramno beyond bound).</li> 9444 <li><?php bugfix(72294); ?> (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor).</li> 9445</ul></li> 9446<li>Phar: 9447<ul> 9448 <li><?php bugfix(72321); ?> (invalid free in phar_extract_file()). (CVE-2016-4473)</li> 9449</ul></li> 9450<li>Phpdbg: 9451<ul> 9452 <li><?php bugfix(72284); ?> (phpdbg fatal errors with coverage).</li> 9453</ul></li> 9454<li>Postgres: 9455<ul> 9456 <li><?php bugfix(72195); ?> (pg_pconnect/pg_connect cause use-after-free).</li> 9457 <li><?php bugfix(72197); ?> (pg_lo_create arbitrary read).</li> 9458</ul></li> 9459<li>Standard: 9460<ul> 9461 <li><?php bugfix(72017); ?> (range() with float step produces unexpected result).</li> 9462 <li><?php bugfix(72193); ?> (dns_get_record returns array containing elements of type 'unknown').</li> 9463 <li><?php bugfix(72229); ?> (Wrong reference when serialize/unserialize an object).</li> 9464 <li><?php bugfix(72300); ?> (ignore_user_abort(false) has no effect).</li> 9465</ul></li> 9466<li>WDDX: 9467<ul> 9468 <li><?php bugfix(72340); ?> (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)</li> 9469</ul></li> 9470<li>XML: 9471<ul> 9472 <li><?php bugfix(72206); ?> (xml_parser_create/xml_parser_free leaks mem).</li> 9473</ul></li> 9474<li>XMLRPC: 9475<ul> 9476 <li><?php bugfix(72155); ?> (use-after-free caused by get_zval_xmlrpc_type).</li> 9477</ul></li> 9478<li>Zip: 9479<ul> 9480 <li><?php bugfix(72258); ?> (ZipArchive converts filenames to unrecoverable form).</li> 9481 <li><?php bugfix(72434); ?> (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)</li> 9482</ul></li> 9483</ul> 9484<!-- }}} --></section> 9485 9486<section class="version" id="7.0.7"><!-- {{{ 7.0.7 --> 9487<h3>Version 7.0.7</h3> 9488<?php release_date('26-May-2016'); ?> 9489<ul><li>Core: 9490<ul> 9491 <li><?php bugfix(72162); ?> (use-after-free - error_reporting).</li> 9492 <li>Add compiler option to disable special case function calls.</li> 9493 <li><?php bugfix(72101); ?> (crash on complex code).</li> 9494 <li><?php bugfix(72100); ?> (implode() inserts garbage into resulting string when joins very big integer).</li> 9495 <li><?php bugfix(72057); ?> (PHP Hangs when using custom error handler and typehint).</li> 9496 <li><?php bugfix(72038); ?> (Function calls with values to a by-ref parameter don't always throw a notice).</li> 9497 <li><?php bugfix(71737); ?> (Memory leak in closure with parameter named $this).</li> 9498 <li><?php bugfix(72059); ?> (?? is not allowed on constant expressions).</li> 9499 <li><?php bugfix(72159); ?> (Imported Class Overrides Local Class Name).</li> 9500</ul></li> 9501<li>Curl: 9502<ul> 9503 <li><?php bugfix(68658); ?> (Define CURLE_SSL_CACERT_BADFILE).</li> 9504</ul></li> 9505<li>DBA: 9506<ul> 9507 <li><?php bugfix(72157); ?> (use-after-free caused by dba_open).</li> 9508</ul></li> 9509<li>GD: 9510<ul> 9511 <li><?php bugfix(72227); ?> (imagescale out-of-bounds read). (CVE-2013-7456)</li> 9512</ul></li> 9513<li>Intl: 9514<ul> 9515 <li><?php bugfix(64524); ?> (Add intl.use_exceptions to php.ini-*).</li> 9516 <li><?php bugfix(72241); ?> (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)</li> 9517</ul></li> 9518<li>JSON: 9519<ul> 9520 <li><?php bugfix(72069); ?> (Behavior \JsonSerializable different from json_encode).</li> 9521</ul></li> 9522<li>Mbstring: 9523<ul> 9524 <li><?php bugfix(72164); ?> (Null Pointer Dereference - mb_ereg_replace).</li> 9525</ul></li> 9526<li>OCI8: 9527<ul> 9528 <li><?php bugfix(71600); ?> (oci_fetch_all segfaults when selecting more than eight columns).</li> 9529</ul></li> 9530<li>Opcache: 9531<ul> 9532 <li><?php bugfix(72014); ?> (Including a file with anonymous classes multiple times leads to fatal error).</li> 9533</ul></li> 9534<li>OpenSSL: 9535<ul> 9536 <li><?php bugfix(72165); ?> (Null pointer dereference - openssl_csr_new).</li> 9537</ul></li> 9538<li>PCNTL: 9539<ul> 9540 <li><?php bugfix(72154); ?> (pcntl_wait/pcntl_waitpid array internal structure overwrite).</li> 9541</ul></li> 9542<li>POSIX: 9543<ul> 9544 <li><?php bugfix(72133); ?> (php_posix_group_to_array crashes if gr_passwd is NULL).</li> 9545</ul></li> 9546<li>Postgres: 9547<ul> 9548 <li><?php bugfix(72028); ?> (pg_query_params(): NULL converts to empty string).</li> 9549 <li><?php bugfix(71062); ?> (pg_convert() doesn't accept ISO 8601 for datatype timestamp).</li> 9550 <li><?php bugfix(72151); ?> (mysqli_fetch_object changed behaviour). Patch to <?php bugl(71820) ?> is reverted.</li> 9551</ul></li> 9552<li>Reflection: 9553<ul> 9554 <li><?php bugfix(72174); ?> (ReflectionProperty#getValue() causes __isset call).</li> 9555</ul></li> 9556<li>Session: 9557<ul> 9558 <li><?php bugfix(71972); ?> (Cyclic references causing session_start(): Failed to decode session object).</li> 9559</ul></li> 9560<li>Sockets: 9561<ul> 9562 <li>Added socket_export_stream() function for getting a stream compatible resource from a socket resource.</li> 9563</ul></li> 9564<li>SPL: 9565<ul> 9566 <li><?php bugfix(72051); ?> (The reference in CallbackFilterIterator doesn't work as expected).</li> 9567</ul></li> 9568<li>SQLite3: 9569<ul> 9570 <li><?php bugfix(68849); ?> (bindValue is not using the right data type).</li> 9571</ul></li> 9572<li>Standard: 9573<ul> 9574 <li><?php bugfix(72075); ?> (Referencing socket resources breaks stream_select).</li> 9575 <li><?php bugfix(72031); ?> (array_column() against an array of objects discards all values matching null).</li> 9576</ul></li> 9577</ul> 9578<!-- }}} --></section> 9579 9580<section class="version" id="7.0.6"><!-- {{{ 7.0.6 --> 9581<h3>Version 7.0.6</h3> 9582<?php release_date('28-Apr-2016'); ?> 9583<ul><li>Core: 9584<ul> 9585 <li><?php bugfix(71930); ?> (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1' failed).</li> 9586 <li><?php bugfix(71922); ?> (Crash on assert(new class{})).</li> 9587 <li><?php bugfix(71914); ?> (Reference is lost in "switch").</li> 9588 <li><?php bugfix(71871); ?> (Interfaces allow final and abstract functions).</li> 9589 <li><?php bugfix(71859); ?> (zend_objects_store_call_destructors operates on realloced memory, crashing).</li> 9590 <li><?php bugfix(71841); ?> (EG(error_zval) is not handled well).</li> 9591 <li><?php bugfix(71750); ?> (Multiple Heap Overflows in php_raw_url_encode/ php_url_encode).</li> 9592 <li><?php bugfix(71731); ?> (Null coalescing operator and ArrayAccess).</li> 9593 <li><?php bugfix(71609); ?> (Segmentation fault on ZTS with gethostbyname).</li> 9594 <li><?php bugfix(71414); ?> (Inheritance, traits and interfaces).</li> 9595 <li><?php bugfix(71359); ?> (Null coalescing operator and magic).</li> 9596 <li><?php bugfix(71334); ?> (Cannot access array keys while uksort()).</li> 9597 <li><?php bugfix(69659); ?> (ArrayAccess, isset() and the offsetExists method).</li> 9598 <li><?php bugfix(69537); ?> (__debugInfo with empty string for key gives error).</li> 9599 <li><?php bugfix(62059); ?> (ArrayObject and isset are not friends).</li> 9600 <li><?php bugfix(71980); ?> (Decorated/Nested Generator is Uncloseable in Finally).</li> 9601</ul></li> 9602<li>BCmath: 9603<ul> 9604 <li><?php bugfix(72093); ?> (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)</li> 9605</ul></li> 9606<li>Curl: 9607<ul> 9608 <li><?php bugfix(71831); ?> (CURLOPT_NOPROXY applied as long instead of string).</li> 9609</ul></li> 9610<li>Date: 9611<ul> 9612 <li><?php bugfix(71889); ?> (DateInterval::format Segmentation fault).</li> 9613</ul></li> 9614<li>EXIF: 9615<ul> 9616 <li><?php bugfix(72094); ?> (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)</li> 9617</ul></li> 9618<li>GD: 9619<ul> 9620 <li><?php bugfix(71912); ?> (libgd: signedness vulnerability). (CVE-2016-3074)</li> 9621</ul></li> 9622<li>Intl: 9623<ul> 9624 <li><?php bugfix(71516); ?> (IntlDateFormatter looses locale if pattern is set via constructor).</li> 9625 <li><?php bugfix(70455); ?> (Missing constant: IntlChar::NO_NUMERIC_VALUE).</li> 9626 <li><?php bugfix(70451); ?>, <?php bugl(70452); ?> (Inconsistencies in return values of IntlChar methods).</li> 9627 <li><?php bugfix(68893); ?> (Stackoverflow in datefmt_create).</li> 9628 <li><?php bugfix(66289); ?> (Locale::lookup incorrectly returns en or en_US if locale is empty).</li> 9629 <li><?php bugfix(70484); ?> (selectordinal doesn't work with named parameters).</li> 9630 <li><?php bugfix(72061); ?