xref: /web-php/ChangeLog-7.php (revision b4d045ea)
1<?php
2$_SERVER['BASE_PAGE'] = 'ChangeLog-7.php';
3include_once __DIR__ . '/include/prepend.inc';
4include_once __DIR__ . '/include/changelogs.inc';
5
6$MINOR_VERSIONS = ['7.4', '7.3', '7.2', '7.1', '7.0'];
7changelog_header(7, $MINOR_VERSIONS);
8?>
9<a id="PHP_7_4"></a>
10
11<section class="version" id="7.4.33"><!-- {{{ 7.4.33 -->
12<h3>Version 7.4.33</h3>
13<b><?php release_date('03-Nov-2022'); ?></b>
14<ul><li>GD:
15<ul>
16  <li><?php bugfix(81739); ?>: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)</li>
17</ul></li>
18<li>Hash:
19<ul>
20  <li><?php bugfix(81738); ?>: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)</li>
21</ul></li>
22</ul>
23<!-- }}} --></section>
24
25
26
27<section class="version" id="7.4.32"><!-- {{{ 7.4.32 -->
28<h3>Version 7.4.32</h3>
29<b><?php release_date('29-Sep-2022'); ?></b>
30<ul><li>Core:
31<ul>
32  <li><?php bugfix(81726); ?>: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)</li>
33  <li><?php bugfix(81727); ?>: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)</li>
34</ul></li>
35</ul>
36<!-- }}} --></section>
37
38
39
40<section class="version" id="7.4.30"><!-- {{{ 7.4.30 -->
41<h3>Version 7.4.30</h3>
42<b><?php release_date('09-Jun-2022'); ?></b>
43<ul><li>mysqlnd:
44<ul>
45  <li><?php bugfix(81719); ?>: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)</li>
46</ul></li>
47<li>pgsql:
48<ul>
49  <li><?php bugfix(81720); ?>: Uninitialized array in pg_query_params(). (CVE-2022-31625)</li>
50</ul></li>
51</ul>
52<!-- }}} --></section>
53
54
55
56<section class="version" id="7.4.29"><!-- {{{ 7.4.29 -->
57<h3>Version 7.4.29</h3>
58<b><?php release_date('14-Apr-2022'); ?></b>
59<ul><li>Core:
60<ul>
61  <li>No source changes to this release. This update allows for re-building the
62  Windows binaries against upgraded dependencies which have received security
63  updates.</li>
64</ul></li>
65<li>Date:
66<ul>
67  <li>Updated to latest IANA timezone database (2022a).</li>
68</ul></li>
69</ul>
70<!-- }}} --></section>
71
72
73
74<section class="version" id="7.4.28"><!-- {{{ 7.4.28 -->
75<h3>Version 7.4.28</h3>
76<b><?php release_date('17-Feb-2022'); ?></b>
77<ul><li>Filter:
78<ul>
79  <li>Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)</li>
80</ul></li>
81</ul>
82<!-- }}} --></section>
83
84
85
86<section class="version" id="7.4.27"><!-- {{{ 7.4.27 -->
87<h3>Version 7.4.27</h3>
88<b><?php release_date('16-Dec-2021'); ?></b>
89<ul><li>Core:
90<ul>
91  <li><?php bugfix(81626); ?> (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).</li>
92</ul></li>
93<li>FPM:
94<ul>
95  <li><?php bugfix(81513); ?> (Future possibility for heap overflow in FPM zlog).</li>
96</ul></li>
97<li>GD:
98<ul>
99  <li><?php bugfix(71316); ?> (libpng warning from imagecreatefromstring).</li>
100</ul></li>
101<li>OpenSSL:
102<ul>
103  <li><?php bugfix(75725); ?> (./configure: detecting RAND_egd).</li>
104</ul></li>
105<li>PCRE:
106<ul>
107  <li><?php bugfix(74604); ?> (Out of bounds in php_pcre_replace_impl).</li>
108</ul></li>
109<li>Standard:
110<ul>
111  <li><?php bugfix(81618); ?> (dns_get_record fails on FreeBSD for missing type).</li>
112  <li><?php bugfix(81659); ?> (stream_get_contents() may unnecessarily overallocate).</li>
113</ul></li>
114</ul>
115<!-- }}} --></section>
116
117
118
119<section class="version" id="7.4.26"><!-- {{{ 7.4.26 -->
120<h3>Version 7.4.26</h3>
121<b><?php release_date('18-Nov-2021'); ?></b>
122<ul><li>Core:
123<ul>
124  <li><?php bugfix(81518); ?> (Header injection via default_mimetype / default_charset).</li>
125</ul></li>
126<li>Date:
127<ul>
128  <li><?php bugfix(81500); ?> (Interval serialization regression since 7.3.14 / 7.4.2).</li>
129</ul></li>
130<li>MBString:
131<ul>
132  <li><?php bugfix(76167); ?> (mbstring may use pointer from some previous request).</li>
133</ul></li>
134<li>MySQLi:
135<ul>
136  <li><?php bugfix(81494); ?> (Stopped unbuffered query does not throw error).</li>
137</ul></li>
138<li>PCRE:
139<ul>
140  <li><?php bugfix(81424); ?> (PCRE2 10.35 JIT performance regression).</li>
141</ul></li>
142<li>Streams:
143<ul>
144  <li><?php bugfix(54340); ?> (Memory corruption with user_filter).</li>
145</ul></li>
146<li>XML:
147<ul>
148  <li><?php bugfix(79971); ?> (special character is breaking the path in xml function). (CVE-2021-21707)</li>
149</ul></li>
150</ul>
151<!-- }}} --></section>
152
153
154
155<section class="version" id="7.4.25"><!-- {{{ 7.4.25 -->
156<h3>Version 7.4.25</h3>
157<b><?php release_date('21-Oct-2021'); ?></b>
158<ul><li>DOM:
159<ul>
160  <li><?php bugfix(81433); ?> (DOMElement::setIdAttribute() called twice may remove ID).</li>
161</ul></li>
162<li>FFI:
163<ul>
164  <li><?php bugfix(79576); ?> ("TYPE *" shows unhelpful message when type is not defined).</li>
165</ul></li>
166<li>Fileinfo:
167<ul>
168  <li><?php bugfix(78987); ?> (High memory usage during encoding detection).</li>
169</ul></li>
170<li>Filter:
171<ul>
172  <li><?php bugfix(61700); ?> (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).</li>
173</ul></li>
174<li>FPM:
175<ul>
176  <li><?php bugfix(81026); ?> (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).</li>
177</ul></li>
178<li>SPL:
179<ul>
180  <li><?php bugfix(80663); ?> (Recursive SplFixedArray::setSize() may cause double-free).</li>
181</ul></li>
182<li>Streams:
183<ul>
184  <li><?php bugfix(81475); ?> (stream_isatty emits warning with attached stream wrapper).</li>
185</ul></li>
186<li>XML:
187<ul>
188  <li><?php bugfix(70962); ?> (XML_OPTION_SKIP_WHITE strips embedded whitespace).</li>
189</ul></li>
190<li>Zip:
191<ul>
192  <li><?php bugfix(81490); ?> (ZipArchive::extractTo() may leak memory).</li>
193  <li><?php bugfix(77978); ?> (Dirname ending in colon unzips to wrong dir).</li>
194</ul></li>
195</ul>
196<!-- }}} --></section>
197
198
199
200<section class="version" id="7.4.24"><!-- {{{ 7.4.24 -->
201<h3>Version 7.4.24</h3>
202<b><?php release_date('23-Sep-2021'); ?></b>
203<ul><li>Core:
204<ul>
205  <li><?php bugfix(81302); ?> (Stream position after stream filter removed).</li>
206  <li><?php bugfix(81346); ?> (Non-seekable streams don't update position after write).</li>
207  <li><?php bugfix(73122); ?> (Integer Overflow when concatenating strings).</li>
208</ul></li>
209<li>GD:
210<ul>
211  <li><?php bugfix(53580); ?> (During resize gdImageCopyResampled cause colors change).</li>
212</ul></li>
213<li>Opcache:
214<ul>
215  <li><?php bugfix(81353); ?> (segfault with preloading and statically bound closure).</li>
216</ul></li>
217<li>Shmop:
218<ul>
219  <li><?php bugfix(81407); ?> (shmop_open won't attach and causes php to crash).</li>
220</ul></li>
221<li>Standard:
222<ul>
223  <li><?php bugfix(71542); ?> (disk_total_space does not work with relative paths).</li>
224  <li><?php bugfix(81400); ?> (Unterminated string in dns_get_record() results).</li>
225</ul></li>
226<li>SysVMsg:
227<ul>
228  <li><?php bugfix(78819); ?> (Heap Overflow in msg_send).</li>
229</ul></li>
230<li>XML:
231<ul>
232  <li><?php bugfix(81351); ?> (xml_parse may fail, but has no error code).</li>
233</ul></li>
234<li>Zip:
235<ul>
236  <li><?php bugfix(81420); ?> (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)</li>
237</ul></li>
238</ul>
239<!-- }}} --></section>
240
241
242
243<section class="version" id="7.4.23"><!-- {{{ 7.4.23 -->
244<h3>Version 7.4.23</h3>
245<b><?php release_date('26-Aug-2021'); ?></b>
246<ul><li>Core:
247<ul>
248  <li><?php bugfix(72595); ?> (php_output_handler_append illegal write access).</li>
249  <li><?php bugfix(66719); ?> (Weird behaviour when using get_called_class() with call_user_func()).</li>
250  <li><?php bugfix(81305); ?> (Built-in Webserver Drops Requests With "Upgrade" Header).</li>
251</ul></li>
252<li>BCMath:
253<ul>
254  <li><?php bugfix(78238); ?> (BCMath returns "-0").</li>
255</ul></li>
256<li>CGI:
257<ul>
258  <li><?php bugfix(80849); ?> (HTTP Status header truncation).</li>
259</ul></li>
260<li>GD:
261<ul>
262  <li><?php bugfix(51498); ?> (imagefilledellipse does not work for large circles).</li>
263</ul></li>
264<li>MySQLi:
265<ul>
266  <li><?php bugfix(74544); ?> (Integer overflow in mysqli_real_escape_string()).</li>
267</ul></li>
268<li>OpenSSL:
269<ul>
270  <li><?php bugfix(81327); ?> (Error build openssl extension on php 7.4.22).</li>
271</ul></li>
272<li>PDO_ODBC:
273<ul>
274  <li><?php bugfix(81252); ?> (PDO_ODBC doesn't account for SQL_NO_TOTAL).</li>
275</ul></li>
276<li>Phar:
277<ul>
278  <li><?php bugfix(81211); ?>: Symlinks are followed when creating PHAR archive.(cmb)</li>
279</ul></li>
280<li>Shmop:
281<ul>
282  <li><?php bugfix(81283); ?> (shmop can't read beyond 2147483647 bytes).</li>
283</ul></li>
284<li>Standard:
285<ul>
286  <li><?php bugfix(72146); ?> (Integer overflow on substr_replace).</li>
287  <li><?php bugfix(81265); ?> (getimagesize returns 0 for 256px ICO images).</li>
288  <li><?php bugfix(74960); ?> (Heap buffer overflow via str_repeat).</li>
289</ul></li>
290<li>Streams:
291<ul>
292  <li><?php bugfix(81294); ?> (Segfault when removing a filter).</li>
293</ul></li>
294</ul>
295<!-- }}} --></section>
296
297
298
299<section class="version" id="7.4.22"><!-- {{{ 7.4.22 -->
300<h3>Version 7.4.22</h3>
301<b><?php release_date('29-Jul-2021'); ?></b>
302<ul><li>Core:
303<ul>
304  <li><?php bugfix(81145); ?> (copy() and stream_copy_to_stream() fail for +4GB files).</li>
305  <li><?php bugfix(81163); ?> (incorrect handling of indirect vars in __sleep).</li>
306  <li><?php bugfix(80728); ?> (PHP built-in web server resets timeout when it can kill the process).</li>
307  <li><?php bugfix(73630); ?> (Built-in Webserver - overwrite $_SERVER['request_uri']).</li>
308  <li><?php bugfix(80173); ?> (Using return value of zend_assign_to_variable() is not safe).</li>
309  <li><?php bugfix(73226); ?> (--r[fcez] always return zero exit code).</li>
310</ul></li>
311<li>Intl:
312<ul>
313  <li><?php bugfix(72809); ?> (Locale::lookup() wrong result with canonicalize option).</li>
314  <li><?php bugfix(68471); ?> (IntlDateFormatter fails for "GMT+00:00" timezone).</li>
315  <li><?php bugfix(74264); ?> (grapheme_strrpos() broken for negative offsets).</li>
316</ul></li>
317<li>OpenSSL:
318<ul>
319  <li><?php bugfix(52093); ?> (openssl_csr_sign truncates $serial).</li>
320</ul></li>
321<li>PCRE:
322<ul>
323  <li><?php bugfix(81101); ?> (PCRE2 10.37 shows unexpected result).</li>
324  <li><?php bugfix(81243); ?> (Too much memory is allocated for preg_replace()).</li>
325</ul></li>
326<li>Standard:
327<ul>
328  <li><?php bugfix(81223); ?> (flock() only locks first byte of file).</li>
329</ul></li>
330</ul>
331<!-- }}} --></section>
332
333
334
335<section class="version" id="7.4.21"><!-- {{{ 7.4.21 -->
336<h3>Version 7.4.21</h3>
337<b><?php release_date('01-Jul-2021'); ?></b>
338<ul><li>Core:
339<ul>
340  <li><?php bugfix(81068); ?> (Double free in realpath_cache_clean()).</li>
341  <li><?php bugfix(76359); ?> (open_basedir bypass through adding "..").</li>
342  <li><?php bugfix(81090); ?> (Typed property performance degradation with .= operator).</li>
343  <li><?php bugfix(81070); ?> (Integer underflow in memory limit comparison).</li>
344  <li><?php bugfix(81122); ?> (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)</li>
345</ul></li>
346<li>Bzip2:
347<ul>
348  <li><?php bugfix(81092); ?> (fflush before stream_filter_remove corrupts stream).</li>
349</ul></li>
350<li>OpenSSL:
351<ul>
352  <li><?php bugfix(76694); ?> (native Windows cert verification uses CN as server name).</li>
353</ul></li>
354<li>PDO_Firebird:
355<ul>
356  <li><?php bugfix(76448); ?> (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)</li>
357  <li><?php bugfix(76449); ?> (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)</li>
358  <li><?php bugfix(76450); ?> (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)</li>
359  <li><?php bugfix(76452); ?> (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)</li>
360</ul></li>
361<li>Standard:
362<ul>
363  <li><?php bugfix(81048); ?> (phpinfo(INFO_VARIABLES) "Array to string conversion").</li>
364</ul></li>
365</ul>
366<!-- }}} --></section>
367
368
369
370<section class="version" id="7.4.20"><!-- {{{ 7.4.20 -->
371<h3>Version 7.4.20</h3>
372<b><?php release_date('03-Jun-2021'); ?></b>
373<ul><li>Core:
374<ul>
375  <li><?php bugfix(80929); ?> (Method name corruption related to repeated calls to call_user_func_array).</li>
376  <li><?php bugfix(80960); ?> (opendir() warning wrong info when failed on Windows).</li>
377  <li><?php bugfix(67792); ?> (HTTP Authorization schemes are treated as case-sensitive).</li>
378  <li><?php bugfix(80972); ?> (Memory exhaustion on invalid string offset).</li>
379</ul></li>
380<li>FPM:
381<ul>
382  <li><?php bugfix(65800); ?> (Events port mechanism).</li>
383</ul></li>
384<li>FTP:
385<ul>
386  <li><?php bugfix(80901); ?> (Info leak in ftp extension).</li>
387  <li><?php bugfix(79100); ?> (Wrong FTP error messages).</li>
388</ul></li>
389<li>GD:
390<ul>
391  <li><?php bugfix(81032); ?> (GD install is affected by external libgd installation).</li>
392</ul></li>
393<li>MBString:
394<ul>
395  <li><?php bugfix(81011); ?> (mb_convert_encoding removes references from arrays).</li>
396</ul></li>
397<li>ODBC:
398<ul>
399  <li><?php bugfix(80460); ?> (ODBC doesn't account for SQL_NO_TOTAL indicator).</li>
400</ul></li>
401<li>PDO_MySQL:
402<ul>
403  <li><?php bugfix(81037); ?> (PDO discards error message text from prepared statement).</li>
404</ul></li>
405<li>PDO_ODBC:
406<ul>
407  <li><?php bugfix(44643); ?> (bound parameters ignore explicit type definitions).</li>
408</ul></li>
409<li>pgsql:
410<ul>
411  <li>Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().</li>
412</ul></li>
413<li>SPL:
414<ul>
415  <li><?php bugfix(80933); ?> (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).</li>
416</ul></li>
417<li>Opcache:
418<ul>
419  <li><?php bugfix(80900); ?> (switch statement behavior inside function).</li>
420  <li><?php bugfix(81015); ?> (Opcache optimization assumes wrong part of ternary operator in if-condition).</li>
421</ul></li>
422<li>XMLReader:
423<ul>
424  <li><?php bugfix(73246); ?> (XMLReader: encoding length not checked).</li>
425</ul></li>
426<li>Zip:
427<ul>
428  <li><?php bugfix(80863); ?> (ZipArchive::extractTo() ignores references).</li>
429</ul></li>
430</ul>
431<!-- }}} --></section>
432
433
434
435<section class="version" id="7.4.19"><!-- {{{ 7.4.19 -->
436<h3>Version 7.4.19</h3>
437<b><?php release_date('06-May-2021'); ?></b>
438<ul><li>PDO_pgsql:
439<ul>
440  <li>Reverted bug fix for #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li>
441</ul></li>
442</ul>
443<!-- }}} --></section>
444
445
446
447<section class="version" id="7.4.18"><!-- {{{ 7.4.18 -->
448<h3>Version 7.4.18</h3>
449<b><?php release_date('29-Apr-2021'); ?></b>
450<ul><li>Core:
451<ul>
452  <li><?php bugfix(80781); ?> (Error handler that throws ErrorException infinite loop).</li>
453  <li><?php bugfix(75776); ?> (Flushing streams with compression filter is broken).</li>
454</ul></li>
455<li>Dba:
456<ul>
457  <li><?php bugfix(80817); ?> (dba_popen() may cause segfault during RSHUTDOWN).</li>
458</ul></li>
459<li>DOM:
460<ul>
461  <li><?php bugfix(66783); ?> (UAF when appending DOMDocument to element).</li>
462</ul></li>
463<li>FPM:
464<ul>
465  <li><?php bugfix(80024); ?> (Duplication of info about inherited socket after pool removing).</li>
466</ul></li>
467<li>FTP:
468<ul>
469  <li><?php bugfix(80880); ?> (SSL_read on shutdown, ftp/proc_open).</li>
470</ul></li>
471<li>Imap:
472<ul>
473  <li><?php bugfix(80710); ?> (imap_mail_compose() header injection).</li>
474</ul></li>
475<li>Intl:
476<ul>
477  <li><?php bugfix(80763); ?> (msgfmt_format() does not accept DateTime references).</li>
478</ul></li>
479<li>LibXML:
480<ul>
481  <li><?php bugfix(51903); ?> (simplexml_load_file() doesn't use HTTP headers).</li>
482  <li><?php bugfix(73533); ?> (Invalid memory access in php_libxml_xmlCheckUTF8).</li>
483</ul></li>
484<li>MySQLnd:
485<ul>
486  <li><?php bugfix(80713); ?> (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).</li>
487  <li><?php bugfix(80837); ?> (Calling stmt_store_result after fetch doesn't throw an error).</li>
488  <li><?php bugfix(78680); ?> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li>
489</ul></li>
490<li>Opcache:
491<ul>
492  <li><?php bugfix(80805); ?> (create simple class and get error in opcache.so).</li>
493  <li><?php bugfix(80950); ?> (Variables become null in if statements).</li>
494</ul></li>
495<li>Pcntl:
496<ul>
497  <li><?php bugfix(79812); ?> (Potential integer overflow in pcntl_exec()).</li>
498</ul></li>
499<li>PCRE:
500<ul>
501  <li><?php bugfix(80866); ?> (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).</li>
502</ul></li>
503<li>PDO_ODBC:
504<ul>
505  <li><?php bugfix(80783); ?> (PDO ODBC truncates BLOB records at every 256th byte).</li>
506</ul></li>
507<li>PDO_pgsql:
508<ul>
509  <li><?php bugfix(80892); ?> (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).</li>
510</ul></li>
511<li>phpdbg:
512<ul>
513  <li><?php bugfix(80757); ?> (Exit code is 0 when could not open file).</li>
514</ul></li>
515<li>Session:
516<ul>
517  <li><?php bugfix(80774); ?> (session_name() problem with backslash).</li>
518  <li><?php bugfix(80889); ?> (Cannot set save handler when save_handler is invalid).</li>
519</ul></li>
520<li>SOAP:
521<ul>
522  <li><?php bugfix(69668); ?> (SOAP special XML characters in namespace URIs not encoded).</li>
523</ul></li>
524<li>Standard:
525<ul>
526  <li><?php bugfix(78719); ?> (http wrapper silently ignores long Location headers).</li>
527  <li><?php bugfix(80771); ?> (phpinfo(INFO_CREDITS) displays nothing in CLI).</li>
528  <li><?php bugfix(80838); ?> (HTTP wrapper waits for HTTP 1 response after HTTP 101).</li>
529  <li><?php bugfix(80915); ?> (Taking a reference to $_SERVER hides its values from phpinfo()).</li>
530  <li><?php bugfix(80654); ?> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li>
531</ul></li>
532<li>MySQLi:
533<ul>
534  <li><?php bugfix(74779); ?> (x() and y() truncating floats to integers).</li>
535</ul></li>
536<li>OPcache:
537<ul>
538  <li><?php bugfix(80682); ?> (opcache doesn't honour pcre.jit option).</li>
539</ul></li>
540<li>OpenSSL:
541<ul>
542  <li><?php bugfix(80747); ?> (Providing RSA key size &lt; 512 generates key that crash PHP).</li>
543</ul></li>
544<li>Phar:
545<ul>
546  <li><?php bugfix(75850); ?> (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)</li>
547  <li><?php bugfix(70091); ?> (Phar does not mark UTF-8 filenames in ZIP archives).</li>
548  <li><?php bugfix(53467); ?> (Phar cannot compress large archives).</li>
549</ul></li>
550<li>SPL:
551<ul>
552  <li><?php bugfix(80719); ?> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li>
553</ul></li>
554<li>Zip:
555<ul>
556  <li><?php bugfix(80648); ?> (Fix for bug 79296 should be based on runtime version).</li>
557</ul></li>
558</ul>
559<!-- }}} --></section>
560
561<section class="version" id="7.4.16"><!-- {{{ 7.4.16 -->
562<h3>Version 7.4.16</h3>
563<b><?php release_date('04-Mar-2021'); ?></b>
564<ul><li>Core:
565<ul>
566  <li><?php bugfix(80706); ?> (mail(): Headers after Bcc headers may be ignored).</li>
567</ul></li>
568<li>MySQLnd:
569<ul>
570  <li><?php bugfix(78680); ?> (mysqlnd's mysql_clear_password does not transmit null-terminated password).</li>
571</ul></li>
572<li>MySQLi:
573<ul>
574  <li><?php bugfix(74779); ?> (x() and y() truncating floats to integers).</li>
575</ul></li>
576<li>OPcache:
577<ul>
578  <li><?php bugfix(80682); ?> (opcache doesn't honour pcre.jit option).</li>
579</ul></li>
580<li>OpenSSL:
581<ul>
582  <li><?php bugfix(80747); ?> (Providing RSA key size &lt; 512 generates key that crash PHP).</li>
583</ul></li>
584<li>Phar:
585<ul>
586  <li><?php bugfix(75850); ?> (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)</li>
587  <li><?php bugfix(70091); ?> (Phar does not mark UTF-8 filenames in ZIP archives).</li>
588  <li><?php bugfix(53467); ?> (Phar cannot compress large archives).</li>
589</ul></li>
590<li>SPL:
591<ul>
592  <li><?php bugfix(80719); ?> (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).</li>
593</ul></li>
594<li>Standard:
595<ul>
596  <li><?php bugfix(80654); ?> (file_get_contents() maxlen fails above (2**31)-1 bytes).</li>
597</ul></li>
598<li>Zip:
599<ul>
600  <li><?php bugfix(80648); ?> (Fix for bug 79296 should be based on runtime version).</li>
601</ul></li>
602</ul>
603<!-- }}} --></section>
604
605
606
607<section class="version" id="7.4.15"><!-- {{{ 7.4.15 -->
608<h3>Version 7.4.15</h3>
609<b><?php release_date('04-Feb-2021'); ?></b>
610<ul><li>Core:
611<ul>
612  <li><?php bugfix(80523); ?> (bogus parse error on &gt;4GB source code).</li>
613  <li><?php bugfix(80384); ?> (filter buffers entire read until file closed).</li>
614</ul></li>
615<li>Curl:
616<ul>
617  <li><?php bugfix(80595); ?> (Resetting POSTFIELDS to empty array breaks request).</li>
618</ul></li>
619<li>Date:
620<ul>
621  <li><?php bugfix(80376); ?> (last day of the month causes runway cpu usage.</li>
622</ul></li>
623<li>MySQLi:
624<ul>
625  <li><?php bugfix(67983); ?> (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).</li>
626  <li><?php bugfix(64638); ?> (Fetching resultsets from stored procedure with cursor fails).</li>
627  <li><?php bugfix(72862); ?> (segfault using prepared statements on stored procedures that use a cursor).</li>
628  <li><?php bugfix(77935); ?> (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).</li>
629</ul></li>
630<li>Phar:
631<ul>
632  <li><?php bugfix(77565); ?> (Incorrect locator detection in ZIP-based phars).</li>
633  <li><?php bugfix(69279); ?> (Compressed ZIP Phar extractTo() creates garbage files).</li>
634</ul></li>
635<li>SOAP:
636<ul>
637  <li><?php bugfix(80672); ?> (Null Dereference in SoapClient). (CVE-2021-21702)</li>
638</ul></li>
639</ul>
640<!-- }}} --></section>
641
642
643
644<section class="version" id="7.4.14"><!-- {{{ 7.4.14 -->
645<h3>Version 7.4.14</h3>
646<b><?php release_date('07-Jan-2021'); ?></b>
647<ul><li>Core:
648<ul>
649  <li><?php bugfix(74558); ?> (Can't rebind closure returned by Closure::fromCallable()).</li>
650  <li><?php bugfix(80345); ?> (PHPIZE configuration has outdated PHP_RELEASE_VERSION).</li>
651  <li><?php bugfix(72964); ?> (White space not unfolded for CC/Bcc headers).</li>
652  <li><?php bugfix(80362); ?> (Running dtrace scripts can cause php to crash).</li>
653  <li><?php bugfix(80393); ?> (Build of PHP extension fails due to configuration gap with libtool).</li>
654  <li><?php bugfix(80402); ?> (configure filtering out -lpthread).</li>
655  <li><?php bugfix(77069); ?> (stream filter loses final block of data).</li>
656</ul></li>
657<li>Fileinfo:
658<ul>
659  <li><?php bugfix(77961); ?> (finfo_open crafted magic parsing SIGABRT).</li>
660</ul></li>
661<li>FPM:
662<ul>
663  <li><?php bugfix(69625); ?> (FPM returns 200 status on request without SCRIPT_FILENAME env).</li>
664</ul></li>
665<li>Intl:
666<ul>
667  <li><?php bugfix(80425); ?> (MessageFormatAdapter::getArgTypeList redefined).</li>
668</ul></li>
669<li>OpenSSL:
670<ul>
671  <li><?php bugfix(80368); ?> (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).</li>
672</ul></li>
673<li>Phar:
674<ul>
675  <li><?php bugfix(73809); ?> (Phar Zip parse crash - mmap fail).</li>
676  <li><?php bugfix(75102); ?> (`PharData` says invalid checksum for valid tar).</li>
677  <li><?php bugfix(77322); ?> (PharData::addEmptyDir('/') Possible integer overflow).</li>
678</ul></li>
679<li>PDO MySQL:
680<ul>
681  <li><?php bugfix(80458); ?> (PDOStatement::fetchAll() throws for upsert queries).</li>
682  <li><?php bugfix(63185); ?> (nextRowset() ignores MySQL errors with native prepared statements).</li>
683  <li><?php bugfix(78152); ?> (PDO::exec() - Bad error handling with multiple commands).</li>
684  <li><?php bugfix(70066); ?> (Unexpected "Cannot execute queries while other unbuffered queries").</li>
685  <li><?php bugfix(71145); ?> (Multiple statements in init command triggers unbuffered query error).</li>
686  <li><?php bugfix(76815); ?> (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).</li>
687</ul></li>
688<li>Standard:
689<ul>
690  <li><?php bugfix(77423); ?> (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</li>
691  <li><?php bugfix(80366); ?> (Return Value of zend_fstat() not Checked).</li>
692  <li><?php bugfix(80411); ?> (References to null-serialized object break serialize()).</li>
693</ul></li>
694<li>Tidy:
695<ul>
696  <li><?php bugfix(77594); ?> (ob_tidyhandler is never reset).</li>
697</ul></li>
698<li>Zlib:
699<ul>
700  <li><?php bugfix(48725); ?> (Support for flushing in zlib stream).</li>
701</ul></li>
702</ul>
703<!-- }}} --></section>
704
705
706
707<section class="version" id="7.4.13"><!-- {{{ 7.4.13 -->
708<h3>Version 7.4.13</h3>
709<b><?php release_date('26-Nov-2020'); ?></b>
710<ul><li>Core:
711<ul>
712  <li><?php bugfix(80280); ?> (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).</li>
713  <li><?php bugfix(80258); ?> (Windows Deduplication Enabled, randon permission errors).</li>
714</ul></li>
715<li>COM:
716<ul>
717  <li><?php bugfix(62474); ?> (com_event_sink crashes on certain arguments).</li>
718</ul></li>
719<li>DOM:
720<ul>
721  <li><?php bugfix(80268); ?> (loadHTML() truncates at NUL bytes).</li>
722</ul></li>
723<li>FFI:
724<ul>
725  <li><?php bugfix(79177); ?> (FFI doesn't handle well PHP exceptions within callback).</li>
726</ul></li>
727<li>IMAP:
728<ul>
729  <li><?php bugfix(64076); ?> (imap_sort() does not return FALSE on failure).</li>
730  <li><?php bugfix(76618); ?> (segfault on imap_reopen).</li>
731  <li><?php bugfix(80239); ?> (imap_rfc822_write_address() leaks memory).</li>
732  <li>Fixed minor regression caused by fixing bug <?php bugl(80220); ?>.</li>
733  <li><?php bugfix(80242); ?> (imap_mail_compose() segfaults for multipart with rfc822).</li>
734</ul></li>
735<li>MySQLi:
736<ul>
737  <li><?php bugfix(79375); ?> (mysqli_store_result does not report error from lock wait timeout).</li>
738  <li><?php bugfix(76525); ?> (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used).</li>
739  <li><?php bugfix(72413); ?> (mysqlnd segfault (fetch_row second parameter typemismatch)).</li>
740</ul></li>
741<li>ODBC:
742<ul>
743  <li><?php bugfix(44618); ?> (Fetching may rely on uninitialized data).</li>
744</ul></li>
745<li>Opcache:
746<ul>
747  <li><?php bugfix(79643); ?> (PHP with Opcache crashes when a file with specific name is included).</li>
748  <li>Fixed run-time binding of preloaded dynamically declared function.</li>
749</ul></li>
750<li>OpenSSL:
751<ul>
752  <li><?php bugfix(79983); ?> (openssl_encrypt / openssl_decrypt fail with OCB mode).</li>
753</ul></li>
754<li>PDO MySQL:
755<ul>
756  <li><?php bugfix(66528); ?> (No PDOException or errorCode if database becomes unavailable before PDO::commit).</li>
757  <li><?php bugfix(65825); ?> (PDOStatement::fetch() does not throw exception on broken server connection).</li>
758</ul></li>
759<li>SNMP:
760<ul>
761  <li><?php bugfix(70461); ?> (disable md5 code when it is not supported in net-snmp).</li>
762</ul></li>
763<li>Standard:
764<ul>
765  <li><?php bugfix(80266); ?> (parse_url silently drops port number 0).</li>
766</ul></li>
767</ul>
768<!-- }}} --></section>
769
770
771
772<section class="version" id="7.4.12"><!-- {{{ 7.4.12 -->
773<h3>Version 7.4.12</h3>
774<b><?php release_date('29-Oct-2020'); ?></b>
775<ul><li>Core:
776<ul>
777  <li><?php bugfix(80061); ?> (Copying large files may have suboptimal performance).</li>
778  <li><?php bugfix(79423); ?> (copy command is limited to size of file it can copy).</li>
779  <li><?php bugfix(80126); ?> (Covariant return types failing compilation).</li>
780  <li><?php bugfix(80186); ?> (Segfault when iterating over FFI object).</li>
781</ul></li>
782<li>Calendar:
783<ul>
784  <li><?php bugfix(80185); ?> (jdtounix() fails after 2037).</li>
785</ul></li>
786<li>IMAP:
787<ul>
788  <li><?php bugfix(80213); ?> (imap_mail_compose() segfaults on certain $bodies).</li>
789  <li><?php bugfix(80215); ?> (imap_mail_compose() may modify by-val parameters).</li>
790  <li><?php bugfix(80220); ?> (imap_mail_compose() may leak memory).</li>
791  <li><?php bugfix(80223); ?> (imap_mail_compose() leaks envelope on malformed bodies).</li>
792  <li><?php bugfix(80216); ?> (imap_mail_compose() does not validate types/encodings).</li>
793  <li><?php bugfix(80226); ?> (imap_sort() leaks sortpgm memory).</li>
794</ul></li>
795<li>MySQLnd:
796<ul>
797  <li><?php bugfix(80115); ?> (mysqlnd.debug doesn't recognize absolute paths with slashes).</li>
798  <li><?php bugfix(80107); ?> (mysqli_query() fails for ~16 MB long query when compression is enabled).</li>
799</ul></li>
800<li>ODBC:
801<ul>
802  <li><?php bugfix(78470); ?> (odbc_specialcolumns() no longer accepts $nullable).</li>
803  <li><?php bugfix(80147); ?> (BINARY strings may not be properly zero-terminated).</li>
804  <li><?php bugfix(80150); ?> (Failure to fetch error message).</li>
805  <li><?php bugfix(80152); ?> (odbc_execute() moves internal pointer of $params).</li>
806  <li><?php bugfix(46050); ?> (odbc_next_result corrupts prepared resource).</li>
807</ul></li>
808<li>OPcache:
809<ul>
810  <li><?php bugfix(80083); ?> (Optimizer pass 6 removes variables used for ibm_db2 data binding).</li>
811  <li><?php bugfix(80194); ?> (Assertion failure during block assembly of unreachable free with leading nop).</li>
812</ul></li>
813<li>PCRE:
814<ul>
815  <li>Updated to PCRE 10.35.</li>
816  <li><?php bugfix(80118); ?> (Erroneous whitespace match with JIT only).</li>
817</ul></li>
818<li>PDO_ODBC:
819<ul>
820  <li><?php bugfix(67465); ?> (NULL Pointer dereference in odbc_handle_preparer).</li>
821</ul></li>
822<li>Standard:
823<ul>
824  <li><?php bugfix(80114); ?> (parse_url does not accept URLs with port 0).</li>
825  <li><?php bugfix(76943); ?> (Inconsistent stream_wrapper_restore() errors).</li>
826  <li><?php bugfix(76735); ?> (Incorrect message in fopen on invalid mode).</li>
827</ul></li>
828<li>Tidy:
829<ul>
830  <li><?php bugfix(77040); ?> (tidyNode::isHtml() is completely broken).</li>
831</ul></li>
832</ul>
833<!-- }}} --></section>
834
835
836
837<section class="version" id="7.4.11"><!-- {{{ 7.4.11 -->
838<h3>Version 7.4.11</h3>
839<b><?php release_date('01-Oct-2020'); ?></b>
840<ul><li>Core:
841<ul>
842  <li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li>
843  <li><?php bugfix(79979); ?> (passing value to by-ref param via CUFA crashes).</li>
844  <li><?php bugfix(80037); ?> (Typed property must not be accessed before initialization when __get() declared).</li>
845  <li><?php bugfix(80048); ?> (Bug <?php bugl(69100); ?> has not been fixed for Windows).</li>
846  <li><?php bugfix(80049); ?> (Memleak when coercing integers to string via variadic argument).</li>
847</ul></li>
848<li>Calendar:
849<ul>
850  <li><?php bugfix(80007); ?> (Potential type confusion in unixtojd() parameter parsing).</li>
851</ul></li>
852<li>COM:
853<ul>
854  <li><?php bugfix(64130); ?> (COM obj parameters passed by reference are not updated).</li>
855</ul></li>
856<li>OPcache:
857<ul>
858  <li><?php bugfix(80002); ?> (calc free space for new interned string is wrong).</li>
859  <li><?php bugfix(80046); ?> (FREE for SWITCH_STRING optimized away).</li>
860  <li><?php bugfix(79825); ?> (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).</li>
861</ul></li>
862<li>OpenSSL:
863<ul>
864  <li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li>
865</ul></li>
866<li>PDO:
867<ul>
868  <li><?php bugfix(80027); ?> (Terrible performance using $query-&gt;fetch on queries with many bind parameters).</li>
869</ul></li>
870<li>SOAP:
871<ul>
872  <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li>
873</ul></li>
874<li>Standard:
875<ul>
876  <li><?php bugfix(79986); ?> (str_ireplace bug with diacritics characters).</li>
877  <li><?php bugfix(80077); ?> (getmxrr test bug).</li>
878  <li><?php bugfix(72941); ?> (Modifying bucket-&gt;data by-ref has no effect any longer).</li>
879  <li><?php bugfix(80067); ?> (Omitting the port in bindto setting errors).</li>
880</ul></li>
881</ul>
882<!-- }}} --></section>
883
884
885
886<section class="version" id="7.4.10"><!-- {{{ 7.4.10 -->
887<h3>Version 7.4.10</h3>
888<b><?php release_date('03-Sep-2020'); ?></b>
889<ul><li>Core:
890<ul>
891  <li><?php bugfix(79884); ?> (PHP_CONFIG_FILE_PATH is meaningless).</li>
892  <li><?php bugfix(77932); ?> (File extensions are case-sensitive).</li>
893  <li><?php bugfix(79806); ?> (realpath() erroneously resolves link to link).</li>
894  <li><?php bugfix(79895); ?> (PHP_CHECK_GCC_ARG does not allow flags with equal sign).</li>
895  <li><?php bugfix(79919); ?> (Stack use-after-scope in define()).</li>
896  <li><?php bugfix(79934); ?> (CRLF-only line in heredoc causes parsing error).</li>
897  <li><?php bugfix(79947); ?> (Memory leak on invalid offset type in compound assignment).</li>
898</ul></li>
899<li>COM:
900<ul>
901  <li><?php bugfix(48585); ?> (com_load_typelib holds reference, fails on second call).</li>
902</ul></li>
903<li>Exif:
904<ul>
905  <li><?php bugfix(75785); ?> (Many errors from exif_read_data).</li>
906</ul></li>
907<li>Gettext:
908<ul>
909  <li><?php bugfix(70574); ?> (Tests fail due to relying on Linux fallback behavior for gettext()).</li>
910</ul></li>
911<li>LDAP:
912<ul>
913  <li>Fixed memory leaks.</li>
914</ul></li>
915<li>OPcache:
916<ul>
917  <li><?php bugfix(73060); ?> (php failed with error after temp folder cleaned up).</li>
918  <li><?php bugfix(79917); ?> (File cache segfault with a static variable in inherited method).</li>
919</ul></li>
920<li>PDO:
921<ul>
922  <li><?php bugfix(64705); ?> (errorInfo property of PDOException is null when PDO::__construct() fails).</li>
923</ul></li>
924<li>Session:
925<ul>
926  <li><?php bugfix(79724); ?> (Return type does not match in ext/session/mod_mm.c).</li>
927</ul></li>
928<li>Standard:
929<ul>
930  <li><?php bugfix(79930); ?> (array_merge_recursive() crashes when called with array with single reference).</li>
931  <li><?php bugfix(79944); ?> (getmxrr always returns true on Alpine linux).</li>
932  <li><?php bugfix(79951); ?> (Memory leak in str_replace of empty string).</li>
933</ul></li>
934<li>XML:
935<ul>
936  <li><?php bugfix(79922); ?> (Crash after multiple calls to xml_parser_free()).</li>
937</ul></li>
938</ul>
939<!-- }}} --></section>
940
941
942
943<section class="version" id="7.4.9"><!-- {{{ 7.4.9 -->
944<h3>Version 7.4.9</h3>
945<b><?php release_date('06-Aug-2020'); ?></b>
946<ul><li>Apache:
947<ul>
948  <li><?php bugfix(79030); ?> (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).</li>
949</ul></li>
950<li>COM:
951<ul>
952  <li><?php bugfix(63208); ?> (BSTR to PHP string conversion not binary safe).</li>
953  <li><?php bugfix(63527); ?> (DCOM does not work with Username, Password parameter).</li>
954</ul></li>
955<li>Core:
956<ul>
957  <li><?php bugfix(79740); ?> (serialize() and unserialize() methods can not be called statically).</li>
958  <li><?php bugfix(79783); ?> (Segfault in php_str_replace_common).</li>
959  <li><?php bugfix(79778); ?> (Assertion failure if dumping closure with unresolved static variable).</li>
960  <li><?php bugfix(79779); ?> (Assertion failure when assigning property of string offset by reference).</li>
961  <li><?php bugfix(79792); ?> (HT iterators not removed if empty array is destroyed).</li>
962  <li><?php bugfix(78598); ?> (Changing array during undef index RW error segfaults).</li>
963  <li><?php bugfix(79784); ?> (Use after free if changing array during undef var during array write fetch).</li>
964  <li><?php bugfix(79793); ?> (Use after free if string used in undefined index warning is changed).</li>
965  <li><?php bugfix(79862); ?> (Public non-static property in child should take priority over private static).</li>
966  <li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte) (cmb)</li>
967</ul></li>
968<li>Fileinfo:
969<ul>
970  <li><?php bugfix(79756); ?> (finfo_file crash (FILEINFO_MIME)).</li>
971</ul></li>
972<li>FTP:
973<ul>
974  <li><?php bugfix(55857); ?> (ftp_size on large files).</li>
975</ul></li>
976<li>Mbstring:
977<ul>
978  <li><?php bugfix(79787); ?> (mb_strimwidth does not trim string).</li>
979</ul></li>
980<li>Phar:
981<ul>
982  <li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li>
983</ul></li>
984<li>Reflection:
985<ul>
986  <li><?php bugfix(79487); ?> (::getStaticProperties() ignores property modifications).</li>
987  <li><?php bugfix(69804); ?> (::getStaticPropertyValue() throws on protected props).</li>
988  <li><?php bugfix(79820); ?> (Use after free when type duplicated into ReflectionProperty gets resolved).</li>
989</ul></li>
990<li>Standard:
991<ul>
992  <li><?php bugfix(70362); ?> (Can't copy() large 'data://' with open_basedir).</li>
993  <li><?php bugfix(78008); ?> (dns_check_record() always return true on Alpine).</li>
994  <li><?php bugfix(79839); ?> (array_walk() does not respect property types).</li>
995</ul></li>
996</ul>
997<!-- }}} --></section>
998
999
1000
1001<section class="version" id="7.4.8"><!-- {{{ 7.4.8 -->
1002<h3>Version 7.4.8</h3>
1003<b><?php release_date('09-Jul-2020'); ?></b>
1004<ul><li>Core:
1005<ul>
1006  <li><?php bugfix(79595); ?> (zend_init_fpu() alters FPU precision).</li>
1007  <li><?php bugfix(79650); ?> (php-win.exe 100% cpu lockup).</li>
1008  <li><?php bugfix(79668); ?> (get_defined_functions(true) may miss functions).</li>
1009  <li><?php bugfix(79683); ?> (Fake reflection scope affects __toString()).</li>
1010  <li>Fixed possibly unsupported timercmp() usage.</li>
1011</ul></li>
1012<li>Exif:
1013<ul>
1014  <li><?php bugfix(79687); ?> (Sony picture - PHP Warning - Make, Model, MakerNotes).</li>
1015</ul></li>
1016<li>Fileinfo:
1017<ul>
1018  <li><?php bugfix(79681); ?> (mime_content_type/finfo returning incorrect mimetype).</li>
1019</ul></li>
1020<li>Filter:
1021<ul>
1022  <li><?php bugfix(73527); ?> (Invalid memory access in php_filter_strip).</li>
1023</ul></li>
1024<li>GD:
1025<ul>
1026  <li><?php bugfix(79676); ?> (imagescale adds black border with IMG_BICUBIC).</li>
1027</ul></li>
1028<li>OpenSSL:
1029<ul>
1030  <li><?php bugfix(62890); ?> (default_socket_timeout=-1 causes connection to timeout).</li>
1031</ul></li>
1032<li>PDO SQLite:
1033<ul>
1034  <li><?php bugfix(79664); ?> (PDOStatement::getColumnMeta fails on empty result set).</li>
1035</ul></li>
1036<li>phpdbg:
1037<ul>
1038  <li><?php bugfix(73926); ?> (phpdbg will not accept input on restart execution).</li>
1039  <li><?php bugfix(73927); ?> (phpdbg fails with windows error prompt at "watch array").</li>
1040  <li>Fixed several mostly Windows related phpdbg bugs.</li>
1041</ul></li>
1042<li>SPL:
1043<ul>
1044  <li><?php bugfix(79710); ?> (Reproducible segfault in error_handler during GC involved an SplFileObject).</li>
1045</ul></li>
1046<li>Standard:
1047<ul>
1048  <li><?php bugfix(74267); ?> (segfault with streams and invalid data).</li>
1049</ul></li>
1050</ul>
1051<!-- }}} --></section>
1052
1053
1054<section class="version" id="7.4.7"><!-- {{{ 7.4.7 -->
1055<h3>Version 7.4.7</h3>
1056<b><?php release_date('11-Jun-2020'); ?></b>
1057<ul><li>Core:
1058<ul>
1059  <li><?php bugfix(79599); ?> (coredump in set_error_handler).</li>
1060  <li><?php bugfix(79566); ?> (Private SHM is not private on Windows).</li>
1061  <li><?php bugfix(79489); ?> (.user.ini does not inherit).</li>
1062  <li><?php bugfix(79600); ?> (Regression in 7.4.6 when yielding an array based generator).</li>
1063  <li><?php bugfix(79657); ?> ("yield from" hangs when invalid value encountered).</li>
1064</ul></li>
1065<li>FFI:
1066<ul>
1067  <li><?php bugfix(79571); ?> (FFI: var_dumping unions may segfault).</li>
1068</ul></li>
1069<li>GD:
1070<ul>
1071  <li><?php bugfix(79615); ?> (Wrong GIF header written in GD GIFEncode).</li>
1072</ul></li>
1073<li>MySQLnd:
1074<ul>
1075  <li><?php bugfix(79596); ?> (MySQL FLOAT truncates to int some locales).</li>
1076</ul></li>
1077<li>Opcache:
1078<ul>
1079  <li><?php bugfix(79588); ?> (Boolean opcache settings ignore on/off values).</li>
1080  <li><?php bugfix(79548); ?> (Preloading segfault with inherited method using static variable).</li>
1081  <li><?php bugfix(79603); ?> (RTD collision with opcache).</li>
1082</ul></li>
1083<li>Standard:
1084<ul>
1085  <li><?php bugfix(79561); ?> (dns_get_record() fails with DNS_ALL).</li>
1086</ul></li>
1087</ul>
1088<!-- }}} --></section>
1089
1090<section class="version" id="7.4.6"><!-- {{{ 7.4.6 -->
1091<h3>Version 7.4.6</h3>
1092<b><?php release_date('14-May-2020'); ?></b>
1093<ul><li>Core:
1094<ul>
1095  <li><?php bugfix(78434); ?> (Generator yields no items after valid() call).</li>
1096  <li><?php bugfix(79477); ?> (casting object into array creates references).</li>
1097  <li><?php bugfix(79514); ?> (Memory leaks while including unexistent file).</li>
1098  <li><?php bugfix(79470); ?> (PHP incompatible with 3rd party file system on demand).</li>
1099  <li><?php bugfix(78784); ?> (Unable to interact with files inside a VFS for Git repository).</li>
1100  <li><?php bugfix(78875); ?> (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).</li>
1101  <li><?php bugfix(78876); ?> (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).</li>
1102</ul></li>
1103<li>DOM:
1104<ul>
1105  <li><?php bugfix(78221); ?> (DOMNode::normalize() doesn't remove empty text nodes).</li>
1106</ul></li>
1107<li>EXIF:
1108<ul>
1109  <li><?php bugfix(79336); ?> (ext/exif/tests/bug79046.phpt fails on Big endian arch).</li>
1110</ul></li>
1111<li>FCGI:
1112<ul>
1113  <li><?php bugfix(79491); ?> (Search for .user.ini extends up to root dir).</li>
1114</ul></li>
1115<li>MBString:
1116<ul>
1117  <li><?php bugfix(79441); ?> (Segfault in mb_chr() if internal encoding is unsupported).</li>
1118</ul></li>
1119<li>OpenSSL:
1120<ul>
1121  <li><?php bugfix(79497); ?> (stream_socket_client() throws an unknown error sometimes with &lt;1s timeout).</li>
1122</ul></li>
1123<li>PCRE:
1124<ul>
1125  <li>Upgraded to PCRE2 10.34.</li>
1126</ul></li>
1127<li>Phar:
1128<ul>
1129  <li><?php bugfix(79503); ?> (Memory leak on duplicate metadata).</li>
1130</ul></li>
1131<li>SimpleXML:
1132<ul>
1133  <li><?php bugfix(79528); ?> (Different object of the same xml between 7.4.5 and 7.4.4).</li>
1134</ul></li>
1135<li>SPL:
1136<ul>
1137  <li><?php bugfix(69264); ?> (__debugInfo() ignored while extending SPL classes).</li>
1138  <li><?php bugfix(67369); ?> (ArrayObject serialization drops the iterator class).</li>
1139</ul></li>
1140<li>Standard:
1141<ul>
1142  <li><?php bugfix(79468); ?> (SIGSEGV when closing stream handle with a stream filter appended).</li>
1143  <li><?php bugfix(79447); ?> (Serializing uninitialized typed properties with __sleep should not throw).</li>
1144</ul></li>
1145</ul>
1146<!-- }}} --></section>
1147
1148
1149<section class="version" id="7.4.5"><!-- {{{ 7.4.5 -->
1150<h3>Version 7.4.5</h3>
1151<b><?php release_date('16-Apr-2020'); ?></b>
1152<ul><li>Core:
1153<ul>
1154  <li><?php bugfix(79364); ?> (When copy empty array, next key is unspecified).</li>
1155  <li><?php bugfix(78210); ?> (Invalid pointer address).</li>
1156</ul></li>
1157<li>CURL:
1158<ul>
1159  <li><?php bugfix(79199); ?> (curl_copy_handle() memory leak).</li>
1160</ul></li>
1161<li>Date:
1162<ul>
1163  <li><?php bugfix(79396); ?> (DateTime hour incorrect during DST jump forward).</li>
1164  <li><?php bugfix(74940); ?> (DateTimeZone loose comparison always true).</li>
1165</ul></li>
1166<li>FPM:
1167<ul>
1168  <li><?php implemented(77062); ?> (Allow numeric [UG]ID in FPM listen.{owner,group}) (Andre Nathan)</li>
1169</ul></li>
1170<li>Iconv:
1171<ul>
1172  <li><?php bugfix(79200); ?> (Some iconv functions cut Windows-1258).</li>
1173</ul></li>
1174<li>OPcache:
1175<ul>
1176  <li><?php bugfix(79412); ?> (Opcache chokes and uses 100% CPU on specific script).</li>
1177</ul></li>
1178<li>Session:
1179<ul>
1180  <li><?php bugfix(79413); ?> (session_create_id() fails for active sessions).</li>
1181</ul></li>
1182<li>Shmop:
1183<ul>
1184  <li><?php bugfix(79427); ?> (Integer Overflow in shmop_open()).</li>
1185</ul></li>
1186<li>SimpleXML:
1187<ul>
1188  <li><?php bugfix(61597); ?> (SXE properties may lack attributes and content).</li>
1189</ul></li>
1190<li>SOAP:
1191<ul>
1192  <li><?php bugfix(79357); ?> (SOAP request segfaults when any request parameter is missing).</li>
1193</ul></li>
1194<li>Spl:
1195<ul>
1196  <li><?php bugfix(75673); ?> (SplStack::unserialize() behavior).</li>
1197  <li><?php bugfix(79393); ?> (Null coalescing operator failing with SplFixedArray).</li>
1198</ul></li>
1199<li>Standard:
1200<ul>
1201  <li><?php bugfix(79330); ?> (shell_exec() silently truncates after a null byte).</li>
1202  <li><?php bugfix(79410); ?> (system() swallows last chunk if it is exactly 4095 bytes without newline).</li>
1203  <li><?php bugfix(79465); ?> (OOB Read in urldecode()). (CVE-2020-7067)</li>
1204</ul></li>
1205<li>Zip:
1206<ul>
1207  <li><?php bugfix(79296); ?> (ZipArchive::open fails on empty file).</li>
1208  <li><?php bugfix(79424); ?> (php_zip_glob uses gl_pathc after call to globfree).</li>
1209</ul></li>
1210</ul>
1211<!-- }}} --></section>
1212
1213
1214<section class="version" id="7.4.4"><!-- {{{ 7.4.4 -->
1215<h3>Version 7.4.4</h3>
1216<b><?php release_date('19-Mar-2020'); ?></b>
1217<ul><li>Core:
1218<ul>
1219  <li><?php bugfix(79329); ?> (get_headers() silently truncates after a null byte) (CVE-2020-7066)</li>
1220  <li><?php bugfix(79244); ?> (php crashes during parsing INI file).</li>
1221  <li><?php bugfix(63206); ?> (restore_error_handler does not restore previous errors mask).</li>
1222</ul></li>
1223<li>COM:
1224<ul>
1225  <li><?php bugfix(66322); ?> (COMPersistHelper::SaveToFile can save to wrong location).</li>