> (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)</li> 9631</ul></li> 9632<li>ODBC: 9633<ul> 9634 <li><?php bugfix(63171); ?> (Script hangs after max_execution_time).</li> 9635</ul></li> 9636<li>Opcache: 9637<ul> 9638 <li><?php bugfix(71843); ?> (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).</li> 9639</ul></li> 9640<li>PDO: 9641<ul> 9642 <li><?php bugfix(52098); ?> (Own PDOStatement implementation ignore __call()).</li> 9643 <li><?php bugfix(71447); ?> (Quotes inside comments not properly handled).</li> 9644</ul></li> 9645<li>PDO_DBlib: 9646<ul> 9647 <li><?php bugfix(71943); ?> (dblib_handle_quoter needs to allocate an extra byte).</li> 9648 <li>Add DBLIB-specific attributes for controlling timeouts.</li> 9649</ul></li> 9650<li>PDO_pgsql: 9651<ul> 9652 <li><?php bugfix(62498); ?> (pdo_pgsql inefficient when getColumnMeta() is used).</li> 9653</ul></li> 9654<li>Postgres: 9655<ul> 9656 <li><?php bugfix(71820); ?> (pg_fetch_object binds parameters before call constructor).</li> 9657 <li><?php bugfix(71998); ?> (Function pg_insert does not insert when column type = inet).</li> 9658</ul></li> 9659<li>SOAP: 9660<ul> 9661 <li><?php bugfix(71986); ?> (Nested foreach assign-by-reference creates broken variables).</li> 9662</ul></li> 9663<li>SPL: 9664<ul> 9665 <li><?php bugfix(71838); ?> (Deserializing serialized SPLObjectStorage-Object can't access properties in PHP).</li> 9666 <li><?php bugfix(71735); ?> (Double-free in SplDoublyLinkedList::offsetSet).</li> 9667 <li><?php bugfix(67582); ?> (Cloned SplObjectStorage with overwritten getHash fails offsetExists()).</li> 9668 <li><?php bugfix(52339); ?> (SPL autoloader breaks class_exists()).</li> 9669</ul></li> 9670<li>Standard: 9671<ul> 9672 <li><?php bugfix(72116); ?> (array_fill optimization breaks implementation).</li> 9673 <li><?php bugfix(71995); ?> (Returning the same var twice from __sleep() produces broken serialized data).</li> 9674 <li><?php bugfix(71940); ?> (Unserialize crushes on restore object reference).</li> 9675 <li><?php bugfix(71969); ?> (str_replace returns an incorrect resulting array after a foreach by reference).</li> 9676 <li><?php bugfix(71891); ?> (header_register_callback() and register_shutdown_function()).</li> 9677 <li><?php bugfix(71884); ?> (Null pointer deref (segfault) in stream_context_get_default).</li> 9678 <li><?php bugfix(71840); ?> (Unserialize accepts wrongly data).</li> 9679 <li><?php bugfix(71837); ?> (Wrong arrays behaviour).</li> 9680 <li><?php bugfix(71827); ?> (substr_replace bug, string length).</li> 9681 <li><?php bugfix(67512); ?> (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined).</li> 9682</ul></li> 9683<li>XML: 9684<ul> 9685 <li><?php bugfix(72099); ?> (xml_parse_into_struct segmentation fault). (CVE-2016-4539)</li> 9686</ul></li> 9687<li>Zip: 9688<ul> 9689 <li><?php bugfix(71923); ?> (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078)</li> 9690</ul></li> 9691</ul> 9692<!-- }}} --></section> 9693 9694<section class="version" id="7.0.5"><!-- {{{ 7.0.5 --> 9695<h3>Version 7.0.5</h3> 9696<?php release_date('31-Mar-2016'); ?> 9697<ul><li>Core: 9698<ul> 9699 <li>Huge pages disabled by default.</li> 9700 <li>Added ability to enable huge pages in Zend Memory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1.</li> 9701 <li><?php bugfix(71756); ?> (Call-by-reference widens scope to uninvolved functions when used in switch).</li> 9702 <li><?php bugfix(71729); ?> (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod).</li> 9703 <li><?php bugfix(71695); ?> (Global variables are reserved before execution).</li> 9704 <li><?php bugfix(71629); ?> (Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397).</li> 9705 <li><?php bugfix(71622); ?> (Strings used in pass-as-reference cannot be used to invoke C::$callable()).</li> 9706 <li><?php bugfix(71596); ?> (Segmentation fault on ZTS with date function (setlocale)).</li> 9707 <li><?php bugfix(71535); ?> (Integer overflow in zend_mm_alloc_heap()).</li> 9708 <li><?php bugfix(71470); ?> (Leaked 1 hashtable iterators).</li> 9709 <li><?php bugfix(71575); ?> (ISO C does not allow extra ‘;’ outside of a function).</li> 9710 <li><?php bugfix(71724); ?> (yield from does not count EOLs).</li> 9711 <li><?php bugfix(71767); ?> (ReflectionMethod::getDocComment returns the wrong comment).</li> 9712 <li><?php bugfix(71806); ?> (php_strip_whitespace() fails on some numerical values).</li> 9713 <li><?php bugfix(71624); ?> (`php -R` (PHP_MODE_PROCESS_STDIN) is broken).</li> 9714</ul></li> 9715<li>CLI Server: 9716<ul> 9717 <li><?php bugfix(69953); ?> (Support MKCALENDAR request method).</li> 9718</ul></li> 9719<li>Curl: 9720<ul> 9721 <li><?php bugfix(71694); ?> (Support constant CURLM_ADDED_ALREADY).</li> 9722</ul></li> 9723<li>Date: 9724<ul> 9725 <li><?php bugfix(71635); ?> (DatePeriod::getEndDate segfault).</li> 9726</ul></li> 9727<li>Fileinfo: 9728<ul> 9729 <li><?php bugfix(71527); ?> (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)</li> 9730</ul></li> 9731<li>libxml: 9732<ul> 9733 <li><?php bugfix(71536); ?> (Access Violation crashes php-cgi.exe).</li> 9734</ul></li> 9735<li>mbstring: 9736<ul> 9737 <li><?php bugfix(71906); ?> (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)</li> 9738</ul></li> 9739<li>ODBC: 9740<ul> 9741 <li><?php bugfix(47803); ?>, <?php bugl(69526); ?> (Executing prepared statements is succesfull only for the first two statements).</li> 9742</ul></li> 9743<li>PCRE: 9744<ul> 9745 <li><?php bugfix(71659); ?> (segmentation fault in pcre running twig tests).</li> 9746</ul></li> 9747<li>PDO_DBlib: 9748<ul> 9749 <li><?php bugfix(54648); ?> (PDO::MSSQL forces format of datetime fields).</li> 9750</ul></li> 9751<li>Phar: 9752<ul> 9753 <li><?php bugfix(71625); ?> (Crash in php7.dll with bad phar filename).</li> 9754 <li><?php bugfix(71317); ?> (PharData fails to open specific file).</li> 9755 <li><?php bugfix(71860); ?> (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072)</li> 9756</ul></li> 9757<li>phpdbg: 9758<ul> 9759 <li>Fixed crash when advancing (except step) inside an internal function.</li> 9760</ul></li> 9761<li>Session: 9762<ul> 9763 <li><?php bugfix(71683); ?> (Null pointer dereference in zend_hash_str_find_bucket).</li> 9764</ul></li> 9765<li>SNMP: 9766<ul> 9767 <li><?php bugfix(71704); ?> (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)</li> 9768</ul></li> 9769<li>SPL: 9770<ul> 9771 <li><?php bugfix(71617); ?> (private properties lost when unserializing ArrayObject).</li> 9772</ul></li> 9773<li>Standard: 9774<ul> 9775 <li><?php bugfix(71660); ?> (array_column behaves incorrectly after foreach by reference).</li> 9776 <li><?php bugfix(71798); ?> (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)</li> 9777</ul></li> 9778<li>Zip: 9779<ul> 9780 <li>Update bundled libzip to 1.1.2.</li> 9781</ul></li> 9782</ul> 9783<!-- }}} --></section> 9784 9785<section class="version" id="7.0.4"><!-- {{{ 7.0.4 --> 9786<h3>Version 7.0.4</h3> 9787<?php release_date('03-Mar-2016'); ?> 9788<ul><li>Core: 9789<ul> 9790 <li>Fixed bug (Low probability segfault in zend_arena).</li> 9791 <li><?php bugfix(71441); ?> (Typehinted Generator with return in try/finally crashes).</li> 9792 <li><?php bugfix(71442); ?> (forward_static_call crash).</li> 9793 <li><?php bugfix(71443); ?> (Segfault using built-in webserver with intl using symfony).</li> 9794 <li><?php bugfix(71449); ?> (An integer overflow bug in php_implode()).</li> 9795 <li><?php bugfix(71450); ?> (An integer overflow bug in php_str_to_str_ex()).</li> 9796 <li><?php bugfix(71474); ?> (Crash because of VM stack corruption on Magento2).</li> 9797 <li><?php bugfix(71485); ?> (Return typehint on internal func causes Fatal error when it throws exception).</li> 9798 <li><?php bugfix(71529); ?> (Variable references on array elements don't work when using count).</li> 9799 <li><?php bugfix(71601); ?> (finally block not executed after yield from).</li> 9800 <li><?php bugfix(71637); ?> (Multiple Heap Overflow due to integer overflows in xml/filter_url/addcslashes). (CVE-2016-4344, CVE-2016-4345, CVE-2016-4346)</li> 9801</ul></li> 9802<li>CLI server: 9803<ul> 9804 <li><?php bugfix(71559); ?> (Built-in HTTP server, we can download file in web by bug).</li> 9805</ul></li> 9806<li>CURL: 9807<ul> 9808 <li><?php bugfix(71523); ?> (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec).</li> 9809 <li>Fixed memory leak in curl_getinfo().</li> 9810</ul></li> 9811<li>Date: 9812<ul> 9813 <li><?php bugfix(71525); ?> (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues).</li> 9814</ul></li> 9815<li>Fileinfo: 9816<ul> 9817 <li><?php bugfix(71434); ?> (finfo throws notice for specific python file).</li> 9818</ul></li> 9819<li>FPM: 9820<ul> 9821 <li><?php bugfix(62172); ?> (FPM not working with Apache httpd 2.4 balancer/fcgi setup).</li> 9822 <li><?php bugfix(71269); ?> (php-fpm dumped core).</li> 9823</ul></li> 9824<li>Opcache: 9825<ul> 9826 <li><?php bugfix(71584); ?> (Possible use-after-free of ZCG(cwd) in Zend Opcache).</li> 9827</ul></li> 9828<li>PCRE: 9829<ul> 9830 <li><?php bugfix(71537); ?> (PCRE segfault from Opcache).</li> 9831</ul></li> 9832<li>phpdbg: 9833<ul> 9834 <li>Fixed inherited functions from unspecified files being included in phpdbg_get_executable().</li> 9835</ul></li> 9836<li>SOAP: 9837<ul> 9838 <li><?php bugfix(71610); ?> (Type Confusion Vulnerability - SOAP / make_http_soap_request()). (CVE-2016-3185)</li> 9839</ul></li> 9840<li>Standard: 9841<ul> 9842 <li><?php bugfix(71603); ?> (compact() maintains references in php7).</li> 9843 <li><?php bugfix(70720); ?> (strip_tags improper php code parsing).</li> 9844</ul></li> 9845<li>XMLRPC: 9846<ul> 9847 <li><?php bugfix(71501); ?> (xmlrpc_encode_request ignores encoding option).</li> 9848</ul></li> 9849<li>Zip: 9850<ul> 9851 <li><?php bugfix(71561); ?> (NULL pointer dereference in Zip::ExtractTo).</li> 9852</ul></li> 9853</ul> 9854<!-- }}} --></section> 9855 9856<section class="version" id="7.0.3"><!-- {{{ 7.0.3 --> 9857<h3>Version 7.0.3</h3> 9858<?php release_date('04-Feb-2016'); ?> 9859<ul><li>Core: 9860<ul> 9861 <li>Added support for new HTTP 451 code.</li> 9862 <li><?php bugfix(71039); ?> (exec functions ignore length but look for NULL termination).</li> 9863 <li><?php bugfix(71089); ?> (No check to duplicate zend_extension).</li> 9864 <li><?php bugfix(71201); ?> (round() segfault on 64-bit builds).</li> 9865 <li><?php bugfix(71221); ?> (Null pointer deref (segfault) in get_defined_vars via ob_start).</li> 9866 <li><?php bugfix(71248); ?> (Wrong interface is enforced).</li> 9867 <li><?php bugfix(71273); ?> (A wrong ext directory setup in php.ini leads to crash).</li> 9868 <li><?php bugfix(71275); ?> (Bad method called on cloning an object having a trait).</li> 9869 <li><?php bugfix(71297); ?> (Memory leak with consecutive yield from).</li> 9870 <li><?php bugfix(71300); ?> (Segfault in zend_fetch_string_offset).</li> 9871 <li><?php bugfix(71314); ?> (var_export(INF) prints INF.0).</li> 9872 <li><?php bugfix(71323); ?> (Output of stream_get_meta_data can be falsified by its input).</li> 9873 <li><?php bugfix(71336); ?> (Wrong is_ref on properties as exposed via get_object_vars()).</li> 9874 <li><?php bugfix(71459); ?> (Integer overflow in iptcembed()).</li> 9875</ul></li> 9876<li>Apache2handler: 9877<ul> 9878 <li>Fix >2G Content-Length headers in apache2handler.</li> 9879</ul></li> 9880<li>CURL: 9881<ul> 9882 <li><?php bugfix(71227); ?> (Can't compile php_curl statically).</li> 9883 <li><?php bugfix(71225); ?> (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile).</li> 9884</ul></li> 9885<li>GD: 9886<ul> 9887 <li>Improved fix for bug <?php bugl(70976) ?>.</li> 9888</ul></li> 9889<li>Interbase: 9890<ul> 9891 <li><?php bugfix(71305); ?> (Crash when optional resource is omitted).</li> 9892</ul></li> 9893<li>LDAP: 9894<ul> 9895 <li><?php bugfix(71249); ?> (ldap_mod_replace/ldap_mod_add store value as string "Array").</li> 9896</ul></li> 9897<li>mbstring: 9898<ul> 9899 <li><?php bugfix(71397); ?> (mb_send_mail segmentation fault).</li> 9900</ul></li> 9901<li>OpenSSL: 9902<ul> 9903 <li><?php bugfix(71475); ?> (openssl_seal() uninitialized memory usage).</li> 9904</ul></li> 9905<li>PCRE: 9906<ul> 9907 <li>Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li> 9908</ul></li> 9909<li>Phar: 9910<ul> 9911 <li><?php bugfix(71354); ?> (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)</li> 9912 <li><?php bugfix(71331); ?> (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)</li> 9913 <li><?php bugfix(71391); ?> (NULL Pointer Dereference in phar_tar_setupmetadata()).</li> 9914 <li><?php bugfix(71488); ?> (Stack overflow when decompressing tar archives). (CVE-2016-2554)</li> 9915</ul></li> 9916<li>SOAP: 9917<ul> 9918 <li><?php bugfix(70979); ?> (crash with bad soap request).</li> 9919</ul></li> 9920<li>SPL: 9921<ul> 9922 <li><?php bugfix(71204); ?> (segfault if clean spl_autoload_funcs while autoloading).</li> 9923 <li><?php bugfix(71202); ?> (Autoload function registered by another not activated immediately).</li> 9924 <li><?php bugfix(71311); ?> (Use-after-free vulnerability in SPL(ArrayObject, unserialize)).</li> 9925 <li><?php bugfix(71313); ?> (Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)).</li> 9926</ul></li> 9927<li>Standard: 9928<ul> 9929 <li><?php bugfix(71287); ?> (Error message contains hexadecimal instead of decimal number).</li> 9930 <li><?php bugfix(71264); ?> (file_put_contents() returns unexpected value when filesystem runs full).</li> 9931 <li><?php bugfix(71245); ?> (file_get_contents() ignores "header" context option if it's a reference).</li> 9932 <li><?php bugfix(71220); ?> (Null pointer deref (segfault) in compact via ob_start).</li> 9933 <li><?php bugfix(71190); ?> (substr_replace converts integers in original $search array to strings).</li> 9934 <li><?php bugfix(71188); ?> (str_replace converts integers in original $search array to strings).</li> 9935 <li><?php bugfix(71132); ?>, <?php bugl(71197) ?> (range() segfaults).</li> 9936</ul></li> 9937<li>WDDX: 9938<ul> 9939 <li><?php bugfix(71335); ?> (Type Confusion in WDDX Packet Deserialization).</li> 9940</ul></li> 9941</ul> 9942<!-- }}} --></section> 9943 9944<section class="version" id="7.0.2"><!-- {{{ 7.0.2 --> 9945<h3>Version 7.0.2</h3> 9946<?php release_date('07-Jan-2016'); ?> 9947<ul><li>Core: 9948<ul> 9949 <li><?php bugfix(71165); ?> (-DGC_BENCH=1 doesn't work on PHP7).</li> 9950 <li><?php bugfix(71163); ?> (Segmentation Fault: cleanup_unfinished_calls).</li> 9951 <li><?php bugfix(71109); ?> (ZEND_MOD_CONFLICTS("xdebug") doesn't work).</li> 9952 <li><?php bugfix(71092); ?> (Segmentation fault with return type hinting).</li> 9953 <li>Fixed bug memleak in header_register_callback.</li> 9954 <li><?php bugfix(71067); ?> (Local object in class method stays in memory for each call).</li> 9955 <li><?php bugfix(66909); ?> (configure fails utf8_to_mutf7 test).</li> 9956 <li><?php bugfix(70781); ?> (Extension tests fail on dynamic ext dependency).</li> 9957 <li><?php bugfix(71089); ?> (No check to duplicate zend_extension).</li> 9958 <li><?php bugfix(71086); ?> (Invalid numeric literal parse error within highlight_string() function).</li> 9959 <li><?php bugfix(71154); ?> (Incorrect HT iterator invalidation causes iterator reuse).</li> 9960 <li><?php bugfix(52355); ?> (Negating zero does not produce negative zero).</li> 9961 <li><?php bugfix(66179); ?> (var_export() exports float as integer).</li> 9962 <li><?php bugfix(70804); ?> (Unary add on negative zero produces positive zero).</li> 9963</ul></li> 9964<li>CURL: 9965<ul> 9966 <li><?php bugfix(71144); ?> (Sementation fault when using cURL with ZTS).</li> 9967</ul></li> 9968<li>DBA: 9969<ul> 9970 <li>Fixed key leak with invalid resource.</li> 9971</ul></li> 9972<li>Filter: 9973<ul> 9974 <li><?php bugfix(71063); ?> (filter_input(INPUT_ENV, ..) does not work).</li> 9975</ul></li> 9976<li>FTP: 9977<ul> 9978 <li><?php implemented(55651); ?> (Option to ignore the returned FTP PASV address).</li> 9979</ul></li> 9980<li>FPM: 9981<ul> 9982 <li><?php bugfix(70755); ?> (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)</li> 9983</ul></li> 9984<li>GD: 9985<ul> 9986 <li><?php bugfix(70976); ?> (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)</li> 9987</ul></li> 9988<li>Mbstring: 9989<ul> 9990 <li><?php bugfix(71066); ?> (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault).</li> 9991</ul></li> 9992<li>Opcache: 9993<ul> 9994 <li><?php bugfix(71127); ?> (Define in auto_prepend_file is overwrite).</li> 9995</ul></li> 9996<li>PCRE: 9997<ul> 9998 <li><?php bugfix(71178); ?> (preg_replace with arrays creates [0] in replace array if not already set).</li> 9999</ul></li> 10000<li>Readline: 10001<ul> 10002 <li><?php bugfix(71094); ?> (readline_completion_function corrupts static array on second TAB).