1226  <li><?php bugfix(79242); ?> (COM error constants don't match com_exception codes on x86).</li>
1227  <li><?php bugfix(79247); ?> (Garbage collecting variant objects segfaults).</li>
1228  <li><?php bugfix(79248); ?> (Traversing empty VT_ARRAY throws com_exception).</li>
1229  <li><?php bugfix(79299); ?> (com_print_typeinfo prints duplicate variables).</li>
1230  <li><?php bugfix(79332); ?> (php_istreams are never freed).</li>
1231  <li><?php bugfix(79333); ?> (com_print_typeinfo() leaks memory).</li>
1232</ul></li>
1233<li>CURL:
1234<ul>
1235  <li><?php bugfix(79019); ?> (Copied cURL handles upload empty file).</li>
1236  <li><?php bugfix(79013); ?> (Content-Length missing when posting a curlFile with curl).</li>
1237</ul></li>
1238<li>DOM:
1239<ul>
1240  <li><?php bugfix(77569); ?>: (Write Access Violation in DomImplementation).</li>
1241  <li><?php bugfix(79271); ?> (DOMDocumentType::$childNodes is NULL).</li>
1242</ul></li>
1243<li>Enchant:
1244<ul>
1245  <li><?php bugfix(79311); ?> (enchant_dict_suggest() fails on big endian architecture).</li>
1246</ul></li>
1247<li>EXIF:
1248<ul>
1249  <li><?php bugfix(79282); ?> (Use-of-uninitialized-value in exif) (CVE-2020-7064).</li>
1250</ul></li>
1251<li>Fileinfo:
1252<ul>
1253  <li><?php bugfix(79283); ?> (Segfault in libmagic patch contains a buffer overflow).</li>
1254</ul></li>
1255<li>FPM:
1256<ul>
1257  <li><?php bugfix(77653); ?> (operator displayed instead of the real error message).</li>
1258  <li><?php bugfix(79014); ?> (PHP-FPM &amp; Primary script unknown).</li>
1259</ul></li>
1260<li>MBstring:
1261<ul>
1262  <li><?php bugfix(79371); ?> (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065).</li>
1263</ul></li>
1264<li>MySQLi:
1265<ul>
1266  <li><?php bugfix(64032); ?> (mysqli reports different client_version).</li>
1267</ul></li>
1268<li>MySQLnd:
1269<ul>
1270  <li><?php implemented(79275); ?> (Support auth_plugin_caching_sha2_password on Windows).</li>
1271</ul></li>
1272<li>Opcache:
1273<ul>
1274  <li><?php bugfix(79252); ?> (preloading causes php-fpm to segfault during exit).</li>
1275</ul></li>
1276<li>PCRE:
1277<ul>
1278  <li><?php bugfix(79188); ?> (Memory corruption in preg_replace/preg_replace_callback and unicode).</li>
1279  <li><?php bugfix(79241); ?> (Segmentation fault on preg_match()).</li>
1280  <li><?php bugfix(79257); ?> (Duplicate named groups (?J) prefer last alternative even if not matched).</li>
1281</ul></li>
1282<li>PDO_ODBC:
1283<ul>
1284  <li><?php bugfix(79038); ?> (PDOStatement::nextRowset() leaks column values).</li>
1285</ul></li>
1286<li>Reflection:
1287<ul>
1288  <li><?php bugfix(79062); ?> (Property with heredoc default value returns false for getDocComment).</li>
1289</ul></li>
1290<li>SQLite3:
1291<ul>
1292  <li><?php bugfix(79294); ?> (::columnType() may fail after SQLite3Stmt::reset()).</li>
1293</ul></li>
1294<li>Standard:
1295<ul>
1296  <li><?php bugfix(79254); ?> (getenv() w/o arguments not showing changes).</li>
1297  <li><?php bugfix(79265); ?> (Improper injection of Host header when using fopen for http requests).</li>
1298</ul></li>
1299<li>Zip:
1300<ul>
1301  <li><?php bugfix(79315); ?> (ZipArchive::addFile doesn't honor start/length parameters).</li>
1302</ul></li>
1303</ul>
1304<!-- }}} --></section>
1305
1306
1307<section class="version" id="7.4.3"><!-- {{{ 7.4.3 -->
1308<h3>Version 7.4.3</h3>
1309<b><?php release_date('20-Feb-2020'); ?></b>
1310<ul><li>Core:
1311<ul>
1312  <li><?php bugfix(79146); ?> (cscript can fail to run on some systems).</li>
1313  <li><?php bugfix(79155); ?> (Property nullability lost when using multiple property definition).</li>
1314  <li><?php bugfix(78323); ?> (Code 0 is returned on invalid options).</li>
1315  <li><?php bugfix(78989); ?> (Delayed variance check involving trait segfaults).</li>
1316  <li><?php bugfix(79174); ?> (cookie values with spaces fail to round-trip).</li>
1317  <li><?php bugfix(76047); ?> (Use-after-free when accessing already destructed backtrace arguments).</li>
1318</ul></li>
1319<li>COM:
1320<ul>
1321  <li><?php bugfix(79247); ?> (Garbage collecting variant objects segfaults).</li>
1322</ul></li>
1323<li>CURL:
1324<ul>
1325  <li><?php bugfix(79078); ?> (Hypothetical use-after-free in curl_multi_add_handle()).</li>
1326</ul></li>
1327<li>FFI:
1328<ul>
1329  <li><?php bugfix(79096); ?> (FFI Struct Segfault).</li>
1330</ul></li>
1331<li>IMAP:
1332<ul>
1333  <li><?php bugfix(79112); ?> (IMAP extension can't find OpenSSL libraries at configure time).</li>
1334</ul></li>
1335<li>Intl:
1336<ul>
1337  <li><?php bugfix(79212); ?> (NumberFormatter::format() may detect wrong type).</li>
1338</ul></li>
1339<li>Libxml:
1340<ul>
1341  <li><?php bugfix(79191); ?> (Error in SoapClient ctor disables DOMDocument::save()).</li>
1342</ul></li>
1343<li>MBString:
1344<ul>
1345  <li><?php bugfix(79149); ?> (SEGV in mb_convert_encoding with non-string encodings).</li>
1346</ul></li>
1347<li>MySQLi:
1348<ul>
1349  <li><?php bugfix(78666); ?> (Properties may emit a warning on var_dump()).</li>
1350</ul></li>
1351<li>MySQLnd:
1352<ul>
1353  <li><?php bugfix(79084); ?> (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).</li>
1354  <li><?php bugfix(79011); ?> (MySQL caching_sha2_password Access denied for password with more than 20 chars).</li>
1355</ul></li>
1356<li>Opcache:
1357<ul>
1358  <li><?php bugfix(79114); ?> (Eval class during preload causes class to be only half available).</li>
1359  <li><?php bugfix(79128); ?> (Preloading segfaults if preload_user is used).</li>
1360  <li><?php bugfix(79193); ?> (Incorrect type inference for self::$field =&amp; $field).</li>
1361</ul></li>
1362<li>OpenSSL:
1363<ul>
1364  <li><?php bugfix(79145); ?> (openssl memory leak).</li>
1365</ul></li>
1366<li>Phar:
1367<ul>
1368  <li><?php bugfix(79082); ?> (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)</li>
1369  <li><?php bugfix(79171); ?> (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)</li>
1370  <li><?php bugfix(76584); ?> (PharFileInfo::decompress not working).</li>
1371</ul></li>
1372<li>Reflection:
1373<ul>
1374  <li><?php bugfix(79115); ?> (ReflectionClass::isCloneable call reflected class __destruct).</li>
1375</ul></li>
1376<li>Session:
1377<ul>
1378  <li><?php bugfix(79221); ?> (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)</li>
1379</ul></li>
1380<li>Standard:
1381<ul>
1382  <li><?php bugfix(78902); ?> (Memory leak when using stream_filter_append).</li>
1383  <li><?php bugfix(78969); ?> (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).</li>
1384</ul></li>
1385<li>Testing:
1386<ul>
1387  <li><?php bugfix(78090); ?> (bug45161.phpt takes forever to finish).</li>
1388</ul></li>
1389<li>XSL:
1390<ul>
1391  <li><?php bugfix(70078); ?> (XSL callbacks with nodes as parameter leak memory).</li>
1392</ul></li>
1393<li>Zip:
1394<ul>
1395  <li>Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0).</li>
1396  <li>Add ZipArchive::RDONLY (since libzip 1.0.0).</li>
1397  <li>Add ZipArchive::ER_* missing constants.</li>
1398  <li>Add ZipArchive::LIBZIP_VERSION constant.</li>
1399  <li><?php bugfix(73119); ?> (Wrong return for ZipArchive::addEmptyDir Method).</li>
1400</ul></li>
1401</ul>
1402<!-- }}} --></section>
1403
1404
1405<section class="version" id="7.4.2"><!-- {{{ 7.4.2 -->
1406<h3>Version 7.4.2</h3>
1407<b><?php release_date('23-Jan-2020'); ?></b>
1408<ul><li>Core:
1409<ul>
1410  <li>Preloading support on Windows has been disabled.</li>
1411  <li><?php bugfix(79022); ?> (class_exists returns True for classes that are not ready to be used).</li>
1412  <li><?php bugfix(78929); ?> (plus signs in cookie values are converted to spaces).</li>
1413  <li><?php bugfix(78973); ?> (Destructor during CV freeing causes segfault if opline never saved).</li>
1414  <li><?php bugfix(78776); ?> (Abstract method implementation from trait does not check "static").</li>
1415  <li><?php bugfix(78999); ?> (Cycle leak when using function result as temporary).</li>
1416  <li><?php bugfix(79008); ?> (General performance regression with PHP 7.4 on Windows).</li>
1417  <li><?php bugfix(79002); ?> (Serializing uninitialized typed properties with __sleep makes unserialize throw).</li>
1418</ul></li>
1419<li>CURL:
1420<ul>
1421  <li><?php bugfix(79033); ?> (Curl timeout error with specific url and post).</li>
1422  <li><?php bugfix(79063); ?> (curl openssl does not respect PKG_CONFIG_PATH).</li>
1423</ul></li>
1424<li>Date:
1425<ul>
1426  <li><?php bugfix(79015); ?> (undefined-behavior in php_date.c).</li>
1427</ul></li>
1428<li>DBA:
1429<ul>
1430  <li><?php bugfix(78808); ?> ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).</li>
1431</ul></li>
1432<li>Exif:
1433<ul>
1434  <li><?php bugfix(79046); ?> (NaN to int cast undefined behavior in exif).</li>
1435</ul></li>
1436<li>Fileinfo:
1437<ul>
1438  <li><?php bugfix(74170); ?> (locale information change after mime_content_type).</li>
1439</ul></li>
1440<li>GD:
1441<ul>
1442  <li><?php bugfix(79067); ?> (gdTransformAffineCopy() may use unitialized values).</li>
1443  <li><?php bugfix(79068); ?> (gdTransformAffineCopy() changes interpolation method).</li>
1444</ul></li>
1445<li>Libxml:
1446<ul>
1447  <li><?php bugfix(79029); ?> (Use After Free's in XMLReader / XMLWriter).</li>
1448</ul></li>
1449<li>Mbstring:
1450<ul>
1451  <li><?php bugfix(79037); ?> (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)</li>
1452</ul></li>
1453<li>OPcache:
1454<ul>
1455  <li><?php bugfix(78961); ?> (erroneous optimization of re-assigned $GLOBALS).</li>
1456  <li><?php bugfix(78950); ?> (Preloading trait method with static variables).</li>
1457  <li><?php bugfix(78903); ?> (Conflict in RTD key for closures results in crash).</li>
1458  <li><?php bugfix(78986); ?> (Opcache segfaults when inheriting ctor from immutable into mutable class).</li>
1459  <li><?php bugfix(79040); ?> (Warning Opcode handlers are unusable due to ASLR).</li>
1460  <li><?php bugfix(79055); ?> (Typed property become unknown with OPcache file cache).</li>
1461</ul></li>
1462<li>Pcntl:
1463<ul>
1464  <li><?php bugfix(78402); ?> (Converting null to string in error message is bad DX).</li>
1465</ul></li>
1466<li>PDO_PgSQL:
1467<ul>
1468  <li><?php bugfix(78983); ?> (pdo_pgsql config.w32 cannot find libpq-fe.h).</li>
1469  <li><?php bugfix(78980); ?> (pgsqlGetNotify() overlooks dead connection).</li>
1470  <li><?php bugfix(78982); ?> (pdo_pgsql returns dead persistent connection).</li>
1471</ul></li>
1472<li>Session:
1473<ul>
1474  <li><?php bugfix(79091); ?> (heap use-after-free in session_create_id()).</li>
1475  <li><?php bugfix(79031); ?> (Session unserialization problem).</li>
1476</ul></li>
1477<li>Shmop:
1478<ul>
1479  <li><?php bugfix(78538); ?> (shmop memory leak).</li>
1480</ul></li>
1481<li>Sqlite3:
1482<ul>
1483  <li><?php bugfix(79056); ?> (sqlite does not respect PKG_CONFIG_PATH during compilation).</li>
1484</ul></li>
1485<li>Spl:
1486<ul>
1487  <li><?php bugfix(78976); ?> (SplFileObject::fputcsv returns -1 on failure).</li>
1488</ul></li>
1489<li>Standard:
1490<ul>
1491  <li><?php bugfix(79099); ?> (OOB read in php_strip_tags_ex). (CVE-2020-7059)</li>
1492  <li><?php bugfix(79000); ?> (Non-blocking socket stream reports EAGAIN as error).</li>
1493  <li><?php bugfix(54298); ?> (Using empty additional_headers adding extraneous CRLF).</li>
1494</ul></li>
1495</ul>
1496<!-- }}} --></section>
1497
1498
1499<section class="version" id="7.4.1"><!-- {{{ 7.4.1 -->
1500<h3>Version 7.4.1</h3>
1501<b><?php release_date('18-Dec-2019'); ?></b>
1502<ul><li>Bcmath:
1503<ul>
1504  <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).</li>
1505</ul></li>
1506<li>Core:
1507<ul>
1508  <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044).</li>
1509  <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).</li>
1510  <li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049).</li>
1511  <li><?php bugfix(78810); ?> (RW fetches do not throw "uninitialized property" exception).</li>
1512  <li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li>
1513  <li><?php bugfix(78296); ?> (is_file fails to detect file).</li>
1514  <li><?php bugfix(78883); ?> (fgets(STDIN) fails on Windows).</li>
1515  <li><?php bugfix(78898); ?> (call_user_func(['parent', ...]) fails while other succeed).</li>
1516  <li><?php bugfix(78904); ?> (Uninitialized property triggers __get()).</li>
1517  <li><?php bugfix(78926); ?> (Segmentation fault on Symfony cache:clear).</li>
1518</ul></li>
1519<li>GD:
1520<ul>
1521  <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li>
1522  <li><?php bugfix(78923); ?> (Artifacts when convoluting image with transparency).</li>
1523</ul></li>
1524<li>EXIF:
1525<ul>
1526  <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).</li>
1527  <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif). (CVE-2019-11047).</li>
1528</ul></li>
1529<li>FPM:
1530<ul>
1531  <li><?php bugfix(76601); ?> (Partially working php-fpm ater incomplete reload).</li>
1532  <li><?php bugfix(78889); ?> (php-fpm service fails to start).</li>
1533  <li><?php bugfix(78916); ?> (php-fpm 7.4.0 don't send mail via mail()).</li>
1534</ul></li>
1535<li>Intl:
1536<ul>
1537  <li><?php implemented(78912); ?> (INTL Support for accounting format).</li>
1538</ul></li>
1539<li>Mysqlnd:
1540<ul>
1541  <li><?php bugfix(78823); ?> (ZLIB_LIBS not added to EXTRA_LIBS).</li>
1542</ul></li>
1543<li>OPcache:
1544<ul>
1545  <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li>
1546  <li><?php bugfix(78935); ?> (Preloading removes classes that have dependencies).</li>
1547</ul></li>
1548<li>PCRE:
1549<ul>
1550  <li><?php bugfix(78853); ?> (preg_match() may return integer &gt; 1).</li>
1551</ul></li>
1552<li>Reflection:
1553<ul>
1554  <li><?php bugfix(78895); ?> (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).</li>
1555</ul></li>
1556<li>Standard:
1557<ul>
1558  <li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li>
1559  <li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li>
1560  <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li>
1561  <li><?php bugfix(78814); ?> (strip_tags allows / in tag name =&gt; whitelist bypass).</li>
1562</ul></li>
1563</ul>
1564<!-- }}} --></section>
1565
1566
1567<section class="version" id="7.4.0"><!-- {{{ 7.4.0 -->
1568<h3>Version 7.4.0</h3>
1569<b><?php release_date('28-Nov-2019'); ?></b>
1570<ul>
1571<li>Core:
1572  <ul>
1573    <li>Implemented RFC: <a href="https://wiki.php.net/rfc/deprecate_curly_braces_array_access">Deprecate curly brace syntax for accessing array elements and string offsets</a>.</li>
1574    <li>Implemented RFC: <a href="https://wiki.php.net/rfc/deprecations_php_7_4">Deprecations for PHP 7.4</a>.</li>
1575    <li><?php bugfix(52752); ?> (Crash when lexing).</li>
1576    <li><?php bugfix(60677); ?> (CGI doesn't properly validate shebang line contains #!).</li>
1577    <li><?php bugfix(71030); ?> (Self-assignment in list() may have inconsistent behavior).</li>
1578    <li><?php bugfix(72530); ?> (Use After Free in GC with Certain Destructors).</li>
1579    <li><?php bugfix(75921); ?> (Inconsistent: No warning in some cases when stdObj is created on the fly).</li>
1580    <li><?php implemented(76148); ?> (Add array_key_exists() to the list of specially compiled functions).</li>
1581    <li><?php bugfix(76430); ?> (__METHOD__ inconsistent outside of method).</li>
1582    <li><?php bugfix(76451); ?> (Aliases during inheritance type checks affected by opcache).</li>
1583    <li><?php implemented(77230); ?> (Support custom CFLAGS and LDFLAGS from environment).</li>
1584    <li><?php bugfix(77345); ?> (Stack Overflow caused by circular reference in garbage collection).</li>
1585    <li><?php bugfix(77812); ?> (Interactive mode does not support PHP 7.3-style heredoc).</li>
1586    <li><?php bugfix(77877); ?> (call_user_func() passes $this to static methods).</li>
1587    <li><?php bugfix(78066); ?> (PHP eats the first byte of a program that comes from process substitution).</li>
1588    <li><?php bugfix(78151); ?> (Segfault caused by indirect expressions in PHP 7.4a1).</li>
1589    <li><?php bugfix(78154); ?> (SEND_VAR_NO_REF does not always send reference).</li>
1590    <li><?php bugfix(78182); ?> (Segmentation fault during by-reference property assignment).</li>
1591    <li><?php bugfix(78212); ?> (Segfault in built-in webserver).</li>
1592    <li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li>
1593    <li><?php bugfix(78226); ?> (Unexpected __set behavior with typed properties).</li>
1594    <li><?php bugfix(78239); ?> (Deprecation notice during string conversion converted to exception hangs).</li>
1595    <li><?php bugfix(78335); ?> (Static properties/variables containing cycles report as leak).</li>
1596    <li><?php bugfix(78340); ?> (Include of stream wrapper not reading whole file).</li>
1597    <li><?php bugfix(78344); ?> (Segmentation fault on zend_check_protected).</li>
1598    <li><?php bugfix(78356); ?> (Array returned from ArrayAccess is incorrectly unpacked as argument).</li>
1599    <li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li>
1600    <li><?php bugfix(78386); ?> (fstat mode has unexpected value on PHP 7.4).</li>
1601    <li><?php bugfix(78396); ?> (Second file_put_contents in Shutdown hangs script).</li>
1602    <li><?php bugfix(78406); ?> (Broken file includes with user-defined stream filters).</li>
1603    <li><?php bugfix(78438); ?> (Corruption when __unserializing deeply nested structures).</li>
1604    <li><?php bugfix(78441); ?> (Parse error due to heredoc identifier followed by digit).</li>
1605    <li><?php bugfix(78454); ?> (Consecutive numeric separators cause OOM error).</li>
1606    <li><?php bugfix(78460); ?> (PEAR installation failure).</li>
1607    <li><?php bugfix(78531); ?> (Crash when using undefined variable as object).</li>
1608    <li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li>
1609    <li><?php bugfix(78604); ?> (token_get_all() does not properly tokenize FOO&lt;?php with short_open_tag=0).</li>
1610    <li><?php bugfix(78614); ?> (Does not compile with DTRACE anymore).</li>
1611    <li><?php bugfix(78620); ?> (Out of memory error).</li>
1612    <li><?php bugfix(78632); ?> (method_exists() in php74 works differently from php73 in checking priv. methods).</li>
1613    <li><?php bugfix(78644); ?> (SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER).</li>
1614    <li><?php bugfix(78658); ?> (Memory corruption using Closure::bindTo).</li>
1615    <li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li>
1616    <li><?php bugfix(78662); ?> (stream_write bad error detection).</li>
1617    <li><?php bugfix(78768); ?> (redefinition of typedef zend_property_info).</li>
1618    <li><?php bugfix(78788); ?> (./configure generates invalid php_version.h).</li>
1619    <li>Fixed incorrect usage of QM_ASSIGN instruction. It must not return IS_VAR. As a side effect, this allowed passing left hand list() "by reference", instead of compile-time error.</li>
1620  </ul>
1621
1622<li>CLI:
1623  <ul>
1624    <li>The built-in CLI server now reports the request method in log files.</li>
1625  </ul>
1626
1627<li>COM:
1628  <ul>
1629    <li>Deprecated registering of case-insensitive constants from typelibs.</li>
1630    <li><?php bugfix(78650); ?> (new COM Crash).</li>
1631    <li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li>
1632  </ul>
1633
1634<li>CURL:
1635  <ul>
1636    <li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li>
1637    <li><?php implemented(77711); ?> (CURLFile should support UNICODE filenames).</li>
1638    <li>Deprecated CURLPIPE_HTTP1.</li>
1639    <li>Deprecated $version parameter of curl_version().</li>
1640  </ul>
1641
1642<li>Date:
1643  <ul>
1644    <li>Updated timelib to 2018.02.</li>
1645    <li><?php bugfix(69044); ?> (discrepency between time and microtime).</li>
1646    <li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li>
1647    <li><?php bugfix(75232); ?> (print_r of DateTime creating side-effect).</li>
1648    <li><?php bugfix(78383); ?> (Casting a DateTime to array no longer returns its properties).</li>
1649    <li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li>
1650  </ul>
1651
1652<li>Exif:
1653  <ul>
1654    <li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li>
1655    <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li>
1656    <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li>
1657  </ul>
1658
1659<li>Fileinfo:
1660  <ul>
1661    <li><?php bugfix(78075); ?> (finfo_file treats JSON file as text/plain).</li>
1662    <li><?php bugfix(78183); ?> (finfo_file shows wrong mime-type for .tga file).</li>
1663  </ul>
1664
1665<li>Filter:
1666  <ul>
1667    <li>The filter extension no longer has the --with-pcre-dir on Unix builds, allowing the extension to be once more compiled as shared using ./configure.</li>
1668    <li>Added min_range and max_range options for FILTER_VALIDATE_FLOAT.</li>
1669  </ul>
1670
1671<li>FFI:
1672  <ul>
1673    <li>Added FFI extension.</li>
1674    <li><?php bugfix(78488); ?> (OOB in ZEND_FUNCTION(ffi_trampoline)).</li>
1675    <li><?php bugfix(78543); ?> (is_callable() on FFI\CData throws Exception).</li>
1676    <li><?php bugfix(78716); ?> (Function name mangling is wrong for some parameter types).</li>
1677    <li><?php bugfix(78762); ?> (Failing FFI::cast() may leak memory).</li>
1678    <li><?php bugfix(78761); ?> (Zend memory heap corruption with preload and casting).</li>
1679    <li><?php implemented(78270); ?> (Support __vectorcall convention with FFI).</li>
1680    <li>Added missing FFI::isNull().</li>
1681  </ul>
1682
1683<li>FPM:
1684  <ul>
1685    <li><?php implemented(72510); ?> (systemd service should be hardened).</li>
1686    <li><?php bugfix(74083); ?> (master PHP-fpm is stopped on multiple reloads).</li>
1687    <li><?php bugfix(78334); ?> (fpm log prefix message includes wrong stdout/stderr notation).</li>
1688    <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li>
1689  </ul>
1690
1691<li>GD:
1692  <ul>
1693    <li>Implemented the scatter filter (IMG_FILTER_SCATTER).</li>
1694    <li>The bundled libgd behaves now like system libgd wrt. IMG_CROP_DEFAULT never falling back to IMG_CROP_SIDES.</li>
1695    <li>The default $mode parameter of imagecropauto() has been changed to IMG_CROP_DEFAULT; passing -1 is now deprecated.</li>
1696    <li>Added support for aspect ratio preserving scaling to a fixed height for imagescale().</li>
1697    <li>Added TGA read support.</li>
1698    <li><?php bugfix(73291); ?> (imagecropauto() $threshold differs from external libgd).</li>
1699    <li><?php bugfix(76324); ?> (cannot detect recent versions of freetype with pkg-config).</li>
1700    <li><?php bugfix(78314); ?> (missing freetype support/functions with external gd).</li>
1701  </ul>
1702
1703<li>GMP:
1704  <ul>
1705    <li><?php bugfix(78574); ?> (broken shared build).</li>
1706  </ul>
1707
1708<li>Hash:
1709  <ul>
1710    <li>Implemented RFC: <a href="https://wiki.php.net/rfc/permanent_hash_ext">The hash extension is now an integral part of PHP and cannot be disabled</a>.</li>
1711    <li><?php implemented(71890); ?> (crc32c checksum algorithm).</li>
1712  </ul>
1713
1714<li>Iconv:
1715  <ul>
1716    <li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li>
1717    <li><?php bugfix(78642); ?> (Wrong libiconv version displayed).</li>
1718  </ul>
1719
1720<li>Libxml:
1721  <ul>
1722    <li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li>
1723  </ul>
1724
1725<li>InterBase:
1726  <ul>
1727    <li>Unbundled the InterBase extension and moved it to PECL.</li>
1728  </ul>
1729
1730<li>Intl:
1731  <ul>
1732    <li>Raised requirements to ICU ≥ 50.1.</li>
1733    <li>Changed ResourceBundle to implement Countable.</li>
1734    <li>Changed default of $variant parameter of idn_to_ascii() and idn_to_utf8().</li>
1735  </ul>
1736
1737<li>LDAP:
1738  <ul>
1739    <li>Deprecated ldap_control_paged_result_response and ldap_control_paged_result</li>
1740  </ul>
1741
1742<li>LiteSpeed:
1743  <ul>
1744    <li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li>
1745    <li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li>
1746    <li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li>
1747  </ul>
1748
1749<li>MBString:
1750  <ul>
1751    <li><?php bugfix(77907); ?> (mb-functions do not respect default_encoding).</li>
1752    <li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li>
1753    <li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li>
1754  </ul>
1755
1756<li>MySQLi:
1757  <ul>
1758    <li><?php bugfix(67348); ?> (Reading $dbc-&gt;stat modifies $dbc-&gt;affected_rows).</li>
1759    <li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li>
1760    <li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li>
1761    <li><?php bugfix(78213); ?> (Empty row pocket).</li>
1762  </ul>
1763
1764<li>MySQLnd:
1765  <ul>
1766    <li>Fixed connect_attr issues and added the _server_host connection attribute.</li>
1767    <li><?php bugfix(60594); ?> (mysqlnd exposes 160 lines of stats in phpinfo).</li>
1768  </ul>
1769
1770<li>ODBC:
1771  <ul>
1772    <li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li>
1773  </ul>
1774
1775<li>Opcache:
1776  <ul>
1777    <li>Implemented <a href="https://wiki.php.net/rfc/preload">preloading RFC</a>.</li>
1778    <li>Add opcache.preload_user INI directive.</li>
1779    <li>Added new INI directive opcache.cache_id (Windows only).</li>
1780    <li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li>
1781    <li><?php bugfix(78175); ?> (Preloading segfaults at preload time and at runtime).</li>
1782    <li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li>
1783    <li><?php bugfix(78271); ?> (Invalid result of if-else).</li>
1784    <li><?php bugfix(78341); ?> (Failure to detect smart branch in DFA pass).</li>
1785    <li><?php bugfix(78376); ?> (Incorrect preloading of constant static properties).</li>
1786    <li><?php bugfix(78429); ?> (opcache_compile_file(__FILE__); segfaults).</li>
1787    <li><?php bugfix(78512); ?> (Cannot make preload work).</li>
1788    <li><?php bugfix(78514); ?> (Preloading segfaults with inherited typed property).</li>
1789    <li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li>
1790  </ul>
1791
1792<li>OpenSSL:
1793  <ul>
1794    <li>Added TLS 1.3 support to streams including new tlsv1.3 stream.</li>
1795    <li>Added openssl_x509_verify function.</li>
1796    <li>openssl_random_pseudo_bytes() now throws in error conditions.</li>
1797    <li>Changed the default config path (Windows only).</li>
1798    <li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li>
1799    <li><?php bugfix(78391); ?> (Assertion failure in openssl_random_pseudo_bytes).</li>
1800    <li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li>
1801  </ul>
1802
1803<li>Pcntl:
1804  <ul>
1805    <li><?php bugfix(77335); ?> (PHP is preventing SIGALRM from specifying SA_RESTART).</li>
1806  </ul>
1807
1808<li>PCRE:
1809  <ul>
1810    <li><?php implemented(77094); ?> (Support flags in preg_replace_callback).</li>
1811    <li><?php bugfix(72685); ?> (Repeated UTF-8 validation of same string in UTF-8 mode).</li>
1812    <li><?php bugfix(73948); ?> (Preg_match_all should return NULLs on trailing optional capture groups).</li>
1813    <li><?php bugfix(78338); ?> (Array cross-border reading in PCRE).</li>
1814    <li><?php bugfix(78349); ?> (Bundled pcre2 library missing LICENCE file).</li>
1815  </ul>
1816
1817<li>PDO:
1818  <ul>
1819    <li><?php implemented(71885); ?> (Allow escaping question mark placeholders). https://wiki.php.net/rfc/pdo_escape_placeholders</li>
1820    <li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li>
1821    <li><?php implemented(78033); ?> (PDO - support username and password specified in DSN).</li>
1822  </ul>
1823
1824<li>PDO_Firebird:
1825  <ul>
1826    <li><?php implemented(65690); ?> (PDO_Firebird should also support dialect 1).</li>
1827    <li><?php implemented(77863); ?> (PDO firebird support type Boolean in input parameters).</li>
1828  </ul>
1829
1830<li>PDO_MySQL:
1831  <ul>
1832    <li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li>
1833    <li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li>
1834  </ul>
1835
1836<li>PDO_OCI:
1837  <ul>
1838    <li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li>
1839    <li><?php implemented(76908); ?> (PDO_OCI getColumnMeta() not implemented).</li>
1840  </ul>
1841
1842<li>PDO_SQLite:
1843  <ul>
1844    <li>Implemented sqlite_stmt_readonly in PDO_SQLite.</li>
1845    <li>Raised requirements to SQLite 3.5.0.</li>
1846    <li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li>
1847    <li><?php bugfix(78348); ?> (Remove -lrt from pdo_sqlite.so).</li>
1848  </ul>
1849
1850<li>Phar:
1851  <ul>
1852    <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li>
1853  </ul>
1854
1855<li>phpdbg:
1856  <ul>
1857    <li><?php bugfix(76596); ?> (phpdbg support for display_errors=stderr).</li>
1858    <li><?php bugfix(76801); ?> (too many open files).</li>
1859    <li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li>
1860    <li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li>
1861  </ul>
1862
1863<li>Recode:
1864  <ul>
1865    <li>Unbundled the recode extension.</li>
1866  </ul>
1867
1868<li>Reflection:
1869  <ul>
1870    <li><?php bugfix(76737); ?> (Unserialized reflection objects are broken, they shouldn't be serializable).</li>
1871    <li><?php bugfix(78263); ?> (\ReflectionReference::fromArrayElement() returns null while item is a reference).</li>
1872    <li><?php bugfix(78410); ?> (Cannot "manually" unserialize class that is final and extends an internal one).</li>
1873    <li><?php bugfix(78697); ?> (ReflectionClass::implementsInterface - inaccurate error message with traits).</li>
1874    <li><?php bugfix(78774); ?> (ReflectionNamedType on Typed Properties Crash).</li>
1875  </ul>
1876
1877<li>Session:
1878  <ul>
1879    <li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li>
1880  </ul>
1881
1882<li>SimpleXML:
1883  <ul>
1884    <li><?php implemented(65215); ?> (SimpleXMLElement could register as implementing Countable).</li>
1885    <li><?php bugfix(75245); ?> (Don't set content of elements with only whitespaces).</li>
1886  </ul>
1887
1888<li>Sockets:
1889  <ul>
1890    <li><?php bugfix(67619); ?> (Validate length on socket_write).</li>
1891    <li><?php bugfix(78665); ?> (Multicasting may leak memory).</li>
1892  </ul>
1893
1894<li>sodium:
1895  <ul>
1896    <li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li>
1897    <li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li>
1898    <li><?php bugfix(78516); ?> (password_hash(): Memory cost is not in allowed range).</li>
1899  </ul>
1900
1901<li>SPL:
1902  <ul>
1903    <li><?php bugfix(77518); ?> (SeekableIterator::seek() should accept 'int' typehint as documented).</li>
1904    <li><?php bugfix(78409); ?> (Segfault when creating instance of ArrayIterator without constructor).</li>
1905    <li><?php bugfix(78436); ?> (Missing addref in SplPriorityQueue EXTR_BOTH mode).</li>
1906    <li><?php bugfix(78456); ?> (Segfault when serializing SplDoublyLinkedList).</li>
1907  </ul>
1908
1909<li>SQLite3:
1910  <ul>
1911    <li>Unbundled libsqlite.</li>
1912    <li>Raised requirements to SQLite 3.7.4.</li>
1913    <li>Forbid (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result.</li>
1914    <li>Added support for the SQLite @name notation.</li>
1915    <li>Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement.</li>
1916    <li><?php implemented(70950); ?> (Make SQLite3 Online Backup API available).</li>
1917  </ul>
1918
1919<li>Standard:
1920  <ul>
1921    <li>Implemented RFC <a href="https://wiki.php.net/rfc/password_registry">password hashing registry</a>.</li>
1922    <li>Implemented RFC where password_hash() has <a href="https://wiki.php.net/rfc/sodium.argon.hash">argon2i(d) implementations</a> from ext/sodium when PHP is built without libargon.</li>
1923    <li><?php implemented(38301); ?> (field enclosure behavior in fputcsv).</li>
1924    <li><?php implemented(51496); ?> (fgetcsv should take empty string as an escape).</li>
1925    <li><?php bugfix(73535); ?> (php_sockop_write() returns 0 on error, can be used to trigger Denial of Service).</li>
1926    <li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li>
1927    <li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li>
1928    <li><?php implemented(77377); ?> (No way to handle CTRL+C in Windows).</li>
1929    <li><?php bugfix(77930); ?> (stream_copy_to_stream should use mmap more often).</li>
1930    <li><?php implemented(78177); ?> (Make proc_open accept command array).</li>
1931    <li><?php bugfix(78208); ?> (password_needs_rehash() with an unknown algo should always return true).</li>
1932    <li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li>
1933    <li><?php bugfix(78282); ?> (atime and mtime mismatch).</li>
1934    <li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li>
1935    <li><?php bugfix(78346); ?> (strip_tags no longer handling nested php tags).</li>
1936    <li><?php bugfix(78506); ?> (Error in a php_user_filter::filter() is not reported).</li>
1937    <li><?php bugfix(78549); ?> (Stack overflow due to nested serialized input).</li>
1938    <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li>
1939  </ul>
1940
1941<li>Testing:
1942  <ul>
1943    <li><?php bugfix(78684); ?> (PCRE bug72463_2 test is sending emails on Linux).</li>
1944  </ul>
1945
1946<li>Tidy:
1947  <ul>
1948    <li>Added TIDY_TAG_* constants for HTML5 elements.</li>
1949    <li><?php bugfix(76736); ?> (wrong reflection for tidy_get_head, tidy_get_html, tidy_get_root, and tidy_getopt)</li>
1950  </ul>
1951
1952<li>WDDX:
1953  <ul>
1954    <li>Deprecated and unbundled the WDDX extension.</li>
1955  </ul>
1956
1957<li>Zip:
1958  <ul>
1959    <li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li>
1960  </ul>
1961</ul>
1962
1963<!-- }}} --></section>
1964
1965<a id="PHP_7_3"></a>
1966
1967<section class="version" id="7.3.33"><!-- {{{ 7.3.33 -->
1968<h3>Version 7.3.33</h3>
1969<b><?php release_date('18-Nov-2021'); ?></b>
1970<ul><li>XML:
1971<ul>
1972  <li><?php bugfix(79971); ?> (special character is breaking the path in xml function). (CVE-2021-21707)</li>
1973</ul></li>
1974</ul>
1975<!-- }}} --></section>
1976
1977
1978
1979<section class="version" id="7.3.32"><!-- {{{ 7.3.32 -->
1980<h3>Version 7.3.32</h3>
1981<b><?php release_date('28-Oct-2021'); ?></b>
1982<ul><li>FPM:
1983<ul>
1984  <li><?php bugfix(81026); ?> (PHP-FPM oob R/W in root process leading to privilege escalation). (CVE-2021-21703)</li>
1985</ul></li>
1986</ul>
1987<!-- }}} --></section>
1988
1989
1990
1991<section class="version" id="7.3.31"><!-- {{{ 7.3.31 -->
1992<h3>Version 7.3.31</h3>
1993<b><?php release_date('23-Sep-2021'); ?></b>
1994<ul><li>Zip:
1995<ul>
1996  <li><?php bugfix(81420); ?> (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)</li>
1997</ul></li>
1998</ul>
1999<!-- }}} --></section>
2000
2001
2002
2003<section class="version" id="7.3.30"><!-- {{{ 7.3.30 -->
2004<h3>Version 7.3.30</h3>
2005<b><?php release_date('26-Aug-2021'); ?></b>
2006<ul><li>Phar:
2007<ul>
2008  <li><?php bugfix(81211); ?>: Symlinks are followed when creating PHAR archive.</li>
2009</ul></li>
2010</ul>
2011<!-- }}} --></section>
2012
2013
2014
2015<section class="version" id="7.3.29"><!-- {{{ 7.3.29 -->
2016<h3>Version 7.3.29</h3>
2017<b><?php release_date('01-Jul-2021'); ?></b>
2018<ul><li>Core:
2019<ul>
2020  <li><?php bugfix(81122); ?>: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)</li>
2021</ul></li>
2022<li>PDO_Firebird:
2023<ul>
2024  <li><?php bugfix(76448); ?>: Stack buffer overflow in firebird_info_cb. (CVE-2021-21704)</li>
2025  <li><?php bugfix(76449); ?>: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)</li>
2026  <li><?php bugfix(76450); ?>: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)</li>
2027  <li><?php bugfix(76452); ?>: Crash while parsing blob data in firebird_fetch_blob. (CVE-2021-21704)</li>
2028</ul></li>
2029</ul>
2030<!-- }}} --></section>
2031
2032
2033
2034<section class="version" id="7.3.28"><!-- {{{ 7.3.28 -->
2035<h3>Version 7.3.28</h3>
2036<b><?php release_date('29-Apr-2021'); ?></b>
2037<ul><li>Imap:
2038<ul>
2039  <li><?php bugfix(80710); ?> (imap_mail_compose() header injection).</li>
2040</ul></li>
2041</ul>
2042<!-- }}} --></section>
2043
2044
2045
2046<section class="version" id="7.3.27"><!-- {{{ 7.3.27 -->
2047<h3>Version 7.3.27</h3>
2048<b><?php release_date('04-Feb-2021'); ?></b>
2049<ul><li>SOAP:
2050<ul>
2051  <li><?php bugfix(80672); ?> (Null Dereference in SoapClient). (CVE-2021-21702)</li>
2052</ul></li>
2053</ul>
2054<!-- }}} --></section>
2055
2056
2057
2058<section class="version" id="7.3.26"><!-- {{{ 7.3.26 -->
2059<h3>Version 7.3.26</h3>
2060<b><?php release_date('07-Jan-2021'); ?></b>
2061<ul><li>Standard:
2062<ul>
2063  <li><?php bugfix(77423); ?> (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</li>
2064  <li><?php bugfix(80457); ?> (stream_get_contents() fails with maxlength=-1 or default).</li>
2065</ul></li>
2066</ul>
2067<!-- }}} --></section>
2068
2069
2070
2071<section class="version" id="7.3.25"><!-- {{{ 7.3.25 -->
2072<h3>Version 7.3.25</h3>
2073<b><?php release_date('26-Nov-2020'); ?></b>
2074<ul><li>Core:
2075<ul>
2076  <li><?php bugfix(80280); ?> (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).</li>
2077  <li><?php bugfix(80258); ?> (Windows Deduplication Enabled, randon permission errors).</li>
2078</ul></li>
2079<li>COM:
2080<ul>
2081  <li><?php bugfix(62474); ?> (com_event_sink crashes on certain arguments).</li>
2082</ul></li>
2083<li>DOM:
2084<ul>
2085  <li><?php bugfix(80268); ?> (loadHTML() truncates at NUL bytes).</li>
2086</ul></li>
2087<li>IMAP:
2088<ul>
2089  <li><?php bugfix(64076); ?> (imap_sort() does not return FALSE on failure).</li>
2090  <li><?php bugfix(76618); ?> (segfault on imap_reopen).</li>
2091  <li><?php bugfix(80239); ?> (imap_rfc822_write_address() leaks memory).</li>
2092  <li>Fixed minor regression caused by fixing bug <?php bugl(80220); ?>.</li>
2093  <li><?php bugfix(80242); ?> (imap_mail_compose() segfaults for multipart with rfc822).</li>
2094</ul></li>
2095<li>Intl:
2096<ul>
2097  <li><?php bugfix(80310); ?> (ext-intl with icu4c 68.1: use of undeclared identifier 'TRUE').</li>
2098</ul></li>
2099<li>ODBC:
2100<ul>
2101  <li><?php bugfix(44618); ?> (Fetching may rely on uninitialized data).</li>
2102</ul></li>
2103<li>SNMP:
2104<ul>
2105  <li><?php bugfix(70461); ?> (disable md5 code when it is not supported in net-snmp).</li>
2106</ul></li>
2107<li>Standard:
2108<ul>
2109  <li><?php bugfix(80266); ?> (parse_url silently drops port number 0).</li>
2110</ul></li>
2111</ul>
2112<!-- }}} --></section>
2113
2114
2115
2116<section class="version" id="7.3.24"><!-- {{{ 7.3.24 -->
2117<h3>Version 7.3.24</h3>
2118<b><?php release_date('29-Oct-2020'); ?></b>
2119<ul><li>Core:
2120<ul>
2121  <li><?php bugfix(79423); ?> (copy command is limited to size of file it can copy).</li>
2122</ul></li>
2123<li>Calendar:
2124<ul>
2125  <li><?php bugfix(80185); ?> (jdtounix() fails after 2037).</li>
2126</ul></li>
2127<li>IMAP:
2128<ul>
2129  <li><?php bugfix(80213); ?> (imap_mail_compose() segfaults on certain $bodies).</li>
2130  <li><?php bugfix(80215); ?> (imap_mail_compose() may modify by-val parameters).</li>
2131  <li><?php bugfix(80220); ?> (imap_mail_compose() may leak memory).</li>
2132  <li><?php bugfix(80223); ?> (imap_mail_compose() leaks envelope on malformed bodies).</li>
2133  <li><?php bugfix(80216); ?> (imap_mail_compose() does not validate types/encodings).</li>
2134  <li><?php bugfix(80226); ?> (imap_sort() leaks sortpgm memory).</li>
2135</ul></li>
2136<li>MySQLnd:
2137<ul>
2138  <li><?php bugfix(80115); ?> (mysqlnd.debug doesn't recognize absolute paths with slashes).</li>
2139  <li><?php bugfix(80107); ?> (mysqli_query() fails for ~16 MB long query when compression is enabled).</li>
2140</ul></li>
2141<li>ODBC:
2142<ul>
2143  <li><?php bugfix(78470); ?> (odbc_specialcolumns() no longer accepts $nullable).</li>
2144  <li><?php bugfix(80147); ?> (BINARY strings may not be properly zero-terminated).</li>
2145  <li><?php bugfix(80150); ?> (Failure to fetch error message).</li>
2146  <li><?php bugfix(80152); ?> (odbc_execute() moves internal pointer of $params).</li>
2147  <li><?php bugfix(46050); ?> (odbc_next_result corrupts prepared resource).</li>
2148</ul></li>
2149<li>OPcache:
2150<ul>
2151  <li><?php bugfix(80083); ?> (Optimizer pass 6 removes variables used for ibm_db2 data binding).</li>
2152</ul></li>
2153<li>PDO_ODBC:
2154<ul>
2155  <li><?php bugfix(67465); ?> (NULL Pointer dereference in odbc_handle_preparer).</li>
2156</ul></li>
2157<li>Standard:
2158<ul>
2159  <li><?php bugfix(80114); ?> (parse_url does not accept URLs with port 0).</li>
2160  <li><?php bugfix(76943); ?> (Inconsistent stream_wrapper_restore() errors).</li>
2161  <li><?php bugfix(76735); ?> (Incorrect message in fopen on invalid mode).</li>
2162</ul></li>
2163<li>Tidy:
2164<ul>
2165  <li><?php bugfix(77040); ?> (tidyNode::isHtml() is completely broken).</li>
2166</ul></li>
2167</ul>
2168<!-- }}} --></section>
2169
2170
2171
2172<section class="version" id="7.3.23"><!-- {{{ 7.3.23 -->
2173<h3>Version 7.3.23</h3>
2174<b><?php release_date('01-Oct-2020'); ?></b>
2175<ul><li>Core:
2176<ul>
2177  <li><?php bugfix(80048); ?> (Bug <?php bugl(69100); ?> has not been fixed for Windows).</li>
2178  <li><?php bugfix(80049); ?> (Memleak when coercing integers to string via variadic argument).</li>
2179  <li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li>
2180</ul></li>
2181<li>Calendar:
2182<ul>
2183  <li><?php bugfix(80007); ?> (Potential type confusion in unixtojd() parameter parsing).</li>
2184</ul></li>
2185<li>COM:
2186<ul>
2187  <li><?php bugfix(64130); ?> (COM obj parameters passed by reference are not updated).</li>
2188</ul></li>
2189<li>OPcache:
2190<ul>
2191  <li><?php bugfix(80002); ?> (calc free space for new interned string is wrong).</li>
2192  <li><?php bugfix(79825); ?> (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).</li>
2193</ul></li>
2194<li>OpenSSL:
2195<ul>
2196  <li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li>
2197</ul></li>
2198<li>PDO:
2199<ul>
2200  <li><?php bugfix(80027); ?> (Terrible performance using $query-&gt;fetch on queries with many bind parameters).</li>
2201</ul></li>
2202<li>SOAP:
2203<ul>
2204  <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li>
2205</ul></li>
2206<li>Standard:
2207<ul>
2208  <li><?php bugfix(79986); ?> (str_ireplace bug with diacritics characters).</li>
2209  <li><?php bugfix(80077); ?> (getmxrr test bug).</li>
2210  <li><?php bugfix(72941); ?> (Modifying bucket-&gt;data by-ref has no effect any longer).</li>
2211  <li><?php bugfix(80067); ?> (Omitting the port in bindto setting errors).</li>
2212</ul></li>
2213</ul>
2214<!-- }}} --></section>
2215
2216
2217
2218<section class="version" id="7.3.22"><!-- {{{ 7.3.22 -->
2219<h3>Version 7.3.22</h3>
2220<b><?php release_date('03-Sep-2020'); ?></b>
2221<ul><li>Core:
2222<ul>
2223  <li><?php bugfix(79884); ?> (PHP_CONFIG_FILE_PATH is meaningless).</li>
2224  <li><?php bugfix(77932); ?> (File extensions are case-sensitive).</li>
2225  <li><?php bugfix(79806); ?> (realpath() erroneously resolves link to link).</li>
2226  <li><?php bugfix(79895); ?> (PHP_CHECK_GCC_ARG does not allow flags with equal sign).</li>
2227  <li><?php bugfix(79919); ?> (Stack use-after-scope in define()).</li>
2228  <li><?php bugfix(79934); ?> (CRLF-only line in heredoc causes parsing error).</li>
2229</ul></li>
2230<li>COM:
2231<ul>
2232  <li><?php bugfix(48585); ?> (com_load_typelib holds reference, fails on second call).</li>
2233</ul></li>
2234<li>Exif:
2235<ul>
2236  <li><?php bugfix(75785); ?> (Many errors from exif_read_data).</li>
2237</ul></li>
2238<li>Gettext:
2239<ul>
2240  <li><?php bugfix(70574); ?> (Tests fail due to relying on Linux fallback behavior for gettext()).</li>
2241</ul></li>
2242<li>LDAP:
2243<ul>
2244  <li>Fixed memory leaks.</li>
2245</ul></li>
2246<li>OPcache:
2247<ul>
2248  <li><?php bugfix(73060); ?> (php failed with error after temp folder cleaned up).</li>
2249</ul></li>
2250<li>PDO:
2251<ul>
2252  <li><?php bugfix(64705); ?> (errorInfo property of PDOException is null when PDO::__construct() fails).</li>
2253</ul></li>
2254<li>Standard:
2255<ul>
2256  <li><?php bugfix(79930); ?> (array_merge_recursive() crashes when called with array with single reference).</li>
2257  <li><?php bugfix(79944); ?> (getmxrr always returns true on Alpine linux).</li>
2258  <li><?php bugfix(79951); ?> (Memory leak in str_replace of empty string).</li>
2259</ul></li>
2260<li>XML:
2261<ul>
2262  <li><?php bugfix(79922); ?> (Crash after multiple calls to xml_parser_free()).</li>
2263</ul></li>
2264</ul>
2265<!-- }}} --></section>
2266
2267
2268
2269<section class="version" id="7.3.21"><!-- {{{ 7.3.21 -->
2270<h3>Version 7.3.21</h3>
2271<b><?php release_date('06-Aug-2020'); ?></b>
2272<ul><li>Apache:
2273<ul>
2274  <li><?php bugfix(79030); ?> (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).</li>
2275</ul></li>
2276<li>Core:
2277<ul>
2278  <li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte).</li>
2279  <li><?php bugfix(79778); ?> (Assertion failure if dumping closure with unresolved static variable).</li>
2280  <li><?php bugfix(79792); ?> (HT iterators not removed if empty array is destroyed).</li>
2281</ul></li>
2282<li>COM:
2283<ul>
2284  <li><?php bugfix(63208); ?> (BSTR to PHP string conversion not binary safe).</li>
2285  <li><?php bugfix(63527); ?> (DCOM does not work with Username, Password parameter).</li>
2286</ul></li>
2287<li>Curl:
2288<ul>