</li> 10003</ul></li> 10004<li>Session: 10005<ul> 10006 <li><?php bugfix(71122); ?> (Session GC may not remove obsolete session data).</li> 10007</ul></li> 10008<li>SPL: 10009<ul> 10010 <li><?php bugfix(71077); ?> (ReflectionMethod for ArrayObject constructor returns wrong number of parameters).</li> 10011 <li><?php bugfix(71153); ?> (Performance Degradation in ArrayIterator with large arrays).</li> 10012</ul></li> 10013<li>Standard: 10014<ul> 10015 <li><?php bugfix(71270); ?> (Heap BufferOver Flow in escapeshell functions). (CVE-2016-1904)</li> 10016</ul></li> 10017<li>WDDX: 10018<ul> 10019 <li><?php bugfix(70661); ?> (Use After Free Vulnerability in WDDX Packet Deserialization).</li> 10020 <li><?php bugfix(70741); ?> (Session WDDX Packet Deserialization Type Confusion Vulnerability).</li> 10021</ul></li> 10022<li>XMLRPC: 10023<ul> 10024 <li><?php bugfix(70728); ?> (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).</li> 10025</ul></li> 10026</ul> 10027<!-- }}} --></section> 10028 10029<section class="version" id="7.0.1"><!-- {{{ 7.0.1 --> 10030<h3>Version 7.0.1</h3> 10031<?php release_date('17-Dec-2015'); ?> 10032<ul><li>Core: 10033<ul> 10034 <li><?php bugfix(71105); ?> (Format String Vulnerability in Class Name Error Message). (CVE-2015-8617)</li> 10035 <li><?php bugfix(70831); ?> (Compile fails on system with 160 CPUs).</li> 10036 <li><?php bugfix(71006); ?> (symbol referencing errors on Sparc/Solaris).</li> 10037 <li><?php bugfix(70997); ?> (When using parentClass:: instead of parent::, static context changed).</li> 10038 <li><?php bugfix(70970); ?> (Segfault when combining error handler with output buffering).</li> 10039 <li><?php bugfix(70967); ?> (Weird error handling for __toString when Error is thrown).</li> 10040 <li><?php bugfix(70958); ?> (Invalid opcode while using ::class as trait method paramater default value).</li> 10041 <li><?php bugfix(70944); ?> (try{ } finally{} can create infinite chains of exceptions).</li> 10042 <li><?php bugfix(70931); ?> (Two errors messages are in conflict).</li> 10043 <li><?php bugfix(70904); ?> (yield from incorrectly marks valid generator as finished).</li> 10044 <li><?php bugfix(70899); ?> (buildconf failure in extensions).</li> 10045 <li><?php bugfix(61751); ?> (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions).</li> 10046 <li>Fixed \int (or generally every scalar type name with leading backslash) to not be accepted as type name.</li> 10047 <li>Fixed exception not being thrown immediately into a generator yielding from an array.</li> 10048 <li><?php bugfix(70987); ?> (static::class within Closure::call() causes segfault).</li> 10049 <li><?php bugfix(71013); ?> (Incorrect exception handler with yield from).</li> 10050 <li>Fixed double free in error condition of format printer.</li> 10051</ul></li> 10052<li>CLI server: 10053<ul> 10054 <li><?php bugfix(71005); ?> (Segfault in php_cli_server_dispatch_router()).</li> 10055</ul></li> 10056<li>Intl: 10057<ul> 10058 <li><?php bugfix(71020); ?> (Use after free in Collator::sortWithSortKeys). (CVE-2015-8616)</li> 10059</ul></li> 10060<li>Mysqlnd: 10061<ul> 10062 <li><?php bugfix(68077); ?> (LOAD DATA LOCAL INFILE / open_basedir restriction).</li> 10063 <li><?php bugfix(68344); ?> (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.</li> 10064</ul></li> 10065<li>OCI8: 10066<ul> 10067 <li>Fixed LOB implementation size_t/zend_long mismatch reported by gcov.</li> 10068</ul></li> 10069<li>Opcache: 10070<ul> 10071 <li><?php bugfix(71024); ?> (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server).</li> 10072 <li><?php bugfix(70991); ?> (zend_file_cache.c:710: error: array type has incomplete element type).</li> 10073 <li><?php bugfix(70977); ?> (Segmentation fault with opcache.huge_code_pages=1).</li> 10074</ul></li> 10075<li>PDO_Firebird: 10076<ul> 10077 <li><?php bugfix(60052); ?> (Integer returned as a 64bit integer on X64_86).</li> 10078</ul></li> 10079<li>Phpdbg: 10080<ul> 10081 <li>Fixed stderr being written to stdout.</li> 10082</ul></li> 10083<li>Reflection: 10084<ul> 10085 <li><?php bugfix(71018); ?> (ReflectionProperty::setValue() behavior changed).</li> 10086 <li><?php bugfix(70982); ?> (setStaticPropertyValue behaviors inconsistently with 5.6).</li> 10087</ul></li> 10088<li>Soap: 10089<ul> 10090 <li><?php bugfix(70993); ?> (Array key references break argument processing).</li> 10091</ul></li> 10092<li>SPL: 10093<ul> 10094 <li><?php bugfix(71028); ?> (Undefined index with ArrayIterator).</li> 10095</ul></li> 10096<li>SQLite3: 10097<ul> 10098 <li><?php bugfix(71049); ?> (SQLite3Stmt::execute() releases bound parameter instead of internal buffer).</li> 10099</ul></li> 10100<li>Standard: 10101<ul> 10102 <li><?php bugfix(70999); ?> (php_random_bytes: called object is not a function).</li> 10103 <li><?php bugfix(70960); ?> (ReflectionFunction for array_unique returns wrong number of parameters).</li> 10104</ul></li> 10105<li>Streams/Socket: 10106<ul> 10107 <li>Add IPV6_V6ONLY constant / make it usable in stream contexts.</li> 10108</ul></li> 10109</ul> 10110<!-- }}} --></section> 10111 10112<section class="version" id="7.0.0"><!-- {{{ 7.0.0 --> 10113<h3>Version 7.0.0</h3> 10114<?php release_date('03-Dec-2015'); ?> 10115<ul><li>Core: 10116<ul> 10117 <li><?php bugfix(70947); ?> (INI parser segfault with INI_SCANNER_TYPED).</li> 10118 <li><?php bugfix(70914); ?> (zend_throw_or_error() format string vulnerability).</li> 10119 <li><?php bugfix(70912); ?> (Null ptr dereference instantiating class with invalid array property).</li> 10120 <li><?php bugfix(70895); ?>, <?php bugl(70898); ?> (null ptr deref and segfault with crafted calable).</li> 10121 <li><?php bugfix(70249); ?> (Segmentation fault while running PHPUnit tests on phpBB 3.2-dev).</li> 10122 <li><?php bugfix(70805); ?> (Segmentation faults whilst running Drupal 8 test suite).</li> 10123 <li><?php bugfix(70842); ?> (Persistent Stream Segmentation Fault).</li> 10124 <li><?php bugfix(70862); ?> (Several functions do not check return code of php_stream_copy_to_mem()).</li> 10125 <li><?php bugfix(70863); ?> (Incorect logic to increment_function for proxy objects).</li> 10126 <li><?php bugfix(70323); ?> (Regression in zend_fetch_debug_backtrace() can cause segfaults).</li> 10127 <li><?php bugfix(70873); ?> (Regression on private static properties access).</li> 10128 <li><?php bugfix(70748); ?> (Segfault in ini_lex () at Zend/zend_ini_scanner.l).</li> 10129 <li><?php bugfix(70689); ?> (Exception handler does not work as expected).</li> 10130 <li><?php bugfix(70430); ?> (Stack buffer overflow in zend_language_parser()).</li> 10131 <li><?php bugfix(70782); ?> (null ptr deref and segfault (zend_get_class_fetch_type)).</li> 10132 <li><?php bugfix(70785); ?> (Infinite loop due to exception during identical comparison).</li> 10133 <li><?php bugfix(70630); ?> (Closure::call/bind() crash with ReflectionFunction-> getClosure()).</li> 10134 <li><?php bugfix(70662); ?> (Duplicate array key via undefined index error handler).</li> 10135 <li><?php bugfix(70681); ?> (Segfault when binding $this of internal instance method to null).</li> 10136 <li><?php bugfix(70685); ?> (Segfault for getClosure() internal method rebind with invalid $this).</li> 10137 <li>Added zend_internal_function.reserved[] fields.</li> 10138 <li><?php bugfix(70557); ?> (Memleak on return type verifying failed).</li> 10139 <li><?php bugfix(70555); ?> (fun_get_arg() on unsetted vars return UNKNOW).</li> 10140 <li><?php bugfix(70548); ?> (Redundant information printed in case of uncaught engine exception).</li> 10141 <li><?php bugfix(70547); ?> (unsetting function variables corrupts backtrace).</li> 10142 <li><?php bugfix(70528); ?> (assert() with instanceof adds apostrophes around class name).</li> 10143 <li><?php bugfix(70481); ?> (Memory leak in auto_global_copy_ctor() in ZTS build).</li> 10144 <li><?php bugfix(70431); ?> (Memory leak in php_ini.c).</li> 10145 <li><?php bugfix(70478); ?> (**= does no longer work).</li> 10146 <li><?php bugfix(70398); ?> (SIGSEGV, Segmentation fault zend_ast_destroy_ex).</li> 10147 <li><?php bugfix(70332); ?> (Wrong behavior while returning reference on object).</li> 10148 <li><?php bugfix(70300); ?> (Syntactical inconsistency with new group use syntax).</li> 10149 <li><?php bugfix(70321); ?> (Magic getter breaks reference to array property).