2289  <li><?php bugfix(79741); ?> (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties).</li>
2290</ul></li>
2291<li>Fileinfo:
2292<ul>
2293  <li><?php bugfix(79756); ?> (finfo_file crash (FILEINFO_MIME)).</li>
2294</ul></li>
2295<li>FTP:
2296<ul>
2297  <li><?php bugfix(55857); ?> (ftp_size on large files).</li>
2298</ul></li>
2299<li>Mbstring:
2300<ul>
2301  <li><?php bugfix(79787); ?> (mb_strimwidth does not trim string).</li>
2302</ul></li>
2303<li>Phar:
2304<ul>
2305  <li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li>
2306</ul></li>
2307<li>Standard:
2308<ul>
2309  <li><?php bugfix(70362); ?> (Can't copy() large 'data://' with open_basedir).</li>
2310  <li><?php bugfix(79817); ?> (str_replace() does not handle INDIRECT elements).</li>
2311  <li><?php bugfix(78008); ?> (dns_check_record() always return true on Alpine).</li>
2312</ul></li>
2313</ul>
2314<!-- }}} --></section>
2315
2316
2317
2318<section class="version" id="7.3.20"><!-- {{{ 7.3.20 -->
2319<h3>Version 7.3.20</h3>
2320<b><?php release_date('09-Jul-2020'); ?></b>
2321<ul><li>Core:
2322<ul>
2323  <li><?php bugfix(79650); ?> (php-win.exe 100% cpu lockup).</li>
2324  <li><?php bugfix(79668); ?> (get_defined_functions(true) may miss functions).</li>
2325  <li>Fixed possibly unsupported timercmp() usage.</li>
2326</ul></li>
2327<li>Exif:
2328<ul>
2329  <li><?php bugfix(79687); ?> (Sony picture - PHP Warning - Make, Model, MakerNotes).</li>
2330</ul></li>
2331<li>Filter:
2332<ul>
2333  <li><?php bugfix(73527); ?> (Invalid memory access in php_filter_strip).</li>
2334</ul></li>
2335<li>GD:
2336<ul>
2337  <li><?php bugfix(79676); ?> (imagescale adds black border with IMG_BICUBIC).</li>
2338</ul></li>
2339<li>OpenSSL:
2340<ul>
2341  <li><?php bugfix(62890); ?> (default_socket_timeout=-1 causes connection to timeout).</li>
2342</ul></li>
2343<li>PDO SQLite:
2344<ul>
2345  <li><?php bugfix(79664); ?> (PDOStatement::getColumnMeta fails on empty result set).</li>
2346</ul></li>
2347<li>SPL:
2348<ul>
2349  <li><?php bugfix(79710); ?> (Reproducible segfault in error_handler during GC involved an SplFileObject).</li>
2350</ul></li>
2351<li>Standard:
2352<ul>
2353  <li><?php bugfix(74267); ?> (segfault with streams and invalid data).</li>
2354</ul></li>
2355</ul>
2356<!-- }}} --></section>
2357
2358
2359
2360<section class="version" id="7.3.19"><!-- {{{ 7.3.19 -->
2361<h3>Version 7.3.19</h3>
2362<b><?php release_date('11-Jun-2020'); ?></b>
2363<ul><li>Core:
2364<ul>
2365  <li><?php bugfix(79566); ?> (Private SHM is not private on Windows).</li>
2366  <li><?php bugfix(79489); ?> (.user.ini does not inherit).</li>
2367</ul></li>
2368<li>GD:
2369<ul>
2370  <li><?php bugfix(79615); ?> (Wrong GIF header written in GD GIFEncode).</li>
2371</ul></li>
2372<li>MySQLnd:
2373<ul>
2374  <li><?php bugfix(79596); ?> (MySQL FLOAT truncates to int some locales).</li>
2375</ul></li>
2376<li>Opcache:
2377<ul>
2378  <li><?php bugfix(79535); ?> (PHP crashes with specific opcache.optimization_level).</li>
2379  <li><?php bugfix(79588); ?> (Boolean opcache settings ignore on/off values).</li>
2380</ul></li>
2381<li>Standard:
2382<ul>
2383  <li><?php bugfix(79561); ?> (dns_get_record() fails with DNS_ALL).</li>
2384</ul></li>
2385</ul>
2386<!-- }}} --></section>
2387
2388
2389
2390<section class="version" id="7.3.18"><!-- {{{ 7.3.18 -->
2391<h3>Version 7.3.18</h3>
2392<b><?php release_date('14-May-2020'); ?></b>
2393<ul><li>Core:
2394<ul>
2395  <li><?php bugfix(78875); ?> (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)</li>
2396  <li><?php bugfix(78876); ?> (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)</li>
2397  <li><?php bugfix(79434); ?> (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).</li>
2398  <li><?php bugfix(79477); ?> (casting object into array creates references).</li>
2399  <li><?php bugfix(79470); ?> (PHP incompatible with 3rd party file system on demand).</li>
2400  <li><?php bugfix(78784); ?> (Unable to interact with files inside a VFS for Git repository).</li>
2401</ul></li>
2402<li>DOM:
2403<ul>
2404  <li><?php bugfix(78221); ?> (DOMNode::normalize() doesn't remove empty text nodes).</li>
2405</ul></li>
2406<li>FCGI:
2407<ul>
2408  <li><?php bugfix(79491); ?> (Search for .user.ini extends up to root dir).</li>
2409</ul></li>
2410<li>MBString:
2411<ul>
2412  <li><?php bugfix(79441); ?> (Segfault in mb_chr() if internal encoding is unsupported).</li>
2413</ul></li>
2414<li>OpenSSL:
2415<ul>
2416  <li><?php bugfix(79497); ?> (stream_socket_client() throws an unknown error sometimes with &lt;1s timeout).</li>
2417</ul></li>
2418<li>Phar:
2419<ul>
2420  <li><?php bugfix(79503); ?> (Memory leak on duplicate metadata).</li>
2421</ul></li>
2422<li>SimpleXML:
2423<ul>
2424  <li><?php bugfix(79528); ?> (Different object of the same xml between 7.4.5 and 7.4.4).</li>
2425</ul></li>
2426<li>Standard:
2427<ul>
2428  <li><?php bugfix(79468); ?> (SIGSEGV when closing stream handle with a stream filter appended).</li>
2429</ul></li>
2430</ul>
2431<!-- }}} --></section>
2432
2433
2434
2435<section class="version" id="7.3.17"><!-- {{{ 7.3.17 -->
2436<h3>Version 7.3.17</h3>
2437<b><?php release_date('16-Apr-2020'); ?></b>
2438<ul><li>Core:
2439<ul>
2440  <li><?php bugfix(79364); ?> (When copy empty array, next key is unspecified).</li>
2441  <li><?php bugfix(78210); ?> (Invalid pointer address).</li>
2442</ul></li>
2443<li>CURL:
2444<ul>
2445  <li><?php bugfix(79199); ?> (curl_copy_handle() memory leak).</li>
2446</ul></li>
2447<li>Date:
2448<ul>
2449  <li><?php bugfix(79396); ?> (DateTime hour incorrect during DST jump forward).</li>
2450</ul></li>
2451<li>Iconv:
2452<ul>
2453  <li><?php bugfix(79200); ?> (Some iconv functions cut Windows-1258).</li>
2454</ul></li>
2455<li>OPcache:
2456<ul>
2457  <li><?php bugfix(79412); ?> (Opcache chokes and uses 100% CPU on specific script).</li>
2458</ul></li>
2459<li>Session:
2460<ul>
2461  <li><?php bugfix(79413); ?> (session_create_id() fails for active sessions).</li>
2462</ul></li>
2463<li>Shmop:
2464<ul>
2465  <li><?php bugfix(79427); ?> (Integer Overflow in shmop_open()).</li>
2466</ul></li>
2467<li>SimpleXML:
2468<ul>
2469  <li><?php bugfix(61597); ?> (SXE properties may lack attributes and content).</li>
2470</ul></li>
2471<li>Spl:
2472<ul>
2473  <li><?php bugfix(75673); ?> (SplStack::unserialize() behavior).</li>
2474  <li><?php bugfix(79393); ?> (Null coalescing operator failing with SplFixedArray).</li>
2475</ul></li>
2476<li>Standard:
2477<ul>
2478  <li><?php bugfix(79330); ?> (shell_exec() silently truncates after a null byte).</li>
2479  <li><?php bugfix(79465); ?> (OOB Read in urldecode()). (CVE-2020-7067)</li>
2480  <li><?php bugfix(79410); ?> (system() swallows last chunk if it is exactly 4095 bytes without newline).</li>
2481</ul></li>
2482<li>Zip:
2483<ul>
2484  <li><?php bugfix(79296); ?> (ZipArchive::open fails on empty file).</li>
2485  <li><?php bugfix(79424); ?> (php_zip_glob uses gl_pathc after call to globfree).</li>
2486</ul></li>
2487</ul>
2488<!-- }}} --></section>
2489
2490
2491
2492<section class="version" id="7.3.16"><!-- {{{ 7.3.16 -->
2493<h3>Version 7.3.16</h3>
2494<b><?php release_date('19-Mar-2020'); ?></b>
2495<ul><li>Core:
2496<ul>
2497  <li><?php bugfix(63206); ?> (restore_error_handler does not restore previous errors mask).</li>
2498</ul></li>
2499<li>COM:
2500<ul>
2501  <li><?php bugfix(66322); ?> (COMPersistHelper::SaveToFile can save to wrong location).</li>
2502  <li><?php bugfix(79242); ?> (COM error constants don't match com_exception codes on x86).</li>
2503  <li><?php bugfix(79248); ?> (Traversing empty VT_ARRAY throws com_exception).</li>
2504  <li><?php bugfix(79299); ?> (com_print_typeinfo prints duplicate variables).</li>
2505  <li><?php bugfix(79332); ?> (php_istreams are never freed).</li>
2506  <li><?php bugfix(79333); ?> (com_print_typeinfo() leaks memory).</li>
2507</ul></li>
2508<li>DOM:
2509<ul>
2510  <li><?php bugfix(77569); ?>: (Write Access Violation in DomImplementation).</li>
2511  <li><?php bugfix(79271); ?> (DOMDocumentType::$childNodes is NULL).</li>
2512</ul></li>
2513<li>Enchant:
2514<ul>
2515  <li><?php bugfix(79311); ?> (enchant_dict_suggest() fails on big endian architecture).</li>
2516</ul></li>
2517<li>EXIF:
2518<ul>
2519  <li><?php bugfix(79282); ?> (Use-of-uninitialized-value in exif). (CVE-2020-7064)</li>
2520</ul></li>
2521<li>MBstring:
2522<ul>
2523  <li><?php bugfix(79371); ?> (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)</li>
2524</ul></li>
2525<li>MySQLi:
2526<ul>
2527  <li><?php bugfix(64032); ?> (mysqli reports different client_version).</li>
2528</ul></li>
2529<li>PCRE:
2530<ul>
2531  <li><?php bugfix(79188); ?> (Memory corruption in preg_replace/preg_replace_callback and unicode).</li>
2532</ul></li>
2533<li>PDO_ODBC:
2534<ul>
2535  <li><?php bugfix(79038); ?> (PDOStatement::nextRowset() leaks column values).</li>
2536</ul></li>
2537<li>Reflection:
2538<ul>
2539  <li><?php bugfix(79062); ?> (Property with heredoc default value returns false for getDocComment).</li>
2540</ul></li>
2541<li>SQLite3:
2542<ul>
2543  <li><?php bugfix(79294); ?> (::columnType() may fail after SQLite3Stmt::reset()).</li>
2544</ul></li>
2545<li>Standard:
2546<ul>
2547  <li><?php bugfix(79329); ?> (get_headers() silently truncates after a null byte). (CVE-2020-7066)</li>
2548  <li><?php bugfix(79254); ?> (getenv() w/o arguments not showing changes).</li>
2549  <li><?php bugfix(79265); ?> (Improper injection of Host header when using fopen for http requests).</li>
2550</ul></li>
2551</ul>
2552<!-- }}} --></section>
2553
2554
2555
2556<section class="version" id="7.3.15"><!-- {{{ 7.3.15 -->
2557<h3>Version 7.3.15</h3>
2558<b><?php release_date('20-Feb-2020'); ?></b>
2559<ul><li>Core:
2560<ul>
2561  <li><?php bugfix(71876); ?> (Memory corruption htmlspecialchars(): charset `*' not supported).</li>
2562  <li><?php bugfix(79146); ?> (cscript can fail to run on some systems).</li>
2563  <li><?php bugfix(78323); ?> (Code 0 is returned on invalid options).</li>
2564  <li><?php bugfix(76047); ?> (Use-after-free when accessing already destructed backtrace arguments).</li>
2565</ul></li>
2566<li>CURL:
2567<ul>
2568  <li><?php bugfix(79078); ?> (Hypothetical use-after-free in curl_multi_add_handle()).</li>
2569</ul></li>
2570<li>Intl:
2571<ul>
2572  <li><?php bugfix(79212); ?> (NumberFormatter::format() may detect wrong type).</li>
2573</ul></li>
2574<li>Libxml:
2575<ul>
2576  <li><?php bugfix(79191); ?> (Error in SoapClient ctor disables DOMDocument::save()).</li>
2577</ul></li>
2578<li>MBString:
2579<ul>
2580  <li><?php bugfix(79154); ?> (mb_convert_encoding() can modify $from_encoding).</li>
2581</ul></li>
2582<li>MySQLnd:
2583<ul>
2584  <li><?php bugfix(79084); ?> (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).</li>
2585</ul></li>
2586<li>OpenSSL:
2587<ul>
2588  <li><?php bugfix(79145); ?> (openssl memory leak).</li>
2589</ul></li>
2590<li>Phar:
2591<ul>
2592  <li><?php bugfix(79082); ?> (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)</li>
2593  <li><?php bugfix(79171); ?> (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)</li>
2594  <li><?php bugfix(76584); ?> (PharFileInfo::decompress not working).</li>
2595</ul></li>
2596<li>Reflection:
2597<ul>
2598  <li><?php bugfix(79115); ?> (ReflectionClass::isCloneable call reflected class __destruct).</li>
2599</ul></li>
2600<li>Session:
2601<ul>
2602  <li><?php bugfix(79221); ?> (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)</li>
2603</ul></li>
2604<li>SPL:
2605<ul>
2606  <li><?php bugfix(79151); ?> (heap use after free caused by spl_dllist_it_helper_move_forward).</li>
2607</ul></li>
2608<li>Standard:
2609<ul>
2610  <li><?php bugfix(78902); ?> (Memory leak when using stream_filter_append).</li>
2611</ul></li>
2612<li>Testing:
2613<ul>
2614  <li><?php bugfix(78090); ?> (bug45161.phpt takes forever to finish).</li>
2615</ul></li>
2616<li>XSL:
2617<ul>
2618  <li><?php bugfix(70078); ?> (XSL callbacks with nodes as parameter leak memory).</li>
2619</ul></li>
2620</ul>
2621<!-- }}} --></section>
2622
2623
2624
2625<section class="version" id="7.3.14"><!-- {{{ 7.3.14 -->
2626<h3>Version 7.3.14</h3>
2627<b><?php release_date('23-Jan-2020'); ?></b>
2628<ul><li>Core:
2629<ul>
2630  <li><?php bugfix(78999); ?> (Cycle leak when using function result as temporary).</li>
2631</ul></li>
2632<li>CURL:
2633<ul>
2634  <li><?php bugfix(79033); ?> (Curl timeout error with specific url and post).</li>
2635</ul></li>
2636<li>Date:
2637<ul>
2638  <li><?php bugfix(79015); ?> (undefined-behavior in php_date.c).</li>
2639</ul></li>
2640<li>DBA:
2641<ul>
2642  <li><?php bugfix(78808); ?> ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).</li>
2643</ul></li>
2644<li>Fileinfo:
2645<ul>
2646  <li><?php bugfix(74170); ?> (locale information change after mime_content_type).</li>
2647</ul></li>
2648<li>GD:
2649<ul>
2650  <li><?php bugfix(78923); ?> (Artifacts when convoluting image with transparency).</li>
2651  <li><?php bugfix(79067); ?> (gdTransformAffineCopy() may use unitialized values).</li>
2652  <li><?php bugfix(79068); ?> (gdTransformAffineCopy() changes interpolation method).</li>
2653</ul></li>
2654<li>Libxml:
2655<ul>
2656  <li><?php bugfix(79029); ?> (Use After Free's in XMLReader / XMLWriter).</li>
2657</ul></li>
2658<li>Mbstring:
2659<ul>
2660  <li><?php bugfix(79037); ?> (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)</li>
2661</ul></li>
2662<li>OPcache:
2663<ul>
2664  <li><?php bugfix(79040); ?> (Warning Opcode handlers are unusable due to ASLR).</li>
2665</ul></li>
2666<li>Pcntl:
2667<ul>
2668  <li><?php bugfix(78402); ?> (Converting null to string in error message is bad DX).</li>
2669</ul></li>
2670<li>PDO_PgSQL:
2671<ul>
2672  <li><?php bugfix(78983); ?> (pdo_pgsql config.w32 cannot find libpq-fe.h).</li>
2673  <li><?php bugfix(78980); ?> (pgsqlGetNotify() overlooks dead connection).</li>
2674  <li><?php bugfix(78982); ?> (pdo_pgsql returns dead persistent connection).</li>
2675</ul></li>
2676<li>Session:
2677<ul>
2678  <li><?php bugfix(79091); ?> (heap use-after-free in session_create_id()).</li>
2679</ul></li>
2680<li>Shmop:
2681<ul>
2682  <li><?php bugfix(78538); ?> (shmop memory leak).</li>
2683</ul></li>
2684<li>Standard:
2685<ul>
2686  <li><?php bugfix(79099); ?> (OOB read in php_strip_tags_ex). (CVE-2020-7059)</li>
2687  <li><?php bugfix(54298); ?> (Using empty additional_headers adding extraneous CRLF).</li>
2688</ul></li>
2689</ul>
2690<!-- }}} --></section>
2691
2692
2693
2694<section class="version" id="7.3.13"><!-- {{{ 7.3.13 -->
2695<h3>Version 7.3.13</h3>
2696<b><?php release_date('18-Dec-2019'); ?></b>
2697<ul><li>Bcmath:
2698<ul>
2699  <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)</li>
2700</ul></li>
2701<li>Core:
2702<ul>
2703  <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044)</li>
2704  <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)</li>
2705  <li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049)</li>
2706  <li><?php bugfix(78787); ?> (Segfault with trait overriding inherited private shadow property).</li>
2707  <li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li>
2708  <li><?php bugfix(78296); ?> (is_file fails to detect file).</li>
2709</ul></li>
2710<li>EXIF:
2711<ul>
2712  <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)</li>
2713  <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif) (CVE-2019-11047).</li>
2714</ul></li>
2715<li>GD:
2716<ul>
2717  <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li>
2718</ul></li>
2719<li>MBString:
2720<ul>
2721  <li>Upgraded bundled Oniguruma to 6.9.4.</li>
2722</ul></li>
2723<li>OPcache:
2724<ul>
2725  <li>Fixed potential ASLR related invalid opline handler issues.</li>
2726  <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li>
2727</ul></li>
2728<li>PCRE:
2729<ul>
2730  <li><?php bugfix(78853); ?> (preg_match() may return integer &gt; 1).</li>
2731</ul></li>
2732<li>Standard:
2733<ul>
2734  <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li>
2735  <li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li>
2736  <li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li>
2737  <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li>
2738  <li><?php bugfix(78814); ?> (strip_tags allows / in tag name =&gt; whitelist bypass).</li>
2739</ul></li>
2740</ul>
2741<!-- }}} --></section>
2742
2743
2744
2745<section class="version" id="7.3.12"><!-- {{{ 7.3.12 -->
2746<h3>Version 7.3.12</h3>
2747<b><?php release_date('21-Nov-2019'); ?></b>
2748<ul><li>Core:
2749<ul>
2750  <li><?php bugfix(78658); ?> (Memory corruption using Closure::bindTo).</li>
2751  <li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li>
2752  <li><?php bugfix(78752); ?> (Segfault if GC triggered while generator stack frame is being destroyed).</li>
2753  <li><?php bugfix(78689); ?> (Closure::fromCallable() doesn't handle [Closure, '__invoke']).</li>
2754</ul></li>
2755<li>COM:
2756<ul>
2757  <li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li>
2758</ul></li>
2759<li>Date:
2760<ul>
2761  <li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li>
2762  <li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li>
2763</ul></li>
2764<li>Iconv:
2765<ul>
2766  <li><?php bugfix(78642); ?> (Wrong libiconv version displayed).</li>
2767</ul></li>
2768<li>OpCache:
2769<ul>
2770  <li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li>
2771  <li><?php bugfix(78747); ?> (OpCache corrupts custom extension result).</li>
2772</ul></li>
2773<li>OpenSSL:
2774<ul>
2775  <li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li>
2776</ul></li>
2777<li>Reflection:
2778<ul>
2779  <li><?php bugfix(78697); ?> (ReflectionClass::ImplementsInterface - inaccurate error message with traits).</li>
2780</ul></li>
2781<li>Sockets:
2782<ul>
2783  <li><?php bugfix(78665); ?> (Multicasting may leak memory).</li>
2784</ul></li>
2785</ul>
2786<!-- }}} --></section>
2787
2788
2789
2790<section class="version" id="7.3.11"><!-- {{{ 7.3.11 -->
2791<h3>Version 7.3.11</h3>
2792<b><?php release_date('24-Oct-2019'); ?></b>
2793<ul><li>Core:
2794<ul>
2795  <li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li>
2796  <li><?php bugfix(78620); ?> (Out of memory error).</li>
2797</ul></li>
2798<li>Exif:
2799<ul>
2800  <li><?php bugfix(78442); ?> ('Illegal component' on exif_read_data since PHP7) (Kalle)</li>
2801</ul></li>
2802<li>FPM:
2803<ul>
2804  <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li>
2805  <li><?php bugfix(78413); ?> (request_terminate_timeout does not take effect after fastcgi_finish_request).</li>
2806</ul></li>
2807<li>MBString:
2808<ul>
2809  <li><?php bugfix(78633); ?> (Heap buffer overflow (read) in mb_eregi).</li>
2810  <li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li>
2811  <li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li>
2812</ul></li>
2813<li>MySQLi:
2814<ul>
2815  <li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li>
2816</ul></li>
2817<li>Mysqlnd:
2818<ul>
2819  <li><?php bugfix(78525); ?> (Memory leak in pdo when reusing native prepared statements).</li>
2820</ul></li>
2821<li>PCRE:
2822<ul>
2823  <li><?php bugfix(78272); ?> (calling preg_match() before pcntl_fork() will freeze child process).</li>
2824</ul></li>
2825<li>PDO_MySQL:
2826<ul>
2827  <li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li>
2828</ul></li>
2829<li>Session:
2830<ul>
2831  <li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li>
2832</ul></li>
2833<li>Standard:
2834<ul>
2835  <li><?php bugfix(76342); ?> (file_get_contents waits twice specified timeout).</li>
2836  <li><?php bugfix(78612); ?> (strtr leaks memory when integer keys are used and the subject string shorter).</li>
2837  <li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li>
2838</ul></li>
2839<li>Zip:
2840<ul>
2841  <li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li>
2842</ul></li>
2843</ul>
2844<!-- }}} --></section>
2845
2846
2847
2848<section class="version" id="7.3.10"><!-- {{{ 7.3.10 -->
2849<h3>Version 7.3.10</h3>
2850<b><?php release_date('26-Sep-2019'); ?></b>
2851<ul><li>Core:
2852<ul>
2853  <li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li>
2854  <li><?php bugfix(77922); ?> (Double release of doc comment on inherited shadow property).</li>
2855  <li><?php bugfix(78441); ?> (Parse error due to heredoc identifier followed by digit).</li>
2856  <li><?php bugfix(77812); ?> (Interactive mode does not support PHP 7.3-style heredoc).</li>
2857</ul></li>
2858<li>FastCGI:
2859<ul>
2860  <li><?php bugfix(78469); ?> (FastCGI on_accept hook is not called when using named pipes on Windows).</li>
2861</ul></li>
2862<li>FPM:
2863<ul>
2864  <li><?php bugfix(78334); ?> (fpm log prefix message includes wrong stdout/stderr notation).</li>
2865</ul></li>
2866<li>Intl:
2867<ul>
2868  <li>Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested.</li>
2869</ul></li>
2870<li>MBString:
2871<ul>
2872  <li><?php bugfix(78559); ?> (Heap buffer overflow in mb_eregi).</li>
2873</ul></li>
2874<li>MySQLnd:
2875<ul>
2876  <li>Fixed connect_attr issues and added the _server_host connection attribute.</li>
2877</ul></li>
2878<li>ODBC:
2879<ul>
2880  <li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li>
2881</ul></li>
2882<li>PDO_MySQL:
2883<ul>
2884  <li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li>
2885</ul></li>
2886<li>sodium:
2887<ul>
2888  <li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li>
2889</ul></li>
2890</ul>
2891<!-- }}} --></section>
2892
2893
2894
2895<section class="version" id="7.3.9"><!-- {{{ 7.3.9 -->
2896<h3>Version 7.3.9</h3>
2897<b><?php release_date('29-Aug-2019'); ?></b>
2898<ul><li>Core:
2899<ul>
2900  <li><?php bugfix(78363); ?> (Buffer overflow in zendparse).</li>
2901  <li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li>
2902  <li><?php bugfix(78412); ?> (Generator incorrectly reports non-releasable $this as GC child).</li>
2903</ul></li>
2904<li>Curl:
2905<ul>
2906  <li><?php bugfix(77946); ?> (Bad cURL resources returned by curl_multi_info_read()).</li>
2907</ul></li>
2908<li>Exif:
2909<ul>
2910  <li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li>
2911</ul></li>
2912<li>FPM:
2913<ul>
2914  <li><?php bugfix(77185); ?> (Use-after-free in FPM master event handling).</li>
2915</ul></li>
2916<li>Iconv:
2917<ul>
2918  <li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li>
2919</ul></li>
2920<li>LiteSpeed:
2921<ul>
2922  <li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li>
2923</ul></li>
2924<li>MBString:
2925<ul>
2926  <li><?php bugfix(78380); ?> (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224)</li>
2927</ul></li>
2928<li>MySQLnd:
2929<ul>
2930  <li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li>
2931  <li><?php bugfix(78213); ?> (Empty row pocket).</li>
2932</ul></li>
2933<li>Opcache:
2934<ul>
2935  <li><?php bugfix(77191); ?> (Assertion failure in dce_live_ranges() when silencing is used).</li>
2936</ul></li>
2937<li>Standard:
2938<ul>
2939  <li><?php bugfix(69100); ?> (Bus error from stream_copy_to_stream (file -&gt; SSL stream) with invalid length).</li>
2940  <li><?php bugfix(78282); ?> (atime and mtime mismatch).</li>
2941  <li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li>
2942  <li><?php bugfix(78346); ?> (strip_tags no longer handling nested php tags).</li>
2943</ul></li>
2944</ul>
2945<!-- }}} --></section>
2946
2947
2948
2949<section class="version" id="7.3.8"><!-- {{{ 7.3.8 -->
2950<h3>Version 7.3.8</h3>
2951<b><?php release_date('01-Aug-2019'); ?></b>
2952<ul><li>Core:
2953<ul>
2954  <li>Added syslog.filter=raw option.</li>
2955  <li><?php bugfix(78212); ?> (Segfault in built-in webserver).</li>
2956</ul></li>
2957<li>Date:
2958<ul>
2959  <li><?php bugfix(69044); ?> (discrepency between time and microtime).</li>
2960  <li>Updated timelib to 2018.02.</li>
2961</ul></li>
2962<li>EXIF:
2963<ul>
2964  <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li>
2965  <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li>
2966</ul></li>
2967<li>FTP:
2968<ul>
2969  <li><?php bugfix(78039); ?> (FTP with SSL memory leak).</li>
2970</ul></li>
2971<li>Libxml:
2972<ul>
2973  <li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li>
2974</ul></li>
2975<li>LiteSpeed:
2976<ul>
2977  <li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li>
2978  <li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li>
2979</ul></li>
2980<li>Openssl:
2981<ul>
2982  <li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li>
2983</ul></li>
2984<li>Opcache:
2985<ul>
2986  <li><?php bugfix(78341); ?> (Failure to detect smart branch in DFA pass).</li>
2987  <li><?php bugfix(78189); ?> (file cache strips last character of uname hash).</li>
2988  <li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li>
2989  <li><?php bugfix(78271); ?> (Invalid result of if-else).</li>
2990  <li><?php bugfix(78291); ?> (opcache_get_configuration doesn't list all directives).</li>
2991</ul></li>
2992<li>PCRE:
2993<ul>
2994  <li><?php bugfix(78338); ?> (Array cross-border reading in PCRE).</li>
2995  <li><?php bugfix(78197); ?> (PCRE2 version check in configure fails for "##.##-xxx" version strings).</li>
2996</ul></li>
2997<li>PDO_Sqlite:
2998<ul>
2999  <li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li>
3000</ul></li>
3001<li>Phar:
3002<ul>
3003  <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li>
3004</ul></li>
3005<li>Phpdbg:
3006<ul>
3007  <li><?php bugfix(78297); ?> (Include unexistent file memory leak).</li>
3008</ul></li>
3009<li>SQLite:
3010<ul>
3011  <li>Upgraded to SQLite 3.28.0.</li>
3012</ul></li>
3013<li>Standard:
3014<ul>
3015  <li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li>
3016  <li><?php bugfix(78269); ?> (password_hash uses weak options for argon2).</li>
3017</ul></li>
3018</ul>
3019<!-- }}} --></section>
3020
3021
3022
3023<section class="version" id="7.3.7"><!-- {{{ 7.3.7 -->
3024<h3>Version 7.3.7</h3>
3025<b><?php release_date('04-Jul-2019'); ?></b>
3026<ul><li>Core:
3027<ul>
3028  <li><?php bugfix(76980); ?> (Interface gets skipped if autoloader throws an exception).</li>
3029</ul></li>
3030<li>DOM:
3031<ul>
3032  <li><?php bugfix(78025); ?> (segfault when accessing properties of DOMDocumentType).</li>
3033</ul></li>
3034<li>MySQLi:
3035<ul>
3036  <li><?php bugfix(77956); ?> (When mysqli.allow_local_infile = Off, use a meaningful error message).</li>
3037  <li><?php bugfix(38546); ?> (bindParam incorrect processing of bool types).</li>
3038</ul></li>
3039<li>MySQLnd:
3040<ul>
3041  <li><?php bugfix(77955); ?> (Random segmentation fault in mysqlnd from php-fpm).</li>
3042</ul></li>
3043<li>Opcache:
3044<ul>
3045  <li><?php bugfix(78015); ?> (Incorrect evaluation of expressions involving partials arrays in SCCP).</li>
3046  <li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li>
3047</ul></li>
3048<li>OpenSSL:
3049<ul>
3050  <li><?php bugfix(78079); ?> (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).</li>
3051</ul></li>
3052<li>phpdbg:
3053<ul>
3054  <li><?php bugfix(78050); ?> (SegFault phpdbg + opcache on include file twice).</li>
3055</ul></li>
3056<li>Sockets:
3057<ul>
3058  <li><?php bugfix(78038); ?> (Socket_select fails when resource array contains references).</li>
3059</ul></li>
3060<li>Sodium:
3061<ul>
3062  <li><?php bugfix(78114); ?> (segfault when calling sodium_* functions from eval).</li>
3063</ul></li>
3064<li>Standard:
3065<ul>
3066  <li><?php bugfix(77135); ?> (Extract with EXTR_SKIP should skip $this).</li>
3067  <li><?php bugfix(77937); ?> (preg_match failed).</li>
3068</ul></li>
3069<li>Zip:
3070<ul>
3071  <li><?php bugfix(76345); ?> (zip.h not found).</li>
3072</ul></li>
3073</ul>
3074<!-- }}} --></section>
3075
3076
3077<section class="version" id="7.3.6"><!-- {{{ 7.3.6 -->
3078<h3>Version 7.3.6</h3>
3079<b><?php release_date('30-May-2019'); ?></b>
3080<ul><li>cURL:
3081<ul>
3082  <li><?php implemented(72189); ?> (Add missing CURL_VERSION_* constants).</li>
3083</ul></li>
3084<li>Date:
3085<ul>
3086  <li><?php bugfix(77909); ?> (DatePeriod::__construct() with invalid recurrence count value).</li>
3087</ul></li>
3088<li>EXIF:
3089<ul>
3090  <li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li>
3091</ul></li>
3092<li>FPM:
3093<ul>
3094  <li><?php bugfix(77934); ?> (php-fpm kill -USR2 not working).</li>
3095  <li><?php bugfix(77921); ?> (static.php.net doesn't work anymore).</li>
3096</ul></li>
3097<li>GD:
3098<ul>
3099  <li><?php bugfix(77943); ?> (imageantialias($image, false); does not work).</li>
3100  <li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li>
3101</ul></li>
3102<li>Iconv:
3103<ul>
3104  <li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li>
3105</ul></li>
3106<li>JSON:
3107<ul>
3108  <li><?php bugfix(77843); ?> (Use after free with json serializer).</li>
3109</ul></li>
3110<li>Opcache:
3111<ul>
3112  <li>Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.</li>
3113</ul></li>
3114<li>PDO_MySQL:
3115<ul>
3116  <li><?php bugfix(77944); ?> (Wrong meta pdo_type for bigint on LLP64).</li>
3117</ul></li>
3118<li>Reflection:
3119<ul>
3120  <li><?php bugfix(75186); ?> (Inconsistent reflection of Closure:::__invoke()).</li>
3121</ul></li>
3122<li>Session:
3123<ul>
3124  <li><?php bugfix(77911); ?> (Wrong warning for session.sid_bits_per_character).</li>
3125</ul></li>
3126<li>SOAP:
3127<ul>
3128  <li><?php bugfix(77945); ?> (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).</li>
3129</ul></li>
3130<li>SPL:
3131<ul>
3132  <li><?php bugfix(77024); ?> (SplFileObject::__toString() may return array).</li>
3133</ul></li>
3134<li>SQLite:
3135<ul>
3136  <li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li>
3137</ul></li>
3138<li>Standard:
3139<ul>
3140  <li><?php bugfix(77931); ?> (Warning for array_map mentions wrong type).</li>
3141  <li><?php bugfix(78003); ?> (strip_tags output change since PHP 7.3).</li>
3142</ul></li>
3143</ul>
3144<!-- }}} --></section>
3145<section class="version" id="7.3.5"><!-- {{{ 7.3.5 -->
3146<h3>Version 7.3.5</h3>
3147<b><?php release_date('02-May-2019'); ?></b>
3148<ul><li>Core:
3149<ul>
3150  <li><?php bugfix(77903); ?> (ArrayIterator stops iterating after offsetSet call).</li>
3151</ul></li>
3152<li>CLI:
3153<ul>
3154  <li><?php bugfix(77794); ?> (Incorrect Date header format in built-in server).</li>
3155</ul></li>
3156<li>EXIF:
3157<ul>
3158  <li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li>
3159</ul></li>
3160<li>Interbase:
3161<ul>
3162  <li><?php bugfix(72175); ?> (Impossibility of creating multiple connections to Interbase with php 7.x).</li>
3163</ul></li>
3164<li>Intl:
3165<ul>
3166  <li><?php bugfix(77895); ?> (IntlDateFormatter::create fails in strict mode if $locale = null).</li>
3167</ul></li>
3168<li>litespeed:
3169<ul>
3170  <li>LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().</li>
3171</ul></li>
3172<li>LDAP:
3173<ul>
3174  <li><?php bugfix(77869); ?> (Core dump when using server controls) (mcmic)</li>
3175</ul></li>
3176<li>Mail:
3177<ul>
3178  <li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li>
3179</ul></li>
3180<li>mbstring:
3181<ul>
3182  <li><?php implemented(72777); ?> (Implement regex stack limits for mbregex functions).</li>
3183</ul></li>
3184<li>MySQLi:
3185<ul>
3186  <li><?php bugfix(77773); ?> (Unbuffered queries leak memory - MySQLi / mysqlnd).</li>
3187</ul></li>
3188<li>PCRE:
3189<ul>
3190  <li><?php bugfix(77827); ?> (preg_match does not ignore \r in regex flags).</li>
3191</ul></li>
3192<li>PDO:
3193<ul>
3194  <li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li>
3195</ul></li>
3196<li>phpdbg:
3197<ul>
3198  <li><?php bugfix(76801); ?> (too many open files).</li>
3199  <li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li>
3200  <li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li>
3201</ul></li>
3202<li>Reflection:
3203<ul>
3204  <li><?php bugfix(77772); ?> (ReflectionClass::getMethods(null) doesn't work).</li>
3205  <li><?php bugfix(77882); ?> (Different behavior: always calls destructor).</li>
3206</ul></li>
3207<li>Standard:
3208<ul>
3209  <li><?php bugfix(77793); ?> (Segmentation fault in extract() when overwriting reference with itself).</li>
3210  <li><?php bugfix(77844); ?> (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).</li>
3211  <li><?php bugfix(77853); ?> (Inconsistent substr_compare behaviour with empty haystack).</li>
3212</ul></li>
3213</ul>
3214<!-- }}} --></section>
3215
3216<section class="version" id="7.3.4"><!-- {{{ 7.3.4 -->
3217<h3>Version 7.3.4</h3>
3218<b><?php release_date('04-Apr-2019'); ?></b>
3219<ul><li>Core:
3220<ul>
3221  <li><?php bugfix(77738); ?> (Nullptr deref in zend_compile_expr).</li>
3222  <li><?php bugfix(77660); ?> (Segmentation fault on break 2147483648).</li>
3223  <li><?php bugfix(77652); ?> (Anonymous classes can lose their interface information).</li>
3224  <li><?php bugfix(77345); ?> (Stack Overflow caused by circular reference in garbage collection).</li>
3225  <li><?php bugfix(76956); ?> (Wrong value for 'syslog.filter' documented in php.ini).</li>
3226</ul></li>
3227<li>Apache2Handler:
3228<ul>
3229  <li><?php bugfix(77648); ?> (BOM in sapi/apache2handler/php_functions.c).</li>
3230</ul></li>
3231<li>Bcmath:
3232<ul>
3233  <li><?php bugfix(77742); ?> (bcpow() implementation related to gcc compiler optimization).</li>
3234</ul></li>
3235<li>CLI Server:
3236<ul>
3237  <li><?php bugfix(77722); ?> (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).</li>
3238</ul></li>
3239<li>COM:
3240<ul>
3241  <li><?php bugfix(77578); ?> (Crash when php unload).</li>
3242</ul></li>
3243<li>EXIF:
3244<ul>
3245  <li><?php bugfix(77753); ?> (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)</li>
3246  <li><?php bugfix(77831); ?> (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)</li>
3247</ul></li>
3248<li>FPM:
3249<ul>
3250  <li><?php bugfix(77677); ?> (FPM fails to build on AIX due to missing WCOREDUMP).</li>
3251</ul></li>
3252<li>GD:
3253<ul>
3254  <li><?php bugfix(77700); ?> (Writing truecolor images as GIF ignores interlace flag).</li>
3255</ul></li>
3256<li>MySQLi:
3257<ul>
3258  <li><?php bugfix(77597); ?> (mysqli_fetch_field hangs scripts).</li>
3259</ul></li>
3260<li>Opcache:
3261<ul>
3262  <li><?php bugfix(77743); ?> (Incorrect pi node insertion for jmpznz with identical successors).</li>
3263</ul></li>
3264<li>PCRE:
3265<ul>
3266  <li><?php bugfix(76127); ?> (preg_split does not raise an error on invalid UTF-8).</li>
3267</ul></li>
3268<li>Phar:
3269<ul>
3270  <li><?php bugfix(77697); ?> (Crash on Big_Endian platform).</li>
3271</ul></li>
3272<li>phpdbg:
3273<ul>
3274  <li><?php bugfix(77767); ?> (phpdbg break cmd aliases listed in help do not match actual aliases).</li>
3275</ul></li>
3276<li>sodium:
3277<ul>
3278  <li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li>
3279</ul></li>
3280<li>SQLite3:
3281<ul>
3282  <li>Added sqlite3.defensive INI directive.</li>
3283</ul></li>
3284<li>Standard:
3285<ul>
3286  <li><?php bugfix(77664); ?> (Segmentation fault when using undefined constant in custom wrapper).</li>
3287  <li><?php bugfix(77669); ?> (Crash in extract() when overwriting extracted array).</li>
3288  <li><?php bugfix(76717); ?> (var_export() does not create a parsable value for PHP_INT_MIN).</li>
3289  <li><?php bugfix(77765); ?> (FTP stream wrapper should set the directory as executable).</li>
3290</ul></li>
3291</ul>
3292<!-- }}} --></section>
3293
3294<section class="version" id="7.3.3"><!-- {{{ 7.3.3 -->
3295<h3>Version 7.3.3</h3>
3296<b><?php release_date('07-Mar-2019'); ?></b>
3297<ul><li>Core:
3298<ul>
3299  <li><?php bugfix(77589); ?> (Core dump using parse_ini_string with numeric sections).</li>
3300  <li><?php bugfix(77329); ?> (Buffer Overflow via overly long Error Messages).</li>
3301  <li><?php bugfix(77494); ?> (Disabling class causes segfault on member access).</li>
3302  <li><?php bugfix(77498); ?> (Custom extension Segmentation fault when declare static property).</li>
3303  <li><?php bugfix(77530); ?> (PHP crashes when parsing `(2)::class`).</li>
3304  <li><?php bugfix(77546); ?> (iptcembed broken function).</li>
3305  <li><?php bugfix(77630); ?> (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)</li>
3306</ul></li>
3307<li>COM:
3308<ul>
3309  <li><?php bugfix(77621); ?> (Already defined constants are not properly reported).</li>
3310  <li><?php bugfix(77626); ?> (Persistence confusion in php_com_import_typelib()).</li>
3311</ul></li>
3312<li>EXIF:
3313<ul>
3314  <li><?php bugfix(77509); ?> (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)</li>
3315  <li><?php bugfix(77540); ?> (Invalid Read on exif_process_SOFn). (CVE-2019-9640)</li>
3316  <li><?php bugfix(77563); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)</li>
3317  <li><?php bugfix(77659); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)</li>
3318</ul></li>
3319<li>Mbstring:
3320<ul>
3321  <li><?php bugfix(77514); ?> (mb_ereg_replace() with trailing backslash adds null byte).</li>
3322</ul></li>
3323<li>MySQL:
3324<ul>
3325  <li>Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.</li>
3326</ul></li>
3327<li>OpenSSL:
3328<ul>
3329  <li><?php bugfix(77390); ?> (feof might hang on TLS streams in case of fragmented TLS records).</li>
3330</ul></li>
3331<li>PDO_OCI:
3332<ul>
3333  <li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li>
3334</ul></li>
3335<li>PHAR:
3336<ul>
3337  <li><?php bugfix(77396); ?> (Null Pointer Dereference in phar_create_or_parse_filename).</li>
3338  <li><?php bugfix(77586); ?> (phar_tar_writeheaders_int() buffer overflow).</li>
3339</ul></li>
3340<li>phpdbg:
3341<ul>
3342  <li><?php bugfix(76596); ?> (phpdbg support for display_errors=stderr).</li>
3343</ul></li>
3344<li>SPL:
3345<ul>
3346  <li><?php bugfix(51068); ?> (DirectoryIterator glob:// don't support current path relative queries).</li>
3347  <li><?php bugfix(77431); ?> (openFile() silently truncates after a null byte).</li>
3348</ul></li>
3349<li>Standard:
3350<ul>
3351  <li><?php bugfix(77552); ?> (Unintialized php_stream_statbuf in stat functions).</li>
3352  <li><?php bugfix(77612); ?> (setcookie() sets incorrect SameSite header if all of its options filled).</li>
3353</ul></li>
3354</ul>
3355<!-- }}} --></section>
3356
3357<section class="version" id="7.3.2"><!-- {{{ 7.3.2 -->
3358<h3>Version 7.3.2</h3>
3359<b><?php release_date('07-Feb-2019'); ?></b>
3360<ul><li>Core:
3361<ul>
3362  <li><?php bugfix(77369); ?> (memcpy with negative length via crafted DNS response). (CVE-2019-9022)</li>
3363  <li><?php bugfix(77387); ?> (Recursion detection broken when printing GLOBALS).</li>
3364  <li><?php bugfix(77376); ?> ("undefined function" message no longer includes namespace).</li>
3365  <li><?php bugfix(77357); ?> (base64_encode / base64_decode doest not work on nested VM).</li>
3366  <li><?php bugfix(77339); ?> (__callStatic may get incorrect arguments).</li>
3367  <li><?php bugfix(77317); ?> (__DIR__, __FILE__, realpath() reveal physical path for subst virtual drive).</li>
3368  <li><?php bugfix(77263); ?> (Segfault when using 2 RecursiveFilterIterator).</li>
3369  <li><?php bugfix(77447); ?> (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).</li>
3370  <li><?php bugfix(77484); ?> (Zend engine crashes when calling realpath in invalid working dir).</li>
3371</ul></li>
3372<li>Curl:
3373<ul>
3374  <li><?php bugfix(76675); ?> (Segfault with H2 server push).</li>
3375</ul></li>
3376<li>Fileinfo:
3377<ul>
3378  <li><?php bugfix(77346); ?> (webm files incorrectly detected as application/octet-stream).</li>
3379</ul></li>
3380<li>FPM:
3381<ul>
3382  <li><?php bugfix(77430); ?> (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).</li>
3383</ul></li>
3384<li>GD:
3385<ul>
3386  <li><?php bugfix(73281); ?> (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).</li>
3387  <li><?php bugfix(73614); ?> (gdImageFilledArc() doesn't properly draw pies).</li>
3388  <li><?php bugfix(77272); ?> (imagescale() may return image resource on failure).</li>
3389  <li><?php bugfix(77391); ?> (1bpp BMPs may fail to be loaded).</li>
3390  <li><?php bugfix(77479); ?> (imagewbmp() segfaults with very large images).</li>
3391</ul></li>
3392<li>ldap:
3393<ul>
3394  <li><?php bugfix(77440); ?> (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).</li>
3395</ul></li>
3396<li>Mbstring:
3397<ul>
3398  <li><?php bugfix(77428); ?> (mb_ereg_replace() doesn't replace a substitution variable).</li>
3399  <li><?php bugfix(77454); ?> (mb_scrub() silently truncates after a null byte).</li>
3400</ul></li>
3401<li>MySQLnd:
3402<ul>
3403  <li><?php bugfix(77308); ?> (Unbuffered queries memory leak).</li>
3404  <li><?php bugfix(75684); ?> (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).</li>
3405</ul></li>
3406<li>Opcache:
3407<ul>
3408  <li><?php bugfix(77266); ?> (Assertion failed in dce_live_ranges).</li>
3409  <li><?php bugfix(77257); ?> (value of variable assigned in a switch() construct gets lost).</li>
3410  <li><?php bugfix(77434); ?> (php-fpm workers are segfaulting in zend_gc_addre).</li>
3411  <li><?php bugfix(77361); ?> (configure fails on 64-bit AIX when opcache enabled).</li>
3412  <li><?php bugfix(77287); ?> (Opcache literal compaction is incompatible with EXT opcodes).</li>
3413</ul></li>
3414<li>PCRE:
3415<ul>
3416  <li><?php bugfix(77338); ?> (get_browser with empty string).</li>
3417</ul></li>
3418<li>PDO:
3419<ul>
3420  <li><?php bugfix(77273); ?> (array_walk_recursive corrupts value types leading to PDO failure).</li>
3421</ul></li>
3422<li>PDO MySQL:
3423<ul>
3424  <li><?php bugfix(77289); ?> (PDO MySQL segfaults with persistent connection).</li>
3425</ul></li>
3426<li>SOAP:
3427<ul>
3428  <li><?php bugfix(77410); ?> (Segmentation Fault when executing method with an empty parameter).</li>
3429</ul></li>
3430<li>Sockets:
3431<ul>
3432  <li><?php bugfix(76839); ?> (socket_recvfrom may return an invalid 'from' address on MacOS).</li>
3433</ul></li>
3434<li>SPL:
3435<ul>
3436  <li><?php bugfix(77298); ?> (segfault occurs when add property to unserialized empty ArrayObject).</li>
3437</ul></li>
3438<li>Standard:
3439<ul>
3440  <li><?php bugfix(77395); ?> (segfault about array_multisort).</li>
3441  <li><?php bugfix(77439); ?> (parse_str segfaults when inserting item into existing array).</li>
3442</ul></li>
3443</ul>
3444<!-- }}} --></section>
3445
3446<section class="version" id="7.3.1"><!-- {{{ 7.3.1 -->
3447<h3>Version 7.3.1</h3>
3448<b><?php release_date('10-Jan-2019'); ?></b>
3449<ul><li>Core:
3450<ul>
3451  <li><?php bugfix(76654); ?> (Build failure on Mac OS X on 32-bit Intel).</li>
3452  <li><?php bugfix(71041); ?> (zend_signal_startup() needs ZEND_API).</li>
3453  <li><?php bugfix(76046); ?> (PHP generates "FE_FREE" opcode on the wrong line).</li>
3454  <li><?php bugfix(77291); ?> (magic methods inherited from a trait may be ignored).</li>
3455</ul></li>
3456<li>CURL:
3457<ul>
3458  <li><?php bugfix(77264); ?> (curl_getinfo returning microseconds, not seconds).</li>
3459</ul></li>
3460<li>COM:
3461<ul>
3462  <li><?php bugfix(77177); ?> (Serializing or unserializing COM objects crashes).</li>
3463</ul></li>
3464<li>Exif:
3465<ul>
3466  <li><?php bugfix(77184); ?> (Unsigned rational numbers are written out as signed rationals).</li>
3467</ul></li>
3468<li>GD:
3469<ul>
3470  <li><?php bugfix(77195); ?> (Incorrect error handling of imagecreatefromjpeg()).</li>
3471  <li><?php bugfix(77198); ?> (auto cropping has insufficient precision).</li>
3472  <li><?php bugfix(77200); ?> (imagecropauto(…, GD_CROP_SIDES) crops left but not right).</li>
3473  <li><?php bugfix(77269); ?> (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)</li>
3474  <li><?php bugfix(77270); ?> (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)</li>
3475</ul></li>
3476<li>MBString:
3477<ul>
3478  <li><?php bugfix(77367); ?> (Negative size parameter in mb_split). (CVE-2019-9025)</li>
3479  <li><?php bugfix(77370); ?> (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)</li>
3480  <li><?php bugfix(77371); ?> (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)</li>
3481  <li><?php bugfix(77381); ?> (heap buffer overflow in multibyte match_at). (CVE-2019-9023)</li>
3482  <li><?php bugfix(77382); ?> (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)</li>
3483  <li><?php bugfix(77385); ?> (buffer overflow in fetch_token). (CVE-2019-9023)</li>
3484  <li><?php bugfix(77394); ?> (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)</li>
3485  <li><?php bugfix(77418); ?> (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)</li>
3486</ul></li>
3487<li>OCI8:
3488<ul>
3489  <li><?php bugfix(76804); ?> (oci_pconnect with OCI_CRED_EXT not working).</li>
3490  <li>Added oci_set_call_timeout() for call timeouts.</li>
3491  <li>Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.</li>
3492</ul></li>
3493<li>Opcache:
3494<ul>
3495  <li><?php bugfix(77215); ?> (CFG assertion failure on multiple finalizing switch frees in one block).</li>
3496  <li><?php bugfix(77275); ?> (OPcache optimization problem for ArrayAccess-&gt;offsetGet).</li>
3497</ul></li>
3498<li>PCRE:
3499<ul>
3500  <li><?php bugfix(77193); ?> (Infinite loop in preg_replace_callback).</li>
3501</ul></li>
3502<li>PDO:
3503<ul>
3504  <li>Handle invalid index passed to PDOStatement::fetchColumn() as error.</li>
3505</ul></li>
3506<li>Phar:
3507<ul>
3508  <li><?php bugfix(77247); ?> (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)</li>
3509</ul></li>
3510<li>Soap:
3511<ul>
3512  <li><?php bugfix(77088); ?> (Segfault when using SoapClient with null options).</li>
3513</ul></li>
3514<li>Sockets:
3515<ul>
3516  <li><?php bugfix(77136); ?> (Unsupported IPV6_RECVPKTINFO constants on macOS).</li>
3517</ul></li>
3518<li>Sodium:
3519<ul>
3520  <li><?php bugfix(77297); ?> (SodiumException segfaults on PHP 7.3).</li>
3521</ul></li>
3522<li>SPL:
3523<ul>
3524  <li><?php bugfix(77359); ?> (spl_autoload causes segfault).</li>
3525  <li><?php bugfix(77360); ?> (class_uses causes segfault).</li>
3526</ul></li>
3527<li>SQLite3:
3528<ul>
3529  <li><?php bugfix(77051); ?> (Issue with re-binding on SQLite3).</li>
3530</ul></li>
3531<li>Xmlrpc:
3532<ul>
3533  <li><?php bugfix(77242); ?> (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)</li>
3534  <li><?php bugfix(77380); ?> (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)</li>
3535</ul></li>
3536</ul>
3537<!-- }}} --></section>
3538
3539<section class="version" id="7.3.0"><!-- {{{ 7.3.0 -->
3540<h3>Version 7.3.0</h3>
3541<b><?php release_date('06-Dec-2018'); ?></b>
3542<ul><li>Core:
3543<ul>
3544  <li>Improved PHP GC.</li>
3545  <li>Redesigned the old ext_skel program written in PHP, run: 'php ext_skel.php' for all options. This means there are no dependencies, thus making it work on Windows out of the box.</li>
3546  <li>Removed support for BeOS.</li>
3547  <li>Add PHP_VERSION to phpinfo() &lt;title/&gt;.</li>
3548  <li>Add net_get_interfaces().</li>
3549  <li>Implemented flexible heredoc and nowdoc syntax, per RFC https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes.</li>
3550  <li>Added support for references in list() and array destructuring, per RFC https://wiki.php.net/rfc/list_reference_assignment.</li>
3551  <li>Improved effectiveness of ZEND_SECURE_ZERO for NetBSD and systems without native similar feature.</li>
3552  <li>Added syslog.facility and syslog.ident INI entries for customizing syslog logging.</li>
3553  <li><?php bugfix(75683); ?> (Memory leak in zend_register_functions() in ZTS mode).</li>
3554  <li><?php bugfix(75031); ?> (support append mode in temp/memory streams).</li>
3555  <li><?php bugfix(74860); ?> (Uncaught exceptions not being formatted properly when error_log set to "syslog").</li>
3556  <li><?php bugfix(75220); ?> (Segfault when calling is_callable on parent).</li>
3557  <li><?php bugfix(69954); ?> (broken links and unused config items in distributed ini files).</li>
3558  <li><?php bugfix(74922); ?> (Composed class has fatal error with duplicate, equal const properties).</li>
3559  <li><?php bugfix(63911); ?> (identical trait methods raise errors during composition).</li>
3560  <li><?php bugfix(75677); ?> (Clang ignores fastcall calling convention on variadic function).</li>
3561  <li><?php bugfix(54043); ?> (Remove inconsitency of internal exceptions and user defined exceptions).</li>
3562  <li><?php bugfix(53033); ?> (Mathematical operations convert objects to integers).</li>
3563  <li><?php bugfix(73108); ?> (Internal class cast handler uses integer instead of float).</li>
3564  <li><?php bugfix(75765); ?> (Fatal error instead of Error exception when base class is not found).</li>
3565  <li><?php bugfix(76198); ?> (Wording: "iterable" is not a scalar type).</li>
3566  <li><?php bugfix(76137); ?> (config.guess/config.sub do not recognize RISC-V).</li>
3567  <li><?php bugfix(76427); ?> (Segfault in zend_objects_store_put).</li>
3568  <li><?php bugfix(76422); ?> (ftruncate fails on files &gt; 2GB).</li>
3569  <li><?php bugfix(76509); ?> (Inherited static properties can be desynchronized from their parent by ref).</li>
3570  <li><?php bugfix(76439); ?> (Changed behaviour in unclosed HereDoc).</li>
3571  <li><?php bugfix(63217); ?> (Constant numeric strings become integers when used as ArrayAccess offset).</li>
3572  <li><?php bugfix(33502); ?> (Some nullary functions don't check the number of arguments).</li>
3573  <li><?php bugfix(76392); ?> (Error relocating sapi/cli/php: unsupported relocation type 37).</li>
3574  <li>The declaration and use of case-insensitive constants has been deprecated.</li>
3575  <li>Added syslog.filter INI entry for syslog filtering.</li>
3576  <li><?php bugfix(76667); ?> (Segfault with divide-assign op and __get + __set).</li>
3577  <li><?php bugfix(76030); ?> (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)</li>
3578  <li>Fixed broken zend_read_static_property (Laruence)</li>
3579  <li><?php bugfix(76773); ?> (Traits used on the parent are ignored for child classes).</li>
3580  <li><?php bugfix(76767); ?> (‘asm’ operand has impossible constraints in zend_operators.h).</li>
3581  <li><?php bugfix(76752); ?> (Crash in ZEND_COALESCE_SPEC_TMP_HANDLER - assertion in _get_zval_ptr_tmp failed).</li>
3582  <li><?php bugfix(76820); ?> (Z_COPYABLE invalid definition).</li>
3583  <li><?php bugfix(76510); ?> (file_exists() stopped working for phar://).</li>
3584  <li><?php bugfix(76869); ?> (Incorrect bypassing protected method accessibilty check).</li>
3585  <li><?php bugfix(72635); ?> (Undefined class used by class constant in constexpr generates fatal error).</li>
3586  <li><?php bugfix(76947); ?> (file_put_contents() blocks the directory of the file (__DIR__)).</li>
3587  <li><?php bugfix(76979); ?> (define() error message does not mention resources as valid values).</li>
3588  <li><?php bugfix(76825); ?> (Undefined symbols ___cpuid_count).</li>
3589  <li><?php bugfix(77110); ?> (undefined symbol zend_string_equal_val in C++ build).</li>
3590  <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li>
3591</ul></li>
3592<li>BCMath:
3593<ul>
3594  <li><?php implemented(67855); ?> (No way to get current scale in use).</li>
3595  <li><?php bugfix(66364); ?> (BCMath bcmul ignores scale parameter).</li>
3596  <li><?php bugfix(75164); ?> (split_bc_num() is pointless).</li>
3597  <li><?php bugfix(75169); ?> (BCMath errors/warnings bypass PHP's error handling).</li>
3598</ul></li>
3599<li>CLI:
3600<ul>
3601  <li><?php bugfix(44217); ?> (Output after stdout/stderr closed cause immediate exit with status 0).</li>
3602  <li><?php bugfix(77111); ?> (php-win.exe corrupts unicode symbols from cli parameters).</li>
3603</ul></li>
3604<li>cURL:
3605<ul>
3606  <li>Expose curl constants from curl 7.50 to 7.61.</li>
3607  <li><?php bugfix(74125); ?> (Fixed finding CURL on systems with multiarch support).</li>
3608</ul></li>
3609<li>Date:
3610<ul>
3611  <li><?php implemented(74668); ?>: Add DateTime::createFromImmutable() method.</li>
3612  <li><?php bugfix(75222); ?> (DateInterval microseconds property always 0).</li>
3613  <li><?php bugfix(68406); ?> (calling var_dump on a DateTimeZone object modifies it).</li>
3614  <li><?php bugfix(76131); ?> (mismatch arginfo for date_create).</li>
3615  <li>Updated timelib to 2018.01RC1 to address several bugs:</li>
3616  <li><?php bugfix(75577); ?> (DateTime::createFromFormat does not accept 'v' format specifier).</li>
3617  <li><?php bugfix(75642); ?> (Wrap around behaviour for microseconds is not working).</li>
3618  <li><?php bugfix(77097); ?> (DateTime::diff gives wrong diff when the actual diff is less than 1 second).</li>
3619</ul></li>
3620<li>DBA:
3621<ul>
3622  <li><?php bugfix(75264); ?> (compiler warnings emitted).</li>
3623</ul></li>
3624<li>DOM:
3625<ul>
3626  <li><?php bugfix(76285); ?> (DOMDocument::formatOutput attribute sometimes ignored).</li>
3627</ul></li>
3628<li>Fileinfo:
3629<ul>
3630  <li><?php bugfix(77095); ?> (slowness regression in 7.2/7.3 (compared to 7.1)).</li>
3631</ul></li>
3632<li>Filter:
3633<ul>
3634  <li>Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).</li>
3635</ul></li>
3636<li>FPM:
3637<ul>
3638  <li>Added fpm_get_status function.</li>
3639  <li><?php bugfix(62596); ?> (getallheaders() missing with PHP-FPM).</li>
3640  <li><?php bugfix(69031); ?> (Long messages into stdout/stderr are truncated incorrectly) - added new log related FPM configuration options: log_limit, log_buffering and decorate_workers_output.</li>
3641</ul></li>
3642<li>ftp:
3643<ul>
3644  <li><?php bugfix(77151); ?> (ftp_close(): SSL_read on shutdown).</li>
3645</ul></li>
3646<li>GD:
3647<ul>
3648  <li>Added support for WebP in imagecreatefromstring().</li>
3649</ul></li>
3650<li>GMP:
3651<ul>
3652  <li>Export internal structures and accessor helpers for GMP object.</li>
3653  <li>Added gmp_binomial(n, k).</li>
3654  <li>Added gmp_lcm(a, b).</li>
3655  <li>Added gmp_perfect_power(a).</li>
3656  <li>Added gmp_kronecker(a, b).</li>
3657</ul></li>
3658<li>iconv:
3659<ul>
3660  <li><?php bugfix(53891); ?> (iconv_mime_encode() fails to Q-encode UTF-8 string).</li>
3661  <li><?php bugfix(77147); ?> (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).</li>
3662</ul></li>
3663<li>IMAP:
3664<ul>
3665  <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li>
3666  <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li>
3667</ul></li>
3668<li>Interbase:
3669<ul>
3670  <li><?php bugfix(75453); ?> (Incorrect reflection for ibase_[p]connect).</li>
3671  <li><?php bugfix(76443); ?> (php+php_interbase.dll crash on module_shutdown).</li>
3672</ul></li>
3673<li>intl:
3674<ul>
3675  <li><?php bugfix(75317); ?> (UConverter::setDestinationEncoding changes source instead of destination).</li>
3676  <li><?php bugfix(76829); ?> (Incorrect validation of domain on idn_to_utf8() function).</li>
3677</ul></li>
3678<li>JSON:
3679<ul>
3680  <li>Added JSON_THROW_ON_ERROR flag.</li>
3681</ul></li>
3682<li>LDAP:
3683<ul>
3684  <li>Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay.</li>
3685  <li>Added full support for sending and parsing ldap controls.</li>
3686  <li><?php bugfix(49876); ?> (Fix LDAP path lookup on 64-bit distros).</li>
3687</ul></li>
3688<li>libxml2:
3689<ul>
3690  <li><?php bugfix(75871); ?> (use pkg-config where available).</li>
3691</ul></li>
3692<li>litespeed:
3693<ul>
3694  <li><?php bugfix(75248); ?> (Binary directory doesn't get created when building only litespeed SAPI).</li>
3695  <li><?php bugfix(75251); ?> (Missing program prefix and suffix).</li>
3696</ul></li>
3697<li>MBstring:
3698<ul>
3699  <li>Updated to Oniguruma 6.9.0.</li>
3700  <li><?php bugfix(65544); ?> (mb title case conversion-first word in quotation isn't capitalized).</li>
3701  <li><?php bugfix(71298); ?> (MB_CASE_TITLE misbehaves with curled apostrophe/quote).</li>
3702  <li><?php bugfix(73528); ?> (Crash in zif_mb_send_mail).</li>
3703  <li><?php bugfix(74929); ?> (mbstring functions version 7.1.1 are slow compared to 5.3 on Windows).</li>
3704  <li><?php bugfix(76319); ?> (mb_strtolower with invalid UTF-8 causes segmentation fault).</li>
3705  <li><?php bugfix(76574); ?> (use of undeclared identifiers INT_MAX and LONG_MAX).</li>
3706  <li><?php bugfix(76594); ?> (Bus Error due to unaligned access in zend_ini.c OnUpdateLong).</li>
3707  <li><?php bugfix(76706); ?> (mbstring.http_output_conv_mimetypes is ignored).</li>
3708  <li><?php bugfix(76958); ?> (Broken UTF7-IMAP conversion).</li>
3709  <li><?php bugfix(77025); ?> (mb_strpos throws Unknown encoding or conversion error).</li>
3710  <li><?php bugfix(77165); ?> (mb_check_encoding crashes when argument given an empty array).</li>
3711</ul></li>
3712<li>Mysqlnd:
3713<ul>
3714  <li><?php bugfix(76386); ?> (Prepared Statement formatter truncates fractional seconds from date/time column).</li>
3715</ul></li>
3716<li>ODBC:
3717<ul>
3718  <li>Removed support for ODBCRouter.</li>
3719  <li>Removed support for Birdstep.</li>
3720  <li><?php bugfix(77079); ?> (odbc_fetch_object has incorrect type signature).</li>
3721</ul></li>
3722<li>Opcache:
3723<ul>
3724  <li><?php bugfix(76466); ?> (Loop variable confusion).</li>
3725  <li><?php bugfix(76463); ?> (var has array key type but not value type).</li>
3726  <li><?php bugfix(76446); ?> (zend_variables.c:73: zend_string_destroy: Assertion `!(zval_gc_flags((str)-&gt;gc)).</li>
3727  <li><?php bugfix(76711); ?> (OPcache enabled triggers false-positive "Illegal string offset").</li>
3728  <li><?php bugfix(77058); ?> (Type inference in opcache causes side effects).</li>
3729  <li><?php bugfix(77092); ?> (array_diff_key() - segmentation fault).</li>
3730</ul></li>
3731<li>OpenSSL:
3732<ul>
3733  <li>Added openssl_pkey_derive function.</li>
3734  <li>Add min_proto_version and max_proto_version ssl stream options as well as related constants for possible TLS protocol values.</li>
3735</ul></li>
3736<li>PCRE:
3737<ul>
3738  <li>Implemented https://wiki.php.net/rfc/pcre2-migration.</li>
3739  <li>Upgrade PCRE2 to 10.32.</li>
3740  <li><?php bugfix(75355); ?> (preg_quote() does not quote # control character).</li>
3741  <li><?php bugfix(76512); ?> (\w no longer includes unicode characters).</li>
3742  <li><?php bugfix(76514); ?> (Regression in preg_match makes it fail with PREG_JIT_STACKLIMIT_ERROR).</li>
3743  <li><?php bugfix(76909); ?> (preg_match difference between 7.3 and &lt; 7.3).</li>
3744</ul></li>
3745<li>PDO_DBlib:
3746<ul>
3747  <li><?php implemented(69592); ?> (allow 0-column rowsets to be skipped automatically).</li>
3748  <li>Expose TDS version as \PDO::DBLIB_ATTR_TDS_VERSION attribute on \PDO instance.</li>
3749  <li>Treat DATETIME2 columns like DATETIME.</li>
3750  <li><?php bugfix(74243); ?> (allow locales.conf to drive datetime format).</li>
3751</ul></li>
3752<li>PDO_Firebird:
3753<ul>
3754  <li><?php bugfix(74462); ?> (PDO_Firebird returns only NULLs for results with boolean for FIREBIRD &gt;= 3.0).</li>
3755</ul></li>
3756<li>PDO_OCI:
3757<ul>
3758  <li><?php bugfix(74631); ?> (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).</li>
3759</ul></li>
3760<li>PDO SQLite:
3761<ul>
3762  <li>Add support for additional open flags</li>
3763</ul></li>
3764<li>pgsql:
3765<ul>
3766  <li>Added new error constants for pg_result_error(): PGSQL_DIAG_SCHEMA_NAME, PGSQL_DIAG_TABLE_NAME, PGSQL_DIAG_COLUMN_NAME, PGSQL_DIAG_DATATYPE_NAME, PGSQL_DIAG_CONSTRAINT_NAME and PGSQL_DIAG_SEVERITY_NONLOCALIZED.</li>
3767  <li><?php bugfix(77047); ?> (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).</li>
3768</ul></li>
3769<li>phar:
3770<ul>
3771  <li><?php bugfix(74991); ?> (include_path has a 4096 char limit in some cases).</li>
3772  <li><?php bugfix(65414); ?> (deal with leading slash when adding files correctly).</li>
3773  <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li>
3774  <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li>
3775</ul></li>
3776<li>readline:
3777<ul>
3778  <li>Added completion_append_character and completion_suppress_append options to readline_info() if linked against libreadline.</li>
3779</ul></li>
3780<li>Session:
3781<ul>
3782  <li><?php bugfix(74941); ?> (session fails to start after having headers sent).</li>
3783</ul></li>
3784<li>SimpleXML:
3785<ul>
3786  <li><?php bugfix(54973); ?> (SimpleXML casts integers wrong).</li>
3787  <li><?php bugfix(76712); ?> (Assignment of empty string creates extraneous text node).</li>
3788</ul></li>
3789<li>Sockets:
3790<ul>
3791  <li><?php bugfix(67619); ?> (Validate length on socket_write).</li>
3792</ul></li>
3793<li>SOAP:
3794<ul>
3795  <li><?php bugfix(75464); ?> (Wrong reflection on SoapClient::__setSoapHeaders).</li>
3796  <li><?php bugfix(70469); ?> (SoapClient generates E_ERROR even if exceptions=1 is used).</li>
3797  <li><?php bugfix(50675); ?> (SoapClient can't handle object references correctly).</li>
3798  <li><?php bugfix(76348); ?> (WSDL_CACHE_MEMORY causes Segmentation fault).</li>
3799  <li><?php bugfix(77141); ?> (Signedness issue in SOAP when precision=-1).</li>
3800</ul></li>
3801<li>SPL:
3802<ul>
3803  <li><?php bugfix(74977); ?> (Appending AppendIterator leads to segfault).</li>
3804  <li><?php bugfix(75173); ?> (incorrect behavior of AppendIterator::append in foreach loop).</li>
3805  <li><?php bugfix(74372); ?> (autoloading file with syntax error uses next autoloader, may hide parse error).</li>
3806  <li><?php bugfix(75878); ?> (RecursiveTreeIterator::setPostfix has wrong signature).</li>
3807  <li><?php bugfix(74519); ?> (strange behavior of AppendIterator).</li>
3808  <li><?php bugfix(76131); ?> (mismatch arginfo for splarray constructor).</li>
3809</ul></li>
3810<li>SQLite3:
3811<ul>
3812  <li>Updated bundled libsqlite to 3.24.0.</li>
3813</ul></li>
3814<li>Standard:
3815<ul>
3816  <li>Added is_countable() function.</li>
3817  <li>Added support for the SameSite cookie directive, including an alternative signature for setcookie(), setrawcookie() and session_set_cookie_params().</li>
3818  <li>Remove superfluous warnings from inet_ntop()/inet_pton().</li>
3819  <li><?php bugfix(75916); ?> (DNS_CAA record results contain garbage).</li>
3820  <li>Fixed unserialize(), to disable creation of unsupported data structures through manually crafted strings.</li>
3821  <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li>
3822  <li><?php bugfix(74719); ?> (fopen() should accept NULL as context).</li>
3823  <li><?php bugfix(69948); ?> (path/domain are not sanitized in setcookie).</li>
3824  <li><?php bugfix(75996); ?> (incorrect url in header for mt_rand).</li>
3825  <li>Added hrtime() function, to get high resolution time.</li>
3826  <li><?php bugfix(48016); ?> (stdClass::__setState is not defined although var_export() uses it).</li>
3827  <li><?php bugfix(76136); ?> (stream_socket_get_name should enclose IPv6 in brackets).</li>
3828  <li><?php bugfix(76688); ?> (Disallow excessive parameters after options array).</li>
3829  <li><?php bugfix(76713); ?> (Segmentation fault caused by property corruption).</li>
3830  <li><?php bugfix(76755); ?> (setcookie does not accept "double" type for expire time).</li>
3831  <li><?php bugfix(76674); ?> (improve array_* failure messages exposing what was passed instead of an array).</li>
3832  <li><?php bugfix(76803); ?> (ftruncate changes file pointer).</li>
3833  <li><?php bugfix(76818); ?> (Memory corruption and segfault).</li>
3834  <li><?php bugfix(77081); ?> (ftruncate() changes seek pointer in c mode).</li>
3835</ul></li>
3836<li>Testing:
3837<ul>
3838  <li><?php implemented(62055); ?> (Make run-tests.php support --CGI-- sections).</li>
3839</ul></li>
3840<li>Tidy:
3841<ul>
3842  <li>Support using tidyp instead of tidy.</li>
3843  <li><?php bugfix(74707); ?> (Tidy has incorrect ReflectionFunction param counts for functions taking tidy).</li>
3844  <li>Fixed arginfo for tidy::__construct().</li>
3845</ul></li>
3846<li>Tokenizer:
3847<ul>
3848  <li><?php bugfix(76437); ?> (token_get_all with TOKEN_PARSE flag fails to recognise close tag).</li>
3849  <li><?php bugfix(75218); ?> (Change remaining uncatchable fatal errors for parsing into ParseError).</li>
3850  <li><?php bugfix(76538); ?> (token_get_all with TOKEN_PARSE flag fails to recognise close tag with newline).</li>
3851  <li><?php bugfix(76991); ?> (Incorrect tokenization of multiple invalid flexible heredoc strings).</li>
3852</ul></li>
3853<li>XML:
3854<ul>
3855  <li><?php bugfix(71592); ?> (External entity processing never fails).</li>
3856</ul></li>
3857<li>Zlib:
3858<ul>
3859  <li>Added zlib/level context option for compress.zlib wrapper.</li>
3860</ul></li>
3861</ul>
3862<!-- }}} --></section>
3863
3864<a id="PHP_7_2"></a>
3865
3866<section class="version" id="7.2.34"><!-- {{{ 7.2.34 -->
3867<h3>Version 7.2.34</h3>
3868<b><?php release_date('01-Oct-2020'); ?></b>
3869<ul><li>Core:
3870<ul>
3871  <li><?php bugfix(79699); ?> (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)</li>
3872</ul></li>
3873<li>OpenSSL:
3874<ul>
3875  <li><?php bugfix(79601); ?> (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)</li>
3876</ul></li>
3877</ul>
3878<!-- }}} --></section>
3879
3880<section class="version" id="7.2.33"><!-- {{{ 7.2.33 -->
3881<h3>Version 7.2.33</h3>
3882<b><?php release_date('06-Aug-2020'); ?></b>
3883<ul><li>Core:
3884<ul>
3885  <li><?php bugfix(79877); ?> (getimagesize function silently truncates after a null byte) (cmb)</li>
3886</ul></li>
3887<li>Phar:
3888<ul>
3889  <li><?php bugfix(79797); ?> (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)</li>
3890</ul></li>
3891</ul>
3892<!-- }}} --></section>
3893
3894<section class="version" id="7.2.32"><!-- {{{ 7.2.32 -->
3895<h3>Version 7.2.32</h3>
3896<b><?php release_date('09-Jul-2020'); ?></b>
3897<ul><li>Windows:
3898<ul>
3899  <li>Rebuild of official Windows binaries with patched libcurl. No PHP source changes.</li>
3900</ul></li>
3901</ul>
3902<!-- }}} --></section>
3903
3904
3905
3906<section class="version" id="7.2.31"><!-- {{{ 7.2.31 -->
3907<h3>Version 7.2.31</h3>
3908<b><?php release_date('14-May-2020'); ?></b>
3909<ul><li>Core:
3910<ul>
3911  <li><?php bugfix(78875); ?> (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)</li>
3912  <li><?php bugfix(78876); ?> (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)</li>
3913</ul></li>
3914</ul>
3915<!-- }}} --></section>
3916
3917<section class="version" id="7.2.30"><!-- {{{ 7.2.30 -->
3918<h3>Version 7.2.30</h3>
3919<b><?php release_date('16-Apr-2020'); ?></b>
3920<ul><li>Standard:
3921<ul>
3922  <li><?php bugfix(79468); ?> (SIGSEGV when closing stream handle with a stream filter appended).</li>
3923  <li><?php bugfix(79330); ?> (shell_exec() silently truncates after a null byte).</li>
3924  <li><?php bugfix(79465); ?> (OOB Read in urldecode()).</li>
3925</ul></li>
3926</ul>
3927<!-- }}} --></section>
3928
3929
3930
3931<section class="version" id="7.2.29"><!-- {{{ 7.2.29 -->
3932<h3>Version 7.2.29</h3>
3933<b><?php release_date('19-Mar-2020'); ?></b>
3934<ul><li>Core:
3935<ul>
3936  <li><?php bugfix(79329); ?> (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)</li>
3937</ul></li>
3938<li>EXIF:
3939<ul>
3940  <li><?php bugfix(79282); ?> (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)</li>
3941</ul></li>
3942</ul>
3943<!-- }}} --></section>
3944
3945<section class="version" id="7.2.28"><!-- {{{ 7.2.28 -->
3946<h3>Version 7.2.28</h3>
3947<b><?php release_date('20-Feb-2020'); ?></b>
3948<ul><li>DOM:
3949<ul>
3950  <li><?php bugfix(77569); ?>: (Write Access Violation in DomImplementation).</li>
3951</ul></li>
3952<li>Phar:
3953<ul>
3954  <li><?php bugfix(79082); ?> (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)</li>
3955</ul></li>
3956<li>Session:
3957<ul>
3958  <li><?php bugfix(79221); ?> (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)</li>
3959</ul></li>
3960</ul>
3961<!-- }}} --></section>
3962
3963<section class="version" id="7.2.27"><!-- {{{ 7.2.27 -->
3964<h3>Version 7.2.27</h3>
3965<b><?php release_date('23-Jan-2020'); ?></b>
3966<ul><li>Mbstring:
3967<ul>
3968  <li><?php bugfix(79037); ?> (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)</li>
3969</ul></li>
3970<li>Session:
3971<ul>
3972  <li><?php bugfix(79091); ?> (heap use-after-free in session_create_id()).</li>
3973</ul></li>
3974<li>Standard:
3975<ul>
3976  <li><?php bugfix(79099); ?> (OOB read in php_strip_tags_ex). (CVE-2020-7059)</li>
3977</ul></li>
3978</ul>
3979<!-- }}} --></section>
3980
3981<section class="version" id="7.2.26"><!-- {{{ 7.2.26 -->
3982<h3>Version 7.2.26</h3>
3983<b><?php release_date('18-Dec-2019'); ?></b>
3984<ul><li>Bcmath:
3985<ul>
3986  <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)</li>
3987</ul></li>
3988<li>Core:
3989<ul>
3990  <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044)</li>
3991  <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)</li>
3992</ul></li>
3993<li>EXIF:
3994<ul>
3995  <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)</li>
3996  <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif). (CVE-2019-11047)</li>
3997</ul></li>
3998<li>GD:
3999<ul>
4000  <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li>
4001</ul></li>
4002<li>Intl:
4003<ul>
4004  <li><?php bugfix(78804); ?> (Segmentation fault in Locale::filterMatches).</li>
4005</ul></li>
4006<li>OPcache:
4007<ul>
4008  <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li>
4009</ul></li>
4010<li>Standard:
4011<ul>
4012  <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li>
4013  <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li>
4014  <li><?php bugfix(78814); ?> (strip_tags allows / in tag name =&gt; whitelist bypass).</li>
4015</ul></li>
4016</ul>
4017<!-- }}} --></section>
4018
4019
4020<section class="version" id="7.2.25"><!-- {{{ 7.2.25 -->
4021<h3>Version 7.2.25</h3>
4022<b><?php release_date('21-Nov-2019'); ?></b>
4023<ul><li>Core:
4024<ul>
4025  <li><?php bugfix(78656); ?> (Parse errors classified as highest log-level).</li>
4026  <li><?php bugfix(78752); ?> (Segfault if GC triggered while generator stack frame is being destroyed).</li>
4027  <li><?php bugfix(78689); ?> (Closure::fromCallable() doesn't handle [Closure, '__invoke']).</li>
4028</ul></li>
4029<li>COM:
4030<ul>
4031  <li><?php bugfix(78694); ?> (Appending to a variant array causes segfault).</li>
4032</ul></li>
4033<li>Date:
4034<ul>
4035  <li><?php bugfix(70153); ?> (\DateInterval incorrectly unserialized).</li>
4036  <li><?php bugfix(78751); ?> (Serialising DatePeriod converts DateTimeImmutable).</li>
4037</ul></li>
4038<li>Iconv:
4039<ul>
4040  <li><?php bugfix(78642); ?> (Wrong libiconv version displayed). (gedas at martynas, cmb).</li>
4041</ul></li>
4042<li>OpCache:
4043<ul>
4044  <li><?php bugfix(78654); ?> (Incorrectly computed opcache checksum on files with non-ascii characters).</li>
4045  <li><?php bugfix(78747); ?> (OpCache corrupts custom extension result).</li>
4046</ul></li>
4047<li>OpenSSL:
4048<ul>
4049  <li><?php bugfix(78775); ?> (TLS issues from HTTP request affecting other encrypted connections).</li>
4050</ul></li>
4051<li>Reflection:
4052<ul>
4053  <li><?php bugfix(78697); ?> (ReflectionClass::ImplementsInterface - inaccurate error message with traits).</li>
4054</ul></li>
4055<li>Sockets:
4056<ul>
4057  <li><?php bugfix(78665); ?> (Multicasting may leak memory).</li>
4058</ul></li>
4059</ul>
4060<!-- }}} --></section>
4061
4062
4063
4064<section class="version" id="7.2.24"><!-- {{{ 7.2.24 -->
4065<h3>Version 7.2.24</h3>
4066<b><?php release_date('24-Oct-2019'); ?></b>
4067<ul><li>Core:
4068<ul>
4069  <li><?php bugfix(78535); ?> (auto_detect_line_endings value not parsed as bool).</li>
4070  <li><?php bugfix(78620); ?> (Out of memory error).</li>
4071</ul></li>
4072<li>Exif:
4073<ul>
4074  <li><?php bugfix(78442); ?> ('Illegal component' on exif_read_data since PHP7) (Kalle)</li>
4075</ul></li>
4076<li>FPM:
4077<ul>
4078  <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li>
4079</ul></li>
4080<li>MBString:
4081<ul>
4082  <li><?php bugfix(78579); ?> (mb_decode_numericentity: args number inconsistency).</li>
4083  <li><?php bugfix(78609); ?> (mb_check_encoding() no longer supports stringable objects).</li>
4084</ul></li>
4085<li>MySQLi:
4086<ul>
4087  <li><?php bugfix(76809); ?> (SSL settings aren't respected when persistent connections are used).</li>
4088</ul></li>
4089<li>PDO_MySQL:
4090<ul>
4091  <li><?php bugfix(78623); ?> (Regression caused by "SP call yields additional empty result set").</li>
4092</ul></li>
4093<li>Session:
4094<ul>
4095  <li><?php bugfix(78624); ?> (session_gc return value for user defined session handlers).</li>
4096</ul></li>
4097<li>Standard:
4098<ul>
4099  <li><?php bugfix(76342); ?> (file_get_contents waits twice specified timeout).</li>
4100  <li><?php bugfix(78612); ?> (strtr leaks memory when integer keys are used and the subject string shorter).</li>
4101  <li><?php bugfix(76859); ?> (stream_get_line skips data if used with data-generating filter).</li>
4102</ul></li>
4103<li>Zip:
4104<ul>
4105  <li><?php bugfix(78641); ?> (addGlob can modify given remove_path value).</li>
4106</ul></li>
4107</ul>
4108<!-- }}} --></section>
4109
4110<section class="version" id="7.2.23"><!-- {{{ 7.2.23 -->
4111<h3>Version 7.2.23</h3>
4112<b><?php release_date('26-Sep-2019'); ?></b>
4113<ul><li>Core:
4114<ul>
4115  <li><?php bugfix(78220); ?> (Can't access OneDrive folder).</li>
4116  <li><?php bugfix(78412); ?> (Generator incorrectly reports non-releasable $this as GC child).</li>
4117</ul></li>
4118<li>FastCGI:
4119<ul>
4120  <li><?php bugfix(78469); ?> (FastCGI on_accept hook is not called when using named pipes on Windows).</li>
4121</ul></li>
4122<li>MySQLnd:
4123<ul>
4124  <li>Fixed connect_attr issues and added the _server_host connection attribute.</li>
4125</ul></li>
4126<li>ODBC:
4127<ul>
4128  <li><?php bugfix(78473); ?> (odbc_close() closes arbitrary resources).</li>
4129</ul></li>
4130<li>PDO_MySQL:
4131<ul>
4132  <li><?php bugfix(41997); ?> (SP call yields additional empty result set).</li>
4133</ul></li>
4134<li>sodium:
4135<ul>
4136  <li><?php bugfix(78510); ?> (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).</li>
4137</ul></li>
4138<li>SPL:
4139<ul>
4140  <li><?php bugfix(72884); ?> (SplObject isCloneable() returns true but errs on clone).</li>
4141</ul></li>
4142</ul>
4143<!-- }}} --></section>
4144
4145
4146
4147<section class="version" id="7.2.22"><!-- {{{ 7.2.22 -->
4148<h3>Version 7.2.22</h3>
4149<b><?php release_date('29-Aug-2019'); ?></b>
4150<ul><li>Core:
4151<ul>
4152  <li><?php bugfix(78363); ?> (Buffer overflow in zendparse).</li>
4153  <li><?php bugfix(78379); ?> (Cast to object confuses GC, causes crash).</li>
4154</ul></li>
4155<li>Curl:
4156<ul>
4157  <li><?php bugfix(77946); ?> (Bad cURL resources returned by curl_multi_info_read()).</li>
4158</ul></li>
4159<li>Exif:
4160<ul>
4161  <li><?php bugfix(78333); ?> (Exif crash (bus error) due to wrong alignment and invalid cast).</li>
4162</ul></li>
4163<li>Iconv:
4164<ul>
4165  <li><?php bugfix(78342); ?> (Bus error in configure test for iconv //IGNORE).</li>
4166</ul></li>
4167<li>LiteSpeed:
4168<ul>
4169  <li>Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).</li>
4170</ul></li>
4171<li>MySQLnd:
4172<ul>
4173  <li><?php bugfix(78179); ?> (MariaDB server version incorrectly detected).</li>
4174</ul></li>
4175<li>Opcache:
4176<ul>
4177  <li><?php bugfix(77191); ?> (Assertion failure in dce_live_ranges() when silencing is used).</li>
4178</ul></li>
4179<li>Standard:
4180<ul>
4181  <li><?php bugfix(69100); ?> (Bus error from stream_copy_to_stream (file -&gt; SSL stream) with invalid length).</li>
4182  <li><?php bugfix(78282); ?> (atime and mtime mismatch).</li>
4183  <li><?php bugfix(78326); ?> (improper memory deallocation on stream_get_contents() with fixed length buffer).</li>
4184</ul></li>
4185</ul>
4186<!-- }}} --></section>
4187
4188
4189
4190<section class="version" id="7.2.21"><!-- {{{ 7.2.21 -->
4191<h3>Version 7.2.21</h3>
4192<b><?php release_date('01-Aug-2019'); ?></b>
4193<ul><li>Date:
4194<ul>
4195  <li><?php bugfix(69044); ?> (discrepency between time and microtime).</li>
4196</ul></li>
4197<li>EXIF:
4198<ul>
4199  <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li>
4200  <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li>
4201</ul></li>
4202<li>Fileinfo:
4203<ul>
4204  <li><?php bugfix(78183); ?> (finfo_file shows wrong mime-type for .tga file).</li>
4205</ul></li>
4206<li>FTP:
4207<ul>
4208  <li><?php bugfix(77124); ?> (FTP with SSL memory leak).</li>
4209</ul></li>
4210<li>Libxml:
4211<ul>
4212  <li><?php bugfix(78279); ?> (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).</li>
4213</ul></li>
4214<li>LiteSpeed:
4215<ul>
4216  <li>Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).</li>
4217  <li><?php bugfix(76058); ?> (After "POST data can't be buffered", using php://input makes huge tmp files).</li>
4218</ul></li>
4219<li>Openssl:
4220<ul>
4221  <li><?php bugfix(78231); ?> (Segmentation fault upon stream_socket_accept of exported socket-to-stream).</li>
4222</ul></li>
4223<li>OPcache:
4224<ul>
4225  <li><?php bugfix(78189); ?> (file cache strips last character of uname hash).</li>
4226  <li><?php bugfix(78202); ?> (Opcache stats for cache hits are capped at 32bit NUM).</li>
4227  <li><?php bugfix(78291); ?> (opcache_get_configuration doesn't list all directives).</li>
4228</ul></li>
4229<li>Phar:
4230<ul>
4231  <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li>
4232</ul></li>
4233<li>Phpdbg:
4234<ul>
4235  <li><?php bugfix(78297); ?> (Include unexistent file memory leak).</li>
4236</ul></li>
4237<li>PDO_Sqlite:
4238<ul>
4239  <li><?php bugfix(78192); ?> (SegFault when reuse statement after schema has changed).</li>
4240</ul></li>
4241<li>SQLite:
4242<ul>
4243  <li>Upgraded to SQLite 3.28.0.</li>
4244</ul></li>
4245<li>Standard:
4246<ul>
4247  <li><?php bugfix(78241); ?> (touch() does not handle dates after 2038 in PHP 64-bit).</li>
4248  <li><?php bugfix(78269); ?> (password_hash uses weak options for argon2).</li>
4249</ul></li>
4250<li>XMLRPC:
4251<ul>
4252  <li><?php bugfix(78173); ?> (XML-RPC mutates immutable objects during encoding).</li>
4253</ul></li>
4254</ul>
4255<!-- }}} --></section>
4256
4257<section class="version" id="7.2.20"><!-- {{{ 7.2.20 -->
4258<h3>Version 7.2.20</h3>
4259<b><?php release_date('04-Jul-2019'); ?></b>
4260<ul><li>Core:
4261<ul>
4262  <li><?php bugfix(76980); ?> (Interface gets skipped if autoloader throws an exception).</li>
4263</ul></li>
4264<li>DOM:
4265<ul>
4266  <li><?php bugfix(78025); ?> (segfault when accessing properties of DOMDocumentType).</li>
4267</ul></li>
4268<li>MySQLi:
4269<ul>
4270  <li><?php bugfix(77956); ?> (When mysqli.allow_local_infile = Off, use a meaningful error message).</li>
4271  <li><?php bugfix(38546); ?> (bindParam incorrect processing of bool types).</li>
4272</ul></li>
4273<li>Opcache:
4274<ul>
4275  <li><?php bugfix(78106); ?> (Path resolution fails if opcache disabled during request).</li>
4276</ul></li>
4277<li>OpenSSL:
4278<ul>
4279  <li><?php bugfix(78079); ?> (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).</li>
4280</ul></li>
4281<li>Sockets:
4282<ul>
4283  <li><?php bugfix(78038); ?> (Socket_select fails when resource array contains references).</li>
4284</ul></li>
4285<li>Standard:
4286<ul>
4287  <li><?php bugfix(77135); ?> (Extract with EXTR_SKIP should skip $this).</li>
4288  <li><?php bugfix(77937); ?> (preg_match failed).</li>
4289</ul></li>
4290<li>Zip:
4291<ul>
4292  <li><?php bugfix(76345); ?> (zip.h not found).</li>
4293</ul></li>
4294</ul>
4295<!-- }}} --></section>
4296
4297<section class="version" id="7.2.19"><!-- {{{ 7.2.19 -->
4298<h3>Version 7.2.19</h3>
4299<b><?php release_date('30-May-2019'); ?></b>
4300<ul><li>Date:
4301<ul>
4302  <li><?php bugfix(77909); ?> (DatePeriod::__construct() with invalid recurrence count value).</li>
4303</ul></li>
4304<li>EXIF:
4305<ul>
4306  <li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li>
4307</ul></li>
4308<li>FPM:
4309<ul>
4310  <li><?php bugfix(77934); ?> (php-fpm kill -USR2 not working).</li>
4311  <li><?php bugfix(77921); ?> (static.php.net doesn't work anymore).</li>
4312</ul></li>
4313<li>GD:
4314<ul>
4315  <li><?php bugfix(77943); ?> (imageantialias($image, false); does not work).</li>
4316  <li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li>
4317</ul></li>
4318<li>Iconv:
4319<ul>
4320  <li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li>
4321</ul></li>
4322<li>JSON:
4323<ul>
4324  <li><?php bugfix(77843); ?> (Use after free with json serializer).</li>
4325</ul></li>
4326<li>Opcache:
4327<ul>
4328  <li>Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.</li>
4329</ul></li>
4330<li>PDO_MySQL:
4331<ul>
4332  <li><?php bugfix(77944); ?> (Wrong meta pdo_type for bigint on LLP64).</li>
4333</ul></li>
4334<li>Reflection:
4335<ul>
4336  <li><?php bugfix(75186); ?> (Inconsistent reflection of Closure:::__invoke()).</li>
4337</ul></li>
4338<li>Session:
4339<ul>
4340  <li><?php bugfix(77911); ?> (Wrong warning for session.sid_bits_per_character).</li>
4341</ul></li>
4342<li>SPL:
4343<ul>
4344  <li><?php bugfix(77024); ?> (SplFileObject::__toString() may return array).</li>
4345</ul></li>
4346<li>SQLite:
4347<ul>
4348  <li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li>
4349</ul></li>
4350</ul>
4351<!-- }}} --></section>
4352
4353<section class="version" id="7.2.18"><!-- {{{ 7.2.18 -->
4354<h3>Version 7.2.18</h3>
4355<b><?php release_date('02-May-2019'); ?></b>
4356<ul><li>CLI:
4357<ul>
4358  <li><?php bugfix(77794); ?> (Incorrect Date header format in built-in server).</li>
4359</ul></li>
4360<li>EXIF:
4361<ul>
4362  <li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li>
4363</ul></li>
4364<li>Interbase:
4365<ul>
4366  <li><?php bugfix(72175); ?> (Impossibility of creating multiple connections to Interbase with php 7.x).</li>
4367</ul></li>
4368<li>Intl:
4369<ul>
4370  <li><?php bugfix(77895); ?> (IntlDateFormatter::create fails in strict mode if $locale = null).</li>
4371</ul></li>
4372<li>litespeed:
4373<ul>
4374  <li>LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().</li>
4375</ul></li>
4376<li>Mail:
4377<ul>
4378  <li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li>
4379</ul></li>
4380<li>PCRE:
4381<ul>
4382  <li><?php bugfix(77827); ?> (preg_match does not ignore \r in regex flags).</li>
4383</ul></li>
4384<li>PDO:
4385<ul>
4386  <li><?php bugfix(77849); ?> (Disable cloning of PDO handle/connection objects).</li>
4387</ul></li>
4388<li>phpdbg:
4389<ul>
4390  <li><?php bugfix(76801); ?> (too many open files).</li>
4391  <li><?php bugfix(77800); ?> (phpdbg segfaults on listing some conditional breakpoints).</li>
4392  <li><?php bugfix(77805); ?> (phpdbg build fails when readline is shared).</li>
4393</ul></li>
4394<li>Reflection:
4395<ul>
4396  <li><?php bugfix(77772); ?> (ReflectionClass::getMethods(null) doesn't work).</li>
4397  <li><?php bugfix(77882); ?> (Different behavior: always calls destructor).</li>
4398</ul></li>
4399<li>Standard:
4400<ul>
4401  <li><?php bugfix(77680); ?> (recursive mkdir on ftp stream wrapper is incorrect).</li>
4402  <li><?php bugfix(77844); ?> (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).</li>
4403  <li><?php bugfix(77853); ?> (Inconsistent substr_compare behaviour with empty haystack).</li>
4404</ul></li>
4405</ul>
4406<!-- }}} --></section>
4407
4408<section class="version" id="7.2.17"><!-- {{{ 7.2.17 -->
4409<h3>Version 7.2.17</h3>
4410<b><?php release_date('04-Apr-2019'); ?></b>
4411<ul><li>Core:
4412<ul>
4413  <li><?php bugfix(77738); ?> (Nullptr deref in zend_compile_expr).</li>
4414  <li><?php bugfix(77660); ?> (Segmentation fault on break 2147483648).</li>
4415  <li><?php bugfix(77652); ?> (Anonymous classes can lose their interface information).</li>
4416  <li><?php bugfix(77676); ?> (Unable to run tests when building shared extension on AIX).</li>
4417</ul></li>
4418<li>Bcmath:
4419<ul>
4420  <li><?php bugfix(77742); ?> (bcpow() implementation related to gcc compiler optimization).</li>
4421</ul></li>
4422<li>COM:
4423<ul>
4424  <li><?php bugfix(77578); ?> (Crash when php unload).</li>
4425</ul></li>
4426<li>Date:
4427<ul>
4428  <li><?php bugfix(50020); ?> (DateInterval:createDateFromString() silently fails).</li>
4429  <li><?php bugfix(75113); ?> (Added DatePeriod::getRecurrences() method).</li>
4430</ul></li>
4431<li>EXIF:
4432<ul>
4433  <li><?php bugfix(77753); ?> (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)</li>
4434  <li><?php bugfix(77831); ?> (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)</li>
4435</ul></li>
4436<li>FPM:
4437<ul>
4438  <li><?php bugfix(77677); ?> (FPM fails to build on AIX due to missing WCOREDUMP).</li>
4439</ul></li>
4440<li>GD:
4441<ul>
4442  <li><?php bugfix(77700); ?> (Writing truecolor images as GIF ignores interlace flag).</li>
4443</ul></li>
4444<li>MySQLi:
4445<ul>
4446  <li><?php bugfix(77597); ?> (mysqli_fetch_field hangs scripts).</li>
4447</ul></li>
4448<li>Opcache:
4449<ul>
4450  <li><?php bugfix(77691); ?> (Opcache passes wrong value for inline array push assignments).</li>
4451  <li><?php bugfix(77743); ?> (Incorrect pi node insertion for jmpznz with identical successors).</li>
4452</ul></li>
4453<li>phpdbg:
4454<ul>
4455  <li><?php bugfix(77767); ?> (phpdbg break cmd aliases listed in help do not match actual aliases).</li>
4456</ul></li>
4457<li>sodium:
4458<ul>
4459  <li><?php bugfix(77646); ?> (sign_detached() strings not terminated).</li>
4460</ul></li>
4461<li>SQLite3:
4462<ul>
4463  <li>Added sqlite3.defensive INI directive.</li>
4464</ul></li>
4465<li>Standard:
4466<ul>
4467  <li><?php bugfix(77664); ?> (Segmentation fault when using undefined constant in custom wrapper).</li>
4468  <li><?php bugfix(77669); ?> (Crash in extract() when overwriting extracted array).</li>
4469  <li><?php bugfix(76717); ?> (var_export() does not create a parsable value for PHP_INT_MIN).</li>
4470  <li><?php bugfix(77765); ?> (FTP stream wrapper should set the directory as executable).</li>
4471</ul></li>
4472</ul>
4473<!-- }}} --></section>
4474
4475<section class="version" id="7.2.16"><!-- {{{ 7.2.16 -->
4476<h3>Version 7.2.16</h3>
4477<b><?php release_date('07-Mar-2019'); ?></b>
4478<ul><li>Core:
4479<ul>
4480  <li><?php bugfix(77589); ?> (Core dump using parse_ini_string with numeric sections).</li>
4481  <li><?php bugfix(77630); ?> (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)</li>
4482</ul></li>
4483<li>COM:
4484<ul>
4485  <li><?php bugfix(77621); ?> (Already defined constants are not properly reported).</li>
4486</ul></li>
4487<li>EXIF:
4488<ul>
4489  <li><?php bugfix(77509); ?> (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)</li>
4490  <li><?php bugfix(77540); ?> (Invalid Read on exif_process_SOFn). (CVE-2019-9640)</li>
4491  <li><?php bugfix(77563); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)</li>
4492  <li><?php bugfix(77659); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)</li>
4493</ul></li>
4494<li>PDO_OCI:
4495<ul>
4496  <li>Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.</li>
4497</ul></li>
4498<li>PHAR:
4499<ul>
4500  <li><?php bugfix(77396); ?> (Null Pointer Dereference in phar_create_or_parse_filename).</li>
4501</ul></li>
4502<li>SPL:
4503<ul>
4504  <li><?php bugfix(51068); ?> (DirectoryIterator glob:// don't support current path relative queries).</li>
4505  <li><?php bugfix(77431); ?> (openFile() silently truncates after a null byte).</li>
4506</ul></li>
4507<li>Standard:
4508<ul>
4509  <li><?php bugfix(77552); ?> (Unintialized php_stream_statbuf in stat functions).</li>
4510</ul></li>
4511<li>MySQL:
4512<ul>
4513  <li>Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.</li>
4514</ul></li>
4515</ul>
4516<!-- }}} --></section>
4517
4518<section class="version" id="7.2.15"><!-- {{{ 7.2.15 -->
4519<h3>Version 7.2.15</h3>
4520<b><?php release_date('07-Feb-2019'); ?></b>
4521<ul><li>Core:
4522<ul>
4523  <li><?php bugfix(77339); ?> (__callStatic may get incorrect arguments).</li>
4524  <li><?php bugfix(77494); ?> (Disabling class causes segfault on member access).</li>
4525  <li><?php bugfix(77530); ?> (PHP crashes when parsing `(2)::class`).</li>
4526</ul></li>
4527<li>Curl:
4528<ul>
4529  <li><?php bugfix(76675); ?> (Segfault with H2 server push).</li>
4530</ul></li>
4531<li>GD:
4532<ul>
4533  <li><?php bugfix(73281); ?> (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).</li>
4534  <li><?php bugfix(73614); ?> (gdImageFilledArc() doesn't properly draw pies).</li>
4535  <li><?php bugfix(77272); ?> (imagescale() may return image resource on failure).</li>
4536  <li><?php bugfix(77391); ?> (1bpp BMPs may fail to be loaded).</li>
4537  <li><?php bugfix(77479); ?> (imagewbmp() segfaults with very large images).</li>
4538</ul></li>
4539<li>ldap:
4540<ul>
4541  <li><?php bugfix(77440); ?> (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).</li>
4542</ul></li>
4543<li>Mbstring:
4544<ul>
4545  <li><?php bugfix(77454); ?> (mb_scrub() silently truncates after a null byte).</li>
4546</ul></li>
4547<li>MySQLnd:
4548<ul>
4549  <li><?php bugfix(75684); ?> (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).</li>
4550</ul></li>
4551<li>Opcache:
4552<ul>
4553  <li><?php bugfix(77361); ?> (configure fails on 64-bit AIX when opcache enabled).</li>
4554</ul></li>
4555<li>OpenSSL:
4556<ul>
4557  <li><?php bugfix(77390); ?> (feof might hang on TLS streams in case of fragmented TLS records).</li>
4558</ul></li>
4559<li>PDO:
4560<ul>
4561  <li><?php bugfix(77273); ?> (array_walk_recursive corrupts value types leading to PDO failure).</li>
4562</ul></li>
4563<li>Sockets:
4564<ul>
4565  <li><?php bugfix(76839); ?> (socket_recvfrom may return an invalid 'from' address on MacOS).</li>
4566</ul></li>
4567<li>Standard:
4568<ul>
4569  <li><?php bugfix(77395); ?> (segfault about array_multisort).</li>
4570  <li><?php bugfix(77439); ?> (parse_str segfaults when inserting item into existing array).</li>
4571</ul></li>
4572</ul>
4573<!-- }}} --></section>
4574
4575<section class="version" id="7.2.14"><!-- {{{ 7.2.14 -->
4576<h3>Version 7.2.14</h3>
4577<b><?php release_date('10-Jan-2019'); ?></b>
4578<ul><li>Core:
4579<ul>
4580  <li><?php bugfix(77369); ?> (memcpy with negative length via crafted DNS response). (CVE-2019-9022)</li>
4581  <li><?php bugfix(71041); ?> (zend_signal_startup() needs ZEND_API).</li>
4582  <li><?php bugfix(76046); ?> (PHP generates "FE_FREE" opcode on the wrong line).</li>
4583</ul></li>
4584<li>COM:
4585<ul>
4586  <li><?php bugfix(77177); ?> (Serializing or unserializing COM objects crashes).</li>
4587</ul></li>
4588<li>Date:
4589<ul>
4590  <li><?php bugfix(77097); ?> (DateTime::diff gives wrong diff when the actual diff is less than 1 second).</li>
4591</ul></li>
4592<li>Exif:
4593<ul>
4594  <li><?php bugfix(77184); ?> (Unsigned rational numbers are written out as signed rationals).</li>
4595</ul></li>
4596<li>GD:
4597<ul>
4598  <li><?php bugfix(77269); ?> (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)</li>
4599  <li><?php bugfix(77270); ?> (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)</li>
4600  <li><?php bugfix(77195); ?> (Incorrect error handling of imagecreatefromjpeg()).</li>
4601  <li><?php bugfix(77198); ?> (auto cropping has insufficient precision).</li>
4602  <li><?php bugfix(77200); ?> (imagecropauto(…, GD_CROP_SIDES) crops left but not right).</li>
4603</ul></li>
4604<li>IMAP:
4605<ul>
4606  <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li>
4607</ul></li>
4608<li>Mbstring:
4609<ul>
4610  <li><?php bugfix(77370); ?> (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)</li>
4611  <li><?php bugfix(77371); ?> (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)</li>
4612  <li><?php bugfix(77381); ?> (heap buffer overflow in multibyte match_at). (CVE-2019-9023)</li>