</li> 10150 <li><?php bugfix(70187); ?> (Notice: unserialize(): Unexpected end of serialized data).</li> 10151 <li><?php bugfix(70145); ?> (From field incorrectly parsed from headers).</li> 10152 <li><?php bugfix(70370); ?> (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions).</li> 10153 <li>Fixed bug causing exception traces with anon classes to be truncated.</li> 10154 <li><?php bugfix(70397); ?> (Segmentation fault when using Closure::call and yield).</li> 10155 <li><?php bugfix(70299); ?> (Memleak while assigning object offsetGet result).</li> 10156 <li><?php bugfix(70288); ?> (Apache crash related to ZEND_SEND_REF).</li> 10157 <li><?php bugfix(70262); ?> (Accessing array crashes PHP 7.0beta3).</li> 10158 <li><?php bugfix(70258); ?> (Segfault if do_resize fails to allocated memory).</li> 10159 <li><?php bugfix(70253); ?> (segfault at _efree () in zend_alloc.c:1389).</li> 10160 <li><?php bugfix(70240); ?> (Segfault when doing unset($var());).</li> 10161 <li><?php bugfix(70223); ?> (Incrementing value returned by magic getter).</li> 10162 <li><?php bugfix(70215); ?> (Segfault when __invoke is static).</li> 10163 <li><?php bugfix(70207); ?> (Finally is broken with opcache).</li> 10164 <li><?php bugfix(70173); ?> (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc).</li> 10165 <li><?php bugfix(69487); ?> (SAPI may truncate POST data).</li> 10166 <li><?php bugfix(70198); ?> (Checking liveness does not work as expected).</li> 10167 <li><?php bugfix(70241); ?>, <?php bugl(70293); ?> (Skipped assertions affect Generator returns).</li> 10168 <li><?php bugfix(70239); ?> (Creating a huge array doesn't result in exhausted, but segfault).</li> 10169 <li>Fixed "finally" issues.</li> 10170 <li><?php bugfix(70098); ?> (Real memory usage doesn't decrease).</li> 10171 <li><?php bugfix(70159); ?> (__CLASS__ is lost in closures).</li> 10172 <li><?php bugfix(70156); ?> (Segfault in zend_find_alias_name).</li> 10173 <li><?php bugfix(70124); ?> (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION).</li> 10174 <li><?php bugfix(70117); ?> (Unexpected return type error).</li> 10175 <li><?php bugfix(70106); ?> (Inheritance by anonymous class).</li> 10176 <li><?php bugfix(69674); ?> (SIGSEGV array.c:953).</li> 10177 <li><?php bugfix(70164); ?> (__COMPILER_HALT_OFFSET__ under namespace is not defined).</li> 10178 <li><?php bugfix(70108); ?> (sometimes empty $_SERVER['QUERY_STRING']).</li> 10179 <li><?php bugfix(70179); ?> ($this refcount issue).</li> 10180 <li><?php bugfix(69896); ?> ('asm' operand has impossible constraints).</li> 10181 <li><?php bugfix(70183); ?> (null pointer deref (segfault) in zend_eval_const_expr).</li> 10182 <li><?php bugfix(70182); ?> (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER).</li> 10183 <li><?php bugfix(69793); ?> (Remotely triggerable stack exhaustion via recursive method calls).</li> 10184 <li><?php bugfix(69892); ?> (Different arrays compare indentical due to integer key truncation).</li> 10185 <li><?php bugfix(70121); ?> (unserialize() could lead to unexpected methods execution / NULL pointer deref).</li> 10186 <li><?php bugfix(70089); ?> (segfault at ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER ()).</li> 10187 <li><?php bugfix(70057); ?> (Build failure on 32-bit Mac OS X 10.6.8: recursive inlining).</li> 10188 <li><?php bugfix(70012); ?> (Exception lost with nested finally block).</li> 10189 <li><?php bugfix(69996); ?> (Changing the property of a cloned object affects the original).</li> 10190 <li><?php bugfix(70083); ?> (Use after free with assign by ref to overloaded objects).</li> 10191 <li><?php bugfix(70006); ?> (cli - function with default arg = STDOUT crash output).</li> 10192 <li><?php bugfix(69521); ?> (Segfault in gc_collect_cycles()).</li> 10193 <li>Improved zend_string API.</li> 10194 <li><?php bugfix(69955); ?> (Segfault when trying to combine [] and assign-op on ArrayAccess object).</li> 10195 <li><?php bugfix(69957); ?> (Different ways of handling div/mod/intdiv).</li> 10196 <li><?php bugfix(69900); ?> (Too long timeout on pipes).</li> 10197 <li><?php bugfix(69872); ?> (uninitialised value in strtr with array).</li> 10198 <li><?php bugfix(69868); ?> (Invalid read of size 1 in zend_compile_short_circuiting).</li> 10199 <li><?php bugfix(69849); ?> (Broken output of apache_request_headers).</li> 10200 <li><?php bugfix(69840); ?> (iconv_substr() doesn't work with UTF-16BE).</li> 10201 <li><?php bugfix(69823); ?> (PHP 7.0.0alpha1 segmentation fault when exactly 33 extensions are loaded).</li> 10202 <li><?php bugfix(69805); ?> (null ptr deref and seg fault in zend_resolve_class_name).</li> 10203 <li><?php bugfix(69802); ?> (Reflection on Closure::__invoke borks type hint class name).</li> 10204 <li><?php bugfix(69761); ?> (Serialization of anonymous classes should be prevented).</li> 10205 <li><?php bugfix(69551); ?> (parse_ini_file() and parse_ini_string() segmentation fault).</li> 10206 <li><?php bugfix(69781); ?> (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business").</li> 10207 <li><?php bugfix(69835); ?> (phpinfo() does not report many Windows SKUs).</li> 10208 <li><?php bugfix(69889); ?> (Null coalesce operator doesn't work for string offsets).</li> 10209 <li><?php bugfix(69891); ?> (Unexpected array comparison result).</li> 10210 <li><?php bugfix(69892); ?> (Different arrays compare indentical due to integer key truncation).</li> 10211 <li><?php bugfix(69893); ?> (Strict comparison between integer and empty string keys crashes).</li> 10212 <li><?php bugfix(69767); ?> (Default parameter value with wrong type segfaults).</li> 10213 <li><?php bugfix(69756); ?> (Fatal error: Nesting level too deep - recursive dependency ? with ===).</li> 10214 <li><?php bugfix(69758); ?> (Item added to array not being removed by array_pop/shift ).</li> 10215 <li><?php bugfix(68475); ?> (Add support for $callable() sytnax with 'Class::method').</li> 10216 <li><?php bugfix(69485); ?> (Double free on zend_list_dtor).</li> 10217 <li><?php bugfix(69427); ?> (Segfault on magic method __call of private method in superclass).</li> 10218 <li>Improved __call() and __callStatic() magic method handling. Now they are called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without additional stack frame.</li> 10219 <li>Optimized strings concatenation.</li> 10220 <li>Fixed weird operators behavior. Division by zero now emits warning and returns +/-INF, modulo by zero and intdid() throws an exception, shifts by negative offset throw exceptions. Compile-time evaluation of division by zero is disabled.</li> 10221 <li><?php bugfix(69371); ?> (Hash table collision leads to inaccessible array keys).</li> 10222 <li><?php bugfix(68933); ?> (Invalid read of size 8 in zend_std_read_property).</li> 10223 <li><?php bugfix(68252); ?> (segfault in Zend/zend_hash.c in function _zend_hash_del_el).</li> 10224 <li><?php bugfix(65598); ?> (Closure executed via static autoload incorrectly marked as static).</li> 10225 <li><?php bugfix(66811); ?> (Cannot access static::class in lambda, writen outside of a class).</li> 10226 <li><?php bugfix(69568); ?> (call a private function in closure failed).</li> 10227 <li>Added PHP_INT_MIN constant.</li> 10228 <li>Added Closure::call() method.</li> 10229 <li><?php bugfix(67959); ?> (Segfault when calling phpversion('spl')).</li> 10230 <li>Implemented the RFC `Catchable "Call to a member function bar() on a non-object"`.</li> 10231 <li>Added options parameter for unserialize allowing to specify acceptable classes (https://wiki.php.net/rfc/secure_unserialize).</li> 10232 <li><?php bugfix(63734); ?> (Garbage collector can free zvals that are still referenced).</li> 10233 <li>Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class modifier.</li> 10234 <li>is_long() & is_integer() is now an alias of is_int().</li> 10235 <li><?php implemented(55467); ?> (phpinfo: PHP Variables with $ and single quotes).</li> 10236 <li>Added ?? operator.</li> 10237 <li>Added <=> operator.</li> 10238 <li>Added \u{xxxxx} Unicode Codepoint Escape Syntax.</li> 10239 <li>Fixed oversight where define() did not support arrays yet const syntax did.</li> 10240 <li>Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages.</li> 10241 <li><?php implemented(55428); ?> (E_RECOVERABLE_ERROR when output buffering in output buffering handler).</li> 10242 <li>Removed scoped calls of non-static methods from an incompatible $this context.