4613  <li><?php bugfix(77382); ?> (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)</li>
4614  <li><?php bugfix(77385); ?> (buffer overflow in fetch_token). (CVE-2019-9023)</li>
4615  <li><?php bugfix(77394); ?> (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)</li>
4616  <li><?php bugfix(77418); ?> (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)</li>
4617</ul></li>
4618<li>OCI8:
4619<ul>
4620  <li><?php bugfix(76804); ?> (oci_pconnect with OCI_CRED_EXT not working).</li>
4621  <li>Added oci_set_call_timeout() for call timeouts.</li>
4622  <li>Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.</li>
4623</ul></li>
4624<li>Opcache:
4625<ul>
4626  <li><?php bugfix(77215); ?> (CFG assertion failure on multiple finalizing switch frees in one block).</li>
4627</ul></li>
4628<li>PDO:
4629<ul>
4630  <li>Handle invalid index passed to PDOStatement::fetchColumn() as error.</li>
4631</ul></li>
4632<li>Phar:
4633<ul>
4634  <li><?php bugfix(77247); ?> (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)</li>
4635</ul></li>
4636<li>Sockets:
4637<ul>
4638  <li><?php bugfix(77136); ?> (Unsupported IPV6_RECVPKTINFO constants on macOS).</li>
4639</ul></li>
4640<li>SQLite3:
4641<ul>
4642  <li><?php bugfix(77051); ?> (Issue with re-binding on SQLite3).</li>
4643</ul></li>
4644<li>Xmlrpc:
4645<ul>
4646  <li><?php bugfix(77242); ?> (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)</li>
4647  <li><?php bugfix(77380); ?> (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)</li>
4648</ul></li>
4649</ul>
4650<!-- }}} --></section>
4651
4652<section class="version" id="7.2.13"><!-- {{{ 7.2.13 -->
4653<h3>Version 7.2.13</h3>
4654<b><?php release_date('06-Dec-2018'); ?></b>
4655<ul><li>ftp:
4656<ul>
4657  <li><?php bugfix(77151); ?> (ftp_close(): SSL_read on shutdown).</li>
4658</ul></li>
4659<li>CLI:
4660<ul>
4661  <li><?php bugfix(77111); ?> (php-win.exe corrupts unicode symbols from cli parameters).</li>
4662</ul></li>
4663<li>Fileinfo:
4664<ul>
4665  <li><?php bugfix(77095); ?> (slowness regression in 7.2/7.3 (compared to 7.1)).</li>
4666</ul></li>
4667<li>iconv:
4668<ul>
4669  <li><?php bugfix(77147); ?> (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).</li>
4670</ul></li>
4671<li>Core:
4672<ul>
4673  <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li>
4674</ul></li>
4675<li>IMAP:
4676<ul>
4677  <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li>
4678</ul></li>
4679<li>ODBC:
4680<ul>
4681  <li><?php bugfix(77079); ?> (odbc_fetch_object has incorrect type signature).</li>
4682</ul></li>
4683<li>Opcache:
4684<ul>
4685  <li><?php bugfix(77058); ?> (Type inference in opcache causes side effects).</li>
4686  <li><?php bugfix(77092); ?> (array_diff_key() - segmentation fault).</li>
4687</ul></li>
4688<li>Phar:
4689<ul>
4690  <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li>
4691  <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li>
4692</ul></li>
4693<li>PGSQL:
4694<ul>
4695  <li><?php bugfix(77047); ?> (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).</li>
4696</ul></li>
4697<li>SOAP:
4698<ul>
4699  <li><?php bugfix(50675); ?> (SoapClient can't handle object references correctly).</li>
4700  <li><?php bugfix(76348); ?> (WSDL_CACHE_MEMORY causes Segmentation fault).</li>
4701  <li><?php bugfix(77141); ?> (Signedness issue in SOAP when precision=-1).</li>
4702</ul></li>
4703<li>Sockets:
4704<ul>
4705  <li><?php bugfix(67619); ?> (Validate length on socket_write).</li>
4706</ul></li>
4707</ul>
4708<!-- }}} --></section>
4709
4710<section class="version" id="7.2.12"><!-- {{{ 7.2.12 -->
4711<h3>Version 7.2.12</h3>
4712<b><?php release_date('08-Nov-2018'); ?></b>
4713<ul><li>Core:
4714<ul>
4715  <li><?php bugfix(76846); ?> (Segfault in shutdown function after memory limit error).</li>
4716  <li><?php bugfix(76946); ?> (Cyclic reference in generator not detected).</li>
4717  <li><?php bugfix(77035); ?> (The phpize and ./configure create redundant .deps file).</li>
4718  <li><?php bugfix(77041); ?> (buildconf should output error messages to stderr) (Mizunashi Mana)</li>
4719</ul></li>
4720<li>Date:
4721<ul>
4722  <li>Upgraded timelib to 2017.08.</li>
4723  <li><?php bugfix(75851); ?> (Year component overflow with date formats "c", "o", "r" and "y").</li>
4724  <li><?php bugfix(77007); ?> (fractions in `diff()` are not correctly normalized).</li>
4725</ul></li>
4726<li>FCGI:
4727<ul>
4728  <li><?php bugfix(76948); ?> (Failed shutdown/reboot or end session in Windows).</li>
4729  <li><?php bugfix(76954); ?> (apache_response_headers removes last character from header name).</li>
4730</ul></li>
4731<li>FTP:
4732<ul>
4733  <li><?php bugfix(76972); ?> (Data truncation due to forceful ssl socket shutdown).</li>
4734</ul></li>
4735<li>intl:
4736<ul>
4737  <li><?php bugfix(76942); ?> (U_ARGUMENT_TYPE_MISMATCH).</li>
4738</ul></li>
4739<li>Reflection:
4740<ul>
4741  <li><?php bugfix(76936); ?> (Objects cannot access their private attributes while handling reflection errors).</li>
4742  <li><?php bugfix(66430); ?> (ReflectionFunction::invoke does not invoke closure with object scope).</li>
4743</ul></li>
4744<li>Sodium:
4745<ul>
4746  <li>Some base64 outputs were truncated; this is not the case any more.</li>
4747  <li>block sizes &gt;= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed.</li>
4748  <li><?php bugfix(77008); ?> (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input).</li>
4749</ul></li>
4750<li>Standard:
4751<ul>
4752  <li><?php bugfix(76965); ?> (INI_SCANNER_RAW doesn't strip trailing whitespace).</li>
4753</ul></li>
4754<li>Tidy:
4755<ul>
4756  <li><?php bugfix(77027); ?> (tidy::getOptDoc() not available on Windows).</li>
4757</ul></li>
4758<li>XML:
4759<ul>
4760  <li><?php bugfix(30875); ?> (xml_parse_into_struct() does not resolve entities).</li>
4761  <li>Add support for getting SKIP_TAGSTART and SKIP_WHITE options.</li>
4762</ul></li>
4763<li>XMLRPC:
4764<ul>
4765  <li><?php bugfix(75282); ?> (xmlrpc_encode_request() crashes).</li>
4766</ul></li>
4767</ul>
4768<!-- }}} --></section>
4769
4770<section class="version" id="7.2.11"><!-- {{{ 7.2.11 -->
4771<h3>Version 7.2.11</h3>
4772<b><?php release_date('11-Oct-2018'); ?></b>
4773<ul><li>Core:
4774<ul>
4775  <li><?php bugfix(76800); ?> (foreach inconsistent if array modified during loop).</li>
4776  <li><?php bugfix(76901); ?> (method_exists on SPL iterator passthrough method corrupts memory).</li>
4777</ul></li>
4778<li>CURL:
4779<ul>
4780  <li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li>
4781</ul></li>
4782<li>iconv:
4783<ul>
4784  <li><?php bugfix(66828); ?> (iconv_mime_encode Q-encoding longer than it should be).</li>
4785</ul></li>
4786<li>Opcache:
4787<ul>
4788  <li><?php bugfix(76832); ?> (ZendOPcache.MemoryBase periodically deleted by the OS).</li>
4789  <li><?php bugfix(76796); ?> (Compile-time evaluation of disabled function in opcache causes segfault).</li>
4790</ul></li>
4791<li>POSIX:
4792<ul>
4793  <li><?php bugfix(75696); ?> (posix_getgrnam fails to print details of group).</li>
4794</ul></li>
4795<li>Reflection:
4796<ul>
4797  <li><?php bugfix(74454); ?> (Wrong exception being thrown when using ReflectionMethod).</li>
4798</ul></li>
4799<li>Standard:
4800<ul>
4801  <li><?php bugfix(73457); ?> (Wrong error message when fopen FTP wrapped fails to open data connection).</li>
4802  <li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li>
4803  <li><?php bugfix(75533); ?> (array_reduce is slow when $carry is large array).</li>
4804</ul></li>
4805<li>XMLRPC:
4806<ul>
4807  <li><?php bugfix(76886); ?> (Can't build xmlrpc with expat).</li>
4808</ul></li>
4809<li>Zlib:
4810<ul>
4811  <li><?php bugfix(75273); ?> (php_zlib_inflate_filter() may not update bytes_consumed).</li>
4812</ul></li>
4813</ul>
4814<!-- }}} --></section>
4815
4816<section class="version" id="7.2.10"><!-- {{{ 7.2.10 -->
4817<h3>Version 7.2.10</h3>
4818<b><?php release_date('13-Sep-2018'); ?></b>
4819<ul><li>Core:
4820<ul>
4821  <li><?php bugfix(76754); ?> (parent private constant in extends class memory leak).</li>
4822  <li><?php bugfix(72443); ?> (Generate enabled extension).</li>
4823  <li><?php bugfix(75797); ?> (Memory leak when using class_alias() in non-debug mode).</li>
4824</ul></li>
4825<li>Apache2:
4826<ul>
4827  <li><?php bugfix(76582); ?> (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)</li>
4828</ul></li>
4829<li>Bz2:
4830<ul>
4831  <li>Fixed arginfo for bzcompress.</li>
4832</ul></li>
4833<li>gettext:
4834<ul>
4835  <li><?php bugfix(76517); ?> (incorrect restoring of LDFLAGS).</li>
4836</ul></li>
4837<li>iconv:
4838<ul>
4839  <li><?php bugfix(68180); ?> (iconv_mime_decode can return extra characters in a header).</li>
4840  <li><?php bugfix(63839); ?> (iconv_mime_decode_headers function is skipping headers).</li>
4841  <li><?php bugfix(60494); ?> (iconv_mime_decode does ignore special characters).</li>
4842  <li><?php bugfix(55146); ?> (iconv_mime_decode_headers() skips some headers).</li>
4843</ul></li>
4844<li>intl:
4845<ul>
4846  <li><?php bugfix(74484); ?> (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).</li>
4847</ul></li>
4848<li>libxml:
4849<ul>
4850  <li><?php bugfix(76777); ?> ("public id" parameter of libxml_set_external_entity_loader callback undefined).</li>
4851</ul></li>
4852<li>mbstring:
4853<ul>
4854  <li><?php bugfix(76704); ?> (mb_detect_order return value varies based on argument type).</li>
4855</ul></li>
4856<li>Opcache:
4857<ul>
4858  <li><?php bugfix(76747); ?> (Opcache treats path containing "test.pharma.tld" as a phar file).</li>
4859</ul></li>
4860<li>OpenSSL:
4861<ul>
4862  <li><?php bugfix(76705); ?> (unusable ssl =&gt; peer_fingerprint in stream_context_create()).</li>
4863</ul></li>
4864<li>phpdbg:
4865<ul>
4866  <li><?php bugfix(76595); ?> (phpdbg man page contains outdated information).</li>
4867</ul></li>
4868<li>SPL:
4869<ul>
4870  <li><?php bugfix(68825); ?> (Exception in DirectoryIterator::getLinkTarget()).</li>
4871  <li><?php bugfix(68175); ?> (RegexIterator pregFlags are NULL instead of 0).</li>
4872</ul></li>
4873<li>Standard:
4874<ul>
4875  <li><?php bugfix(76778); ?> (array_reduce leaks memory if callback throws exception).</li>
4876</ul></li>
4877<li>zlib:
4878<ul>
4879  <li><?php bugfix(65988); ?> (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).</li>
4880  <li><?php bugfix(76709); ?> (Minimal required zlib library is 1.2.0.4).</li>
4881</ul></li>
4882</ul>
4883<!-- }}} --></section>
4884
4885<section class="version" id="7.2.9"><!-- {{{ 7.2.9 -->
4886<h3>Version 7.2.9</h3>
4887<b><?php release_date('16-Aug-2018'); ?></b>
4888<ul><li>Calendar:
4889<ul>
4890  <li><?php bugfix(52974); ?> (jewish.c: compile error under Windows with GBK charset).</li>
4891</ul></li>
4892<li>Filter:
4893<ul>
4894  <li><?php bugfix(76366); ?> (References in sub-array for filtering breaks the filter).</li>
4895</ul></li>
4896<li>PDO_Firebird:
4897<ul>
4898  <li><?php bugfix(76488); ?> (Memory leak when fetching a BLOB field).</li>
4899</ul></li>
4900<li>PDO_PgSQL:
4901<ul>
4902  <li><?php bugfix(75402); ?> (Possible Memory Leak using PDO::CURSOR_SCROLL option).</li>
4903</ul></li>
4904<li>SQLite3:
4905<ul>
4906  <li><?php bugfix(76665); ?> (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).</li>
4907</ul></li>
4908<li>Standard:
4909<ul>
4910  <li><?php bugfix(73817); ?> (Incorrect entries in get_html_translation_table).</li>
4911  <li><?php bugfix(68553); ?> (array_column: null values in $index_key become incrementing keys in result).</li>
4912  <li><?php bugfix(76643); ?> (Segmentation fault when using `output_add_rewrite_var`).</li>
4913</ul></li>
4914<li>Zip:
4915<ul>
4916  <li><?php bugfix(76524); ?> (ZipArchive memory leak (OVERWRITE flag and empty archive)).</li>
4917</ul></li>
4918</ul>
4919<!-- }}} --></section>
4920
4921<section class="version" id="7.2.8"><!-- {{{ 7.2.8 -->
4922<h3>Version 7.2.8</h3>
4923<b><?php release_date('19-Jul-2018'); ?></b>
4924<ul><li>Core:
4925<ul>
4926  <li><?php bugfix(76534); ?> (PHP hangs on 'illegal string offset on string references with an error handler).</li>
4927  <li><?php bugfix(76520); ?> (Object creation leaks memory when executed over HTTP).</li>
4928  <li><?php bugfix(76502); ?> (Chain of mixed exceptions and errors does not serialize properly).</li>
4929</ul></li>
4930<li>Date:
4931<ul>
4932  <li><?php bugfix(76462); ?> (Undefined property: DateInterval::$f).</li>
4933</ul></li>
4934<li>EXIF:
4935<ul>
4936  <li><?php bugfix(76409); ?> (heap use after free in _php_stream_free). (CVE-2018-12882)</li>
4937  <li><?php bugfix(76423); ?> (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)</li>
4938  <li><?php bugfix(76557); ?> (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)</li>
4939</ul></li>
4940<li>FPM:
4941<ul>
4942  <li><?php bugfix(73342); ?> (Vulnerability in php-fpm by changing stdin to non-blocking).</li>
4943</ul></li>
4944<li>GMP:
4945<ul>
4946  <li><?php bugfix(74670); ?> (Integer Underflow when unserializing GMP and possible other classes).</li>
4947</ul></li>
4948<li>intl:
4949<ul>
4950  <li><?php bugfix(76556); ?> (get_debug_info handler for BreakIterator shows wrong type).</li>
4951</ul></li>
4952<li>mbstring:
4953<ul>
4954  <li><?php bugfix(76532); ?> (Integer overflow and excessive memory usage in mb_strimwidth).</li>
4955</ul></li>
4956<li>Opcache:
4957<ul>
4958  <li><?php bugfix(76477); ?> (Opcache causes empty return value).</li>
4959</ul></li>
4960<li>PGSQL:
4961<ul>
4962  <li><?php bugfix(76548); ?> (pg_fetch_result did not fetch the next row).</li>
4963</ul></li>
4964<li>phpdbg:
4965<ul>
4966  <li>Fix arginfo wrt. optional/required parameters.</li>
4967</ul></li>
4968<li>Reflection:
4969<ul>
4970  <li><?php bugfix(76536); ?> (PHP crashes with core dump when throwing exception in error handler).</li>
4971  <li><?php bugfix(75231); ?> (ReflectionProperty#getValue() incorrectly works with inherited classes).</li>
4972</ul></li>
4973<li>Standard:
4974<ul>
4975  <li><?php bugfix(76505); ?> (array_merge_recursive() is duplicating sub-array keys).</li>
4976  <li><?php bugfix(71848); ?> (getimagesize with $imageinfo returns false).</li>
4977</ul></li>
4978<li>Win32:
4979<ul>
4980  <li><?php bugfix(76459); ?> (windows linkinfo lacks openbasedir check). (CVE-2018-15132)</li>
4981</ul></li>
4982<li>ZIP:
4983<ul>
4984  <li><?php bugfix(76461); ?> (OPSYS_Z_CPM defined instead of OPSYS_CPM).</li>
4985</ul></li>
4986</ul>
4987<!-- }}} --></section>
4988
4989<section class="version" id="7.2.7"><!-- {{{ 7.2.7 -->
4990<h3>Version 7.2.7</h3>
4991<b><?php release_date('21-Jun-2018'); ?></b>
4992<ul><li>Core:
4993<ul>
4994  <li><?php bugfix(76337); ?> (segfault when opcache enabled + extension use zend_register_class_alias).</li>
4995</ul></li>
4996<li>CLI Server:
4997<ul>
4998  <li><?php bugfix(76333); ?> (PHP built-in server does not find files if root path contains special characters).</li>
4999</ul></li>
5000<li>OpenSSL:
5001<ul>
5002  <li><?php bugfix(76296); ?> (openssl_pkey_get_public does not respect open_basedir).</li>
5003  <li><?php bugfix(76174); ?> (openssl extension fails to build with LibreSSL 2.7).</li>
5004</ul></li>
5005<li>SPL:
5006<ul>
5007  <li><?php bugfix(76367); ?> (NoRewindIterator segfault 11).</li>
5008</ul></li>
5009<li>Standard:
5010<ul>
5011  <li><?php bugfix(76410); ?> (SIGV in zend_mm_alloc_small).</li>
5012  <li><?php bugfix(76335); ?> ("link(): Bad file descriptor" with non-ASCII path).</li>
5013</ul></li>
5014</ul>
5015<!-- }}} --></section>
5016
5017<section class="version" id="7.2.6"><!-- {{{ 7.2.6 -->
5018<h3>Version 7.2.6</h3>
5019<b><?php release_date('24-May-2018'); ?></b>
5020<ul><li>EXIF:
5021<ul>
5022  <li><?php bugfix(76164); ?> (exif_read_data zend_mm_heap corrupted).</li>
5023</ul></li>
5024<li>FPM:
5025<ul>
5026  <li><?php bugfix(76075); ?> --with-fpm-acl wrongly tries to find libacl on FreeBSD.</li>
5027</ul></li>
5028<li>intl:
5029<ul>
5030  <li><?php bugfix(74385); ?> (Locale::parseLocale() broken with some arguments).</li>
5031</ul></li>
5032<li>Opcache:
5033<ul>
5034  <li><?php bugfix(76205); ?> (PHP-FPM sporadic crash when running Infinitewp).</li>
5035  <li><?php bugfix(76275); ?> (Assertion failure in file cache when unserializing empty try_catch_array).</li>
5036  <li><?php bugfix(76281); ?> (Opcache causes incorrect "undefined variable" errors).</li>
5037</ul></li>
5038<li>Reflection:
5039<ul>
5040  <li>Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).</li>
5041</ul></li>
5042<li>Session:
5043<ul>
5044  <li><?php bugfix(74892); ?> (Url Rewriting (trans_sid) not working on urls that start with "#").</li>
5045</ul></li>
5046</ul>
5047<!-- }}} --></section>
5048
5049<section class="version" id="7.2.5"><!-- {{{ 7.2.5 -->
5050<h3>Version 7.2.5</h3>
5051<b><?php release_date('26-Apr-2018'); ?></b>
5052<ul><li>Core:
5053<ul>
5054  <li><?php bugfix(75722); ?> (Convert valgrind detection to configure option).</li>
5055</ul></li>
5056<li>Date:
5057<ul>
5058  <li><?php bugfix(76131); ?> (mismatch arginfo for date_create).</li>
5059</ul></li>
5060<li>Exif:
5061<ul>
5062  <li><?php bugfix(76130); ?> (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)</li>
5063</ul></li>
5064<li>FPM:
5065<ul>
5066  <li><?php bugfix(68440); ?> (ERROR: failed to reload: execvp() failed: Argument list too long).</li>
5067  <li>Fixed incorrect write to getenv result in FPM reload.</li>
5068</ul></li>
5069<li>GD:
5070<ul>
5071  <li><?php bugfix(52070); ?> (imagedashedline() - dashed line sometimes is not visible).</li>
5072</ul></li>
5073<li>iconv:
5074<ul>
5075  <li><?php bugfix(76249); ?> (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)</li>
5076</ul></li>
5077<li>intl:
5078<ul>
5079  <li><?php bugfix(76153); ?> (Intl compilation fails with icu4c 61.1).</li>
5080</ul></li>
5081<li>ldap:
5082<ul>
5083  <li><?php bugfix(76248); ?> (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)</li>
5084</ul></li>
5085<li>mbstring:
5086<ul>
5087  <li><?php bugfix(75944); ?> (Wrong cp1251 detection).</li>
5088  <li><?php bugfix(76113); ?> (mbstring does not build with Oniguruma 6.8.1).</li>
5089</ul></li>
5090<li>ODBC:
5091<ul>
5092  <li><?php bugfix(76088); ?> (ODBC functions are not available by default on Windows).</li>
5093</ul></li>
5094<li>Opcache:
5095<ul>
5096  <li><?php bugfix(76094); ?> (Access violation when using opcache).</li>
5097</ul></li>
5098<li>Phar:
5099<ul>
5100  <li><?php bugfix(76129); ?> (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)</li>
5101</ul></li>
5102<li>phpdbg:
5103<ul>
5104  <li><?php bugfix(76143); ?> (Memory corruption: arbitrary NUL overwrite).</li>
5105</ul></li>
5106<li>SPL:
5107<ul>
5108  <li><?php bugfix(76131); ?> (mismatch arginfo for splarray constructor).</li>
5109</ul></li>
5110<li>standard:
5111<ul>
5112  <li><?php bugfix(74139); ?> (mail.add_x_header default inconsistent with docs).</li>
5113  <li><?php bugfix(75996); ?> (incorrect url in header for mt_rand).</li>
5114</ul></li>
5115</ul>
5116<!-- }}} --></section>
5117
5118<section class="version" id="7.2.4"><!-- {{{ 7.2.4 -->
5119<h3>Version 7.2.4</h3>
5120<b><?php release_date('29-Mar-2018'); ?></b>
5121<ul><li>Core:
5122<ul>
5123  <li><?php bugfix(76025); ?> (Segfault while throwing exception in error_handler).</li>
5124  <li><?php bugfix(76044); ?> ('date: illegal option -- -' in ./configure on FreeBSD).</li>
5125</ul></li>
5126<li>FPM:
5127<ul>
5128  <li><?php bugfix(75605); ?> (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)</li>
5129</ul></li>
5130<li>FTP:
5131<ul>
5132  <li>Fixed ftp_pasv arginfo.</li>
5133</ul></li>
5134<li>GD:
5135<ul>
5136  <li><?php bugfix(73957); ?> (signed integer conversion in imagescale()).</li>
5137  <li><?php bugfix(76041); ?> (null pointer access crashed php).</li>
5138  <li>Fixed imagesetinterpolation arginfo.</li>
5139</ul></li>
5140<li>iconv:
5141<ul>
5142  <li><?php bugfix(75867); ?> (Freeing uninitialized pointer).</li>
5143</ul></li>
5144<li>Mbstring:
5145<ul>
5146  <li><?php bugfix(62545); ?> (wrong unicode mapping in some charsets).</li>
5147</ul></li>
5148<li>Opcache:
5149<ul>
5150  <li><?php bugfix(75969); ?> (Assertion failure in live range DCE due to block pass misoptimization).</li>
5151</ul></li>
5152<li>OpenSSL:
5153<ul>
5154  <li>Fixed openssl_* arginfos.</li>
5155</ul></li>
5156<li>PCNTL:
5157<ul>
5158  <li><?php bugfix(75873); ?> (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)).</li>
5159</ul></li>
5160<li>Phar:
5161<ul>
5162  <li><?php bugfix(76085); ?> (Segmentation fault in buildFromIterator when directory name contains a \n).</li>
5163</ul></li>
5164<li>Standard:
5165<ul>
5166  <li><?php bugfix(75961); ?> (Strange references behavior).</li>
5167  <li>Fixed some arginfos.</li>
5168  <li><?php bugfix(76068); ?> (parse_ini_string fails to parse "[foo]\nbar=1|&gt;baz" with segfault).</li>
5169</ul></li>
5170</ul>
5171<!-- }}} --></section>
5172
5173<section class="version" id="7.2.3"><!-- {{{ 7.2.3 -->
5174<h3>Version 7.2.3</h3>
5175<b><?php release_date('01-Mar-2018'); ?></b>
5176<ul><li>Core:
5177<ul>
5178  <li><?php bugfix(75864); ?> ("stream_isatty" returns wrong value on s390x).</li>
5179</ul></li>
5180<li>Apache2Handler:
5181<ul>
5182  <li><?php bugfix(75882); ?> (a simple way for segfaults in threadsafe php just with configuration).</li>
5183</ul></li>
5184<li>Date:
5185<ul>
5186  <li><?php bugfix(75857); ?> (Timezone gets truncated when formatted).</li>
5187  <li><?php bugfix(75928); ?> (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).</li>
5188  <li><?php bugfix(68406); ?> (calling var_dump on a DateTimeZone object modifies it).</li>
5189</ul></li>
5190<li>LDAP:
5191<ul>
5192  <li><?php bugfix(49876); ?> (Fix LDAP path lookup on 64-bit distros).</li>
5193</ul></li>
5194<li>libxml2:
5195<ul>
5196  <li><?php bugfix(75871); ?> (use pkg-config where available).</li>
5197</ul></li>
5198<li>PGSQL:
5199<ul>
5200  <li><?php bugfix(75838); ?> (Memory leak in pg_escape_bytea()).</li>
5201</ul></li>
5202<li>Phar:
5203<ul>
5204  <li><?php bugfix(54289); ?> (Phar::extractTo() does not accept specific directories to be extracted).</li>
5205  <li><?php bugfix(65414); ?> (deal with leading slash while adding files correctly).</li>
5206  <li><?php bugfix(65414); ?> (deal with leading slash when adding files correctly).</li>
5207</ul></li>
5208<li>ODBC:
5209<ul>
5210  <li><?php bugfix(73725); ?> (Unable to retrieve value of varchar(max) type).</li>
5211</ul></li>
5212<li>Opcache:
5213<ul>
5214  <li><?php bugfix(75729); ?> (opcache segfault when installing Bitrix).</li>
5215  <li><?php bugfix(75893); ?> (file_get_contents $http_response_header variable bugged with opcache).</li>
5216  <li><?php bugfix(75938); ?> (Modulus value not stored in variable).</li>
5217</ul></li>
5218<li>SPL:
5219<ul>
5220  <li><?php bugfix(74519); ?> (strange behavior of AppendIterator).</li>
5221</ul></li>
5222<li>Standard:
5223<ul>
5224  <li><?php bugfix(75916); ?> (DNS_CAA record results contain garbage).</li>
5225  <li><?php bugfix(75981); ?> (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)</li>
5226</ul></li>
5227</ul>
5228<!-- }}} --></section>
5229
5230<section class="version" id="7.2.2"><!-- {{{ 7.2.2 -->
5231<h3>Version 7.2.2</h3>
5232<b><?php release_date('01-Feb-2018'); ?></b>
5233<ul><li>Core:
5234<ul>
5235  <li><?php bugfix(75742); ?> (potential memleak in internal classes's static members).</li>
5236  <li><?php bugfix(75679); ?> (Path 260 character problem).</li>
5237  <li><?php bugfix(75614); ?> (Some non-portable == in shell scripts).</li>
5238  <li><?php bugfix(75786); ?> (segfault when using spread operator on generator passed by reference).</li>
5239  <li><?php bugfix(75799); ?> (arg of get_defined_functions is optional).</li>
5240  <li><?php bugfix(75396); ?> (Exit inside generator finally results in fatal error).</li>
5241</ul></li>
5242<li>FCGI:
5243<ul>
5244  <li><?php bugfix(75794); ?> (getenv() crashes on Windows 7.2.1 when second parameter is false).</li>
5245</ul></li>
5246<li>IMAP:
5247<ul>
5248  <li><?php bugfix(75774); ?> (imap_append HeapCorruction).</li>
5249</ul></li>
5250<li>Opcache:
5251<ul>
5252  <li><?php bugfix(75720); ?> (File cache not populated after SHM runs full).</li>
5253  <li><?php bugfix(75687); ?> (var 8 (TMP) has array key type but not value type).</li>
5254  <li><?php bugfix(75698); ?> (Using @ crashes php7.2-fpm).</li>
5255  <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li>
5256</ul></li>
5257<li>PDO:
5258<ul>
5259  <li><?php bugfix(75616); ?> (PDO extension doesn't allow to be built shared on Darwin).</li>
5260</ul></li>
5261<li>PDO MySQL:
5262<ul>
5263  <li><?php bugfix(75615); ?> (PDO Mysql module can't be built as module).</li>
5264</ul></li>
5265<li>PGSQL:
5266<ul>
5267  <li><?php bugfix(75671); ?> (pg_version() crashes when called on a connection to cockroach).</li>
5268</ul></li>
5269<li>Readline:
5270<ul>
5271  <li><?php bugfix(75775); ?> (readline_read_history segfaults with empty file).</li>
5272</ul></li>
5273<li>SAPI:
5274<ul>
5275  <li><?php bugfix(75735); ?> ([embed SAPI] Segmentation fault in sapi_register_post_entry).</li>
5276</ul></li>
5277<li>SOAP:
5278<ul>
5279  <li><?php bugfix(70469); ?> (SoapClient generates E_ERROR even if exceptions=1 is used).</li>
5280  <li><?php bugfix(75502); ?> (Segmentation fault in zend_string_release).</li>
5281</ul></li>
5282<li>SPL:
5283<ul>
5284  <li><?php bugfix(75717); ?> (RecursiveArrayIterator does not traverse arrays by reference).</li>
5285  <li><?php bugfix(75242); ?> (RecursiveArrayIterator doesn't have constants from parent class).</li>
5286  <li><?php bugfix(73209); ?> (RecursiveArrayIterator does not iterate object properties).</li>
5287</ul></li>
5288<li>Standard:
5289<ul>
5290  <li><?php bugfix(75781); ?> (substr_count incorrect result).</li>
5291  <li><?php bugfix(75653); ?> (array_values don't work on empty array).</li>
5292</ul></li>
5293<li>Zip:
5294<ul>
5295  <li>Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip &gt;= 1.3.1).</li>
5296</ul></li>
5297</ul>
5298<!-- }}} --></section>
5299
5300<section class="version" id="7.2.1"><!-- {{{ 7.2.1 -->
5301<h3>Version 7.2.1</h3>
5302<b><?php release_date('04-Jan-2018'); ?></b>
5303<ul><li>Core:
5304<ul>
5305  <li><?php bugfix(75573); ?> (Segmentation fault in 7.1.12 and 7.0.26).</li>
5306  <li><?php bugfix(75384); ?> (PHP seems incompatible with OneDrive files on demand).</li>
5307  <li><?php bugfix(75525); ?> (Access Violation in vcruntime140.dll).</li>
5308  <li><?php bugfix(74862); ?> (Unable to clone instance when private __clone defined).</li>
5309  <li><?php bugfix(75074); ?> (php-process crash when is_file() is used with strings longer 260 chars).</li>
5310</ul></li>
5311<li>CLI server:
5312<ul>
5313  <li><?php bugfix(73830); ?> (Directory does not exist).</li>
5314</ul></li>
5315<li>FPM:
5316<ul>
5317  <li><?php bugfix(64938); ?> (libxml_disable_entity_loader setting is shared between requests).</li>
5318</ul></li>
5319<li>GD:
5320<ul>
5321  <li><?php bugfix(75571); ?> (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)</li>
5322</ul></li>
5323<li>Opcache:
5324<ul>
5325  <li><?php bugfix(75608); ?> ("Narrowing occurred during type inference" error).</li>
5326  <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li>
5327  <li><?php bugfix(75570); ?> ("Narrowing occurred during type inference" error).</li>
5328  <li><?php bugfix(75556); ?> (Invalid opcode 138/1/1).</li>
5329</ul></li>
5330<li>PCRE:
5331<ul>
5332  <li><?php bugfix(74183); ?> (preg_last_error not returning error code after error).</li>
5333</ul></li>
5334<li>Phar:
5335<ul>
5336  <li><?php bugfix(74782); ?> (Reflected XSS in .phar 404 page). (CVE-2018-5712)</li>
5337</ul></li>
5338<li>Standard:
5339<ul>
5340  <li><?php bugfix(75511); ?> (fread not free unused buffer).</li>
5341  <li><?php bugfix(75514); ?> (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)</li>
5342  <li><?php bugfix(75535); ?> (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)</li>
5343  <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li>
5344  <li><?php bugfix(73124); ?> (php_ini_scanned_files() not reporting correctly).</li>
5345  <li><?php bugfix(75574); ?> (putenv does not work properly if parameter contains non-ASCII unicode character).</li>
5346</ul></li>
5347<li>Zip:
5348<ul>
5349  <li><?php bugfix(75540); ?> (Segfault with libzip 1.3.1).</li>
5350</ul></li>
5351</ul>
5352<!-- }}} --></section>
5353
5354<section class="version" id="7.2.0"><!-- {{{ 7.2.0 -->
5355<h3>Version 7.2.0</h3>
5356<b><?php release_date('30-Nov-2017'); ?></b>
5357<ul><li>BCMath:
5358<ul>
5359  <li><?php bugfix(46564); ?> (bcmod truncates fractionals).</li>
5360</ul></li>
5361<li>CLI:
5362<ul>
5363  <li><?php bugfix(74849); ?> (Process is started as interactive shell in PhpStorm).</li>
5364  <li><?php bugfix(74979); ?> (Interactive shell opening instead of script execution with -f flag).</li>
5365</ul></li>
5366<li>CLI server:
5367<ul>
5368  <li><?php bugfix(60471); ?> (Random "Invalid request (unexpected EOF)" using a router script).</li>
5369</ul></li>
5370<li>Core:
5371<ul>
5372  <li>Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions.</li>
5373  <li>"Countable" interface is moved from SPL to Core.</li>
5374  <li>Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array.</li>
5375  <li>Removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE &amp; !REFCOUNTED).</li>
5376  <li>Removed the sql.safe_mode directive.</li>
5377  <li>Removed support for Netware.</li>
5378  <li>Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC).</li>
5379  <li><?php bugfix(54535); ?> (WSA cleanup executes before MSHUTDOWN).</li>
5380  <li><?php implemented(69791); ?> (Disallow mail header injections by extra headers) (Yasuo)</li>
5381  <li><?php implemented(49806); ?> (proc_nice() for Windows).</li>
5382  <li>Fix pthreads detection when cross-compiling (ffontaine)</li>
5383  <li>Fixed memory leaks caused by exceptions thrown from destructors. (Bob, Dmitry).</li>
5384  <li><?php bugfix(73215); ?> (uniqid() should use better random source).</li>
5385  <li><?php implemented(72768); ?> (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe).</li>
5386  <li>Implemented "Convert numeric keys in object/array casts" RFC, fixes bugs <?php bugl(53838); ?>, <?php bugl(61655); ?>, <?php bugl(66173); ?>, <?php bugl(70925); ?>, <?php bugl(72254); ?>, etc.</li>
5387  <li>Implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC.</li>
5388  <li>Raised minimum supported Windows versions to Windows 7/Server 2008 R2.</li>
5389  <li>Implemented minor optimization in array_keys/array_values().</li>
5390  <li>Added PHP_OS_FAMILY constant to determine on which OS we are.</li>
5391  <li><?php bugfix(73987); ?> (Method compatibility check looks to original definition and not parent).</li>
5392  <li><?php bugfix(73991); ?> (JSON_OBJECT_AS_ARRAY not respected).</li>
5393  <li><?php bugfix(74053); ?> (Corrupted class entries on shutdown when a destructor spawns another object).</li>
5394  <li><?php bugfix(73971); ?> (Filename got limited to MAX_PATH on Win32 when scan directory).</li>
5395  <li><?php bugfix(72359); ?>, bug <?php bugl(72451); ?>, bug <?php bugl(73706); ?>, bug <?php bugl(71115); ?> and others related to interned strings handling in TS builds.</li>
5396  <li>Implemented "Trailing Commas In List Syntax" RFC for group use lists only.</li>
5397  <li><?php bugfix(74269); ?> (It's possible to override trait property with different loosely-equal value).</li>
5398  <li><?php bugfix(61970); ?> (Restraining __construct() access level in subclass gives a fatal error).</li>
5399  <li><?php bugfix(63384); ?> (Cannot override an abstract method with an abstract method).</li>
5400  <li><?php bugfix(74607); ?> (Traits enforce different inheritance rules).</li>
5401  <li>Fixed misparsing of abstract unix domain socket names.</li>
5402  <li>Change PHP_OS_FAMILY value from "OSX" to "Darwin".</li>
5403  <li>Allow loading PHP/Zend extensions by name in ini files (extension=&lt;name&gt;).</li>
5404  <li>Added object type annotation.</li>
5405  <li><?php bugfix(74815); ?> (crash with a combination of INI entries at startup).</li>
5406  <li><?php bugfix(74836); ?> (isset on zero-prefixed numeric indexes in array broken).</li>
5407  <li>Added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with ZEND_QUICK_SET flag.</li>
5408  <li><?php bugfix(49649); ?> (unserialize() doesn't handle changes in property visibility).</li>
5409  <li><?php bugfix(74866); ?> (extension_dir = "./ext" now use current directory for base).</li>
5410  <li><?php implemented(74963); ?> (Improved error message on fetching property of non-object).</li>
5411  <li><?php bugfix(75142); ?> (buildcheck.sh check for autoconf version needs to be updated for v2.64).</li>
5412  <li><?php bugfix(74878); ?> (Data race in ZTS builds).</li>
5413  <li><?php bugfix(75515); ?> ("stream_copy_to_stream" doesn't stream anymore).</li>
5414</ul></li>
5415<li>cURL:
5416<ul>
5417  <li><?php bugfix(75093); ?> (OpenSSL support not detected).</li>
5418  <li>Better fix for <?php bugl(74125); ?> (use pkg-config instead of curl-config).</li>
5419</ul></li>
5420<li>Date:
5421<ul>
5422  <li><?php bugfix(55407); ?> (Impossible to prototype DateTime::createFromFormat).</li>
5423  <li><?php implemented(71520); ?> (Adding the DateTime constants to the DateTimeInterface interface).</li>
5424  <li><?php bugfix(75055); ?> (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)</li>
5425  <li><?php bugfix(75149); ?> (redefinition of typedefs ttinfo and t1info).</li>
5426  <li><?php bugfix(75222); ?> (DateInterval microseconds property always 0).</li>
5427</ul></li>
5428<li>Dba:
5429<ul>
5430  <li><?php bugfix(72885); ?> (flatfile: dba_fetch() fails to read replaced entry).</li>
5431</ul></li>
5432<li>DOM:
5433<ul>
5434  <li><?php implemented(74837); ?> (Implement Countable for DomNodeList and DOMNamedNodeMap).</li>
5435</ul></li>
5436<li>EXIF:
5437<ul>
5438  <li>Added support for vendor specific tags for the following formats: Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA, Kyocera, Ricoh &amp; Epson.</li>
5439  <li><?php bugfix(72682); ?> (exif_read_data() fails to read all data for some images).</li>
5440  <li><?php bugfix(71534); ?> (Type confusion in exif_read_data() leading to heap overflow in debug mode).</li>
5441  <li><?php bugfix(68547); ?> (Exif Header component value check error).</li>
5442  <li><?php bugfix(66443); ?> (Corrupt EXIF header: maximum directory nesting level reached for some cameras).</li>
5443  <li>Fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function).</li>
5444  <li><?php implemented(65187); ?> (exif_read_data/thumbnail: add support for stream resource).</li>
5445  <li>Deprecated the read_exif_data() alias.</li>
5446  <li><?php bugfix(74428); ?> (exif_read_data(): "Illegal IFD size" warning occurs with correct exif format).</li>
5447  <li><?php bugfix(72819); ?> (EXIF thumbnails not read anymore).</li>
5448  <li><?php bugfix(62523); ?> (php crashes with segfault when exif_read_data called).</li>
5449  <li><?php bugfix(50660); ?> (exif_read_data(): Illegal IFD offset (works fine with other exif readers).</li>
5450</ul></li>
5451<li>Fileinfo:
5452<ul>
5453  <li>Upgrade bundled libmagic to 5.31.</li>
5454</ul></li>
5455<li>FPM:
5456<ul>
5457  <li>Configuration to limit fpm slow log trace callers.</li>
5458  <li><?php bugfix(75212); ?> (php_value acts like php_admin_value).</li>
5459</ul></li>
5460<li>FTP:
5461<ul>
5462  <li>Implement MLSD for structured listing of directories.</li>
5463  <li>Added ftp_append() function.</li>
5464</ul></li>
5465<li>GD:
5466<ul>
5467  <li>Implemented imageresolution as getter and setter (Christoph)</li>
5468  <li><?php bugfix(74744); ?> (gd.h: stdarg.h include missing for va_list use in gdErrorMethod).</li>
5469  <li><?php bugfix(75111); ?> (Memory disclosure or DoS via crafted .bmp image).</li>
5470</ul></li>
5471<li>GMP:
5472<ul>
5473  <li><?php bugfix(70896); ?> (gmp_fact() silently ignores non-integer input).</li>
5474</ul></li>
5475<li>Hash:
5476<ul>
5477  <li>Changed HashContext from resource to object.</li>
5478  <li>Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.</li>
5479  <li><?php bugfix(75284); ?> (sha3 is not supported on bigendian machine).</li>
5480</ul></li>
5481<li>IMAP:
5482<ul>
5483  <li><?php bugfix(72324); ?> (imap_mailboxmsginfo() return wrong size).</li>
5484</ul></li>
5485<li>Intl:
5486<ul>
5487  <li><?php bugfix(63790); ?> (test using Spoofchecker which may be unavailable).</li>
5488  <li><?php bugfix(75378); ?> ([REGRESSION] IntlDateFormatter::parse() does not change $position argument).</li>
5489</ul></li>
5490<li>JSON:
5491<ul>
5492  <li>Add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for json_encode and json_decode to ignore or replace invalid UTF-8 byte sequences - it addresses request <?php bugl(65082); ?>.</li>
5493  <li><?php bugfix(75185); ?> (Buffer overflow in json_decode() with JSON_INVALID_UTF8_IGNORE or JSON_INVALID).</li>
5494  <li><?php bugfix(68567); ?> (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key).</li>
5495</ul></li>
5496<li>LDAP:
5497<ul>
5498  <li><?php implemented(69445); ?> (Support for LDAP EXOP operations)</li>
5499  <li>Fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_option</li>
5500  <li>Fixed passing an empty array to ldap_set_option for client or server controls.</li>
5501</ul></li>
5502<li>Mbstring:
5503<ul>
5504  <li><?php implemented(66024); ?> (mb_chr() and mb_ord()).</li>
5505  <li><?php implemented(65081); ?> (mb_scrub()).</li>
5506  <li><?php implemented(69086); ?> (enhancement for mb_convert_encoding() that handles multibyte replacement char nicely).</li>
5507  <li>Added array input support to mb_convert_encoding().</li>
5508  <li>Added array input support to mb_check_encoding().</li>
5509  <li><?php bugfix(69079); ?> (enhancement for mb_substitute_character).</li>
5510  <li>Update to oniguruma version 6.3.0.</li>
5511  <li><?php bugfix(69267); ?> (mb_strtolower fails on titlecase characters).</li>
5512</ul></li>
5513<li>Mcrypt:
5514<ul>
5515  <li>The deprecated mcrypt extension has been moved to PECL.</li>
5516</ul></li>
5517<li>Opcache:
5518<ul>
5519  <li>Added global optimisation passes based on data flow analysis using Single Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP), Dead Code Elimination (DCE), and removal of unused local variables (Nikita, Dmitry)</li>
5520  <li>Fixed incorect constant conditional jump elimination.</li>
5521  <li><?php bugfix(75230); ?> (Invalid opcode 49/1/8 using opcache).</li>
5522  <li>Fixed bug (assertion fails with extended info generated).</li>
5523  <li>Fixed bug (Phi sources removel).</li>
5524  <li><?php bugfix(75370); ?> (Webserver hangs on valid PHP text).</li>
5525  <li><?php bugfix(75357); ?> (segfault loading WordPress wp-admin).</li>
5526</ul></li>
5527<li>OpenSSL:
5528<ul>
5529  <li>Use TLS_ANY for default ssl:// and tls:// negotiation.</li>
5530  <li>Fix leak in openssl_spki_new().</li>
5531  <li>Added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify().</li>
5532  <li>Add ssl security_level stream option to support OpenSSL security levels. (Jakub Zelenka).</li>
5533  <li>Allow setting SNI cert and private key in separate files.</li>
5534  <li><?php bugfix(74903); ?> (openssl_pkcs7_encrypt() uses different EOL than before).</li>
5535  <li>Automatically load OpenSSL configuration file.</li>
5536</ul></li>
5537<li>PCRE:
5538<ul>
5539  <li>Added support for PCRE JIT fast path API.</li>
5540  <li><?php bugfix(61780); ?> (Inconsistent PCRE captures in match results).</li>
5541  <li><?php bugfix(74873); ?> (Minor BC break: PCRE_JIT changes output of preg_match()).</li>
5542  <li><?php bugfix(75089); ?> (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string).</li>
5543  <li><?php bugfix(75223); ?> (PCRE JIT broken in 7.2).</li>
5544  <li><?php bugfix(75285); ?> (Broken build when system libpcre don't have jit support).</li>
5545</ul></li>
5546<li>phar:
5547<ul>
5548  <li><?php bugfix(74196); ?> (phar does not correctly handle names containing dots).</li>
5549</ul></li>
5550<li>PDO:
5551<ul>
5552  <li><?php bugfix(73234); ?> (Emulated statements let value dictate parameter type).</li>
5553  <li>Add "Sent SQL" to debug dump for emulated prepares.</li>
5554  <li>Add parameter types for national character set strings.</li>
5555</ul></li>
5556<li>PDO_DBlib:
5557<ul>
5558  <li><?php bugfix(73396); ?> (bigint columns are returned as strings).</li>
5559  <li>Expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO instance.</li>
5560  <li>Add test coverage for bug <?php bugl(72969); ?>.</li>
5561</ul></li>
5562<li>PDO_OCI:
5563<ul>
5564  <li><?php bugfix(74537); ?> (Align --with-pdo-oci configure option with --with-oci8 syntax).</li>
5565</ul></li>
5566<li>PDO_Sqlite:
5567<ul>
5568  <li>Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)</li>
5569</ul></li>
5570<li>PHPDBG:
5571<ul>
5572  <li>Added extended_value to opcode dump output.</li>
5573</ul></li>
5574<li>Session:
5575<ul>
5576  <li><?php bugfix(73461); ?> (Prohibit session save handler recursion).</li>
5577  <li>PR <?php githubissuel('php/php-src', 2233); ?> Removed register_globals related code and "!" can be used as $_SESSION key name.</li>
5578  <li>Improved bug <?php bugl(73100); ?> fix. 'user' save handler can only be set by session_set_save_handler()</li>
5579  <li><?php bugfix(74514); ?> (5 session functions incorrectly warn when calling in read-only/getter mode).</li>
5580  <li><?php bugfix(74936); ?> (session_cache_expire/cache_limiter/save_path() trigger a warning in read mode).</li>
5581  <li><?php bugfix(74941); ?> (session fails to start after having headers sent).</li>
5582</ul></li>
5583<li>Sodium:
5584<ul>
5585  <li>New cryptographic extension</li>
5586  <li>Added missing bindings for libsodium &gt; 1.0.13.</li>
5587</ul></li>
5588<li>SPL:
5589<ul>
5590  <li><?php bugfix(71412); ?> (Incorrect arginfo for ArrayIterator::__construct).</li>
5591  <li>Added spl_object_id().</li>
5592</ul></li>
5593<li>SQLite3:
5594<ul>
5595  <li>Implement writing to blobs.</li>
5596  <li>Update to Sqlite 3.20.1.</li>
5597</ul></li>
5598<li>Standard:
5599<ul>
5600  <li><?php bugfix(69442); ?> (closing of fd incorrect when PTS enabled).</li>
5601  <li><?php bugfix(74300); ?> (unserialize accepts two plus/minus signs for float number exponent part).</li>
5602  <li>Compatibility with libargon2 versions 20161029 and 20160821.</li>
5603  <li><?php bugfix(74737); ?> (mysqli_get_client_info reflection info).</li>
5604  <li>Add support for extension name as argument to dl().</li>
5605  <li><?php bugfix(74851); ?> (uniqid() without more_entropy performs badly).</li>
5606  <li><?php bugfix(74103); ?> (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)</li>
5607  <li><?php bugfix(75054); ?> (A Denial of Service Vulnerability was found when performing deserialization).</li>
5608  <li><?php bugfix(75170); ?> (mt_rand() bias on 64-bit machines).</li>
5609  <li><?php bugfix(75221); ?> (Argon2i always throws NUL at the end).</li>
5610</ul></li>
5611<li>Streams:
5612<ul>
5613  <li>Default ssl/single_dh_use and ssl/honor_cipher_order to true.</li>
5614</ul></li>
5615<li>XML:
5616<ul>
5617  <li>Moved utf8_encode() and utf8_decode() to the Standard extension.</li>
5618</ul></li>
5619<li>XMLRPC:
5620<ul>
5621  <li>Use Zend MM for allocation in bundled libxmlrpc (Joe)</li>
5622</ul></li>
5623<li>ZIP:
5624<ul>
5625  <li>Add support for encrypted archives.</li>
5626  <li>Use of bundled libzip is deprecated, --with-libzip option is recommended.</li>
5627  <li><?php bugfix(73803); ?> (Reflection of ZipArchive does not show public properties).</li>
5628  <li>ZipArchive implements countable, added ZipArchive::count() method.</li>
5629  <li>Fix segfault in php_stream_context_get_option call.</li>
5630  <li><?php bugfix(75143); ?> (new method setEncryptionName() seems not to exist in ZipArchive).</li>
5631</ul></li>
5632<li>zlib:
5633<ul>
5634  <li>Expose inflate_get_status() and inflate_get_read_len() functions.</li>
5635</ul></li>
5636</ul>
5637<!-- }}} --></section>
5638
5639<a id="PHP_7_1"></a>
5640<section class="version" id="7.1.33"><!-- {{{ 7.1.33 -->
5641<h3>Version 7.1.33</h3>
5642<b><?php release_date('24-Oct-2019'); ?></b>
5643<ul><li>FPM:
5644<ul>
5645  <li><?php bugfix(78599); ?> (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)</li>
5646</ul></li>
5647</ul>
5648<!-- }}} --></section>
5649
5650<section class="version" id="7.1.32"><!-- {{{ 7.1.32 -->
5651<h3>Version 7.1.32</h3>
5652<b><?php release_date('29-Aug-2019'); ?></b>
5653<ul><li>mbstring:
5654<ul>
5655  <li>Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)</li>
5656</ul></li>
5657<li>pcre:
5658<ul>
5659  <li><?php bugfix(75457); ?> (heap use-after-free in pcrelib) (cmb)</li>
5660</ul></li>
5661</ul>
5662<!-- }}} --></section>
5663
5664<section class="version" id="7.1.31"><!-- {{{ 7.1.31 -->
5665<h3>Version 7.1.31</h3>
5666<b><?php release_date('01-Aug-2019'); ?></b>
5667<ul><li>SQLite:
5668<ul>
5669  <li>Upgraded to SQLite 3.28.0.</li>
5670</ul></li>
5671<li>EXIF:
5672<ul>
5673  <li><?php bugfix(78256); ?> (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)</li>
5674  <li><?php bugfix(78222); ?> (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)</li>
5675</ul></li>
5676<li>Phar:
5677<ul>
5678  <li><?php bugfix(77919); ?> (Potential UAF in Phar RSHUTDOWN).</li>
5679</ul></li>
5680</ul>
5681<!-- }}} --></section>
5682
5683<section class="version" id="7.1.30"><!-- {{{ 7.1.30 -->
5684<h3>Version 7.1.30</h3>
5685<b><?php release_date('30-May-2019'); ?></b>
5686<ul><li>EXIF:
5687<ul>
5688  <li><?php bugfix(77988); ?> (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).</li>
5689</ul></li>
5690<li>GD:
5691<ul>
5692  <li><?php bugfix(77973); ?> (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).</li>