</li> 10243 <li>Removed support for #-style comments in ini files.</li> 10244 <li>Removed support for assigning the result of new by reference.</li> 10245 <li>Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31.</li> 10246 <li>Removed dl() function on fpm-fcgi.</li> 10247 <li>Removed support for hexadecimal numeric strings.</li> 10248 <li>Removed obsolete extensions and SAPIs. See the full list in UPGRADING.</li> 10249 <li>Added NULL byte protection to exec, system and passthru.</li> 10250 <li>Added error_clear_last() function.</li> 10251 <li><?php bugfix(68797); ?> (Number 2.2250738585072012e-308 converted incorrectly).</li> 10252 <li>Improved zend_qsort(using hybrid sorting algo) for better performance, and also renamed zend_qsort to zend_sort.</li> 10253 <li>Added stable sorting algo zend_insert_sort.</li> 10254 <li>Improved zend_memnchr(using sunday algo) for better performance.</li> 10255 <li>Implemented the RFC `Scalar Type Decalarations v0.5`.</li> 10256 <li>Implemented the RFC `Group Use Declarations`.</li> 10257 <li>Implemented the RFC `Continue Output Buffering`.</li> 10258 <li>Implemented the RFC `Constructor behaviour of internal classes`.</li> 10259 <li>Implemented the RFC `Fix "foreach" behavior`.</li> 10260 <li>Implemented the RFC `Generator Delegation`.</li> 10261 <li>Implemented the RFC `Anonymous Class Support`.</li> 10262 <li>Implemented the RFC `Context Sensitive Lexer`.</li> 10263 <li><?php bugfix(69511); ?> (Off-by-one buffer overflow in php_sys_readlink).</li> 10264</ul></li> 10265<li>CLI server: 10266<ul> 10267 <li><?php bugfix(68291); ?> (404 on urls with '+').</li> 10268 <li><?php bugfix(66606); ?> (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).</li> 10269 <li><?php bugfix(70264); ?> (CLI server directory traversal).</li> 10270 <li><?php bugfix(69655); ?> (php -S changes MKCALENDAR request method to MKCOL).</li> 10271 <li><?php bugfix(64878); ?> (304 responses return Content-Type header).</li> 10272 <li>Refactor MIME type handling to use a hash table instead of linear search.</li> 10273 <li>Update the MIME type list from the one shipped by Apache HTTPD.</li> 10274 <li>Added support for SEARCH WebDav method.</li> 10275</ul></li> 10276<li>COM: 10277<ul> 10278 <li><?php bugfix(69939); ?> (Casting object to bool returns false).</li> 10279</ul></li> 10280<li>Curl: 10281<ul> 10282 <li><?php bugfix(70330); ?> (Segmentation Fault with multiple "curl_copy_handle").</li> 10283 <li><?php bugfix(70163); ?> (curl_setopt_array() type confusion).</li> 10284 <li><?php bugfix(70065); ?> (curl_getinfo() returns corrupted values).</li> 10285 <li><?php bugfix(69831); ?> (Segmentation fault in curl_getinfo).</li> 10286 <li><?php bugfix(68937); ?> (Segfault in curl_multi_exec).</li> 10287 <li>Removed support for unsafe file uploads.</li> 10288</ul></li> 10289<li>Date: 10290<ul> 10291 <li><?php bugfix(70245); ?> (strtotime does not emit warning when 2nd parameter is object or string).</li> 10292 <li><?php bugfix(70266); ?> (DateInterval::__construct.interval_spec is not supposed to be optional).</li> 10293 <li><?php bugfix(70277); ?> (new DateTimeZone($foo) is ignoring text after null byte).</li> 10294 <li>Fixed day_of_week function as it could sometimes return negative values internally.</li> 10295 <li>Removed $is_dst parameter from mktime() and gmmktime().</li> 10296 <li>Removed date.timezone warning (https://wiki.php.net/rfc/date.timezone_warning_removal).</li> 10297 <li>Added "v" DateTime format modifier to get the 3-digit version of fraction of seconds.</li> 10298 <li><?php implemented(69089); ?> (Added DateTime::RFC3339_EXTENDED to output in RFC3339 Extended format which includes fraction of seconds).</li> 10299</ul></li> 10300<li>DBA: 10301<ul> 10302 <li><?php bugfix(62490); ?> (dba_delete returns true on missing item (inifile)).</li> 10303 <li><?php bugfix(68711); ?> (useless comparisons).</li> 10304</ul></li> 10305<li>DOM: 10306<ul> 10307 <li><?php bugfix(70558); ?> ("Couldn't fetch" error in DOMDocument::registerNodeClass()).</li> 10308 <li><?php bugfix(70001); ?> (Assigning to DOMNode::textContent does additional entity encoding).</li> 10309 <li><?php bugfix(69846); ?> (Segmenation fault (access violation) when iterating over DOMNodeList).</li> 10310 <li>Made DOMNode::textContent writeable.</li> 10311</ul></li> 10312<li>EXIF: 10313<ul> 10314 <li><?php bugfix(70385); ?> (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).</li> 10315</ul></li> 10316<li>Fileinfo: 10317<ul> 10318 <li><?php bugfix(66242); ?> (libmagic: don't assume char is signed).</li> 10319</ul></li> 10320<li>Filter: 10321<ul> 10322 <li>New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL.</li> 10323 <li><?php bugfix(67167);?> (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE).</li> 10324</ul></li> 10325<li>FPM: 10326<ul> 10327 <li><?php bugfix(70538); ?> ("php-fpm -i" crashes).</li> 10328 <li><?php bugfix(70279); ?> (HTTP Authorization Header is sometimes passed to newer reqeusts).</li> 10329 <li><?php bugfix(68945); ?> (Unknown admin values segfault pools).</li> 10330 <li><?php bugfix(65933); ?> (Cannot specify config lines longer than 1024 bytes).</li> 10331 <li><?php implemented(67106); ?> (Split main fpm config).</li> 10332</ul></li> 10333<li>FTP: 10334<ul> 10335 <li><?php bugfix(69082); ?> (FTPS support on Windows).</li> 10336</ul></li> 10337<li>GD: 10338<ul> 10339 <li><?php bugfix(53156); ?> (imagerectangle problem with point ordering).</li> 10340 <li><?php bugfix(66387); ?> (Stack overflow with imagefilltoborder). (CVE-2015-8874)</li> 10341 <li><?php bugfix(70102); ?> (imagecreatefromwebm() shifts colors).</li> 10342 <li><?php bugfix(66590); ?> (imagewebp() doesn't pad to even length).</li> 10343 <li><?php bugfix(66882); ?> (imagerotate by -90 degrees truncates image by 1px).</li> 10344 <li><?php bugfix(70064); ?> (imagescale(..., IMG_BICUBIC) leaks memory).</li> 10345 <li><?php bugfix(69024); ?> (imagescale segfault with palette based image).</li> 10346 <li><?php bugfix(53154); ?> (Zero-height rectangle has whiskers).</li> 10347 <li><?php bugfix(67447); ?> (imagecrop() add a black line when cropping).</li> 10348 <li><?php bugfix(68714); ?> (copy 'n paste error).</li> 10349 <li><?php bugfix(66339); ?> (PHP segfaults in imagexbm).</li> 10350 <li><?php bugfix(70047); ?> (gd_info() doesn't report WebP support).</li> 10351 <li>Replace libvpx with libwebp for bundled libgd.</li> 10352 <li><?php bugfix(61221); ?> (imagegammacorrect function loses alpha channel).</li> 10353 <li>Made fontFetch's path parser thread-safe.</li> 10354 <li>Removed T1Lib support.</li> 10355</ul></li> 10356<li>GMP: 10357<ul> 10358 <li><?php bugfix(70284); ?> (Use after free vulnerability in unserialize() with GMP).</li> 10359</ul></li> 10360<li>hash: 10361<ul> 10362 <li><?php bugfix(70312); ?> (HAVAL gives wrong hashes in specific cases).</li> 10363</ul></li> 10364<li>IMAP: 10365<ul> 10366 <li><?php bugfix(70158); ?> (Building with static imap fails).</li> 10367 <li><?php bugfix(69998); ?> (curl multi leaking memory).</li> 10368</ul></li> 10369<li>Intl: 10370<ul> 10371 <li><?php bugfix(70453); ?> (IntlChar::foldCase() incorrect arguments and missing constants).</li> 10372 <li><?php bugfix(70454); ?> (IntlChar::forDigit second parameter should be optional).</li> 10373 <li>Removed deprecated aliases datefmt_set_timezone_id() and IntlDateFormatter::setTimeZoneID().</li> 10374</ul></li> 10375<li>JSON: 10376<ul> 10377 <li><?php bugfix(62010); ?> (json_decode produces invalid byte-sequences).</li> 10378 <li><?php bugfix(68546); ?> (json_decode() Fatal error: Cannot access property started with '\0').</li> 10379 <li>Replace non-free JSON parser with a parser from Jsond extension, fixes <?php bugl(63520); ?> (JSON extension includes a problematic license statement).</li> 10380 <li><?php bugfix(68938); ?> (json_decode() decodes empty string without error).</li> 10381</ul></li> 10382<li>LDAP: 10383<ul> 10384 <li><?php bugfix(47222); ?> (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE).</li> 10385</ul></li> 10386<li>LiteSpeed: 10387<ul> 10388 <li>Updated LiteSpeed SAPI code from V5.5 to V6.6.</li> 10389</ul></li> 10390<li>libxml: 10391<ul> 10392 <li>Fixed handling of big lines in error messages with libxml >= 2.9.0.</li> 10393</ul></li> 10394<li>Mcrypt: 10395<ul> 10396 <li><?php bugfix(70625); ?> (mcrypt_encrypt() won't return data when no IV was specified under RC4).</li> 10397 <li><?php bugfix(69833); ?> (mcrypt fd caching not working).</li> 10398 <li>Fixed possible read after end of buffer and use after free.</li> 10399 <li>Removed mcrypt_generic_end() alias.</li> 10400 <li>Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb().</li> 10401</ul></li> 10402<li>Mysqli: 10403<ul> 10404 <li><?php bugfix(32490); ?> (constructor of mysqli has wrong name).</li> 10405</ul></li> 10406<li>Mysqlnd: 10407<ul> 10408 <li><?php bugfix(70949); ?> (SQL Result Sets With NULL Can Cause Fatal Memory Errors).</li> 10409 <li><?php bugfix(70384); ?> (mysqli_real_query():Unknown type 245 sent by the server).</li> 10410 <li><?php bugfix(70456); ?> (mysqlnd doesn't activate TCP keep-alive when connecting to a server).</li> 10411 <li><?php bugfix(70572); ?> segfault in mysqlnd_connect.</li> 10412 <li><?php bugfix(69796); ?> (mysqli_stmt::fetch doesn't assign null values to bound variables).</li> 10413</ul></li> 10414<li>OCI8: 10415<ul> 10416 <li>Fixed memory leak with LOBs.</li> 10417 <li><?php bugfix(68298); ?> (OCI int overflow).</li> 10418 <li>Corrected oci8 hash destructors to prevent segfaults, and a few other fixes.</li> 10419</ul></li> 10420<li>ODBC: 10421<ul> 10422 <li><?php bugfix(69975); ?> (PHP segfaults when accessing nvarchar(max) defined columns. (CVE-2015-8879)</li> 10423</ul></li> 10424<li>Opcache: 10425<ul> 10426 <li><?php bugfix(70656); ?> (require() statement broken after opcache_reset() or a few hours of use).</li> 10427 <li><?php bugfix(70843); ?> (Segmentation fault on MacOSX with opcache.file_cache_only=1).</li> 10428 <li><?php bugfix(70724); ?> (Undefined Symbols from opcache.so on Mac OS X 10.10).</li> 10429 <li>Fixed compatibility with Windows 10 (see also bug <?php bugl(70652); ?>).</li> 10430 <li>Attmpt to fix "Unable to reattach to base address" problem.</li> 10431 <li><?php bugfix(70423); ?> (Warning Internal error: wrong size calculation).</li> 10432 <li><?php bugfix(70237); ?> (Empty while and do-while segmentation fault with opcode on CLI enabled).</li> 10433 <li><?php bugfix(70111); ?> (Segfault when a function uses both an explicit return type and an explicit cast).</li> 10434 <li><?php bugfix(70058); ?> (Build fails when building for i386).</li> 10435 <li><?php bugfix(70022); ?> (Crash with opcache using opcache.file_cache_only=1).</li> 10436 <li>Removed opcache.load_comments configuration directive. Now doc comments loading costs nothing and always enabled.</li> 10437 <li><?php bugfix(69838); ?> (Wrong size calculation for function table).</li> 10438 <li><?php bugfix(69688); ?> (segfault with eval and opcache fast shutdown).</li> 10439 <li>Added experimental (disabled by default) file based opcode cache.</li> 10440 <li>Fixed bug with try blocks being removed when extended_info opcode generation is turned on.</li> 10441 <li><?php bugfix(68644); ?> (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache).</li> 10442</ul></li> 10443<li>OpenSSL: 10444<ul> 10445 <li>Require at least OpenSSL version 0.9.8.</li> 10446 <li><?php bugfix(68312); ?> (Lookup for openssl.cnf causes a message box).</li> 10447 <li><?php bugfix(55259); ?> (openssl extension does not get the DH parameters from DH key resource).</li> 10448 <li><?php bugfix(70395); ?> (Missing ARG_INFO for openssl_seal()).</li> 10449 <li><?php bugfix(60632); ?> (openssl_seal fails with AES).</li> 10450 <li><?php implemented(70438); ?> (Add IV parameter for openssl_seal and openssl_open).</li> 10451 <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)</li> 10452 <li><?php bugfix(69882); ?> (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert).</li> 10453 <li>Added "alpn_protocols" SSL context option allowing encrypted client/server streams to negotiate alternative protocols using the ALPN TLS extension when built against OpenSSL 1.0.2 or newer. Negotiated protocol information is accessible through stream_get_meta_data() output.</li> 10454 <li>Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic detection or the "peer_name" option instead.</li> 10455</ul></li> 10456<li>Pcntl: 10457<ul> 10458 <li><?php bugfix(70386); ?> (Can't compile on NetBSD because of missing WCONTINUED and WIFCONTINUED).</li> 10459 <li><?php bugfix(60509); ?> (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL).</li> 10460 <li><?php implemented(68505); ?> (Added wifcontinued and wcontinued).</li> 10461 <li>Added rusage support to pcntl_wait() and pcntl_waitpid().</li> 10462</ul></li> 10463<li>PCRE: 10464<ul> 10465 <li><?php bugfix(70232); ?> (Incorrect bump-along behavior with \K and empty string match).</li> 10466 <li><?php bugfix(70345); ?> (Multiple vulnerabilities related to PCRE functions).</li> 10467 <li><?php bugfix(70232); ?> (Incorrect bump-along behavior with \K and empty string match).</li> 10468 <li><?php bugfix(53823); ?> (preg_replace: * qualifier on unicode replace garbles the string).</li> 10469 <li><?php bugfix(69864); ?> (Segfault in preg_replace_callback).</li> 10470 <li>Removed support for the /e (PREG_REPLACE_EVAL) modifier.</li> 10471</ul></li> 10472<li>PDO: 10473<ul> 10474 <li><?php bugfix(70861); ?> (Segmentation fault in pdo_parse_params() during Drupal 8 test suite).</li> 10475 <li><?php bugfix(70389); ?> (PDO constructor changes unrelated variables).</li> 10476 <li><?php bugfix(70272); ?> (Segfault in pdo_mysql).</li> 10477 <li><?php bugfix(70221); ?> (persistent sqlite connection + custom function segfaults).</li> 10478 <li><?php bugfix(59450); ?> (./configure fails with "Cannot find php_pdo_driver.h").</li> 10479</ul></li> 10480<li>PDO_DBlib: 10481<ul> 10482 <li><?php bugfix(69757); ?> (Segmentation fault on nextRowset).</li> 10483</ul></li> 10484<li>PDO_mysql: 10485<ul> 10486 <li><?php bugfix(68424); ?> (Add new PDO mysql connection attr to control multi statements option).</li> 10487</ul></li> 10488<li>PDO_OCI: 10489<ul> 10490 <li><?php bugfix(70308); ?> (PDO::ATTR_PREFETCH is ignored).</li> 10491</ul></li> 10492<li>PDO_pgsql: 10493<ul> 10494 <li><?php bugfix(69752); ?> (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).</li> 10495 <li>Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of ATTR_EMULATE_PREPARES).</li> 10496</ul></li> 10497<li>Phar: 10498<ul> 10499 <li><?php bugfix(69720); ?> (Null pointer dereference in phar_get_fp_offset()).</li> 10500 <li><?php bugfix(70433); ?> (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").</li> 10501 <li>Improved fix for bug <?php bugl(69441); ?>.</li> 10502 <li><?php bugfix(70019); ?> (Files extracted from archive may be placed outside of destination directory).</li> 10503</ul></li> 10504<li>Phpdbg: 10505<ul> 10506 <li><?php bugfix(70614); ?> (incorrect exit code in -rr mode with Exceptions).</li> 10507 <li><?php bugfix(70532); ?> (phpdbg must respect set_exception_handler).</li> 10508 <li><?php bugfix(70531); ?> (Run and quit mode (-qrr) should not fallback to interactive mode).</li> 10509 <li><?php bugfix(70533); ?> (Help overview (-h) does not rpint anything under Windows).</li> 10510 <li><?php bugfix(70449); ?> (PHP won't compile on 10.4 and 10.5 because of missing constants).</li> 10511 <li><?php bugfix(70214); ?> (FASYNC not defined, needs sys/file.h include).</li> 10512 <li><?php bugfix(70138); ?> (Segfault when displaying memory leaks).</li> 10513</ul></li> 10514<li>Reflection: 10515<ul> 10516 <li><?php bugfix(70650); ?> (Wrong docblock assignment).</li> 10517 <li><?php bugfix(70674); ?> (ReflectionFunction::getClosure() leaks memory when used for internal functions).</li> 10518 <li>Fixed bug causing bogus traces for ReflectionGenerator::getTrace().</li> 10519 <li>Fixed inheritance chain of Reflector interface.</li> 10520 <li>Added ReflectionGenerator class.</li> 10521 <li>Added reflection support for return types and type declarations.</li> 10522</ul></li> 10523<li>Session: 10524<ul> 10525 <li><?php bugfix(70876); ?> (Segmentation fault when regenerating session id with strict mode).</li> 10526 <li><?php bugfix(70529); ?> (Session read causes "String is not zero-terminated" error).</li> 10527 <li><?php bugfix(70013); ?> (Reference to $_SESSION is lost after a call to session_regenerate_id()).</li> 10528 <li><?php bugfix(69952); ?> (Data integrity issues accessing superglobals by reference).</li> 10529 <li><?php bugfix(67694); ?> (Regression in session_regenerate_id()).