5693</ul></li>
5694<li>Iconv:
5695<ul>
5696  <li><?php bugfix(78069); ?> (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).</li>
5697</ul></li>
5698<li>SQLite:
5699<ul>
5700  <li><?php bugfix(77967); ?> (Bypassing open_basedir restrictions via file uris).</li>
5701</ul></li>
5702</ul>
5703<!-- }}} --></section>
5704
5705<section class="version" id="7.1.29"><!-- {{{ 7.1.29 -->
5706<h3>Version 7.1.29</h3>
5707<b><?php release_date('02-May-2019'); ?></b>
5708<ul><li>EXIF:
5709<ul>
5710  <li><?php bugfix(77950); ?> (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).</li>
5711</ul></li>
5712<li>Mail:
5713<ul>
5714  <li><?php bugfix(77821); ?> (Potential heap corruption in TSendMail()).</li>
5715</ul></li>
5716</ul>
5717<!-- }}} --></section>
5718
5719<section class="version" id="7.1.28"><!-- {{{ 7.1.28 -->
5720<h3>Version 7.1.28</h3>
5721<b><?php release_date('04-Apr-2019'); ?></b>
5722<ul><li>EXIF:
5723<ul>
5724  <li><?php bugfix(77753); ?> (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)</li>
5725  <li><?php bugfix(77831); ?> (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)</li>
5726</ul></li>
5727<li>SQLite3:
5728<ul>
5729  <li>Added sqlite3.defensive INI directive.</li>
5730</ul></li>
5731</ul>
5732<!-- }}} --></section>
5733
5734<section class="version" id="7.1.27"><!-- {{{ 7.1.27 -->
5735<h3>Version 7.1.27</h3>
5736<b><?php release_date('07-Mar-2019'); ?></b>
5737<ul><li>Core:
5738<ul>
5739  <li><?php bugfix(77630); ?> (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)</li>
5740</ul></li>
5741<li>EXIF:
5742<ul>
5743  <li><?php bugfix(77509); ?> (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)</li>
5744  <li><?php bugfix(77540); ?> (Invalid Read on exif_process_SOFn). (CVE-2019-9640)</li>
5745  <li><?php bugfix(77563); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)</li>
5746  <li><?php bugfix(77659); ?> (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)</li>
5747</ul></li>
5748<li>PHAR:
5749<ul>
5750  <li><?php bugfix(77396); ?> (Null Pointer Dereference in phar_create_or_parse_filename).</li>
5751  <li><?php bugfix(77586); ?> (phar_tar_writeheaders_int() buffer overflow).</li>
5752</ul></li>
5753<li>SPL:
5754<ul>
5755  <li><?php bugfix(77431); ?> (openFile() silently truncates after a null byte).</li>
5756</ul></li>
5757</ul>
5758<!-- }}} --></section>
5759
5760<section class="version" id="7.1.26"><!-- {{{ 7.1.26 -->
5761<h3>Version 7.1.26</h3>
5762<b><?php release_date('10-Jan-2019'); ?></b>
5763<ul><li>Core:
5764<ul>
5765  <li><?php bugfix(77369); ?> (memcpy with negative length via crafted DNS response). (CVE-2019-9022)</li>
5766</ul></li>
5767<li>GD:
5768<ul>
5769  <li><?php bugfix(77269); ?> (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)</li>
5770  <li><?php bugfix(77270); ?> (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)</li>
5771</ul></li>
5772<li>IMAP:
5773<ul>
5774  <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li>
5775</ul></li>
5776<li>Mbstring:
5777<ul>
5778  <li><?php bugfix(77370); ?> (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)</li>
5779  <li><?php bugfix(77371); ?> (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)</li>
5780  <li><?php bugfix(77381); ?> (heap buffer overflow in multibyte match_at). (CVE-2019-9023)</li>
5781  <li><?php bugfix(77382); ?> (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)</li>
5782  <li><?php bugfix(77385); ?> (buffer overflow in fetch_token). (CVE-2019-9023)</li>
5783  <li><?php bugfix(77394); ?> (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)</li>
5784  <li><?php bugfix(77418); ?> (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)</li>
5785</ul></li>
5786<li>Phar:
5787<ul>
5788  <li><?php bugfix(77247); ?> (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)</li>
5789</ul></li>
5790<li>Xmlrpc:
5791<ul>
5792  <li><?php bugfix(77242); ?> (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)</li>
5793  <li><?php bugfix(77380); ?> (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)</li>
5794</ul></li>
5795</ul>
5796<!-- }}} --></section>
5797
5798
5799<section class="version" id="7.1.25"><!-- {{{ 7.1.25 -->
5800<h3>Version 7.1.25</h3>
5801<b><?php release_date('06-Dec-2018'); ?></b>
5802<ul><li>Core:
5803<ul>
5804  <li><?php bugfix(71041); ?> (zend_signal_startup() needs ZEND_API).</li>
5805  <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li>
5806</ul></li>
5807<li>ftp:
5808<ul>
5809  <li><?php bugfix(77151); ?> (ftp_close(): SSL_read on shutdown).</li>
5810</ul></li>
5811<li>iconv:
5812<ul>
5813  <li><?php bugfix(77147); ?> (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).</li>
5814</ul></li>
5815<li>IMAP:
5816<ul>
5817  <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li>
5818</ul></li>
5819<li>ODBC:
5820<ul>
5821  <li><?php bugfix(77079); ?> (odbc_fetch_object has incorrect type signature).</li>
5822</ul></li>
5823<li>Opcache:
5824<ul>
5825  <li><?php bugfix(77058); ?> (Type inference in opcache causes side effects).</li>
5826</ul></li>
5827<li>Phar:
5828<ul>
5829  <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li>
5830  <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li>
5831</ul></li>
5832<li>PGSQL:
5833<ul>
5834  <li><?php bugfix(77047); ?> (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).</li>
5835</ul></li>
5836<li>SOAP:
5837<ul>
5838  <li><?php bugfix(76348); ?> (WSDL_CACHE_MEMORY causes Segmentation fault).</li>
5839  <li><?php bugfix(77141); ?> (Signedness issue in SOAP when precision=-1).</li>
5840</ul></li>
5841<li>Sockets:
5842<ul>
5843  <li><?php bugfix(67619); ?> (Validate length on socket_write).</li>
5844</ul></li>
5845</ul>
5846<!-- }}} --></section>
5847
5848<section class="version" id="7.1.24"><!-- {{{ 7.1.24 -->
5849<h3>Version 7.1.24</h3>
5850<b><?php release_date('08-Nov-2018'); ?></b>
5851<ul><li>Core:
5852<ul>
5853  <li><?php bugfix(76946); ?> (Cyclic reference in generator not detected).</li>
5854  <li><?php bugfix(77035); ?> (The phpize and ./configure create redundant .deps file).</li>
5855  <li><?php bugfix(77041); ?> (buildconf should output error messages to stderr) (Mizunashi Mana)</li>
5856</ul></li>
5857<li>Date:
5858<ul>
5859  <li><?php bugfix(75851); ?> (Year component overflow with date formats "c", "o", "r" and "y").</li>
5860</ul></li>
5861<li>FCGI:
5862<ul>
5863  <li><?php bugfix(76948); ?> (Failed shutdown/reboot or end session in Windows).</li>
5864  <li><?php bugfix(76954); ?> (apache_response_headers removes last character from header name).</li>
5865</ul></li>
5866<li>FTP:
5867<ul>
5868  <li><?php bugfix(76972); ?> (Data truncation due to forceful ssl socket shutdown).</li>
5869</ul></li>
5870<li>intl:
5871<ul>
5872  <li><?php bugfix(76942); ?> (U_ARGUMENT_TYPE_MISMATCH).</li>
5873</ul></li>
5874<li>Standard:
5875<ul>
5876  <li><?php bugfix(76965); ?> (INI_SCANNER_RAW doesn't strip trailing whitespace).</li>
5877</ul></li>
5878<li>Tidy:
5879<ul>
5880  <li><?php bugfix(77027); ?> (tidy::getOptDoc() not available on Windows).</li>
5881</ul></li>
5882<li>XML:
5883<ul>
5884  <li><?php bugfix(30875); ?> (xml_parse_into_struct() does not resolve entities).</li>
5885  <li>Add support for getting SKIP_TAGSTART and SKIP_WHITE options.</li>
5886</ul></li>
5887</ul>
5888<!-- }}} --></section>
5889
5890<section class="version" id="7.1.23"><!-- {{{ 7.1.23 -->
5891<h3>Version 7.1.23</h3>
5892<b><?php release_date('11-Oct-2018'); ?></b>
5893<ul><li>Core:
5894<ul>
5895  <li><?php bugfix(76901); ?> (method_exists on SPL iterator passthrough method corrupts memory).</li>
5896  <li><?php bugfix(76846); ?> (Segfault in shutdown function after memory limit error).</li>
5897</ul></li>
5898<li>CURL:
5899<ul>
5900  <li><?php bugfix(76480); ?> (Use curl_multi_wait() so that timeouts are respected).</li>
5901</ul></li>
5902<li>iconv:
5903<ul>
5904  <li><?php bugfix(66828); ?> (iconv_mime_encode Q-encoding longer than it should be).</li>
5905</ul></li>
5906<li>Opcache:
5907<ul>
5908  <li><?php bugfix(76832); ?> (ZendOPcache.MemoryBase periodically deleted by the OS).</li>
5909</ul></li>
5910<li>POSIX:
5911<ul>
5912  <li><?php bugfix(75696); ?> (posix_getgrnam fails to print details of group).</li>
5913</ul></li>
5914<li>Reflection:
5915<ul>
5916  <li><?php bugfix(74454); ?> (Wrong exception being thrown when using ReflectionMethod).</li>
5917</ul></li>
5918<li>Standard:
5919<ul>
5920  <li><?php bugfix(73457); ?> (Wrong error message when fopen FTP wrapped fails to open data connection).</li>
5921  <li><?php bugfix(74764); ?> (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).</li>
5922  <li><?php bugfix(75533); ?> (array_reduce is slow when $carry is large array).</li>
5923</ul></li>
5924<li>Zlib:
5925<ul>
5926  <li><?php bugfix(75273); ?> (php_zlib_inflate_filter() may not update bytes_consumed).</li>
5927</ul></li>
5928</ul>
5929<!-- }}} --></section>
5930
5931<section class="version" id="7.1.22"><!-- {{{ 7.1.22 -->
5932<h3>Version 7.1.22</h3>
5933<b><?php release_date('13-Sep-2018'); ?></b>
5934<ul><li>Core:
5935<ul>
5936  <li><?php bugfix(76754); ?> (parent private constant in extends class memory leak).</li>
5937  <li><?php bugfix(72443); ?> (Generate enabled extension).</li>
5938</ul></li>
5939<li>Apache2:
5940<ul>
5941  <li><?php bugfix(76582); ?> (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)</li>
5942</ul></li>
5943<li>Bz2:
5944<ul>
5945  <li>Fixed arginfo for bzcompress.</li>
5946</ul></li>
5947<li>gettext:
5948<ul>
5949  <li><?php bugfix(76517); ?> (incorrect restoring of LDFLAGS).</li>
5950</ul></li>
5951<li>iconv:
5952<ul>
5953  <li><?php bugfix(68180); ?> (iconv_mime_decode can return extra characters in a header).</li>
5954  <li><?php bugfix(63839); ?> (iconv_mime_decode_headers function is skipping headers).</li>
5955  <li><?php bugfix(60494); ?> (iconv_mime_decode does ignore special characters).</li>
5956  <li><?php bugfix(55146); ?> (iconv_mime_decode_headers() skips some headers).</li>
5957</ul></li>
5958<li>intl:
5959<ul>
5960  <li><?php bugfix(74484); ?> (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).</li>
5961</ul></li>
5962<li>libxml:
5963<ul>
5964  <li><?php bugfix(76777); ?> ("public id" parameter of libxml_set_external_entity_loader callback undefined).</li>
5965</ul></li>
5966<li>mbstring:
5967<ul>
5968  <li><?php bugfix(76704); ?> (mb_detect_order return value varies based on argument type).</li>
5969</ul></li>
5970<li>Opcache:
5971<ul>
5972  <li><?php bugfix(76747); ?> (Opcache treats path containing "test.pharma.tld" as a phar file).</li>
5973</ul></li>
5974<li>OpenSSL:
5975<ul>
5976  <li><?php bugfix(76705); ?> (unusable ssl =&gt; peer_fingerprint in stream_context_create()).</li>
5977</ul></li>
5978<li>phpdbg:
5979<ul>
5980  <li><?php bugfix(76595); ?> (phpdbg man page contains outdated information).</li>
5981</ul></li>
5982<li>SPL:
5983<ul>
5984  <li><?php bugfix(68825); ?> (Exception in DirectoryIterator::getLinkTarget()).</li>
5985  <li><?php bugfix(68175); ?> (RegexIterator pregFlags are NULL instead of 0).</li>
5986</ul></li>
5987<li>Standard:
5988<ul>
5989  <li><?php bugfix(76778); ?> (array_reduce leaks memory if callback throws exception).</li>
5990</ul></li>
5991<li>zlib:
5992<ul>
5993  <li><?php bugfix(65988); ?> (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).</li>
5994  <li><?php bugfix(76709); ?> (Minimal required zlib library is 1.2.0.4).</li>
5995</ul></li>
5996</ul>
5997<!-- }}} --></section>
5998
5999<section class="version" id="7.1.21"><!-- {{{ 7.1.21 -->
6000<h3>Version 7.1.21</h3>
6001<b><?php release_date('16-Aug-2018'); ?></b>
6002<ul><li>Calendar:
6003<ul>
6004  <li><?php bugfix(52974); ?> (jewish.c: compile error under Windows with GBK charset).</li>
6005</ul></li>
6006<li>Filter:
6007<ul>
6008  <li><?php bugfix(76366); ?> (References in sub-array for filtering breaks the filter).</li>
6009</ul></li>
6010<li>PDO_Firebird:
6011<ul>
6012  <li><?php bugfix(76488); ?> (Memory leak when fetching a BLOB field).</li>
6013</ul></li>
6014<li>PDO_PgSQL:
6015<ul>
6016  <li><?php bugfix(75402); ?> (Possible Memory Leak using PDO::CURSOR_SCROLL option).</li>
6017</ul></li>
6018<li>SQLite3:
6019<ul>
6020  <li><?php bugfix(76665); ?> (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).</li>
6021</ul></li>
6022<li>Standard:
6023<ul>
6024  <li><?php bugfix(68553); ?> (array_column: null values in $index_key become incrementing keys in result).</li>
6025  <li><?php bugfix(73817); ?> (Incorrect entries in get_html_translation_table).</li>
6026  <li><?php bugfix(76643); ?> (Segmentation fault when using `output_add_rewrite_var`).</li>
6027</ul></li>
6028<li>Zip:
6029<ul>
6030  <li><?php bugfix(76524); ?> (ZipArchive memory leak (OVERWRITE flag and empty archive)).</li>
6031</ul></li>
6032</ul>
6033<!-- }}} --></section>
6034
6035<section class="version" id="7.1.20"><!-- {{{ 7.1.20 -->
6036<h3>Version 7.1.20</h3>
6037<b><?php release_date('19-Jul-2018'); ?></b>
6038<ul><li>Core:
6039<ul>
6040  <li><?php bugfix(76534); ?> (PHP hangs on 'illegal string offset on string references with an error handler).</li>
6041  <li><?php bugfix(76502); ?> (Chain of mixed exceptions and errors does not serialize properly).</li>
6042</ul></li>
6043<li>Date:
6044<ul>
6045  <li><?php bugfix(76462); ?> (Undefined property: DateInterval::$f).</li>
6046</ul></li>
6047<li>exif:
6048<ul>
6049  <li><?php bugfix(76423); ?> (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)</li>
6050  <li><?php bugfix(76557); ?> (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)</li>
6051</ul></li>
6052<li>FPM:
6053<ul>
6054  <li><?php bugfix(73342); ?> (Vulnerability in php-fpm by changing stdin to non-blocking).</li>
6055</ul></li>
6056<li>GMP:
6057<ul>
6058  <li><?php bugfix(74670); ?> (Integer Underflow when unserializing GMP and possible other classes).</li>
6059</ul></li>
6060<li>intl:
6061<ul>
6062  <li><?php bugfix(76556); ?> (get_debug_info handler for BreakIterator shows wrong type).</li>
6063</ul></li>
6064<li>mbstring:
6065<ul>
6066  <li><?php bugfix(76532); ?> (Integer overflow and excessive memory usage in mb_strimwidth).</li>
6067</ul></li>
6068<li>PGSQL:
6069<ul>
6070  <li><?php bugfix(76548); ?> (pg_fetch_result did not fetch the next row).</li>
6071</ul></li>
6072<li>phpdbg:
6073<ul>
6074  <li>Fix arginfo wrt. optional/required parameters.</li>
6075</ul></li>
6076<li>Reflection:
6077<ul>
6078  <li><?php bugfix(76536); ?> (PHP crashes with core dump when throwing exception in error handler).</li>
6079  <li><?php bugfix(75231); ?> (ReflectionProperty#getValue() incorrectly works with inherited classes).</li>
6080</ul></li>
6081<li>Standard:
6082<ul>
6083  <li><?php bugfix(76505); ?> (array_merge_recursive() is duplicating sub-array keys).</li>
6084  <li><?php bugfix(71848); ?> (getimagesize with $imageinfo returns false).</li>
6085</ul></li>
6086<li>Win32:
6087<ul>
6088  <li><?php bugfix(76459); ?> (windows linkinfo lacks openbasedir check). (CVE-2018-15132)</li>
6089</ul></li>
6090</ul>
6091<!-- }}} --></section>
6092
6093<section class="version" id="7.1.19"><!-- {{{ 7.1.19 -->
6094<h3>Version 7.1.19</h3>
6095<b><?php release_date('22-Jun-2018'); ?></b>
6096<ul><li>CLI Server:
6097<ul>
6098  <li><?php bugfix(76333); ?> (PHP built-in server does not find files if root path contains special characters).</li>
6099</ul></li>
6100<li>OpenSSL:
6101<ul>
6102  <li><?php bugfix(76296); ?> (openssl_pkey_get_public does not respect open_basedir).</li>
6103  <li><?php bugfix(76174); ?> (openssl extension fails to build with LibreSSL 2.7).</li>
6104</ul></li>
6105<li>SPL:
6106<ul>
6107  <li><?php bugfix(76367); ?> (NoRewindIterator segfault 11).</li>
6108</ul></li>
6109<li>Standard:
6110<ul>
6111  <li><?php bugfix(76335); ?> ("link(): Bad file descriptor" with non-ASCII path).</li>
6112  <li><?php bugfix(76383); ?> (array_map on $GLOBALS returns IS_INDIRECT).</li>
6113</ul></li>
6114</ul>
6115<!-- }}} --></section>
6116
6117<section class="version" id="7.1.18"><!-- {{{ 7.1.18 -->
6118<h3>Version 7.1.18</h3>
6119<b><?php release_date('24-May-2018'); ?></b>
6120<ul><li>FPM:
6121<ul>
6122  <li><?php bugfix(76075); ?> --with-fpm-acl wrongly tries to find libacl on FreeBSD.</li>
6123</ul></li>
6124<li>intl:
6125<ul>
6126  <li><?php bugfix(74385); ?> (Locale::parseLocale() broken with some arguments).</li>
6127</ul></li>
6128<li>Opcache:
6129<ul>
6130  <li><?php bugfix(76205); ?> (PHP-FPM sporadic crash when running Infinitewp).</li>
6131  <li><?php bugfix(76275); ?> (Assertion failure in file cache when unserializing empty try_catch_array).</li>
6132  <li><?php bugfix(76281); ?> (Opcache causes incorrect "undefined variable" errors).</li>
6133</ul></li>
6134<li>Reflection:
6135<ul>
6136  <li>Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).</li>
6137</ul></li>
6138</ul>
6139<!-- }}} --></section>
6140
6141<section class="version" id="7.1.17"><!-- {{{ 7.1.17 -->
6142<h3>Version 7.1.17</h3>
6143<b><?php release_date('26-Apr-2018'); ?></b>
6144<ul><li>Date:
6145<ul>
6146  <li><?php bugfix(76131); ?> (mismatch arginfo for date_create).</li>
6147</ul></li>
6148<li>Exif:
6149<ul>
6150  <li><?php bugfix(76130); ?> (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)</li>
6151</ul></li>
6152<li>FPM:
6153<ul>
6154  <li><?php bugfix(68440); ?> (ERROR: failed to reload: execvp() failed: Argument list too long).</li>
6155  <li>Fixed incorrect write to getenv result in FPM reload.</li>
6156</ul></li>
6157<li>GD:
6158<ul>
6159  <li><?php bugfix(52070); ?> (imagedashedline() - dashed line sometimes is not visible).</li>
6160</ul></li>
6161<li>iconv:
6162<ul>
6163  <li><?php bugfix(76249); ?> (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)</li>
6164</ul></li>
6165<li>intl:
6166<ul>
6167  <li><?php bugfix(76153); ?> (Intl compilation fails with icu4c 61.1).</li>
6168</ul></li>
6169<li>ldap:
6170<ul>
6171  <li><?php bugfix(76248); ?> (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)</li>
6172</ul></li>
6173<li>mbstring:
6174<ul>
6175  <li><?php bugfix(75944); ?> (Wrong cp1251 detection).</li>
6176  <li><?php bugfix(76113); ?> (mbstring does not build with Oniguruma 6.8.1).</li>
6177</ul></li>
6178<li>Phar:
6179<ul>
6180  <li><?php bugfix(76129); ?> (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)</li>
6181</ul></li>
6182<li>phpdbg:
6183<ul>
6184  <li><?php bugfix(76143); ?> (Memory corruption: arbitrary NUL overwrite).</li>
6185</ul></li>
6186<li>SPL:
6187<ul>
6188  <li><?php bugfix(76131); ?> (mismatch arginfo for splarray constructor).</li>
6189</ul></li>
6190<li>standard:
6191<ul>
6192  <li><?php bugfix(75996); ?> (incorrect url in header for mt_rand).</li>
6193</ul></li>
6194</ul>
6195<!-- }}} --></section>
6196
6197<section class="version" id="7.1.16"><!-- {{{ 7.1.16 -->
6198<h3>Version 7.1.16</h3>
6199<b><?php release_date('29-Mar-2018'); ?></b>
6200<ul><li>Core:
6201<ul>
6202  <li><?php bugfix(76025); ?> (Segfault while throwing exception in error_handler).</li>
6203  <li><?php bugfix(76044); ?> ('date: illegal option -- -' in ./configure on FreeBSD).</li>
6204</ul></li>
6205<li>FPM:
6206<ul>
6207  <li><?php bugfix(75605); ?> (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)</li>
6208</ul></li>
6209<li>GD:
6210<ul>
6211  <li><?php bugfix(73957); ?> (signed integer conversion in imagescale()).</li>
6212</ul></li>
6213<li>ODBC:
6214<ul>
6215  <li><?php bugfix(76088); ?> (ODBC functions are not available by default on Windows).</li>
6216</ul></li>
6217<li>Opcache:
6218<ul>
6219  <li><?php bugfix(76074); ?> (opcache corrupts variable in for-loop).</li>
6220</ul></li>
6221<li>Phar:
6222<ul>
6223  <li><?php bugfix(76085); ?> (Segmentation fault in buildFromIterator when directory name contains a \n).</li>
6224</ul></li>
6225<li>Standard:
6226<ul>
6227  <li><?php bugfix(74139); ?> (mail.add_x_header default inconsistent with docs).</li>
6228  <li><?php bugfix(76068); ?> (parse_ini_string fails to parse "[foo]\nbar=1|&gt;baz" with segfault).</li>
6229</ul></li>
6230</ul>
6231<!-- }}} --></section>
6232
6233<section class="version" id="7.1.15"><!-- {{{ 7.1.15 -->
6234<h3>Version 7.1.15</h3>
6235<b><?php release_date('01-Mar-2018'); ?></b>
6236<ul><li>Apache2Handler:
6237<ul>
6238  <li><?php bugfix(75882); ?> (a simple way for segfaults in threadsafe php just with configuration).</li>
6239</ul></li>
6240<li>Date:
6241<ul>
6242  <li><?php bugfix(75857); ?> (Timezone gets truncated when formatted).</li>
6243  <li><?php bugfix(75928); ?> (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).</li>
6244  <li><?php bugfix(68406); ?> (calling var_dump on a DateTimeZone object modifies it).</li>
6245</ul></li>
6246<li>PGSQL:
6247<ul>
6248  <li><?php bugfix(75838); ?> (Memory leak in pg_escape_bytea()).</li>
6249</ul></li>
6250<li>ODBC:
6251<ul>
6252  <li><?php bugfix(73725); ?> (Unable to retrieve value of varchar(max) type).</li>
6253</ul></li>
6254<li>LDAP:
6255<ul>
6256  <li><?php bugfix(49876); ?> (Fix LDAP path lookup on 64-bit distros).</li>
6257</ul></li>
6258<li>libxml2:
6259<ul>
6260  <li><?php bugfix(75871); ?> (use pkg-config where available).</li>
6261</ul></li>
6262<li>Phar:
6263<ul>
6264  <li><?php bugfix(65414); ?> (deal with leading slash when adding files correctly).</li>
6265</ul></li>
6266<li>SPL:
6267<ul>
6268  <li><?php bugfix(74519); ?> (strange behavior of AppendIterator).</li>
6269</ul></li>
6270<li>Standard:
6271<ul>
6272  <li><?php bugfix(75916); ?> (DNS_CAA record results contain garbage).</li>
6273  <li><?php bugfix(75981); ?> (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)</li>
6274</ul></li>
6275</ul>
6276<!-- }}} --></section>
6277
6278<section class="version" id="7.1.14"><!-- {{{ 7.1.14 -->
6279<h3>Version 7.1.14</h3>
6280<b><?php release_date('01-Feb-2018'); ?></b>
6281<ul><li>Core:
6282<ul>
6283  <li><?php bugfix(75679); ?> (Path 260 character problem).</li>
6284  <li><?php bugfix(75786); ?> (segfault when using spread operator on generator passed by reference).</li>
6285  <li><?php bugfix(75799); ?> (arg of get_defined_functions is optional).</li>
6286  <li><?php bugfix(75396); ?> (Exit inside generator finally results in fatal error).</li>
6287  <li><?php bugfix(75079); ?> (self keyword leads to incorrectly generated TypeError when in closure in trait).</li>
6288</ul></li>
6289<li>FCGI:
6290<ul>
6291  <li><?php bugfix(75794); ?> (getenv() crashes on Windows 7.2.1 when second parameter is false).</li>
6292</ul></li>
6293<li>IMAP:
6294<ul>
6295  <li><?php bugfix(75774); ?> (imap_append HeapCorruction).</li>
6296</ul></li>
6297<li>Opcache:
6298<ul>
6299  <li><?php bugfix(75720); ?> (File cache not populated after SHM runs full).</li>
6300  <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li>
6301</ul></li>
6302<li>PGSQL:
6303<ul>
6304  <li><?php bugfix(75671); ?> (pg_version() crashes when called on a connection to cockroach).</li>
6305</ul></li>
6306<li>Readline:
6307<ul>
6308  <li><?php bugfix(75775); ?> (readline_read_history segfaults with empty file).</li>
6309</ul></li>
6310<li>SAPI:
6311<ul>
6312  <li><?php bugfix(75735); ?> ([embed SAPI] Segmentation fault in sapi_register_post_entry).</li>
6313</ul></li>
6314<li>SOAP:
6315<ul>
6316  <li><?php bugfix(70469); ?> (SoapClient generates E_ERROR even if exceptions=1 is used).</li>
6317  <li><?php bugfix(75502); ?> (Segmentation fault in zend_string_release).</li>
6318</ul></li>
6319<li>SPL:
6320<ul>
6321  <li><?php bugfix(75717); ?> (RecursiveArrayIterator does not traverse arrays by reference).</li>
6322  <li><?php bugfix(75242); ?> (RecursiveArrayIterator doesn't have constants from parent class).</li>
6323  <li><?php bugfix(73209); ?> (RecursiveArrayIterator does not iterate object properties).</li>
6324</ul></li>
6325<li>Standard:
6326<ul>
6327  <li><?php bugfix(75781); ?> (substr_count incorrect result).</li>
6328</ul></li>
6329</ul>
6330<!-- }}} --></section>
6331
6332<section class="version" id="7.1.13"><!-- {{{ 7.1.13 -->
6333<h3>Version 7.1.13</h3>
6334<b><?php release_date('04-Jan-2018'); ?></b>
6335<ul><li>Core:
6336<ul>
6337  <li><?php bugfix(75573); ?> (Segmentation fault in 7.1.12 and 7.0.26).</li>
6338  <li><?php bugfix(75384); ?> (PHP seems incompatible with OneDrive files on demand).</li>
6339  <li><?php bugfix(74862); ?> (Unable to clone instance when private __clone defined).</li>
6340  <li><?php bugfix(75074); ?> (php-process crash when is_file() is used with strings longer 260 chars).</li>
6341</ul></li>
6342<li>CLI Server:
6343<ul>
6344  <li><?php bugfix(60471); ?> (Random "Invalid request (unexpected EOF)" using a router script).</li>
6345  <li><?php bugfix(73830); ?> (Directory does not exist).</li>
6346</ul></li>
6347<li>FPM:
6348<ul>
6349  <li><?php bugfix(64938); ?> (libxml_disable_entity_loader setting is shared between requests).</li>
6350</ul></li>
6351<li>GD:
6352<ul>
6353  <li><?php bugfix(75571); ?> (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)</li>
6354</ul></li>
6355<li>Opcache:
6356<ul>
6357  <li><?php bugfix(75608); ?> ("Narrowing occurred during type inference" error).</li>
6358  <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li>
6359  <li><?php bugfix(75570); ?> ("Narrowing occurred during type inference" error).</li>
6360</ul></li>
6361<li>PCRE:
6362<ul>
6363  <li><?php bugfix(74183); ?> (preg_last_error not returning error code after error).</li>
6364</ul></li>
6365<li>Phar:
6366<ul>
6367  <li><?php bugfix(74782); ?> (Reflected XSS in .phar 404 page). (CVE-2018-5712)</li>
6368</ul></li>
6369<li>Standard:
6370<ul>
6371  <li><?php bugfix(75511); ?> (fread not free unused buffer).</li>
6372  <li><?php bugfix(75514); ?> (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)</li>
6373  <li><?php bugfix(75535); ?> (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)</li>
6374  <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li>
6375  <li><?php bugfix(73124); ?> (php_ini_scanned_files() not reporting correctly).</li>
6376  <li><?php bugfix(75574); ?> (putenv does not work properly if parameter contains non-ASCII unicode character).</li>
6377</ul></li>
6378<li>Zip:
6379<ul>
6380  <li><?php bugfix(75540); ?> (Segfault with libzip 1.3.1).</li>
6381</ul></li>
6382</ul>
6383<!-- }}} --></section>
6384
6385
6386<section class="version" id="7.1.12"><!-- {{{ 7.1.12 -->
6387<h3>Version 7.1.12</h3>
6388<b><?php release_date('23-Nov-2017'); ?></b>
6389<ul><li>Core:
6390<ul>
6391  <li><?php bugfix(75420); ?> (Crash when modifing property name in __isset for BP_VAR_IS).</li>
6392  <li><?php bugfix(75368); ?> (mmap/munmap trashing on unlucky allocations).</li>
6393</ul></li>
6394<li>CLI:
6395<ul>
6396  <li><?php bugfix(75287); ?> (Builtin webserver crash after chdir in a shutdown function).</li>
6397</ul></li>
6398<li>Enchant:
6399<ul>
6400  <li><?php bugfix(53070); ?> (enchant_broker_get_path crashes if no path is set).</li>
6401  <li><?php bugfix(75365); ?> (Enchant still reports version 1.1.0).</li>
6402</ul></li>
6403<li>Exif:
6404<ul>
6405  <li><?php bugfix(75301); ?> (Exif extension has built in revision version).</li>
6406</ul></li>
6407<li>GD:
6408<ul>
6409  <li><?php bugfix(65148); ?> (imagerotate may alter image dimensions).</li>
6410  <li><?php bugfix(75437); ?> (Wrong reflection on imagewebp).</li>
6411</ul></li>
6412<li>intl:
6413<ul>
6414  <li><?php bugfix(75317); ?> (UConverter::setDestinationEncoding changes source instead of destination).</li>
6415</ul></li>
6416<li>interbase:
6417<ul>
6418  <li><?php bugfix(75453); ?> (Incorrect reflection for ibase_[p]connect).</li>
6419</ul></li>
6420<li>Mysqli:
6421<ul>
6422  <li><?php bugfix(75434); ?> (Wrong reflection for mysqli_fetch_all function).</li>
6423</ul></li>
6424<li>OCI8:
6425<ul>
6426  <li>Fixed valgrind issue.</li>
6427</ul></li>
6428<li>OpenSSL:
6429<ul>
6430  <li><?php bugfix(75363); ?> (openssl_x509_parse leaks memory).</li>
6431  <li><?php bugfix(75307); ?> (Wrong reflection for openssl_open function).</li>
6432</ul></li>
6433<li>Opcache:
6434<ul>
6435  <li><?php bugfix(75373); ?> (Warning Internal error: wrong size calculation).</li>
6436</ul></li>
6437<li>PGSQL:
6438<ul>
6439  <li><?php bugfix(75419); ?> (Default link incorrectly cleared/linked by pg_close()).</li>
6440</ul></li>
6441<li>SOAP:
6442<ul>
6443  <li><?php bugfix(75464); ?> (Wrong reflection on SoapClient::__setSoapHeaders).</li>
6444</ul></li>
6445<li>Zlib:
6446<ul>
6447  <li><?php bugfix(75299); ?> (Wrong reflection on inflate_init and inflate_add).</li>
6448</ul></li>
6449</ul>
6450<!-- }}} --></section>
6451
6452<section class="version" id="7.1.11"><!-- {{{ 7.1.11 -->
6453<h3>Version 7.1.11</h3>
6454<b><?php release_date('26-Oct-2017'); ?></b>
6455<ul><li>Core:
6456<ul>
6457  <li><?php bugfix(75241); ?> (Null pointer dereference in zend_mm_alloc_small()).</li>
6458  <li><?php bugfix(75236); ?> (infinite loop when printing an error-message).</li>
6459  <li><?php bugfix(75252); ?> (Incorrect token formatting on two parse errors in one request).</li>
6460  <li><?php bugfix(75220); ?> (Segfault when calling is_callable on parent).</li>
6461  <li><?php bugfix(75290); ?> (debug info of Closures of internal functions contain garbage argument names).</li>
6462</ul></li>
6463<li>Date:
6464<ul>
6465  <li><?php bugfix(75055); ?> (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)</li>
6466</ul></li>
6467<li>Apache2Handler:
6468<ul>
6469  <li><?php bugfix(75311); ?> (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).</li>
6470</ul></li>
6471<li>Hash:
6472<ul>
6473  <li><?php bugfix(75303); ?> (sha3 hangs on bigendian).</li>
6474</ul></li>
6475<li>Intl:
6476<ul>
6477  <li><?php bugfix(75318); ?> (The parameter of UConverter::getAliases() is not optional).</li>
6478</ul></li>
6479<li>litespeed:
6480<ul>
6481  <li><?php bugfix(75248); ?> (Binary directory doesn't get created when building only litespeed SAPI).</li>
6482  <li><?php bugfix(75251); ?> (Missing program prefix and suffix).</li>
6483</ul></li>
6484<li>mcrypt:
6485<ul>
6486  <li><?php bugfix(72535); ?> (arcfour encryption stream filter crashes php).</li>
6487</ul></li>
6488<li>MySQLi:
6489<ul>
6490  <li><?php bugfix(75018); ?> (Data corruption when reading fields of bit type).</li>
6491</ul></li>
6492<li>OCI8:
6493<ul>
6494  <li>Fixed incorrect reference counting.</li>
6495</ul></li>
6496<li>Opcache:
6497<ul>
6498  <li><?php bugfix(75255); ?> (Request hangs and not finish).</li>
6499</ul></li>
6500<li>PCRE:
6501<ul>
6502  <li><?php bugfix(75207); ?> (applied upstream patch for CVE-2016-1283).</li>
6503</ul></li>
6504<li>PDO_mysql:
6505<ul>
6506  <li><?php bugfix(75177); ?> (Type 'bit' is fetched as unexpected string).</li>
6507</ul></li>
6508<li>SPL:
6509<ul>
6510  <li><?php bugfix(73629); ?> (SplDoublyLinkedList::setIteratorMode masks intern flags).</li>
6511</ul></li>
6512</ul>
6513<!-- }}} --></section>
6514
6515<section class="version" id="7.1.10"><!-- {{{ 7.1.10 -->
6516<h3>Version 7.1.10</h3>
6517<b><?php release_date('28-Sep-2017'); ?></b>
6518<ul><li>Core:
6519<ul>
6520  <li><?php bugfix(75042); ?> (run-tests.php issues with EXTENSION block).</li>
6521</ul></li>
6522<li>BCMath:
6523<ul>
6524  <li><?php bugfix(44995); ?> (bcpowmod() fails if scale != 0).</li>
6525  <li><?php bugfix(46781); ?> (BC math handles minus zero incorrectly).</li>
6526  <li><?php bugfix(54598); ?> (bcpowmod() may return 1 if modulus is 1).</li>
6527  <li><?php bugfix(75178); ?> (bcpowmod() misbehaves for non-integer base or modulus).</li>
6528</ul></li>
6529<li>CLI server:
6530<ul>
6531  <li><?php bugfix(70470); ?> (Built-in server truncates headers spanning over TCP packets).</li>
6532</ul></li>
6533<li>CURL:
6534<ul>
6535  <li><?php bugfix(75093); ?> (OpenSSL support not detected).</li>
6536</ul></li>
6537<li>GD:
6538<ul>
6539  <li><?php bugfix(75124); ?> (gdImageGrayScale() may produce colors).</li>
6540  <li><?php bugfix(75139); ?> (libgd/gd_interpolation.c:1786: suspicious if ?).</li>
6541</ul></li>
6542<li>Gettext:
6543<ul>
6544  <li><?php bugfix(73730); ?> (textdomain(null) throws in strict mode).</li>
6545</ul></li>
6546<li>Intl:
6547<ul>
6548  <li><?php bugfix(75090); ?> (IntlGregorianCalendar doesn't have constants from parent class).</li>
6549  <li><?php bugfix(75193); ?> (segfault in collator_convert_object_to_string).</li>
6550</ul></li>
6551<li>PDO_OCI:
6552<ul>
6553  <li><?php bugfix(74631); ?> (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).</li>
6554</ul></li>
6555<li>SPL:
6556<ul>
6557  <li><?php bugfix(75155); ?> (AppendIterator::append() is broken when appending another AppendIterator).</li>
6558  <li><?php bugfix(75173); ?> (incorrect behavior of AppendIterator::append in foreach loop).</li>
6559</ul></li>
6560<li>Standard:
6561<ul>
6562  <li><?php bugfix(75152); ?> (signed integer overflow in parse_iv).</li>
6563  <li><?php bugfix(75097); ?> (gethostname fails if your host name is 64 chars long).</li>
6564</ul></li>
6565</ul>
6566<!-- }}} --></section>
6567
6568<section class="version" id="7.1.9"><!-- {{{ 7.1.9 -->
6569<h3>Version 7.1.9</h3>
6570<b><?php release_date('31-Aug-2017'); ?></b>
6571<ul><li>Core:
6572<ul>
6573  <li><?php bugfix(74947); ?> (Segfault in scanner on INF number).</li>
6574  <li><?php bugfix(74954); ?> (null deref and segfault in zend_generator_resume()).</li>
6575  <li><?php bugfix(74725); ?> (html_errors=1 breaks unhandled exceptions).</li>
6576  <li><?php bugfix(75063); ?> (Main CWD initialized with wrong codepage).</li>
6577  <li><?php bugfix(75349); ?> (NAN comparison).</li>
6578</ul></li>
6579<li>cURL:
6580<ul>
6581  <li><?php bugfix(74125); ?> (Fixed finding CURL on systems with multiarch support).</li>
6582</ul></li>
6583<li>Date:
6584<ul>
6585  <li><?php bugfix(75002); ?> (Null Pointer Dereference in timelib_time_clone).</li>
6586</ul></li>
6587<li>Intl:
6588<ul>
6589  <li><?php bugfix(74993); ?> (Wrong reflection on some locale_* functions).</li>
6590</ul></li>
6591<li>Mbstring:
6592<ul>
6593  <li><?php bugfix(71606); ?> (Segmentation fault mb_strcut with HTML-ENTITIES encoding).</li>
6594  <li><?php bugfix(62934); ?> (mb_convert_kana() does not convert iteration marks).</li>
6595  <li><?php bugfix(75001); ?> (Wrong reflection on mb_eregi_replace).</li>
6596</ul></li>
6597<li>MySQLi:
6598<ul>
6599  <li><?php bugfix(74968); ?> (PHP crashes when calling mysqli_result::fetch_object with an abstract class).</li>
6600</ul></li>
6601<li>OCI8:
6602<ul>
6603  <li>Expose oci_unregister_taf_callback() (Tianfang Yang)</li>
6604</ul></li>
6605<li>Opcache:
6606<ul>
6607  <li><?php bugfix(74980); ?> (Narrowing occurred during type inference).</li>
6608</ul></li>
6609<li>phar:
6610<ul>
6611  <li><?php bugfix(74991); ?> (include_path has a 4096 char limit in some cases).</li>
6612</ul></li>
6613<li>Reflection:
6614<ul>
6615  <li><?php bugfix(74949); ?> (null pointer dereference in _function_string).</li>
6616</ul></li>
6617<li>Session:
6618<ul>
6619  <li><?php bugfix(74892); ?> (Url Rewriting (trans_sid) not working on urls that start with "#").</li>
6620  <li><?php bugfix(74833); ?> (SID constant created with wrong module number).</li>
6621</ul></li>
6622<li>SimpleXML:
6623<ul>
6624  <li><?php bugfix(74950); ?> (nullpointer deref in simplexml_element_getDocNamespaces).</li>
6625</ul></li>
6626<li>SPL:
6627<ul>
6628  <li><?php bugfix(75049); ?> (spl_autoload_unregister can't handle spl_autoload_functions results).</li>
6629  <li><?php bugfix(74669); ?> (Unserialize ArrayIterator broken).</li>
6630  <li><?php bugfix(74977); ?> (Appending AppendIterator leads to segfault).</li>
6631  <li><?php bugfix(75015); ?> (Crash in recursive iterator destructors).</li>
6632</ul></li>
6633<li>Standard:
6634<ul>
6635  <li><?php bugfix(75075); ?> (unpack with X* causes infinity loop).</li>
6636  <li><?php bugfix(74103); ?> (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)</li>
6637  <li><?php bugfix(75054); ?> (A Denial of Service Vulnerability was found when performing deserialization).</li>
6638</ul></li>
6639<li>WDDX:
6640<ul>
6641  <li><?php bugfix(73793); ?> (WDDX uses wrong decimal seperator).</li>
6642</ul></li>
6643<li>XMLRPC:
6644<ul>
6645  <li><?php bugfix(74975); ?> (Incorrect xmlrpc serialization for classes with declared properties).</li>
6646</ul></li>
6647</ul>
6648<!-- }}} --></section>
6649
6650
6651<section class="version" id="7.1.8"><!-- {{{ 7.1.8 -->
6652<h3>Version 7.1.8</h3>
6653<b><?php release_date('03-Aug-2017'); ?></b>
6654<ul><li>Core:
6655<ul>
6656  <li><?php bugfix(74832); ?> (Loading PHP extension with already registered function name leads to a crash).</li>
6657  <li><?php bugfix(74780); ?> (parse_url() broken when query string contains colon).</li>
6658  <li><?php bugfix(74761); ?> (Unary operator expected error on some systems).</li>
6659  <li><?php bugfix(73900); ?> (Use After Free in unserialize() SplFixedArray).</li>
6660  <li><?php bugfix(74923); ?> (Crash when crawling through network share).</li>
6661  <li><?php bugfix(74913); ?> (fixed incorrect poll.h include).</li>
6662  <li><?php bugfix(74906); ?> (fixed incorrect errno.h include).</li>
6663</ul></li>
6664<li>Date:
6665<ul>
6666  <li><?php bugfix(74852); ?> (property_exists returns true on unknown DateInterval property).</li>
6667</ul></li>
6668<li>OCI8:
6669<ul>
6670  <li><?php bugfix(74625); ?> (Integer overflow in oci_bind_array_by_name).</li>
6671</ul></li>
6672<li>Opcache:
6673<ul>
6674  <li><?php bugfix(74623); ?> (Infinite loop in type inference when using HTMLPurifier).</li>
6675</ul></li>
6676<li>OpenSSL:
6677<ul>
6678  <li><?php bugfix(74798); ?> (pkcs7_en/decrypt does not work if \x0a is used in content).</li>
6679  <li>Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug <?php bugl(71917); ?> (openssl_open() returns junk on envelope &lt; 16 bytes) and bug <?php bugl(72362); ?> (OpenSSL Blowfish encryption is incorrect for short keys).</li>
6680</ul></li>
6681<li>PDO:
6682<ul>
6683  <li><?php bugfix(69356); ?> (PDOStatement::debugDumpParams() truncates query).</li>
6684</ul></li>
6685<li>SPL:
6686<ul>
6687  <li><?php bugfix(73471); ?> (PHP freezes with AppendIterator).</li>
6688</ul></li>
6689<li>SQLite3:
6690<ul>
6691  <li><?php bugfix(74883); ?> (SQLite3::__construct() produces "out of memory" exception with invalid flags).</li>
6692</ul></li>
6693<li>Wddx:
6694<ul>
6695  <li><?php bugfix(73173); ?> (huge memleak when wddx_unserialize).</li>
6696  <li><?php bugfix(74145); ?> (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)</li>
6697</ul></li>
6698<li>zlib:
6699<ul>
6700  <li><?php bugfix(73944); ?> (dictionary option of inflate_init() does not work).</li>
6701</ul></li>
6702</ul>
6703<!-- }}} --></section>
6704
6705<section class="version" id="7.1.7"><!-- {{{ 7.1.7 -->
6706<h3>Version 7.1.7</h3>
6707<b><?php release_date('06-Jul-2017'); ?></b>
6708<ul><li>Core:
6709<ul>
6710  <li><?php bugfix(74738); ?> (Multiple [PATH=] and [HOST=] sections not properly parsed).</li>
6711  <li><?php bugfix(74658); ?> (Undefined constants in array properties result in broken properties).</li>
6712  <li>Fixed misparsing of abstract unix domain socket names.</li>
6713  <li><?php bugfix(74603); ?> (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)</li>
6714  <li><?php bugfix(74101); ?> (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)</li>
6715  <li><?php bugfix(74111); ?> (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)</li>
6716  <li><?php bugfix(74819); ?> (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)</li>
6717</ul></li>
6718<li>Date:
6719<ul>
6720  <li><?php bugfix(74639); ?> (implement clone for DatePeriod and DateInterval).</li>
6721</ul></li>
6722<li>DOM:
6723<ul>
6724  <li><?php bugfix(69373); ?> (References to deleted XPath query results).</li>
6725</ul></li>
6726<li>GD:
6727<ul>
6728  <li><?php bugfix(74435); ?> (Buffer over-read into uninitialized memory). (CVE-2017-7890)</li>
6729</ul></li>
6730<li>Intl:
6731<ul>
6732  <li><?php bugfix(73473); ?> (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)</li>
6733  <li><?php bugfix(74705); ?> (Wrong reflection on Collator::getSortKey and collator_get_sort_key).</li>
6734</ul></li>
6735<li>Mbstring:
6736<ul>
6737  <li>Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)</li>
6738</ul></li>
6739<li>OCI8:
6740<ul>
6741  <li>Add TAF callback (PR <?php githubissuel('php/php-src', 2459); ?>).</li>
6742</ul></li>
6743<li>Opcache:
6744<ul>
6745  <li><?php bugfix(74663); ?> (Segfault with opcache.memory_protect and validate_timestamp).</li>
6746  <li>Revert opcache.enable_cli to default disabled.</li>
6747</ul></li>
6748<li>OpenSSL:
6749<ul>
6750  <li><?php bugfix(74720); ?> (pkcs7_en/decrypt does not work if \x1a is used in content).</li>
6751  <li><?php bugfix(74651); ?> (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)</li>
6752</ul></li>
6753<li>PDO_OCI:
6754<ul>
6755  <li>Support Instant Client 12.2 in --with-pdo-oci configure option.</li>
6756</ul></li>
6757<li>Reflection:
6758<ul>
6759  <li><?php bugfix(74673); ?> (Segfault when cast Reflection object to string with undefined constant).</li>
6760</ul></li>
6761<li>SPL:
6762<ul>
6763  <li><?php bugfix(74478); ?> (null coalescing operator failing with SplFixedArray).</li>
6764</ul></li>
6765<li>FTP:
6766<ul>
6767  <li><?php bugfix(74598); ?> (ftp:// wrapper ignores context arg).</li>
6768</ul></li>
6769<li>PHAR:
6770<ul>
6771  <li><?php bugfix(74386); ?> (Phar::__construct reflection incorrect).</li>
6772</ul></li>
6773<li>SOAP:
6774<ul>
6775  <li><?php bugfix(74679); ?> (Incorrect conversion array with WSDL_CACHE_MEMORY).</li>
6776</ul></li>
6777<li>Streams:
6778<ul>
6779  <li><?php bugfix(74556); ?> (stream_socket_get_name() returns '\0').</li>
6780</ul></li>
6781</ul>
6782<!-- }}} --></section>
6783
6784<section class="version" id="7.1.6"><!-- {{{ 7.1.6 -->
6785<h3>Version 7.1.6</h3>
6786<b><?php release_date('07-Jun-2017'); ?></b>
6787<ul><li>Core:
6788<ul>
6789  <li><?php bugfix(74600); ?> (crash (SIGSEGV) in _zend_hash_add_or_update_i).</li>
6790  <li><?php bugfix(74546); ?> (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).</li>
6791  <li><?php bugfix(74589); ?> (__DIR__ wrong for unicode character).</li>
6792</ul></li>
6793<li>intl:
6794<ul>
6795  <li><?php bugfix(74468); ?> (wrong reflection on Collator::sortWithSortKeys).</li>
6796</ul></li>
6797<li>MySQLi:
6798<ul>
6799  <li><?php bugfix(74547); ?> (mysqli::change_user() doesn't accept null as $database argument w/strict_types).</li>
6800</ul></li>
6801<li>Opcache:
6802<ul>
6803  <li><?php bugfix(74596); ?> (SIGSEGV with opcache.revalidate_path enabled).</li>
6804</ul></li>
6805<li>phar:
6806<ul>
6807  <li><?php bugfix(51918); ?> (Phar::webPhar() does not handle requests sent through PUT and DELETE method).</li>
6808</ul></li>
6809<li>Readline:
6810<ul>
6811  <li><?php bugfix(74490); ?> (readline() moves the cursor to the beginning of the line).</li>
6812</ul></li>
6813<li>Standard:
6814<ul>
6815  <li><?php bugfix(74510); ?> (win32/sendmail.c anchors CC header but not BCC).</li>
6816</ul></li>
6817<li>xmlreader:
6818<ul>
6819  <li><?php bugfix(74457); ?> (Wrong reflection on XMLReader::expand).</li>
6820</ul></li>
6821</ul>
6822<!-- }}} --></section>
6823
6824<section class="version" id="7.1.5"><!-- {{{ 7.1.5 -->
6825<h3>Version 7.1.5</h3>
6826<b><?php release_date('11-May-2017'); ?></b>
6827<ul><li>Core:
6828<ul>
6829  <li><?php bugfix(74408); ?> (Endless loop bypassing execution time limit).</li>
6830  <li><?php bugfix(74353); ?> (Segfault when killing within bash script trap code).</li>
6831  <li><?php bugfix(74340); ?> (Magic function __get has different behavior in php 7.1.x).</li>
6832  <li><?php bugfix(74188); ?> (Null coalescing operator fails for undeclared static class properties).</li>
6833  <li><?php bugfix(74444); ?> (multiple catch freezes in some cases).</li>
6834  <li><?php bugfix(74410); ?> (stream_select() is broken on Windows Nanoserver).</li>
6835  <li><?php bugfix(74337); ?> (php-cgi.exe crash on facebook callback).</li>
6836</ul></li>
6837<li>Date:
6838<ul>
6839  <li><?php bugfix(74404); ?> (Wrong reflection on DateTimeZone::getTransitions).</li>
6840  <li><?php bugfix(74080); ?> (add constant for RFC7231 format datetime).</li>
6841</ul></li>
6842<li>DOM:
6843<ul>
6844  <li><?php bugfix(74416); ?> (Wrong reflection on DOMNode::cloneNode).</li>
6845</ul></li>
6846<li>Fileinfo:
6847<ul>
6848  <li><?php bugfix(74379); ?> (syntax error compile error in libmagic/apprentice.c).</li>
6849</ul></li>
6850<li>GD:
6851<ul>
6852  <li><?php bugfix(74343); ?> (compile fails on solaris 11 with system gd2 library).</li>
6853</ul></li>
6854<li>MySQLnd:
6855<ul>
6856  <li><?php bugfix(74376); ?> (Invalid free of persistent results on error/connection loss).</li>
6857</ul></li>
6858<li>Intl:
6859<ul>
6860  <li><?php bugfix(65683); ?> (Intl does not support DateTimeImmutable).</li>
6861  <li><?php bugfix(74298); ?> (IntlDateFormatter-&gt;format() doesn't return microseconds/fractions).</li>
6862  <li><?php bugfix(74433); ?> (wrong reflection for Normalizer methods).</li>
6863  <li><?php bugfix(74439); ?> (wrong reflection for Locale methods).</li>
6864</ul></li>
6865<li>Opcache:
6866<ul>
6867  <li><?php bugfix(74456); ?> (Segmentation error while running a script in CLI mode).</li>
6868  <li><?php bugfix(74431); ?> (foreach infinite loop).</li>
6869  <li><?php bugfix(74442); ?> (Opcached version produces a nested array).</li>
6870</ul></li>
6871<li>OpenSSL:
6872<ul>
6873  <li><?php bugfix(73833); ?> (null character not allowed in openssl_pkey_get_private).</li>
6874  <li><?php bugfix(73711); ?> (Segfault in openssl_pkey_new when generating DSA or DH key).</li>
6875  <li><?php bugfix(74341); ?> (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).</li>
6876</ul></li>
6877<li>phar:
6878<ul>
6879  <li><?php bugfix(74383); ?> (phar method parameters reflection correction).</li>
6880</ul></li>
6881<li>Readline:
6882<ul>
6883  <li><?php bugfix(74489); ?> (readline() immediately returns false in interactive console mode).</li>