</li> 10530 <li><?php bugfix(68941); ?> (mod_files.sh is a bash-script).</li> 10531</ul></li> 10532<li>SOAP: 10533<ul> 10534 <li><?php bugfix(70940); ?> (Segfault in soap / type_to_string).</li> 10535 <li><?php bugfix(70900); ?> (SoapClient systematic out of memory error).</li> 10536 <li><?php bugfix(70875); ?> (Segmentation fault if wsdl has no targetNamespace attribute).</li> 10537 <li><?php bugfix(70715); ?> (Segmentation fault inside soap client).</li> 10538 <li><?php bugfix(70709); ?> (SOAP Client generates Segfault).</li> 10539 <li><?php bugfix(70388); ?> (SOAP serialize_function_call() type confusion / RCE).</li> 10540 <li><?php bugfix(70081); ?> (SoapClient info leak / null pointer dereference via multiple type confusions).</li> 10541 <li><?php bugfix(70079); ?> (Segmentation fault after more than 100 SoapClient calls).</li> 10542 <li><?php bugfix(70032); ?> (make_http_soap_request calls zend_hash_get_current_key_ex(,,,NULL).</li> 10543 <li><?php bugfix(68361); ?> (Segmentation fault on SoapClient::__getTypes).</li> 10544</ul></li> 10545<li>SPL: 10546<ul> 10547 <li><?php bugfix(70959); ?> (ArrayObject unserialize does not restore protected fields).</li> 10548 <li><?php bugfix(70853); ?> (SplFixedArray throws exception when using ref variable as index).</li> 10549 <li><?php bugfix(70868); ?> (PCRE JIT and pattern reuse segfault).</li> 10550 <li><?php bugfix(70730); ?> (Incorrect ArrayObject serialization if unset is called in serialize()).</li> 10551 <li><?php bugfix(70573); ?> (Cloning SplPriorityQueue leads to memory leaks).</li> 10552 <li><?php bugfix(70303); ?> (Incorrect constructor reflection for ArrayObject).</li> 10553 <li><?php bugfix(70068); ?> (Dangling pointer in the unserialization of ArrayObject items).</li> 10554 <li><?php bugfix(70166); ?> (Use After Free Vulnerability in unserialize() with SPLArrayObject).</li> 10555 <li><?php bugfix(70168); ?> (Use After Free Vulnerability in unserialize() with SplObjectStorage).</li> 10556 <li><?php bugfix(70169); ?> (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).</li> 10557 <li><?php bugfix(70053); ?> (MutlitpleIterator array-keys incompatible change in PHP 7).</li> 10558 <li><?php bugfix(69970); ?> (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()).</li> 10559 <li><?php bugfix(69845); ?> (ArrayObject with ARRAY_AS_PROPS broken).</li> 10560 <li>Changed ArrayIterator implementation using zend_hash_iterator_... API. Allowed modification of iterated ArrayObject using the same behavior as proposed in `Fix "foreach" behavior`. Removed "Array was modified outside object and internal position is no longer valid" hack.</li> 10561 <li><?php implemented(67886); ?> (SplPriorityQueue/SplHeap doesn't expose extractFlags nor curruption state).</li> 10562 <li><?php bugfix(66405); ?> (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator).</li> 10563</ul></li> 10564<li>SQLite3: 10565<ul> 10566 <li><?php bugfix(70571); ?> (Memory leak in sqlite3_do_callback).</li> 10567 <li><?php bugfix(69972); ?> (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()).</li> 10568 <li><?php bugfix(69897); ?> (segfault when manually constructing SQLite3Result).</li> 10569 <li><?php bugfix(68260); ?> (SQLite3Result::fetchArray declares wrong required_num_args).</li> 10570</ul></li> 10571<li>Standard: 10572<ul> 10573 <li>Fixed count on symbol tables.</li> 10574 <li><?php bugfix(70963); ?> (Unserialize shows UNKNOWN in result).</li> 10575 <li><?php bugfix(70910); ?> (extract() breaks variable references).</li> 10576 <li><?php bugfix(70808); ?> (array_merge_recursive corrupts memory of unset items).</li> 10577 <li><?php bugfix(70667); ?> (strtr() causes invalid writes and a crashes).</li> 10578 <li><?php bugfix(70668); ?> (array_keys() doesn't respect references when $strict is true).</li> 10579 <li>Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`.</li> 10580 <li><?php bugfix(70487); ?> (pack('x') produces an error).</li> 10581 <li><?php bugfix(70342); ?> (changing configuration with ignore_user_abort(true) isn't working).</li> 10582 <li><?php bugfix(70295); ?> (Segmentation fault with setrawcookie).</li> 10583 <li><?php bugfix(67131); ?> (setcookie() conditional for empty values not met).</li> 10584 <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li> 10585 <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li> 10586 <li><?php bugfix(70250); ?> (extract() turns array elements to references).</li> 10587 <li><?php bugfix(70211); ?> (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free).</li> 10588 <li><?php bugfix(70208); ?> (Assert breaking access on objects).</li> 10589 <li><?php bugfix(70140); ?> (str_ireplace/php_string_tolower - Arbitrary Code Execution).</li> 10590 <li><?php implemented(70112); ?> (Allow "dirname" to go up various times).</li> 10591 <li><?php bugfix(36365); ?> (scandir duplicates file name at every 65535th file).</li> 10592 <li><?php bugfix(70096); ?> (Repeated iptcembed() adds superfluous FF bytes).</li> 10593 <li><?php bugfix(70018); ?> (exec does not strip all whitespace).</li> 10594 <li><?php bugfix(69983); ?> (get_browser fails with user agent of null).</li> 10595 <li><?php bugfix(69976); ?> (Unable to parse "all" urls with colon char).</li> 10596 <li><?php bugfix(69768); ?> (escapeshell*() doesn't cater to !).</li> 10597 <li><?php bugfix(62922); ?> (Truncating entire string should result in string).</li> 10598 <li><?php bugfix(69723); ?> (Passing parameters by reference and array_column).</li> 10599 <li><?php bugfix(69523); ?> (Cookie name cannot be empty).</li> 10600 <li><?php bugfix(69325); ?> (php_copy_file_ex does not pass the argument).</li> 10601 <li><?php bugfix(69299); ?> (Regression in array_filter's $flag argument in PHP 7).</li> 10602 <li>Removed call_user_method() and call_user_method_array() functions.</li> 10603 <li>Fixed user session handlers (See rfc:session.user.return-value).</li> 10604 <li>Added intdiv() function.</li> 10605 <li>Improved precision of log() function for base 2 and 10.</li> 10606 <li>Remove string category support in setlocale().</li> 10607 <li>Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime().</li> 10608 <li><?php bugfix(65272); ?> (flock() out parameter not set correctly in windows).</li> 10609 <li>Added preg_replace_callback_array function.</li> 10610 <li>Deprecated salt option to password_hash.</li> 10611 <li><?php bugfix(69686); ?> (password_verify reports back error on PHP7 will null string).</li> 10612 <li>Added Windows support for getrusage().</li> 10613 <li>Removed hardcoded limit on number of pipes in proc_open().</li> 10614</ul></li> 10615<li>Streams: 10616<ul> 10617 <li><?php bugfix(70361); ?> (HTTP stream wrapper doesn't close keep-alive connections).</li> 10618 <li><?php bugfix(68532); ?> (convert.base64-encode omits padding bytes).</li> 10619 <li>Removed set_socket_blocking() in favor of its alias stream_set_blocking().</li> 10620</ul></li> 10621<li>Tokenizer: 10622<ul> 10623 <li><?php bugfix(69430); ?> (token_get_all has new irrecoverable errors).</li> 10624</ul></li> 10625<li>XMLReader: 10626<ul> 10627 <li><?php bugfix(70309); ?> (XmlReader read generates extra output).</li> 10628</ul></li> 10629<li>XMLRPC: 10630<ul> 10631 <li><?php bugfix(70526); ?> (xmlrpc_set_type returns false on success).</li> 10632</ul></li> 10633<li>XSL: 10634<ul> 10635 <li><?php bugfix(70678); ?> (PHP7 returns true when false is expected).</li> 10636 <li><?php bugfix(70535); ?> (XSLT: free(): invalid pointer).</li> 10637 <li><?php bugfix(69782); ?> (NULL pointer dereference).</li> 10638 <li><?php bugfix(64776); ?> (The XSLT extension is not thread safe).</li> 10639 <li>Removed xsl.security_prefs ini option.</li> 10640</ul></li> 10641<li>Zlib: 10642<ul> 10643 <li>Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression.</li> 10644</ul></li> 10645<li>Zip: 10646<ul> 10647 <li><?php bugfix(70322); ?> (ZipArchive::close() doesn't indicate errors).</li> 10648 <li><?php bugfix(70350); ?> (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)</li> 10649 <li>Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex methods.</li> 10650 <li>Update bundled libzip to 1.0.1.</li> 10651 <li><?php bugfix(67161); ?> (ZipArchive::getStream() returns NULL for certain file).</li> 10652</ul></li> 10653</ul> 10654<!-- }}} --></section> 10655 10656<?php 10657changelog_footer(7, $MINOR_VERSIONS); 10658