6884</ul></li>
6885<li>Standard:
6886<ul>
6887  <li><?php bugfix(72071); ?> (setcookie allows max-age to be negative).</li>
6888  <li><?php bugfix(74361); ?> (Compaction in array_rand() violates COW).</li>
6889</ul></li>
6890<li>Streams:
6891<ul>
6892  <li><?php bugfix(74429); ?> (Remote socket URI with unique persistence identifier broken).</li>
6893</ul></li>
6894</ul>
6895<!-- }}} --></section>
6896
6897<section class="version" id="7.1.4"><!-- {{{ 7.1.4 -->
6898<h3>Version 7.1.4</h3>
6899<b><?php release_date('13-Apr-2017'); ?></b>
6900<ul><li>Core:
6901<ul>
6902  <li><?php bugfix(74149); ?> (static embed SAPI linkage error).</li>
6903  <li><?php bugfix(73370); ?> (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).</li>
6904  <li><?php bugfix(73960); ?> (Leak with instance method calling static method with referenced return).</li>
6905  <li><?php bugfix(69676); ?> (Resolution of self::FOO in class constants not correct).</li>
6906  <li><?php bugfix(74265); ?> (Build problems after 7.0.17 release: undefined reference to `isfinite').</li>
6907  <li><?php bugfix(74302); ?> (yield fromLABEL is over-greedy).</li>
6908</ul></li>
6909<li>Apache:
6910<ul>
6911  <li>Reverted patch for bug <?php bugl(61471); ?>, fixes bug <?php bugl(74318); ?>.</li>
6912</ul></li>
6913<li>Date:
6914<ul>
6915  <li><?php bugfix(72096); ?> (Swatch time value incorrect for dates before 1970).</li>
6916</ul></li>
6917<li>DOM:
6918<ul>
6919  <li><?php bugfix(74004); ?> (LIBXML_NOWARNING flag ingnored on loadHTML*).</li>
6920</ul></li>
6921<li>iconv:
6922<ul>
6923  <li><?php bugfix(74230); ?> (iconv fails to fail on surrogates).</li>
6924</ul></li>
6925<li>Opcache:
6926<ul>
6927  <li><?php bugfix(74250); ?> (OPcache compilation performance regression in PHP 5.6/7 with huge classes).</li>
6928</ul></li>
6929<li>OpenSSL:
6930<ul>
6931  <li><?php bugfix(72333); ?> (fwrite() on non-blocking SSL sockets doesn't work).</li>
6932</ul></li>
6933<li>PDO MySQL:
6934<ul>
6935  <li><?php bugfix(71003); ?> (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).</li>
6936</ul></li>
6937<li>SPL:
6938<ul>
6939  <li><?php bugfix(74058); ?> (ArrayObject can not notice changes).</li>
6940</ul></li>
6941<li>SQLite:
6942<ul>
6943  <li><?php bugfix(74217); ?> (Allow creation of deterministic sqlite functions).</li>
6944</ul></li>
6945<li>Streams:
6946<ul>
6947  <li><?php bugfix(74216); ?> (Correctly fail on invalid IP address ports).</li>
6948</ul></li>
6949<li>zlib:
6950<ul>
6951  <li><?php bugfix(74240); ?> (deflate_add can allocate too much memory).</li>
6952</ul></li>
6953</ul>
6954<!-- }}} --></section>
6955
6956<section class="version" id="7.1.3"><!-- {{{ 7.1.3 -->
6957<h3>Version 7.1.3</h3>
6958<b><?php release_date('16-Mar-2017'); ?></b>
6959<ul><li>Core:
6960<ul>
6961  <li><?php bugfix(74157); ?> (Segfault with nested generators).</li>
6962  <li><?php bugfix(74164); ?> (PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg).</li>
6963  <li><?php bugfix(74093); ?> (Maximum execution time of n+2 seconds exceed not written in error_log).</li>
6964  <li><?php bugfix(73989); ?> (PHP 7.1 Segfaults within Symfony test suite).</li>
6965  <li><?php bugfix(74084); ?> (Out of bound read - zend_mm_alloc_small).</li>
6966  <li><?php bugfix(73807); ?> (Performance problem with processing large post request). (CVE-2017-11142)</li>
6967  <li><?php bugfix(73998); ?> (array_key_exists fails on arrays created by get_object_vars).</li>
6968  <li><?php bugfix(73954); ?> (NAN check fails on Alpine Linux with musl).</li>
6969  <li><?php bugfix(73677); ?> (Generating phar.phar core dump with gcc ASAN enabled build).</li>
6970</ul></li>
6971<li>Apache:
6972<ul>
6973  <li><?php bugfix(61471); ?> (Incomplete POST does not timeout but is passed to PHP).</li>
6974</ul></li>
6975<li>Date:
6976<ul>
6977  <li><?php bugfix(73837); ?> ("new DateTime()" sometimes returns 1 second ago value).</li>
6978</ul></li>
6979<li>FPM:
6980<ul>
6981  <li><?php bugfix(69860); ?> (php-fpm process accounting is broken with keepalive).</li>
6982</ul></li>
6983<li>Hash:
6984<ul>
6985  <li><?php bugfix(73127); ?> (gost-crypto hash incorrect if input data contains long 0xFF sequence).</li>
6986</ul></li>
6987<li>GD:
6988<ul>
6989  <li><?php bugfix(74031); ?> (ReflectionFunction for imagepng is missing last two parameters).</li>
6990</ul></li>
6991<li>Mysqlnd:
6992<ul>
6993  <li><?php bugfix(74021); ?> (fetch_array broken data. Data more then MEDIUMBLOB).</li>
6994</ul></li>
6995<li>Opcache:
6996<ul>
6997  <li><?php bugfix(74019); ?> (Segfault with list).</li>
6998</ul></li>
6999<li>OpenSSL:
7000<ul>
7001  <li><?php bugfix(74022); ?> (PHP Fast CGI crashes when reading from a pfx file).</li>
7002  <li><?php bugfix(74099); ?> (Memory leak with openssl_encrypt()).</li>
7003</ul></li>
7004<li>Standard:
7005<ul>
7006  <li><?php bugfix(74005); ?> (mail.add_x_header causes RFC-breaking lone line feed).</li>
7007  <li><?php bugfix(74041); ?> (substr_count with length=0 broken).</li>
7008  <li><?php bugfix(73118); ?> (is_callable callable name reports misleading value for anonymous classes).</li>
7009  <li><?php bugfix(74105); ?> (PHP on Linux should use /dev/urandom when getrandom is not available).</li>
7010</ul></li>
7011<li>Streams:
7012<ul>
7013  <li><?php bugfix(73496); ?> (Invalid memory access in zend_inline_hash_func).</li>
7014  <li><?php bugfix(74090); ?> (stream_get_contents maxlength&gt;-1 returns empty string).</li>
7015</ul></li>
7016</ul>
7017<!-- }}} --></section>
7018
7019<section class="version" id="7.1.2"><!-- {{{ 7.1.2 -->
7020<h3>Version 7.1.2</h3>
7021<b><?php release_date('16-Feb-2017'); ?></b>
7022<ul><li>Core:
7023<ul>
7024  <li>Improved GENERATOR_CREATE opcode handler.</li>
7025  <li><?php bugfix(73877); ?> (readlink() returns garbage for UTF-8 paths).</li>
7026  <li><?php bugfix(73876); ?> (Crash when exporting **= in expansion of assign op).</li>
7027  <li><?php bugfix(73962); ?> (bug with symlink related to cyrillic directory).</li>
7028  <li><?php bugfix(73969); ?> (segfault in debug_print_backtrace).</li>
7029  <li><?php bugfix(73994); ?> (arginfo incorrect for unpack).</li>
7030  <li><?php bugfix(73973); ?> (assertion error in debug_zval_dump).</li>
7031</ul></li>
7032<li>DOM:
7033<ul>
7034  <li><?php bugfix(54382); ?> (getAttributeNodeNS doesn't get xmlns* attributes).</li>
7035</ul></li>
7036<li>DTrace:
7037<ul>
7038  <li><?php bugfix(73965); ?> (DTrace reported as enabled when disabled).</li>
7039</ul></li>
7040<li>FCGI:
7041<ul>
7042  <li><?php bugfix(73904); ?> (php-cgi fails to load -c specified php.ini file).</li>
7043  <li><?php bugfix(72898); ?> (PHP_FCGI_CHILDREN is not included in phpinfo()).</li>
7044</ul></li>
7045<li>FPM:
7046<ul>
7047  <li><?php bugfix(69865); ?> (php-fpm does not close stderr when using syslog).</li>
7048</ul></li>
7049<li>GD:
7050<ul>
7051  <li><?php bugfix(73968); ?> (Premature failing of XBM reading).</li>
7052</ul></li>
7053<li>GMP:
7054<ul>
7055  <li><?php bugfix(69993); ?> (test for gmp.h needs to test machine includes).</li>
7056</ul></li>
7057<li>Hash:
7058<ul>
7059  <li>Added hash_hkdf() function.</li>
7060  <li><?php bugfix(73961); ?> (environmental build dependency in hash sha3 source).</li>
7061</ul></li>
7062<li>Intl:
7063<ul>
7064  <li><?php bugfix(73956); ?> (Link use CC instead of CXX).</li>
7065</ul></li>
7066<li>LDAP:
7067<ul>
7068  <li><?php bugfix(73933); ?> (error/segfault with ldap_mod_replace and opcache).</li>
7069</ul></li>
7070<li>MySQLi:
7071<ul>
7072  <li><?php bugfix(73949); ?> (leak in mysqli_fetch_object).</li>
7073</ul></li>
7074<li>Mysqlnd:
7075<ul>
7076  <li><?php bugfix(69899); ?> (segfault on close() after free_result() with mysqlnd).</li>
7077</ul></li>
7078<li>Opcache:
7079<ul>
7080  <li><?php bugfix(73983); ?> (crash on finish work with phar in cli + opcache).</li>
7081</ul></li>
7082<li>OpenSSL:
7083<ul>
7084  <li><?php bugfix(71519); ?> (add serial hex to return value array).</li>
7085  <li><?php bugfix(73692); ?> (Compile ext/openssl with openssl 1.1.0 on Win).</li>
7086  <li><?php bugfix(73978); ?> (openssl_decrypt triggers bug in PDO).</li>
7087</ul></li>
7088<li>PDO_Firebird:
7089<ul>
7090  <li><?php implemented(72583); ?> (All data are fetched as strings).</li>
7091</ul></li>
7092<li>PDO_PgSQL:
7093<ul>
7094  <li><?php bugfix(73959); ?> (lastInsertId fails to throw an exception for wrong sequence name).</li>
7095</ul></li>
7096<li>Phar:
7097<ul>
7098  <li><?php bugfix(70417); ?> (PharData::compress() doesn't close temp file).</li>
7099</ul></li>
7100<li>posix:
7101<ul>
7102  <li><?php bugfix(71219); ?> (configure script incorrectly checks for ttyname_r).</li>
7103</ul></li>
7104<li>Session:
7105<ul>
7106  <li><?php bugfix(69582); ?> (session not readable by root in CLI).</li>
7107</ul></li>
7108<li>SPL:
7109<ul>
7110  <li><?php bugfix(73896); ?> (spl_autoload() crashes when calls magic _call()).</li>
7111</ul></li>
7112<li>Standard:
7113<ul>
7114  <li><?php bugfix(69442); ?> (closing of fd incorrect when PTS enabled).</li>
7115  <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li>
7116  <li><?php bugfix(72974); ?> (imap is undefined service on AIX).</li>
7117  <li><?php bugfix(72979); ?> (money_format stores wrong length AIX).</li>
7118  <li><?php bugfix(73374); ?> (intval() with base 0 should detect binary).</li>
7119  <li><?php bugfix(69061); ?> (mail.log = syslog contains double information).</li>
7120</ul></li>
7121<li>ZIP:
7122<ul>
7123  <li><?php bugfix(70103); ?> (ZipArchive::addGlob ignores remove_all_path option).</li>
7124</ul></li>
7125</ul>
7126<!-- }}} --></section>
7127
7128<section class="version" id="7.1.1"><!-- {{{ 7.1.1 -->
7129<h3>Version 7.1.1</h3>
7130<b><?php release_date('19-Jan-2017'); ?></b>
7131<ul>
7132	<li>
7133	Core
7134	<ul>
7135		<li><?php bugfix(73792); ?> (invalid foreach loop hangs script).</li>
7136		<li><?php bugfix(73686); ?> (Adding settype()ed values to ArrayObject results in references).</li>
7137		<li><?php bugfix(73663); ?> ("Invalid opcode 65/16/8" occurs with a variable created with list()).</li>
7138		<li><?php bugfix(73727); ?> (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h).</li>
7139		<li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li>
7140		<li><?php bugfix(73783); ?> (SIG_IGN doesn't work when Zend Signals is enabled).</li>
7141		<li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li>
7142		<li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li>
7143		<li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()). (CVE-2017-5340)</li>
7144		<li><?php bugfix(73092); ?> (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)</li>
7145	</ul>
7146	</li>
7147	<li>
7148	CLI
7149	<ul>
7150		<li><?php bugfix(72555); ?> (CLI output(japanese) on Windows).</li>
7151	</ul>
7152	</li>
7153	<li>
7154	COM
7155	<ul>
7156		<li><?php bugfix(73679); ?> (DOTNET read access violation using invalid codepage).</li>
7157	</ul>
7158	</li>
7159	<li>
7160	DOM
7161	<ul>
7162		<li><?php bugfix(67474); ?> (getElementsByTagNameNS filter on default ns).</li>
7163	</ul>
7164	</li>
7165	<li>
7166	EXIF
7167	<ul>
7168		<li><?php bugfix(73737); ?> (FPE when parsing a tag format). (CVE-2016-10158)</li>
7169	</ul>
7170	</li>
7171	<li>
7172	GD
7173	<ul>
7174		<li><?php bugfix(73869); ?> (Signed Integer Overflow gd_io.c). (CVE-2016-10168)</li>
7175		<li><?php bugfix(73868); ?> (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)</li>
7176	</ul>
7177	</li>
7178	<li>
7179	mbstring
7180	<ul>
7181		<li><?php bugfix(73646); ?> (mb_ereg_search_init null pointer dereference).</li>
7182	</ul>
7183	</li>
7184	<li>
7185	MySQLi
7186	<ul>
7187		<li><?php bugfix(73462); ?> (Persistent connections don't set $connect_errno).</li>
7188	</ul>
7189	</li>
7190	<li>
7191	mysqlnd
7192	<ul>
7193		<li>Optimized handling of BIT fields - less memory copies and lower memory usage.</li>
7194		<li><?php bugfix(73800); ?> (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).</li>
7195	</ul>
7196	</li>
7197	<li>
7198	opcache
7199	<ul>
7200		<li><?php bugfix(73789); ?> (Strange behavior of class constants in switch/case block).</li>
7201		<li><?php bugfix(73746); ?> (Method that returns string returns UNKNOWN:0 instead).</li>
7202		<li><?php bugfix(73654); ?> (Segmentation fault in zend_call_function).</li>
7203		<li><?php bugfix(73668); ?> ("SIGFPE Arithmetic exception" in opcache when divide by minus 1).</li>
7204		<li><?php bugfix(73847); ?> (Recursion when a variable is redefined as array).</li>
7205	</ul>
7206	</li>
7207	<li>
7208	PDO Firebird
7209	<ul>
7210		<li><?php bugfix(72931); ?> (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).</li>
7211	</ul>
7212	</li>
7213	<li>Phar:
7214	<ul>
7215		<li><?php bugfix(73773); ?> (Seg fault when loading hostile phar). (CVE-2017-11147)</li>
7216		<li><?php bugfix(73768); ?> (Memory corruption when loading hostile phar). (CVE-2016-10160)</li>
7217		<li><?php bugfix(73764); ?> (Crash while loading hostile phar archive). (CVE-2016-10159)</li>
7218	</ul></li>
7219	<li>
7220	phpdbg
7221	<ul>
7222		<li><?php bugfix(73794); ?> (Crash (out of memory) when using run and # command separator).</li>
7223		<li><?php bugfix(73704); ?> (phpdbg shows the wrong line in files with shebang).</li>
7224	</ul>
7225	</li>
7226	<li>
7227	SQLite3
7228	<ul>
7229		<li>Reverted fix for <?php bugfix(73530); ?> (Unsetting result set may reset other result set).</li>
7230	</ul>
7231	</li>
7232	<li>
7233	Standard
7234	<ul>
7235		<li><?php bugfix(73594); ?> (dns_get_record does not populate $additional out parameter).</li>
7236		<li><?php bugfix(70213); ?> (Unserialize context shared on double class lookup).</li>
7237		<li><?php bugfix(73154); ?> (serialize object with __sleep function crash).</li>
7238		<li><?php bugfix(70490); ?> (get_browser function is very slow).</li>
7239		<li><?php bugfix(73265); ?> (Loading browscap.ini at startup causes high memory usage).</li>
7240		<li>(add subject to mail log).</li>
7241		<li><?php bugfix(31875); ?> (get_defined_functions additional param to exclude disabled functions).</li>
7242	</ul>
7243	</li>
7244	<li>
7245	zlib
7246	<ul>
7247		<li><?php bugfix(73373); ?> (deflate_add does not verify that output was not truncated).</li>
7248	</ul>
7249	</li>
7250</ul>
7251<!-- }}} --></section>
7252
7253<section class="version" id="7.1.0"><!-- {{{ 7.1.0 -->
7254<h3>Version 7.1.0</h3>
7255<b><?php release_date('01-Dec-2016'); ?></b>
7256<ul><li>Core:
7257  <ul>
7258    <li>Added nullable types.</li>
7259    <li>Added DFA optimization framework based on e-SSA form.</li>
7260    <li>Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW).</li>
7261    <li>Added [] = as alternative construct to list() =.</li>
7262    <li>Added void return type.</li>
7263    <li>Added support for negative string offsets in string offset syntax and various string functions.</li>
7264    <li>Added a form of the list() construct where keys can be specified.</li>
7265    <li>Implemented safe execution timeout handling, that prevents random crashes after "Maximum execution time exceeded" error.</li>
7266    <li>Implemented the RFC `Support Class Constant Visibility`.</li>
7267    <li>Implemented the RFC `Catching multiple exception types`.</li>
7268    <li>Implemented logging to syslog with dynamic error levels.</li>
7269    <li><?php implemented(72614); ?> (Support "nmake test" on building extensions by phpize).</li>
7270    <li>Implemented RFC: Iterable.</li>
7271    <li>Implemented RFC: Closure::fromCallable (Danack)</li>
7272    <li>Implemented RFC: Replace "Missing argument" warning with "\ArgumentCountError" exception.</li>
7273    <li>Implemented RFC: Fix inconsistent behavior of $this variable.</li>
7274    <li><?php bugfix(73585); ?> (Logging of "Internal Zend error - Missing class information" missing class name).</li>
7275    <li>Fixed memory leak(null coalescing operator with Spl hash).</li>
7276    <li><?php bugfix(72736); ?> (Slow performance when fetching large dataset with mysqli / PDO).</li>
7277    <li><?php bugfix(72978); ?> (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)</li>
7278    <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li>
7279    <li><?php bugfix(72696); ?> (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)</li>
7280    <li><?php bugfix(73350); ?> (Exception::__toString() cause circular references).</li>
7281    <li><?php bugfix(73329); ?> ((Float)"Nano" == NAN).</li>
7282    <li><?php bugfix(73288); ?> (Segfault in __clone &gt; Exception.toString &gt; __get).</li>
7283    <li>Fixed for <?php bugl(73240); ?> (Write out of bounds at number_format).</li>
7284    <li>Fix pthreads detection when cross-compiling (ffontaine)</li>
7285    <li><?php bugfix(73337); ?> (try/catch not working with two exceptions inside a same operation).</li>
7286    <li><?php bugfix(73156); ?> (segfault on undefined function).</li>
7287    <li><?php bugfix(73163); ?> (PHP hangs if error handler throws while accessing undef const in default value).</li>
7288    <li><?php bugfix(73172); ?> (parse error: Invalid numeric literal).</li>
7289    <li><?php bugfix(73181); ?> (parse_str() without a second argument leads to crash).</li>
7290    <li><?php bugfix(73025); ?> (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).</li>
7291    <li><?php bugfix(73058); ?> (crypt broken when salt is 'too' long).</li>
7292    <li><?php bugfix(72944); ?> (Null pointer deref in zval_delref_p).</li>
7293    <li><?php bugfix(72943); ?> (assign_dim on string doesn't reset hval).</li>
7294    <li><?php bugfix(72598); ?> (Reference is lost after array_slice()).</li>
7295    <li><?php bugfix(72703); ?> (Out of bounds global memory read in BF_crypt triggered by password_verify).</li>
7296    <li><?php bugfix(72813); ?> (Segfault with __get returned by ref).</li>
7297    <li><?php bugfix(72767); ?> (PHP Segfaults when trying to expand an infinite operator).</li>
7298    <li>TypeError messages for arg_info type checks will now say "must be ... or null" where the parameter or return type accepts null.</li>
7299    <li><?php bugfix(72857); ?> (stream_socket_recvfrom read access violation).</li>
7300    <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).</li>
7301    <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability).</li>
7302    <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one).</li>
7303    <li>Fixed URL rewriter. It would not rewrite '//example.com/' URL unconditionally. URL rewrite target hosts whitelist is implemented.</li>
7304    <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li>
7305    <li><?php bugfix(72683); ?> (getmxrr broken).</li>
7306    <li><?php bugfix(72629); ?> (Caught exception assignment to variables ignores references).</li>
7307    <li><?php bugfix(72594); ?> (Calling an earlier instance of an included anonymous class fatals).</li>
7308    <li><?php bugfix(72581); ?> (previous property undefined in Exception after deserialization).</li>
7309    <li><?php bugfix(72543); ?> (Different references behavior comparing to PHP 5).</li>
7310    <li><?php bugfix(72347); ?> (VERIFY_RETURN type casts visible in finally).</li>
7311    <li><?php bugfix(72216); ?> (Return by reference with finally is not memory safe).</li>
7312    <li><?php bugfix(72215); ?> (Wrong return value if var modified in finally).</li>
7313    <li><?php bugfix(71818); ?> (Memory leak when array altered in destructor).</li>
7314    <li><?php bugfix(71539); ?> (Memory error on $arr[$a] =&amp; $arr[$b] if RHS rehashes).</li>
7315    <li>Added new constant PHP_FD_SETSIZE.</li>
7316    <li>Added optind parameter to getopt().</li>
7317    <li>Added PHP to SAPI error severity mapping for logs.</li>
7318    <li><?php bugfix(71911); ?> (Unable to set --enable-debug on building extensions by phpize on Windows).</li>
7319    <li><?php bugfix(29368); ?> (The destructor is called when an exception is thrown from the constructor).</li>
7320    <li>Implemented RFC: RNG Fixes.</li>
7321    <li>Implemented email validation as per RFC 6531.</li>
7322    <li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex).</li>
7323    <li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications).</li>
7324    <li><?php bugfix(72523); ?> (dtrace issue with reflection (failed test)).</li>
7325    <li><?php bugfix(72508); ?> (strange references after recursive function call and "switch" statement).</li>
7326    <li><?php bugfix(72441); ?> (Segmentation fault: RFC list_keys).</li>
7327    <li><?php bugfix(72395); ?> (list() regression).</li>
7328    <li><?php bugfix(72373); ?> (TypeError after Generator function w/declared return type finishes).</li>
7329    <li><?php bugfix(69489); ?> (tempnam() should raise notice if falling back to temp dir).</li>
7330    <li>Fixed UTF-8 and long path support on Windows.</li>
7331    <li><?php bugfix(53432); ?> (Assignment via string index access on an empty string converts to array).</li>
7332    <li><?php bugfix(62210); ?> (Exceptions can leak temporary variables).</li>
7333    <li><?php bugfix(62814); ?> (It is possible to stiffen child class members visibility).</li>
7334    <li><?php bugfix(69989); ?> (Generators don't participate in cycle GC).</li>
7335    <li><?php bugfix(70228); ?> (Memleak if return in finally block).</li>
7336    <li><?php bugfix(71266); ?> (Missing separation of properties HT in foreach etc).</li>
7337    <li><?php bugfix(71604); ?> (Aborted Generators continue after nested finally).</li>
7338    <li><?php bugfix(71572); ?> (String offset assignment from an empty string inserts null byte).</li>
7339    <li><?php bugfix(71897); ?> (ASCII 0x7F Delete control character permitted in identifiers).</li>
7340    <li><?php bugfix(72188); ?> (Nested try/finally blocks losing return value).</li>
7341    <li><?php bugfix(72213); ?> (Finally leaks on nested exceptions).</li>
7342    <li><?php bugfix(47517); ?> (php-cgi.exe missing UAC manifest).</li>
7343    <li>Change statement and fcall extension handlers to accept frame.</li>
7344    <li>Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs when given malformed numeric strings.</li>
7345    <li>(int), intval() where $base is 10 or unspecified, settype(), decbin(), decoct(), dechex(), integer operators and other conversions now always respect scientific notation in numeric strings.</li>
7346    <li>Raise a compile-time warning on octal escape sequence overflow.</li>
7347  </ul></li>
7348<li>Apache2handler:
7349  <ul>
7350    <li>Enable per-module logging in Apache 2.4+.</li>
7351  </ul></li>
7352<li>BCmath:
7353  <ul>
7354    <li><?php bugfix(73190); ?> (memcpy negative parameter _bc_new_num_ex).</li>
7355  </ul></li>
7356<li>Bz2:
7357  <ul>
7358    <li><?php bugfix(72837); ?> (integer overflow in bzdecompress caused heap corruption).</li>
7359    <li><?php bugfix(72613); ?> (Inadequate error handling in bzread()).</li>
7360  </ul></li>
7361<li>Calendar:
7362  <ul>
7363    <li>Fix integer overflows (Joshua Rogers)</li>
7364    <li><?php bugfix(67976); ?> (cal_days_month() fails for final month of the French calendar).</li>
7365    <li><?php bugfix(71894); ?> (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).</li>
7366  </ul></li>
7367<li>CLI Server:
7368  <ul>
7369    <li><?php bugfix(73360); ?> (Unable to work in root with unicode chars).</li>
7370    <li><?php bugfix(71276); ?> (Built-in webserver does not send Date header).</li>
7371  </ul></li>
7372<li>COM:
7373  <ul>
7374    <li><?php bugfix(73126); ?> (Cannot pass parameter 1 by reference).</li>
7375    <li><?php bugfix(69579); ?> (Invalid free in extension trait).</li>
7376    <li><?php bugfix(72922); ?> (COM called from PHP does not return out parameters).</li>
7377    <li><?php bugfix(72569); ?> (DOTNET/COM array parameters broke in PHP7).</li>
7378    <li><?php bugfix(72498); ?> (variant_date_from_timestamp null dereference).</li>
7379  </ul></li>
7380<li>Curl:
7381  <ul>
7382    <li>Implement support for handling HTTP/2 Server Push.</li>
7383    <li>Add curl_multi_errno(), curl_share_errno() and curl_share_strerror() functions.</li>
7384    <li><?php bugfix(72674); ?> (Heap overflow in curl_escape).</li>
7385    <li><?php bugfix(72541); ?> (size_t overflow lead to heap corruption). (Stas).</li>
7386    <li><?php bugfix(71709); ?> (curl_setopt segfault with empty CURLOPT_HTTPHEADER).</li>
7387    <li><?php bugfix(71929); ?> (CURLINFO_CERTINFO data parsing error).</li>
7388  </ul></li>
7389<li>Date:
7390  <ul>
7391    <li><?php bugfix(69587); ?> (DateInterval properties and isset).</li>
7392    <li><?php bugfix(73426); ?> (createFromFormat with 'z' format char results in incorrect time).</li>
7393    <li><?php bugfix(45554); ?> (Inconsistent behavior of the u format char).</li>
7394    <li><?php bugfix(48225); ?> (DateTime parser doesn't set microseconds for "now").</li>
7395    <li><?php bugfix(52514); ?> (microseconds are missing in DateTime class).</li>
7396    <li><?php bugfix(52519); ?> (microseconds in DateInterval are missing).</li>
7397    <li><?php bugfix(60089); ?> (DateTime::createFromFormat() U after u nukes microtime).</li>
7398    <li><?php bugfix(64887); ?> (Allow DateTime modification with subsecond items).</li>
7399    <li><?php bugfix(68506); ?> (General DateTime improvments needed for microseconds to become useful).</li>
7400    <li><?php bugfix(73109); ?> (timelib_meridian doesn't parse dots correctly).</li>
7401    <li><?php bugfix(73247); ?> (DateTime constructor does not initialise microseconds property).</li>
7402    <li><?php bugfix(73147); ?> (Use After Free in PHP7 unserialize()).</li>
7403    <li><?php bugfix(73189); ?> (Memcpy negative size parameter php_resolve_path).</li>
7404    <li><?php bugfix(66836); ?> (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).</li>
7405    <li>Invalid serialization data for a DateTime or DatePeriod object will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.</li>
7406    <li>Timezone initialization failure from serialized data will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.</li>
7407    <li>Export date_get_interface_ce() for extension use.</li>
7408    <li><?php bugfix(63740); ?> (strtotime seems to use both sunday and monday as start of week).</li>
7409  </ul></li>
7410<li>Dba:
7411  <ul>
7412    <li><?php bugfix(70825); ?> (Cannot fetch multiple values with group in ini file).</li>
7413    <li>Data modification functions (e.g.: dba_insert()) now throw an instance of Error instead of triggering a catchable fatal error if the key is does not contain exactly two elements.</li>
7414  </ul></li>
7415<li>DOM:
7416  <ul>
7417    <li><?php bugfix(73150); ?> (missing NULL check in dom_document_save_html).</li>
7418    <li><?php bugfix(66502); ?> (DOM document dangling reference).</li>
7419    <li>Invalid schema or RelaxNG validation contexts will throw an instance of Error instead of resulting in a fatal error.</li>
7420    <li>Attempting to register a node class that does not extend the appropriate base class will now throw an instance of Error instead of resulting in a fatal error.</li>
7421    <li>Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.</li>
7422  </ul></li>
7423<li>DTrace:
7424  <ul>
7425    <li>Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.</li>
7426  </ul></li>
7427<li>EXIF:
7428  <ul>
7429    <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li>
7430    <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF).</li>
7431    <li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE).</li>
7432    <li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment).</li>
7433  </ul></li>
7434<li>Filter:
7435  <ul>
7436    <li><?php bugfix(72972); ?> (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).</li>
7437    <li><?php bugfix(73054); ?> (default option ignored when object passed to int filter).</li>
7438    <li><?php bugfix(71745); ?> (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).</li>
7439  </ul></li>
7440<li>FPM:
7441  <ul>
7442    <li><?php bugfix(72575); ?> (using --allow-to-run-as-root should ignore missing user).</li>
7443  </ul></li>
7444<li>FTP:
7445  <ul>
7446    <li><?php bugfix(70195); ?> (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).</li>
7447    <li><?php implemented(55651); ?> (Option to ignore the returned FTP PASV address).</li>
7448  </ul></li>
7449<li>GD:
7450  <ul>
7451    <li><?php bugfix(73213); ?> (Integer overflow in imageline() with antialiasing).</li>
7452    <li><?php bugfix(73272); ?> (imagescale() is not affected by, but affects imagesetinterpolation()).</li>
7453    <li><?php bugfix(73279); ?> (Integer overflow in gdImageScaleBilinearPalette()).</li>
7454    <li><?php bugfix(73280); ?> (Stack Buffer Overflow in GD dynamicGetbuf).</li>
7455    <li><?php bugfix(50194); ?> (imagettftext broken on transparent background w/o alphablending).</li>
7456    <li><?php bugfix(73003); ?> (Integer Overflow in gdImageWebpCtx of gd_webp.c).</li>
7457    <li><?php bugfix(53504); ?> (imagettfbbox gives incorrect values for bounding box).</li>
7458    <li><?php bugfix(73157); ?> (imagegd2() ignores 3rd param if 4 are given).</li>
7459    <li><?php bugfix(73155); ?> (imagegd2() writes wrong chunk sizes on boundaries).</li>
7460    <li><?php bugfix(73159); ?> (imagegd2(): unrecognized formats may result in corrupted files).</li>
7461    <li><?php bugfix(73161); ?> (imagecreatefromgd2() may leak memory).</li>
7462    <li><?php bugfix(67325); ?> (imagetruecolortopalette: white is duplicated in palette).</li>
7463    <li><?php bugfix(66005); ?> (imagecopy does not support 1bit transparency on truecolor images).</li>
7464    <li><?php bugfix(72913); ?> (imagecopy() loses single-color transparency on palette images).</li>
7465    <li><?php bugfix(68716); ?> (possible resource leaks in _php_image_convert()).</li>
7466    <li><?php bugfix(72709); ?> (imagesetstyle() causes OOB read for empty $styles).</li>
7467    <li><?php bugfix(72697); ?> (select_colors write out-of-bounds).</li>
7468    <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access).</li>
7469    <li><?php bugfix(72596); ?> (imagetypes function won't advertise WEBP support).</li>
7470    <li><?php bugfix(72604); ?> (imagearc() ignores thickness for full arcs).</li>
7471    <li><?php bugfix(70315); ?> (500 Server Error but page is fully rendered).</li>
7472    <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor in blendingmode).</li>
7473    <li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li>
7474    <li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li>
7475    <li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()).</li>
7476    <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li>
7477    <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access).</li>
7478    <li><?php bugfix(72404); ?> (imagecreatefromjpeg fails on selfie).</li>
7479    <li><?php bugfix(43475); ?> (Thick styled lines have scrambled patterns).</li>
7480    <li><?php bugfix(53640); ?> (XBM images require width to be multiple of 8).</li>
7481    <li><?php bugfix(64641); ?> (imagefilledpolygon doesn't draw horizontal line).</li>
7482  </ul></li>
7483<li>Hash:
7484  <ul>
7485    <li>Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit).</li>
7486    <li>Added SHA512/256 and SHA512/224 algorithms.</li>
7487  </ul></li>
7488<li>iconv:
7489  <ul>
7490    <li><?php bugfix(72320); ?> (iconv_substr returns false for empty strings).</li>
7491  </ul></li>
7492<li>IMAP:
7493  <ul>
7494    <li><?php bugfix(73418); ?> (Integer Overflow in "_php_imap_mail" leads to crash).</li>
7495    <li>An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error.</li>
7496  </ul></li>
7497<li>Interbase:
7498  <ul>
7499    <li><?php bugfix(73512); ?> (Fails to find firebird headers as don't use fb_config output).</li>
7500  </ul></li>
7501<li>Intl:
7502  <ul>
7503    <li><?php bugfix(73007); ?> (add locale length check).</li>
7504    <li><?php bugfix(73218); ?> (add mitigation for ICU int overflow).</li>
7505    <li><?php bugfix(65732); ?> (grapheme_*() is not Unicode compliant on CR LF sequence).</li>
7506    <li><?php bugfix(73007); ?> (add locale length check).</li>
7507    <li><?php bugfix(72639); ?> (Segfault when instantiating class that extends IntlCalendar and adds a property).</li>
7508    <li><?php bugfix(72658); ?> (Locale::lookup() / locale_lookup() hangs if no match found).</li>
7509    <li>Partially fixed <?php bugl(72506); ?> (idn_to_ascii for UTS #46 incorrect for long domain names).</li>
7510    <li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access).</li>
7511    <li>Failure to call the parent constructor in a class extending Collator before invoking the parent methods will throw an instance of Error instead of resulting in a recoverable fatal error.</li>
7512    <li>Cloning a Transliterator object may will now throw an instance of Error instead of resulting in a fatal error if cloning the internal transliterator fails.</li>
7513    <li>Added IntlTimeZone::getWindowsID() and IntlTimeZone::getIDForWindowsID().</li>
7514    <li><?php bugfix(69374); ?> (IntlDateFormatter formatObject returns wrong utf8 value).</li>
7515    <li><?php bugfix(69398); ?> (IntlDateFormatter formatObject returns wrong value when time style is NONE).</li>
7516  </ul></li>
7517<li>JSON:
7518  <ul>
7519    <li>Introduced encoder struct instead of global which fixes bugs <?php bugl(66025); ?> and <?php bugl(73254); ?> related to pretty print indentation.</li>
7520    <li><?php bugfix(73113); ?> (Segfault with throwing JsonSerializable).</li>
7521    <li>Implemented earlier return when json_encode fails, fixes bugs <?php bugl(68992); ?> (Stacking exceptions thrown by JsonSerializable) and <?php bugl(70275); ?> (On recursion error, json_encode can eat up all system memory).</li>
7522    <li><?php implemented(46600); ?> ("_empty_" key in objects).</li>
7523    <li>Exported JSON parser API including json_parser_method that can be used for implementing custom logic when parsing JSON.</li>
7524    <li>Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore the previous behaviour.</li>
7525  </ul></li>
7526<li>LDAP:
7527  <ul>
7528    <li>Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error.</li>
7529  </ul></li>
7530<li>Mbstring:
7531  <ul>
7532    <li><?php bugfix(73532); ?> (Null pointer dereference in mb_eregi).</li>
7533    <li><?php bugfix(66964); ?> (mb_convert_variables() cannot detect recursion).</li>
7534    <li><?php bugfix(72992); ?> (mbstring.internal_encoding doesn't inherit default_charset).</li>
7535    <li><?php bugfix(66797); ?> (mb_substr only takes 32-bit signed integer).</li>
7536    <li><?php bugfix(72711); ?> (`mb_ereg` does not clear the `$regs` parameter on failure).</li>
7537    <li><?php bugfix(72691); ?> (mb_ereg_search raises a warning if a match zero-width).</li>
7538    <li><?php bugfix(72693); ?> (mb_ereg_search increments search position when a match zero-width).</li>
7539    <li><?php bugfix(72694); ?> (mb_ereg_search_setpos does not accept a string's last position).</li>
7540    <li><?php bugfix(72710); ?> (`mb_ereg` causes buffer overflow on regexp compile error).</li>
7541    <li>Deprecated mb_ereg_replace() eval option.</li>
7542    <li><?php bugfix(69151); ?> (mb_ereg should reject ill-formed byte sequence).</li>
7543    <li><?php bugfix(72405); ?> (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).</li>
7544    <li><?php bugfix(72399); ?> (Use-After-Free in MBString (search_re)).</li>
7545    <li>mb_ereg() and mb_eregi() will now throw an instance of ParseError if an invalid PHP expression is provided and the 'e' option is used.</li>
7546  </ul></li>
7547<li>Mcrypt:
7548  <ul>
7549    <li>Deprecated ext/mcrypt.</li>
7550    <li><?php bugfix(72782); ?> (Heap Overflow due to integer overflows).</li>
7551    <li><?php bugfix(72551); ?>, bug <?php bugl(72552); ?> (In correct casting from size_t to int lead to heap overflow in mdecrypt_generic).</li>
7552    <li>mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error instead of resulting in a fatal error if mcrypt cannot be initialized.</li>
7553  </ul></li>
7554<li>Mysqli:
7555  <ul>
7556    <li>Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.</li>
7557  </ul></li>
7558<li>Mysqlnd:
7559  <ul>
7560    <li><?php bugfix(64526); ?> (Add missing mysqlnd.* parameters to php.ini-*).</li>
7561    <li><?php bugfix(71863); ?> (Segfault when EXPLAIN with "Unknown column" error when using MariaDB).</li>
7562    <li><?php bugfix(72701); ?> (mysqli_get_host_info() wrong output).</li>
7563  </ul></li>
7564<li>OCI8:
7565  <ul>
7566    <li><?php bugfix(71148); ?> (Bind reference overwritten on PHP 7).</li>
7567    <li>Fixed invalid handle error with Implicit Result Sets.</li>
7568    <li><?php bugfix(72524); ?> (Binding null values triggers ORA-24816 error).</li>
7569  </ul></li>
7570<li>ODBC:
7571  <ul>
7572    <li><?php bugfix(73448); ?> (odbc_errormsg returns trash, always 513 bytes).</li>
7573  </ul></li>
7574<li>Opcache:
7575  <ul>
7576    <li><?php bugfix(73583); ?> (Segfaults when conditionally declared class and function have the same name).</li>
7577    <li><?php bugfix(69090); ?> (check cached files permissions)</li>
7578    <li><?php bugfix(72982); ?> (Memory leak in zend_accel_blacklist_update_regexp() function).</li>
7579    <li><?php bugfix(72949); ?> (Typo in opcache error message).</li>
7580    <li><?php bugfix(72762); ?> (Infinite loop while parsing a file with opcache enabled).</li>
7581    <li><?php bugfix(72590); ?> (Opcache restart with kill_all_lockers does not work).</li>
7582  </ul></li>
7583<li>OpenSSL:
7584  <ul>
7585    <li><?php bugfix(73478); ?> (openssl_pkey_new() generates wrong pub/priv keys with Diffie Hellman).</li>
7586    <li><?php bugfix(73276); ?> (crash in openssl_random_pseudo_bytes function).</li>
7587    <li><?php bugfix(73072); ?> (Invalid path SNI_server_certs causes segfault).</li>
7588    <li><?php bugfix(72360); ?> (ext/openssl build failure with OpenSSL 1.1.0).</li>
7589    <li>Bumped a minimal version to 1.0.1.</li>
7590    <li>Dropped support for SSL2.</li>
7591    <li><?php implemented(61204); ?> (Add elliptic curve support for OpenSSL).</li>
7592    <li><?php implemented(67304); ?> (Added AEAD support [CCM and GCM modes] to openssl_encrypt and openssl_decrypt).</li>
7593    <li>Implemented error storing to the global queue and cleaning up the OpenSSL error queue (resolves bugs <?php bugl(68276); ?> and <?php bugl(69882); ?>).</li>
7594  </ul></li>
7595<li>Pcntl:
7596  <ul>
7597    <li>Implemented asynchronous signal handling without TICKS.</li>
7598    <li>Added pcntl_signal_get_handler() that returns the current signal handler for a particular signal. Addresses FR <?php bugl(72409); ?>.</li>
7599    <li>Add siginfo to pcntl_signal() handler args (Bishop Bettini, David Walker)</li>
7600  </ul></li>
7601<li>PCRE:
7602  <ul>
7603    <li><?php bugfix(73483); ?> (Segmentation fault on pcre_replace_callback).</li>
7604    <li><?php bugfix(73612); ?> (preg_*() may leak memory).</li>
7605    <li><?php bugfix(73392); ?> (A use-after-free in zend allocator management).</li>
7606    <li><?php bugfix(73121); ?> (Bundled PCRE doesn't compile because JIT isn't supported on s390).</li>
7607    <li><?php bugfix(72688); ?> (preg_match missing group names in matches).</li>
7608    <li>Downgraded to PCRE 8.38.</li>
7609    <li><?php bugfix(72476); ?> (Memleak in jit_stack).</li>
7610    <li><?php bugfix(72463); ?> (mail fails with invalid argument).</li>
7611    <li>Upgraded to PCRE 8.39.</li>
7612  </ul></li>
7613<li>PDO:
7614  <ul>
7615    <li><?php bugfix(72788); ?> (Invalid memory access when using persistent PDO connection).</li>
7616    <li><?php bugfix(72791); ?> (Memory leak in PDO persistent connection handling).</li>
7617    <li><?php bugfix(60665); ?> (call to empty() on NULL result using PDO::FETCH_LAZY returns false).</li>
7618  </ul></li>
7619<li>PDO_DBlib:
7620  <ul>
7621    <li><?php bugfix(72414); ?> (Never quote values as raw binary data).</li>
7622    <li>Allow \PDO::setAttribute() to set query timeouts.</li>
7623    <li>Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.</li>
7624    <li>Add common PDO test suite.</li>
7625    <li>Free error and message strings when cleaning up PDO instances.</li>
7626    <li><?php bugfix(67130); ?> (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).</li>
7627    <li>Ignore potentially misleading dberr values.</li>
7628    <li>Implemented stringify 'uniqueidentifier' fields.</li>
7629  </ul></li>
7630<li>PDO_Firebird:
7631  <ul>
7632    <li><?php bugfix(73087); ?>, <?php bugl(61183) ?>, <?php bugl(71494) ?> (Memory corruption in bindParam).</li>
7633    <li><?php bugfix(60052); ?> (Integer returned as a 64bit integer on X86_64).</li>
7634  </ul></li>
7635<li>PDO_pgsql:
7636  <ul>
7637    <li><?php bugfix(70313); ?> (PDO statement fails to throw exception).</li>
7638    <li><?php bugfix(72570); ?> (Segmentation fault when binding parameters on a query without placeholders).</li>
7639    <li><?php implemented(72633); ?> (Postgres PDO lastInsertId() should work without specifying a sequence).</li>
7640  </ul></li>
7641<li>Phar:
7642  <ul>
7643    <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile).</li>
7644    <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li>
7645  </ul></li>
7646<li>phpdbg:
7647  <ul>
7648    <li>Added generator command for inspection of currently alive generators.</li>
7649  </ul></li>
7650<li>Postgres:
7651  <ul>
7652    <li><?php bugfix(73498); ?> (Incorrect SQL generated for pg_copy_to()).</li>
7653    <li><?php implemented(31021); ?> (pg_last_notice() is needed to get all notice messages).</li>
7654    <li><?php implemented(48532); ?> (Allow pg_fetch_all() to index numerically).</li>
7655  </ul></li>
7656<li>Readline:
7657  <ul>
7658    <li><?php bugfix(72538); ?> (readline_redisplay crashes php).</li>
7659  </ul></li>
7660<li>Reflection:
7661  <ul>
7662    <li>Undo backwards compatiblity break in ReflectionType-&gt;__toString() and deprecate via documentation instead.</li>
7663    <li>Reverted prepending \ for class names.</li>
7664    <li><?php implemented(38992); ?> (invoke() and invokeArgs() static method calls should match). (cmb).</li>
7665    <li>Add ReflectionNamedType::getName(). This method should be used instead of ReflectionType::__toString()</li>
7666    <li>Prepend \ for class names and ? for nullable types returned from ReflectionType::__toString().</li>
7667    <li><?php bugfix(72661); ?> (ReflectionType::__toString crashes with iterable).</li>
7668    <li><?php bugfix(72222); ?> (ReflectionClass::export doesn't handle array constants).</li>
7669    <li>Failure to retrieve a reflection object or retrieve an object property will now throw an instance of Error instead of resulting in a fatal error.</li>
7670    <li><?php bugfix(72209); ?> (ReflectionProperty::getValue() doesn't fail if object doesn't match type).</li>
7671  </ul></li>
7672<li>Session:
7673  <ul>
7674    <li><?php bugfix(73273); ?> (session_unset() empties values from all variables in which is $_session stored).</li>
7675    <li><?php bugfix(73100); ?> (session_destroy null dereference in ps_files_path_create).</li>
7676    <li><?php bugfix(68015); ?> (Session does not report invalid uid for files save handler).</li>
7677    <li><?php bugfix(72940); ?> (SID always return "name=ID", even if session cookie exist).</li>
7678    <li>Implemented session_gc() (Yasuo) https://wiki.php.net/rfc/session-create-id</li>
7679    <li>Implemented session_create_id() (Yasuo) https://wiki.php.net/rfc/session-gc</li>
7680    <li>Implemented RFC: Session ID without hashing. (Yasuo) https://wiki.php.net/rfc/session-id-without-hashing</li>
7681    <li><?php bugfix(72531); ?> (ps_files_cleanup_dir Buffer overflow).</li>
7682    <li>Custom session handlers that do not return strings for session IDs will now throw an instance of Error instead of resulting in a fatal error when a function is called that must generate a session ID.</li>
7683    <li>An invalid setting for session.hash_function will throw an instance of Error instead of resulting in a fatal error when a session ID is created.</li>
7684    <li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li>
7685    <li>Improved fix for bug <?php bugl(68063); ?> (Empty session IDs do still start sessions).</li>
7686    <li><?php bugfix(71038); ?> (session_start() returns TRUE on failure). Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value.</li>
7687    <li><?php bugfix(71394); ?> (session_regenerate_id() must close opened session on errors).</li>
7688  </ul></li>
7689<li>SimpleXML:
7690  <ul>
7691    <li><?php bugfix(73293); ?> (NULL pointer dereference in SimpleXMLElement::asXML()).</li>
7692    <li><?php bugfix(72971); ?> (SimpleXML isset/unset do not respect namespace).</li>
7693    <li><?php bugfix(72957); ?> (Null coalescing operator doesn't behave as expected with SimpleXMLElement).</li>
7694    <li><?php bugfix(72588); ?> (Using global var doesn't work while accessing SimpleXML element).</li>
7695    <li>Creating an unnamed or duplicate attribute will throw an instance of Error instead of resulting in a fatal error.</li>
7696  </ul></li>
7697<li>SNMP:
7698  <ul>
7699    <li><?php bugfix(72708); ?> (php_snmp_parse_oid integer overflow in memory allocation).</li>
7700    <li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()).</li>
7701  </ul></li>
7702<li>Soap:
7703  <ul>
7704    <li><?php bugfix(73538); ?> (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).</li>
7705    <li><?php bugfix(73452); ?> (Segfault (Regression for <?php bugl(69152); ?>)).</li>
7706    <li><?php bugfix(73037); ?> (SoapServer reports Bad Request when gzipped).</li>
7707    <li><?php bugfix(73237); ?> (Nested object in "any" element overwrites other fields).</li>
7708    <li><?php bugfix(69137); ?> (Peer verification fails when using a proxy with SoapClient).</li>
7709    <li><?php bugfix(71711); ?> (Soap Server Member variables reference bug).</li>
7710    <li><?php bugfix(71996); ?> (Using references in arrays doesn't work like expected).</li>
7711  </ul></li>
7712<li>SPL:
7713  <ul>
7714    <li><?php bugfix(73423); ?> (Reproducible crash with GDB backtrace).</li>
7715    <li><?php bugfix(72888); ?> (Segfault on clone on splFileObject).</li>
7716    <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray).</li>
7717    <li><?php bugfix(72646); ?> (SplFileObject::getCsvControl does not return the escape character).</li>
7718    <li><?php bugfix(72684); ?> (AppendIterator segfault with closed generator).</li>
7719    <li>Attempting to clone an SplDirectory object will throw an instance of Error instead of resulting in a fatal error.</li>
7720    <li>Calling ArrayIterator::append() when iterating over an object will throw an instance of Error instead of resulting in a fatal error.</li>
7721    <li><?php bugfix(55701); ?> (GlobIterator throws LogicException).</li>
7722  </ul></li>
7723<li>SQLite3:
7724  <ul>
7725    <li>Update to SQLite 3.15.1.</li>
7726    <li><?php bugfix(73530); ?> (Unsetting result set may reset other result set).</li>
7727    <li><?php bugfix(73333); ?> (2147483647 is fetched as string).</li>
7728    <li><?php bugfix(72668); ?> (Spurious warning when exception is thrown in user defined function).</li>
7729    <li><?php implemented(72653); ?> (SQLite should allow opening with empty filename).</li>
7730    <li><?php bugfix(70628); ?> (Clearing bindings on an SQLite3 statement doesn't work).</li>
7731    <li><?php implemented(71159); ?> (Upgraded bundled SQLite lib to 3.9.2).</li>
7732  </ul></li>
7733<li>Standard:
7734  <ul>
7735    <li><?php bugfix(73297); ?> (HTTP stream wrapper should ignore HTTP 100 Continue).</li>
7736    <li><?php bugfix(73303); ?> (Scope not inherited by eval in assert()).</li>
7737    <li><?php bugfix(73192); ?> (parse_url return wrong hostname).</li>
7738    <li><?php bugfix(73203); ?> (passing additional_parameters causes mail to fail).</li>
7739    <li><?php bugfix(73203); ?> (passing additional_parameters causes mail to fail).</li>
7740    <li><?php bugfix(72920); ?> (Accessing a private constant using constant() creates an exception AND warning).</li>
7741    <li><?php bugfix(65550); ?> (get_browser() incorrectly parses entries with "+" sign).</li>
7742    <li><?php bugfix(71882); ?> (Negative ftruncate() on php://memory exhausts memory).</li>
7743    <li><?php bugfix(55451); ?> (substr_compare NULL length interpreted as 0).</li>
7744    <li><?php bugfix(72278); ?> (getimagesize returning FALSE on valid jpg).</li>
7745    <li><?php bugfix(61967); ?> (unset array item in array_walk_recursive cause inconsistent array).</li>
7746    <li><?php bugfix(62607); ?> (array_walk_recursive move internal pointer).</li>
7747    <li><?php bugfix(69068); ?> (Exchanging array during array_walk -&gt; memory errors).</li>
7748    <li><?php bugfix(70713); ?> (Use After Free Vulnerability in array_walk()/ array_walk_recursive()).</li>
7749    <li><?php bugfix(72622); ?> (array_walk + array_replace_recursive create references from nothing).</li>
7750    <li><?php bugfix(72330); ?> (CSV fields incorrectly split if escape char followed by UTF chars).</li>
7751    <li>Implemented RFC: More precise float values.</li>
7752    <li>array_multisort now uses zend_sort instead zend_qsort.</li>
7753    <li><?php bugfix(72505); ?> (readfile() mangles files larger than 2G).</li>
7754    <li>assert() will throw a ParseError when evaluating a string given as the first argument if the PHP code is invalid instead of resulting in a catchable fatal error.</li>
7755    <li>Calling forward_static_call() outside of a class scope will now throw an instance of Error instead of resulting in a fatal error.</li>
7756    <li>Added is_iterable() function.</li>
7757    <li><?php bugfix(72306); ?> (Heap overflow through proc_open and $env parameter).</li>
7758    <li><?php bugfix(71100); ?> (long2ip() doesn't accept integers in strict mode).</li>
7759    <li><?php implemented(55716); ?> (Add an option to pass a custom stream context to get_headers()).</li>
7760    <li>Additional validation for parse_url() for login/pass components).</li>
7761    <li><?php implemented(69359); ?> (Provide a way to fetch the current environment variables).</li>
7762    <li>unpack() function accepts an additional optional argument $offset.</li>
7763    <li><?php implemented(51879); ?> stream context socket option tcp_nodelay (Joe)</li>
7764  </ul></li>
7765<li>Streams:
7766  <ul>
7767    <li><?php bugfix(73586); ?> (php_user_filter::$stream is not set to the stream the filter is working on).</li>
7768    <li><?php bugfix(72853); ?> (stream_set_blocking doesn't work).</li>
7769    <li><?php bugfix(72743); ?> (Out-of-bound read in php_stream_filter_create).</li>
7770    <li><?php implemented(27814); ?> (Multiple small packets send for HTTP request).</li>
7771    <li><?php bugfix(72764); ?> (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).</li>
7772    <li><?php bugfix(72810); ?> (Missing SKIP_ONLINE_TESTS checks).</li>
7773    <li><?php bugfix(41021); ?> (Problems with the ftps wrapper).</li>
7774    <li><?php bugfix(54431); ?> (opendir() does not work with ftps:// wrapper).</li>
7775    <li><?php bugfix(72667); ?> (opendir() with ftp:// attempts to open data stream for non-existent directories).</li>
7776    <li><?php bugfix(72771); ?> (ftps:// wrapper is vulnerable to protocol downgrade attack).</li>
7777    <li><?php bugfix(72534); ?> (stream_socket_get_name crashes).</li>
7778    <li><?php bugfix(72439); ?> (Stream socket with remote address leads to a segmentation fault).</li>
7779  </ul></li>
7780<li>sysvshm:
7781  <ul>
7782    <li><?php bugfix(72858); ?> (shm_attach null dereference).</li>
7783  </ul></li>
7784<li>Tidy:
7785  <ul>
7786    <li>Implemented support for libtidy 5.0.0 and above.</li>
7787    <li>Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error.</li>
7788  </ul></li>
7789<li>Wddx:
7790  <ul>
7791    <li><?php bugfix(73331); ?> (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)</li>
7792    <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li>
7793    <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access).</li>
7794    <li><?php bugfix(72750); ?> (wddx_deserialize null dereference).</li>
7795    <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml).</li>
7796    <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element).</li>
7797    <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free).</li>
7798    <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element).</li>
7799    <li><?php bugfix(72564); ?> (boolean always deserialized as "true").</li>
7800    <li>A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.</li>
7801  </ul></li>
7802<li>XML:
7803  <ul>
7804    <li><?php bugfix(72135); ?> (malformed XML causes fault).</li>
7805    <li><?php bugfix(72714); ?> (_xml_startElementHandler() segmentation fault).</li>
7806    <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li>
7807  </ul></li>
7808<li>XMLRPC:
7809  <ul>
7810    <li><?php bugfix(72647); ?> (xmlrpc_encode() unexpected output after referencing array elements).</li>
7811    <li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c).</li>
7812    <li>A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.</li>
7813  </ul></li>
7814<li>Zip:
7815  <ul>
7816    <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li>
7817    <li><?php bugfix(72660); ?> (NULL Pointer dereference in zend_virtual_cwd).</li>
7818    <li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener).</li>
7819    <li>ZipArchive::addGlob() will throw an instance of Error instead of resulting in a fatal error if glob support is not available.</li>
7820  </ul></li>
7821</ul>
7822<!-- }}} --></section>
7823
7824<a id="PHP_7_0"></a>
7825<section class="version" id="7.0.33"><!-- {{{ 7.0.33 -->
7826<h3>Version 7.0.33</h3>
7827<b><?php release_date('06-Dec-2018'); ?></b>
7828<ul><li>Core:
7829<ul>
7830  <li><?php bugfix(77231); ?> (Segfault when using convert.quoted-printable-encode filter).</li>
7831</ul></li>
7832<li>IMAP:
7833<ul>
7834  <li><?php bugfix(77020); ?> (null pointer dereference in imap_mail).</li>
7835  <li><?php bugfix(77153); ?> (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)</li>
7836</ul></li>
7837<li>Phar:
7838<ul>
7839  <li><?php bugfix(77022); ?> (PharData always creates new files with mode 0666).</li>
7840  <li><?php bugfix(77143); ?> (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)</li>
7841</ul></li>
7842</ul>
7843<!-- }}} --></section>
7844
7845
7846<section class="version" id="7.0.32"><!-- {{{ 7.0.32 -->
7847<h3>Version 7.0.32</h3>
7848<b><?php release_date('13-Sep-2018'); ?></b>
7849<ul><li>Apache2:
7850<ul>
7851  <li><?php bugfix(76582); ?> (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)</li>
7852</ul></li>
7853</ul>
7854<!-- }}} --></section>
7855
7856<section class="version" id="7.0.31"><!-- {{{ 7.0.31 -->
7857<h3>Version 7.0.31</h3>
7858<b><?php release_date('19-Jul-2018'); ?></b>
7859<ul><li>Exif:
7860<ul>
7861  <li><?php bugfix(76423); ?> (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)</li>
7862  <li><?php bugfix(76557); ?> (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)</li>
7863</ul></li>
7864<li>Win32:
7865<ul>
7866  <li><?php bugfix(76459); ?> (windows linkinfo lacks openbasedir check). (CVE-2018-15132)</li>
7867</ul></li>
7868</ul>
7869<!-- }}} --></section>
7870
7871
7872<section class="version" id="7.0.30"><!-- {{{ 7.0.30 -->
7873<h3>Version 7.0.30</h3>
7874<b><?php release_date('26-Apr-2018'); ?></b>
7875<ul><li>Exif:
7876<ul>
7877  <li><?php bugfix(76130); ?> (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)</li>
7878</ul></li>
7879<li>iconv:
7880<ul>
7881  <li><?php bugfix(76249); ?> (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)</li>
7882</ul></li>
7883<li>LDAP:
7884<ul>
7885  <li><?php bugfix(76248); ?> (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)</li>
7886</ul></li>
7887<li>Phar:
7888<ul>
7889  <li><?php bugfix(76129); ?> (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)</li>
7890</ul></li>
7891</ul>
7892<!-- }}} --></section>
7893
7894<section class="version" id="7.0.29"><!-- {{{ 7.0.29 -->
7895<h3>Version 7.0.29</h3>
7896<b><?php release_date('29-Mar-2018'); ?></b>
7897<ul><li>FPM:
7898<ul>
7899  <li><?php bugfix(75605); ?> (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)</li>
7900</ul></li>
7901</ul>
7902<!-- }}} --></section>
7903
7904
7905<section class="version" id="7.0.28"><!-- {{{ 7.0.28 -->
7906<h3>Version 7.0.28</h3>
7907<b><?php release_date('01-Mar-2018'); ?></b>
7908<ul><li>Standard:
7909<ul>
7910  <li><?php bugfix(75981); ?> (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)</li>
7911</ul></li>
7912</ul>
7913<!-- }}} --></section>
7914
7915<section class="version" id="7.0.27"><!-- {{{ 7.0.27 -->
7916<h3>Version 7.0.27</h3>
7917<b><?php release_date('04-Jan-2018'); ?></b>
7918<ul><li>CLI Server:
7919<ul>
7920  <li><?php bugfix(60471); ?> (Random "Invalid request (unexpected EOF)" using a router script).</li>
7921</ul></li>
7922<li>Core:
7923<ul>
7924  <li><?php bugfix(75384); ?> (PHP seems incompatible with OneDrive files on demand).</li>
7925  <li><?php bugfix(75573); ?> (Segmentation fault in 7.1.12 and 7.0.26).</li>
7926</ul></li>
7927<li>FPM:
7928<ul>
7929  <li><?php bugfix(64938); ?> (libxml_disable_entity_loader setting is shared between requests).</li>
7930</ul></li>
7931<li>GD:
7932<ul>
7933  <li><?php bugfix(75571); ?> (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)</li>
7934</ul></li>
7935<li>Opcache:
7936<ul>
7937  <li><?php bugfix(75579); ?> (Interned strings buffer overflow may cause crash).</li>
7938</ul></li>
7939<li>PCRE:
7940<ul>
7941  <li><?php bugfix(74183); ?> (preg_last_error not returning error code after error).</li>
7942</ul></li>
7943<li>Phar:
7944<ul>
7945  <li><?php bugfix(74782); ?> (Reflected XSS in .phar 404 page). (CVE-2018-5712)</li>
7946</ul></li>
7947<li>Standard:
7948<ul>
7949  <li><?php bugfix(75535); ?> (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)</li>
7950  <li><?php bugfix(75409); ?> (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).</li>
7951</ul></li>
7952<li>Zip:
7953<ul>
7954  <li><?php bugfix(75540); ?> (Segfault with libzip 1.3.1).</li>
7955</ul></li>
7956</ul>
7957<!-- }}} --></section>
7958
7959
7960<section class="version" id="7.0.26"><!-- {{{ 7.0.26 -->
7961<h3>Version 7.0.26</h3>
7962<b><?php release_date('23-Nov-2017'); ?></b>
7963<ul><li>Core:
7964<ul>
7965  <li><?php bugfix(75420); ?> (Crash when modifing property name in __isset for BP_VAR_IS).</li>
7966  <li><?php bugfix(75368); ?> (mmap/munmap trashing on unlucky allocations).</li>
7967</ul></li>
7968<li>CLI:
7969<ul>
7970  <li><?php bugfix(75287); ?> (Builtin webserver crash after chdir in a shutdown function).</li>
7971</ul></li>
7972<li>Enchant:
7973<ul>
7974  <li><?php bugfix(53070); ?> (enchant_broker_get_path crashes if no path is set).</li>
7975  <li><?php bugfix(75365); ?> (Enchant still reports version 1.1.0).</li>
7976</ul></li>
7977<li>Exif:
7978<ul>
7979  <li><?php bugfix(75301); ?> (Exif extension has built in revision version).</li>
7980</ul></li>
7981<li>GD:
7982<ul>
7983  <li><?php bugfix(65148); ?> (imagerotate may alter image dimensions).</li>
7984  <li><?php bugfix(75437); ?> (Wrong reflection on imagewebp).</li>
7985</ul></li>
7986<li>intl:
7987<ul>
7988  <li><?php bugfix(75317); ?> (UConverter::setDestinationEncoding changes source instead of destination).</li>
7989</ul></li>
7990<li>interbase:
7991<ul>
7992  <li><?php bugfix(75453); ?> (Incorrect reflection for ibase_[p]connect).</li>
7993</ul></li>
7994<li>Mysqli:
7995<ul>
7996  <li><?php bugfix(75434); ?> (Wrong reflection for mysqli_fetch_all function).</li>
7997</ul></li>
7998<li>OCI8:
7999<ul>
8000  <li>Fixed valgrind issue.</li>
8001</ul></li>
8002<li>Opcache:
8003<ul>
8004  <li><?php bugfix(75373); ?> (Warning Internal error: wrong size calculation).</li>
8005</ul></li>
8006<li>OpenSSL:
8007<ul>
8008  <li><?php bugfix(75363); ?> (openssl_x509_parse leaks memory).</li>
8009  <li><?php bugfix(75307); ?> (Wrong reflection for openssl_open function).</li>
8010</ul></li>
8011<li>PGSQL:
8012<ul>
8013  <li><?php bugfix(75419); ?> (Default link incorrectly cleared/linked by pg_close()).</li>
8014</ul></li>
8015<li>SOAP:
8016<ul>
8017  <li><?php bugfix(75464); ?> (Wrong reflection on SoapClient::__setSoapHeaders).</li>
8018</ul></li>
8019<li>Zlib:
8020<ul>
8021  <li><?php bugfix(75299); ?> (Wrong reflection on inflate_init and inflate_add).</li>
8022</ul></li>
8023</ul>
8024<!-- }}} --></section>
8025
8026<section class="version" id="7.0.25"><!-- {{{ 7.0.25 -->
8027<h3>Version 7.0.25</h3>
8028<b><?php release_date('26-Oct-2017'); ?></b>
8029<ul><li>Core:
8030<ul>
8031  <li><?php bugfix(75241); ?> (Null pointer dereference in zend_mm_alloc_small()).</li>
8032  <li><?php bugfix(75236); ?> (infinite loop when printing an error-message).</li>
8033  <li><?php bugfix(75252); ?> (Incorrect token formatting on two parse errors in one request).</li>
8034  <li><?php bugfix(75220); ?> (Segfault when calling is_callable on parent).</li>
8035  <li><?php bugfix(75290); ?> (debug info of Closures of internal functions contain garbage argument names).</li>
8036</ul></li>
8037<li>Apache2Handler:
8038<ul>
8039  <li><?php bugfix(75311); ?> (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).</li>
8040</ul></li>
8041<li>Date:
8042<ul>
8043  <li><?php bugfix(75055); ?> (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)</li>
8044</ul></li>
8045<li>Intl:
8046<ul>
8047  <li><?php bugfix(75318); ?> (The parameter of UConverter::getAliases() is not optional).</li>
8048</ul></li>
8049<li>mcrypt:
8050<ul>
8051  <li><?php bugfix(72535); ?> (arcfour encryption stream filter crashes php).</li>
8052</ul></li>
8053<li>OCI8:
8054<ul>
8055  <li>Fixed incorrect reference counting.</li>
8056</ul></li>
8057<li>PCRE:
8058<ul>
8059  <li><?php bugfix(75207); ?> (applied upstream patch for CVE-2016-1283).</li>
8060</ul></li>
8061<li>litespeed:
8062<ul>
8063  <li><?php bugfix(75248); ?> (Binary directory doesn't get created when building only litespeed SAPI).</li>
8064  <li><?php bugfix(75251); ?> (Missing program prefix and suffix).</li>
8065</ul></li>
8066<li>SPL:
8067<ul>
8068  <li><?php bugfix(73629); ?> (SplDoublyLinkedList::setIteratorMode masks intern flags).</li>
8069</ul></li>
8070</ul>
8071<!-- }}} --></section>
8072
8073<section class="version" id="7.0.24"><!-- {{{ 7.0.24 -->
8074<h3>Version 7.0.24</h3>
8075<b><?php release_date('28-Sep-2017'); ?></b>
8076<ul><li>Core:
8077<ul>
8078  <li><?php bugfix(75042); ?> (run-tests.php issues with EXTENSION block).</li>
8079</ul></li>
8080<li>BCMath:
8081<ul>
8082  <li><?php bugfix(44995); ?> (bcpowmod() fails if scale != 0).</li>
8083  <li><?php bugfix(46781); ?> (BC math handles minus zero incorrectly).</li>
8084  <li><?php bugfix(54598); ?> (bcpowmod() may return 1 if modulus is 1).</li>
8085  <li><?php bugfix(75178); ?> (bcpowmod() misbehaves for non-integer base or modulus).</li>
8086</ul></li>
8087<li>CLI server:
8088<ul>
8089  <li><?php bugfix(70470); ?> (Built-in server truncates headers spanning over TCP packets).</li>
8090</ul></li>
8091<li>CURL:
8092<ul>
8093  <li><?php bugfix(75093); ?> (OpenSSL support not detected).</li>
8094</ul></li>
8095<li>GD:
8096<ul>
8097  <li><?php bugfix(75124); ?> (gdImageGrayScale() may produce colors).</li>
8098  <li><?php bugfix(75139); ?> (libgd/gd_interpolation.c:1786: suspicious if ?).</li>
8099</ul></li>
8100<li>Gettext:
8101<ul>
8102  <li><?php bugfix(73730); ?> (textdomain(null) throws in strict mode).</li>
8103</ul></li>
8104<li>Intl:
8105<ul>
8106  <li><?php bugfix(75090); ?> (IntlGregorianCalendar doesn't have constants from parent class).</li>
8107</ul></li>
8108<li>PDO_OCI:
8109<ul>
8110  <li><?php bugfix(74631); ?> (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).</li>
8111</ul></li>
8112<li>SPL:
8113<ul>
8114  <li><?php bugfix(75173); ?> (incorrect behavior of AppendIterator::append in foreach loop).</li>
8115</ul></li>
8116<li>Standard:
8117<ul>
8118  <li><?php bugfix(75097); ?> (gethostname fails if your host name is 64 chars long).</li>
8119</ul></li>
8120</ul>
8121<!-- }}} --></section>
8122
8123<section class="version" id="7.0.23"><!-- {{{ 7.0.23 -->
8124<h3>Version 7.0.23</h3>
8125<b><?php release_date('31-Aug-2017'); ?></b>
8126<ul><li>Core:
8127<ul>
8128  <li><?php bugfix(74947); ?> (Segfault in scanner on INF number).</li>
8129  <li><?php bugfix(74954); ?> (null deref and segfault in zend_generator_resume()).</li>
8130  <li><?php bugfix(74725); ?> (html_errors=1 breaks unhandled exceptions).</li>
8131  <li><?php bugfix(75349); ?> (NAN comparison).</li>
8132</ul></li>
8133<li>cURL:
8134<ul>
8135  <li><?php bugfix(74125); ?> (Fixed finding CURL on systems with multiarch support).</li>
8136</ul></li>
8137<li>Date:
8138<ul>
8139<li><?php bugfix(75002); ?> (Null Pointer Dereference in timelib_time_clone).</li>
8140</ul></li>
8141<li>Intl:
8142<ul>
8143  <li><?php bugfix(74993); ?> (Wrong reflection on some locale_* functions).</li>
8144</ul></li>
8145<li>Mbstring:
8146<ul>
8147  <li><?php bugfix(71606); ?> (Segmentation fault mb_strcut with HTML-ENTITIES encoding).</li>
8148  <li><?php bugfix(62934); ?> (mb_convert_kana() does not convert iteration marks).</li>
8149  <li><?php bugfix(75001); ?> (Wrong reflection on mb_eregi_replace).</li>
8150</ul></li>
8151<li>MySQLi:
8152<ul>
8153  <li><?php bugfix(74968); ?> (PHP crashes when calling mysqli_result::fetch_object with an abstract class).</li>
8154</ul></li>
8155<li>OCI8:
8156<ul>
8157  <li>Expose oci_unregister_taf_callback() (Tianfang Yang)</li>
8158</ul></li>
8159<li>phar:
8160<ul>
8161  <li><?php bugfix(74991); ?> (include_path has a 4096 char limit in some cases).</li>
8162</ul></li>
8163<li>Reflection:
8164<ul>
8165  <li><?php bugfix(74949); ?> (null pointer dereference in _function_string).</li>
8166</ul></li>
8167<li>Session:
8168<ul>
8169  <li><?php bugfix(74833); ?> (SID constant created with wrong module number).</li>
8170</ul></li>
8171<li>SimpleXML:
8172<ul>
8173  <li><?php bugfix(74950); ?> (nullpointer deref in simplexml_element_getDocNamespaces).</li>
8174</ul></li>
8175<li>SPL:
8176<ul>
8177  <li><?php bugfix(75049); ?> (spl_autoload_unregister can't handle spl_autoload_functions results).</li>
8178  <li><?php bugfix(74669); ?> (Unserialize ArrayIterator broken).</li>
8179  <li><?php bugfix(75015); ?> (Crash in recursive iterator destructors).</li>
8180</ul></li>
8181<li>Standard:
8182<ul>
8183  <li><?php bugfix(75075); ?> (unpack with X* causes infinity loop).</li>
8184  <li><?php bugfix(74103); ?> (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)</li>
8185  <li><?php bugfix(75054); ?> (A Denial of Service Vulnerability was found when performing deserialization).</li>
8186</ul></li>
8187<li>WDDX:
8188<ul>
8189  <li><?php bugfix(73793); ?> (WDDX uses wrong decimal seperator).</li>
8190</ul></li>
8191<li>XMLRPC:
8192<ul>
8193  <li><?php bugfix(74975); ?> (Incorrect xmlrpc serialization for classes with declared properties).</li>
8194</ul></li>
8195</ul>
8196<!-- }}} --></section>
8197
8198<section class="version" id="7.0.22"><!-- {{{ 7.0.22 -->
8199<h3>Version 7.0.22</h3>
8200<b><?php release_date('03-Aug-2017'); ?></b>
8201<ul><li>Core:
8202<ul>
8203  <li><?php bugfix(74832); ?> (Loading PHP extension with already registered function name leads to a crash).</li>
8204  <li><?php bugfix(74780); ?> (parse_url() borken when query string contains colon).</li>
8205  <li><?php bugfix(74761); ?> (Unary operator expected error on some systems).</li>
8206  <li><?php bugfix(73900); ?> (Use After Free in unserialize() SplFixedArray).</li>
8207  <li><?php bugfix(74913); ?> (fixed incorrect poll.h include).</li>
8208  <li><?php bugfix(74906); ?> (fixed incorrect errno.h include).</li>
8209</ul></li>
8210<li>Date:
8211<ul>
8212  <li><?php bugfix(74852); ?> (property_exists returns true on unknown DateInterval property).</li>
8213</ul></li>
8214<li>OCI8:
8215<ul>
8216  <li><?php bugfix(74625); ?> (Integer overflow in oci_bind_array_by_name).</li>
8217</ul></li>
8218<li>Opcache:
8219<ul>
8220  <li><?php bugfix(74840); ?> (Opcache overwrites argument of GENERATOR_RETURN within finally).</li>
8221</ul></li>
8222<li>PDO:
8223<ul>
8224  <li><?php bugfix(69356); ?> (PDOStatement::debugDumpParams() truncates query).</li>
8225</ul></li>
8226<li>SPL:
8227<ul>
8228  <li><?php bugfix(73471); ?> (PHP freezes with AppendIterator).</li>
8229</ul></li>
8230<li>SQLite3:
8231<ul>
8232  <li><?php bugfix(74883); ?> (SQLite3::__construct() produces "out of memory" exception with invalid flags).</li>
8233</ul></li>
8234<li>Wddx:
8235<ul>
8236  <li><?php bugfix(73173); ?> (huge memleak when wddx_unserialize).</li>
8237  <li><?php bugfix(74145); ?> (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)</li>
8238</ul></li>
8239<li>zlib:
8240<ul>
8241  <li><?php bugfix(73944); ?> (dictionary option of inflate_init() does not work).</li>
8242</ul></li>
8243</ul>
8244<!-- }}} --></section>
8245
8246<section class="version" id="7.0.21"><!-- {{{ 7.0.21 -->
8247<h3>Version 7.0.21</h3>
8248<b><?php release_date('06-Jul-2017'); ?></b>
8249<ul><li>Core:
8250<ul>
8251  <li><?php bugfix(74738); ?> (Multiple [PATH=] and [HOST=] sections not properly parsed).</li>
8252  <li><?php bugfix(74658); ?> (Undefined constants in array properties result in broken properties).</li>
8253  <li>Fixed misparsing of abstract unix domain socket names.</li>
8254  <li><?php bugfix(74101); ?> (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)</li>
8255  <li><?php bugfix(74111); ?> (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)</li>
8256  <li><?php bugfix(74603); ?> (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)</li>
8257  <li><?php bugfix(74819); ?> (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)</li>
8258</ul></li>
8259<li>DOM:
8260<ul>
8261  <li><?php bugfix(69373); ?> (References to deleted XPath query results).</li>
8262</ul></li>
8263<li>GD:
8264<ul>
8265  <li><?php bugfix(74435); ?> (Buffer over-read into uninitialized memory). (CVE-2017-7890)</li>
8266</ul></li>
8267<li>Intl:
8268<ul>
8269  <li><?php bugfix(73473); ?> (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)</li>
8270  <li><?php bugfix(74705); ?> (Wrong reflection on Collator::getSortKey and collator_get_sort_key).</li>
8271  <li><?php bugfix(73634); ?> (grapheme_strpos illegal memory access).</li>
8272</ul></li>
8273<li>Mbstring:
8274<ul>
8275  <li>Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)</li>
8276</ul></li>
8277<li>OCI8:
8278<ul>
8279  <li>Add TAF callback (PR <?php githubissuel('php/php-src', 2459); ?>).</li>
8280</ul></li>
8281<li>Opcache:
8282<ul>
8283  <li><?php bugfix(74663); ?> (Segfault with opcache.memory_protect and validate_timestamp).</li>
8284</ul></li>
8285<li>OpenSSL:
8286<ul>
8287  <li><?php bugfix(74651); ?> (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)</li>
8288</ul></li>
8289<li>PCRE:
8290<ul>
8291  <li><?php bugfix(74087); ?> (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).</li>
8292</ul></li>
8293<li>PDO_OCI:
8294<ul>
8295  <li>Support Instant Client 12.2 in --with-pdo-oci configure option.</li>
8296</ul></li>
8297<li>Reflection:
8298<ul>
8299  <li><?php bugfix(74673); ?> (Segfault when cast Reflection object to string with undefined constant).</li>
8300</ul></li>
8301<li>SPL:
8302<ul>
8303  <li><?php bugfix(74478); ?> (null coalescing operator failing with SplFixedArray).</li>
8304</ul></li>
8305<li>Standard:
8306<ul>
8307  <li><?php bugfix(74708); ?> (Invalid Reflection signatures for random_bytes and random_int).</li>
8308  <li><?php bugfix(73648); ?> (Heap buffer overflow in substr).</li>
8309</ul></li>
8310<li>FTP:
8311<ul>
8312  <li><?php bugfix(74598); ?> (ftp:// wrapper ignores context arg).</li>
8313</ul></li>
8314<li>PHAR:
8315<ul>
8316  <li><?php bugfix(74386); ?> (Phar::__construct reflection incorrect).</li>
8317</ul></li>
8318<li>SOAP:
8319<ul>
8320  <li><?php bugfix(74679); ?> (Incorrect conversion array with WSDL_CACHE_MEMORY).</li>
8321</ul></li>
8322<li>Streams:
8323<ul>
8324  <li><?php bugfix(74556); ?> (stream_socket_get_name() returns '\0').</li>
8325</ul></li>
8326</ul>
8327<!-- }}} --></section>
8328
8329
8330<section class="version" id="7.0.20"><!-- {{{ 7.0.20 -->
8331<h3>Version 7.0.20</h3>
8332<b><?php release_date('08-Jun-2017'); ?></b>
8333<ul><li>Core:
8334<ul>
8335  <li><?php bugfix(74600); ?> (crash (SIGSEGV) in _zend_hash_add_or_update_i).</li>
8336  <li><?php bugfix(74546); ?> (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).</li>
8337</ul></li>
8338<li>intl:
8339<ul>
8340  <li><?php bugfix(74468); ?> (wrong reflection on Collator::sortWithSortKeys).</li>
8341</ul></li>
8342<li>MySQLi:
8343<ul>
8344  <li><?php bugfix(74547); ?> (mysqli::change_user() doesn't accept null as $database argument w/strict_types).</li>
8345</ul></li>
8346<li>Opcache:
8347<ul>
8348  <li><?php bugfix(74596); ?> (SIGSEGV with opcache.revalidate_path enabled).</li>
8349</ul></li>
8350<li>phar:
8351<ul>
8352  <li><?php bugfix(51918); ?> (Phar::webPhar() does not handle requests sent through PUT and DELETE method).</li>
8353</ul></li>
8354<li>Standard:
8355<ul>
8356  <li><?php bugfix(74510); ?> (win32/sendmail.c anchors CC header but not BCC).</li>
8357</ul></li>
8358<li>xmlreader:
8359<ul>
8360  <li><?php bugfix(74457); ?> (Wrong reflection on XMLReader::expand).</li>
8361</ul></li>
8362</ul>
8363<!-- }}} --></section>
8364
8365<section class="version" id="7.0.19"><!-- {{{ 7.0.19 -->
8366<h3>Version 7.0.19</h3>
8367<b><?php release_date('11-May-2017'); ?></b>
8368<ul><li>Core:
8369<ul>
8370  <li><?php bugfix(74188); ?> (Null coalescing operator fails for undeclared static class properties).</li>
8371  <li><?php bugfix(74408); ?> (Endless loop bypassing execution time limit).</li>
8372  <li><?php bugfix(74410); ?> (stream_select() is broken on Windows Nanoserver).</li>
8373  <li><?php bugfix(74337); ?> (php-cgi.exe crash on facebook callback).</li>
8374  <li>Patch for bug <?php bugl(74216); ?> was reverted.</li>
8375</ul></li>
8376<li>Date:
8377<ul>
8378  <li><?php bugfix(74404); ?> (Wrong reflection on DateTimeZone::getTransitions).</li>
8379  <li><?php bugfix(74080); ?> (add constant for RFC7231 format datetime).</li>
8380</ul></li>
8381<li>DOM:
8382<ul>
8383  <li><?php bugfix(74416); ?> (Wrong reflection on DOMNode::cloneNode).</li>
8384</ul></li>
8385<li>Fileinfo:
8386<ul>
8387  <li><?php bugfix(74379); ?> (syntax error compile error in libmagic/apprentice.c).</li>
8388</ul></li>
8389<li>GD:
8390<ul>
8391  <li><?php bugfix(74343); ?> (compile fails on solaris 11 with system gd2 library).</li>
8392</ul></li>
8393<li>intl:
8394<ul>
8395  <li><?php bugfix(74433); ?> (wrong reflection for Normalizer methods).</li>
8396  <li><?php bugfix(74439); ?> (wrong reflection for Locale methods).</li>
8397</ul></li>
8398<li>MySQLi:
8399<ul>
8400  <li><?php bugfix(74432); ?> (mysqli_connect adding ":3306" to $host if $port parameter not given).</li>
8401</ul></li>
8402<li>MySQLnd:
8403<ul>
8404  <li>Added support for MySQL 8.0 types.</li>
8405  <li><?php bugfix(74376); ?> (Invalid free of persistent results on error/connection loss).</li>
8406</ul></li>
8407<li>OpenSSL:
8408<ul>
8409  <li><?php bugfix(73833); ?> (null character not allowed in openssl_pkey_get_private).</li>
8410  <li><?php bugfix(73711); ?> (Segfault in openssl_pkey_new when generating DSA or DH key).</li>
8411  <li><?php bugfix(74341); ?> (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).</li>
8412  <li>Added OpenSSL 1.1.0 support.</li>
8413</ul></li>
8414<li>phar:
8415<ul>
8416  <li><?php bugfix(74383); ?> (phar method parameters reflection correction).</li>
8417</ul></li>
8418<li>Standard:
8419<ul>
8420  <li><?php bugfix(74409); ?> (Reflection information for ini_get_all() is incomplete).</li>
8421  <li><?php bugfix(72071); ?> (setcookie allows max-age to be negative).</li>
8422</ul></li>
8423<li>Streams:
8424<ul>
8425  <li><?php bugfix(74429); ?> (Remote socket URI with unique persistence identifier broken).</li>
8426</ul></li>
8427<li>SQLite3:
8428<ul>
8429  <li><?php bugfix(74413); ?> (incorrect reflection for SQLite3::enableExceptions).</li>
8430</ul></li>
8431</ul>
8432<!-- }}} --></section>
8433
8434<section class="version" id="7.0.18"><!-- {{{ 7.0.18 -->
8435<h3>Version 7.0.18</h3>
8436<b><?php release_date('13-Apr-2017'); ?></b>
8437<ul><li>Core:
8438<ul>
8439  <li><?php bugfix(73370); ?> (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).</li>
8440  <li><?php bugfix(73960); ?> (Leak with instance method calling static method with referenced return).</li>
8441  <li><?php bugfix(74265); ?> (Build problems after 7.0.17 release: undefined reference to `isfinite').</li>
8442  <li><?php bugfix(74302); ?> (yield fromLABEL is over-greedy).</li>
8443</ul></li>
8444<li>Apache:
8445<ul>
8446  <li>Reverted patch for bug <?php bugl(61471); ?>, fixes bug <?php bugl(74318); ?>.</li>
8447</ul></li>
8448<li>Date:
8449<ul>
8450  <li><?php bugfix(72096); ?> (Swatch time value incorrect for dates before 1970).</li>
8451</ul></li>
8452<li>DOM:
8453<ul>
8454  <li><?php bugfix(74004); ?> (LIBXML_NOWARNING flag ingnored on loadHTML*).</li>
8455</ul></li>
8456<li>iconv:
8457<ul>
8458  <li><?php bugfix(74230); ?> (iconv fails to fail on surrogates).</li>
8459</ul></li>
8460<li>OpenSSL:
8461<ul>
8462  <li><?php bugfix(72333); ?> (fwrite() on non-blocking SSL sockets doesn't work).</li>
8463</ul></li>
8464<li>PDO MySQL:
8465<ul>
8466  <li><?php bugfix(71003); ?> (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).</li>
8467</ul></li>
8468<li>Streams:
8469<ul>
8470  <li><?php bugfix(74216); ?> (Correctly fail on invalid IP address ports).</li>
8471</ul></li>
8472<li>Zlib:
8473<ul>
8474  <li><?php bugfix(74240); ?> (deflate_add can allocate too much memory).</li>
8475</ul></li>
8476</ul>
8477<!-- }}} --></section>
8478
8479<section class="version" id="7.0.17"><!-- {{{ 7.0.17 -->
8480<h3>Version 7.0.17</h3>
8481<b><?php release_date('16-Mar-2017'); ?></b>
8482<ul><li>Core:
8483<ul>
8484  <li><?php bugfix(73989); ?> (PHP 7.1 Segfaults within Symfony test suite).</li>
8485  <li><?php bugfix(74084); ?> (Out of bound read - zend_mm_alloc_small).</li>
8486  <li><?php bugfix(73807); ?> (Performance problem with processing large post request). (CVE-2017-11142)</li>
8487  <li><?php bugfix(73998); ?> (array_key_exists fails on arrays created by get_object_vars).</li>
8488  <li><?php bugfix(73954); ?> (NAN check fails on Alpine Linux with musl).</li>
8489  <li><?php bugfix(74039); ?> (is_infinite(-INF) returns false).</li>
8490  <li><?php bugfix(73677); ?> (Generating phar.phar core dump with gcc ASAN enabled build).</li>
8491</ul></li>
8492<li>Apache:
8493<ul>
8494  <li><?php bugfix(61471); ?> (Incomplete POST does not timeout but is passed to PHP).</li>
8495</ul></li>
8496<li>Date:
8497<ul>
8498  <li><?php bugfix(72719); ?> (Relative datetime format ignores weekday on sundays only).</li>
8499  <li><?php bugfix(73294); ?> (DateTime wrong when date string is negative).</li>
8500  <li><?php bugfix(73489); ?> (wrong timestamp when call setTimeZone multi times with UTC offset).</li>
8501  <li><?php bugfix(73858); ?> (first/last day of' flag is not being reset).</li>
8502  <li><?php bugfix(73942); ?> ($date-&gt;modify('Friday this week') doesn't return a Friday if $date is a Sunday).</li>
8503  <li><?php bugfix(74057); ?> (wrong day when using "this week" in strtotime).</li>
8504</ul></li>
8505<li>FPM:
8506<ul>
8507  <li><?php bugfix(69860); ?> (php-fpm process accounting is broken with keepalive).</li>
8508</ul></li>
8509<li>Hash:
8510<ul>
8511  <li><?php bugfix(73127); ?> (gost-crypto hash incorrect if input data contains long 0xFF sequence).</li>
8512</ul></li>
8513<li>GD:
8514<ul>
8515  <li><?php bugfix(74031); ?> (ReflectionFunction for imagepng is missing last two parameters).</li>
8516</ul></li>
8517<li>Mysqlnd:
8518<ul>
8519  <li><?php bugfix(74021); ?> (fetch_array broken data. Data more then MEDIUMBLOB).</li>
8520</ul></li>
8521<li>Opcache:
8522<ul>
8523  <li><?php bugfix(74152); ?> (if statement says true to a null variable).</li>
8524  <li><?php bugfix(74019); ?> (Segfault with list).</li>
8525</ul></li>
8526<li>OpenSSL:
8527<ul>
8528  <li><?php bugfix(74022); ?> (PHP Fast CGI crashes when reading from a pfx file).</li>
8529</ul></li>
8530<li>Standard:
8531<ul>
8532  <li><?php bugfix(74148); ?> (ReflectionFunction incorrectly reports the number of arguments).</li>
8533  <li><?php bugfix(74005); ?> (mail.add_x_header causes RFC-breaking lone line feed).</li>
8534  <li><?php bugfix(73118); ?> (is_callable callable name reports misleading value for anonymous classes).</li>
8535  <li><?php bugfix(74105); ?> (PHP on Linux should use /dev/urandom when getrandom is not available).</li>
8536</ul></li>
8537<li>Streams:
8538<ul>
8539  <li><?php bugfix(73496); ?> (Invalid memory access in zend_inline_hash_func).</li>
8540  <li><?php bugfix(74090); ?> (stream_get_contents maxlength&gt;-1 returns empty string).</li>
8541</ul></li>
8542</ul>
8543<!-- }}} --></section>
8544
8545<section class="version" id="7.0.16"><!-- {{{ 7.0.16 -->
8546<h3>Version 7.0.16</h3>
8547<b><?php release_date('16-Feb-2017'); ?></b>
8548<ul><li>Core:
8549<ul>
8550  <li><?php bugfix(73916); ?> (zend_print_flat_zval_r doesn't consider reference).</li>
8551  <li><?php bugfix(73876); ?> (Crash when exporting **= in expansion of assign op).</li>
8552  <li><?php bugfix(73969); ?> (segfault in debug_print_backtrace).</li>
8553  <li><?php bugfix(73973); ?> (assertion error in debug_zval_dump).</li>
8554</ul></li>
8555<li>DOM:
8556<ul>
8557  <li><?php bugfix(54382); ?> (getAttributeNodeNS doesn't get xmlns* attributes).</li>
8558</ul></li>
8559<li>DTrace:
8560<ul>
8561  <li><?php bugfix(73965); ?> (DTrace reported as enabled when disabled).</li>
8562</ul></li>
8563<li>FPM:
8564<ul>
8565  <li><?php bugfix(67583); ?> (double fastcgi_end_request on max_children limit).</li>
8566  <li><?php bugfix(69865); ?> (php-fpm does not close stderr when using syslog).</li>
8567</ul></li>
8568<li>GD:
8569<ul>
8570  <li><?php bugfix(73968); ?> (Premature failing of XBM reading).</li>
8571</ul></li>
8572<li>GMP:
8573<ul>
8574  <li><?php bugfix(69993); ?> (test for gmp.h needs to test machine includes).</li>
8575</ul></li>
8576<li>Intl:
8577<ul>
8578<li><?php bugfix(73956); ?> (Link use CC instead of CXX).</li>
8579</ul></li>
8580<li>LDAP:
8581<ul>
8582  <li><?php bugfix(73933); ?> (error/segfault with ldap_mod_replace and opcache).</li>
8583</ul></li>
8584<li>MySQLi:
8585<ul>
8586  <li><?php bugfix(73949); ?> (leak in mysqli_fetch_object).</li>
8587</ul></li>
8588<li>Mysqlnd:
8589<ul>
8590  <li><?php bugfix(69899); ?> (segfault on close() after free_result() with mysqlnd).</li>
8591</ul></li>
8592<li>Opcache:
8593<ul>
8594  <li><?php bugfix(73983); ?> (crash on finish work with phar in cli + opcache).</li>
8595</ul></li>
8596<li>OpenSSL:
8597<ul>
8598  <li><?php bugfix(71519); ?> (add serial hex to return value array).</li>
8599</ul></li>
8600<li>PDO_Firebird:
8601<ul>
8602  <li><?php implemented(72583); ?> (All data are fetched as strings).</li>
8603</ul></li>
8604<li>PDO_PgSQL:
8605<ul>
8606  <li><?php bugfix(73959); ?> (lastInsertId fails to throw an exception for wrong sequence name).</li>
8607</ul></li>
8608<li>Phar:
8609<ul>
8610  <li><?php bugfix(70417); ?> (PharData::compress() doesn't close temp file).</li>
8611</ul></li>
8612<li>posix:
8613<ul>
8614  <li><?php bugfix(71219); ?> (configure script incorrectly checks for ttyname_r).</li>
8615</ul></li>
8616<li>Session:
8617<ul>
8618  <li><?php bugfix(69582); ?> (session not readable by root in CLI).</li>
8619</ul></li>
8620<li>SPL:
8621<ul>
8622  <li><?php bugfix(73896); ?> (spl_autoload() crashes when calls magic _call()).</li>
8623</ul></li>
8624<li>Standard:
8625<ul>
8626  <li><?php bugfix(69442); ?> (closing of fd incorrect when PTS enabled).</li>
8627  <li><?php bugfix(47021); ?> (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").</li>
8628  <li><?php bugfix(72974); ?> (imap is undefined service on AIX).</li>
8629  <li><?php bugfix(72979); ?> (money_format stores wrong length AIX).</li>
8630</ul></li>
8631<li>ZIP:
8632<ul>
8633  <li><?php bugfix(70103); ?> (ZipArchive::addGlob ignores remove_all_path option).</li>
8634</ul></li>
8635</ul>
8636<!-- }}} --></section>
8637
8638<section class="version" id="7.0.15"><!-- {{{ 7.0.15 -->
8639<h3>Version 7.0.15</h3>
8640<b><?php release_date('19-Jan-2017'); ?></b>
8641<ul><li>Core:
8642<ul>
8643  <li><?php bugfix(73792); ?> (invalid foreach loop hangs script).</li>
8644  <li><?php bugfix(73663); ?> ("Invalid opcode 65/16/8" occurs with a variable created with list()).</li>
8645  <li><?php bugfix(73585); ?> (Logging of "Internal Zend error - Missing class information" missing class name).</li>
8646  <li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li>
8647  <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li>
8648  <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li>
8649  <li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()). (CVE-2017-5340)</li>
8650  <li><?php bugfix(73092); ?> (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)</li>
8651  <li><?php bugfix(69425); ?> (Use After Free in unserialize()).</li>
8652  <li><?php bugfix(72731); ?> (Type Confusion in Object Deserialization).</li>
8653</ul></li>
8654<li>COM:
8655<ul>
8656  <li><?php bugfix(73679); ?> (DOTNET read access violation using invalid codepage).</li>
8657</ul></li>
8658<li>DOM:
8659<ul>
8660  <li><?php bugfix(67474); ?> (getElementsByTagNameNS filter on default ns).</li>
8661</ul></li>
8662<li>EXIF:
8663<ul>
8664<li><?php bugfix(73737); ?> (FPE when parsing a tag format). (CVE-2016-10158)</li>
8665</ul></li>
8666<li>GD:
8667<ul>
8668  <li><?php bugfix(73869); ?> (Signed Integer Overflow gd_io.c). (CVE-2016-10168)</li>
8669  <li><?php bugfix(73868); ?> (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)</li>
8670</ul></li>
8671<li>GMP:
8672<ul>
8673  <li><?php bugfix(70513); ?> (GMP Deserialization Type Confusion Vulnerability).</li>
8674</ul></li>
8675<li>Mysqli:
8676<ul>
8677  <li><?php bugfix(73462); ?> (Persistent connections don't set $connect_errno).</li>
8678</ul></li>
8679<li>Mysqlnd:
8680<ul>
8681  <li>Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.</li>
8682  <li><?php bugfix(73800); ?> (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).</li>
8683</ul></li>
8684<li>PCRE:
8685<ul>
8686  <li><?php bugfix(73612); ?> (preg_*() may leak memory).</li>
8687</ul></li>
8688<li>PDO_Firebird:
8689<ul>
8690  <li><?php bugfix(72931); ?> (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).</li>
8691</ul></li>
8692<li>Phar:
8693<ul>
8694  <li><?php bugfix(73773); ?> (Seg fault when loading hostile phar). (CVE-2017-11147)</li>
8695  <li><?php bugfix(73768); ?> (Memory corruption when loading hostile phar). (CVE-2016-10160)</li>
8696  <li><?php bugfix(73764); ?> (Crash while loading hostile phar archive). (CVE-2016-10159)</li>
8697</ul></li>
8698<li>Phpdbg:
8699<ul>
8700  <li><?php bugfix(73615); ?> (phpdbg without option never load .phpdbginit at startup).</li>
8701  <li>Fixed issue getting executable lines from custom wrappers.</li>
8702  <li><?php bugfix(73704); ?> (phpdbg shows the wrong line in files with shebang).</li>
8703</ul></li>
8704<li>Reflection:
8705<ul>
8706  <li><?php bugfix(46103); ?> (ReflectionObject memory leak).</li>
8707</ul></li>
8708<li>Streams:
8709<ul>
8710  <li><?php bugfix(73586); ?> (php_user_filter::$stream is not set to the stream the filter is working on).</li>
8711</ul></li>
8712<li>SQLite3:
8713<ul>
8714<li>Reverted fix for <?php bugl(73530); ?> (Unsetting result set may reset other result set).</li>
8715</ul></li>
8716<li>Standard:
8717<ul>
8718  <li><?php bugfix(73594); ?> (dns_get_record does not populate $additional out parameter).</li>
8719  <li><?php bugfix(70213); ?> (Unserialize context shared on double class lookup).</li>
8720  <li><?php bugfix(73154); ?> (serialize object with __sleep function crash).</li>
8721  <li><?php bugfix(70490); ?> (get_browser function is very slow).</li>
8722  <li><?php bugfix(73265); ?> (Loading browscap.ini at startup causes high memory usage).</li>
8723  <li><?php bugfix(31875); ?> (get_defined_functions additional param to exclude disabled functions).</li>
8724</ul></li>
8725<li>Zlib:
8726<ul>
8727  <li><?php bugfix(73373); ?> (deflate_add does not verify that output was not truncated).</li>
8728</ul></li>
8729</ul>
8730<!-- }}} --></section>
8731
8732<section class="version" id="7.0.14"><!-- {{{ 7.0.14 -->
8733<h3>Version 7.0.14</h3>
8734<b><?php release_date('08-Dec-2016'); ?></b>
8735<ul><li>Core:
8736<ul>
8737  <li>Fixed memory leak(null coalescing operator with Spl hash).</li>
8738  <li><?php bugfix(72736); ?> (Slow performance when fetching large dataset with mysqli / PDO).</li>
8739  <li><?php bugfix(72978); ?> (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)</li>
8740</ul></li>
8741<li>Calendar:
8742<ul>
8743  <li>(Fix integer overflows).</li>
8744</ul></li>
8745<li>Date:
8746<ul>
8747  <li><?php bugfix(69587); ?> (DateInterval properties and isset).</li>
8748</ul></li>
8749<li>DTrace:
8750<ul>
8751  <li>Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.</li>
8752</ul></li>
8753<li>JSON:
8754<ul>
8755  <li><?php bugfix(73526); ?> (php_json_encode depth issue).</li>
8756</ul></li>
8757<li>Mysqlnd:
8758<ul>
8759  <li><?php bugfix(64526); ?> (Add missing mysqlnd.* parameters to php.ini-*).</li>
8760</ul></li>
8761<li>ODBC:
8762<ul>
8763  <li><?php bugfix(73448); ?> (odbc_errormsg returns trash, always 513 bytes).</li>
8764</ul></li>
8765<li>Opcache:
8766<ul>
8767  <li><?php bugfix(69090); ?> (check cached files permissions).</li>
8768  <li><?php bugfix(73546); ?> (Logging for opcache has an empty file name).</li>
8769</ul></li>
8770<li>PCRE:
8771<ul>
8772  <li><?php bugfix(73483); ?> (Segmentation fault on pcre_replace_callback).</li>
8773  <li><?php bugfix(73392); ?> (A use-after-free in zend allocator management).</li>
8774</ul></li>
8775<li>PDO_Firebird:
8776<ul>
8777  <li><?php bugfix(73087); ?>, <?php bugl(61183) ?>, <?php bugl(71494) ?> (Memory corruption in bindParam).</li>
8778</ul></li>
8779<li>Phar:
8780<ul>
8781  <li><?php bugfix(73580); ?> (Phar::isValidPharFilename illegal memory access).</li>
8782</ul></li>
8783<li>Postgres:
8784<ul>
8785  <li><?php bugfix(73498); ?> (Incorrect SQL generated for pg_copy_to()).</li>
8786</ul></li>
8787<li>Soap:
8788<ul>
8789  <li><?php bugfix(73538); ?> (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).</li>
8790  <li><?php bugfix(73452); ?> (Segfault (Regression for <?php bugl(69152) ?>)).</li>
8791</ul></li>
8792<li>SPL:
8793<ul>
8794  <li><?php bugfix(73423); ?> (Reproducible crash with GDB backtrace).</li>
8795</ul></li>
8796<li>SQLite3:
8797<ul>
8798  <li><?php bugfix(73530); ?> (Unsetting result set may reset other result set).</li>
8799</ul></li>
8800<li>Standard:
8801<ul>
8802  <li><?php bugfix(73297); ?> (HTTP stream wrapper should ignore HTTP 100 Continue).</li>
8803  <li><?php bugfix(73645); ?> (version_compare illegal write access).</li>
8804</ul></li>
8805<li>Wddx:
8806<ul>
8807  <li><?php bugfix(73631); ?> (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)</li>
8808</ul></li>
8809<li>XML:
8810<ul>
8811  <li><?php bugfix(72135); ?> (malformed XML causes fault).</li>
8812</ul></li>
8813</ul>
8814<!-- }}} --></section>
8815
8816<section class="version" id="7.0.13"><!-- {{{ 7.0.13 -->
8817<h3>Version 7.0.13</h3>
8818<b><?php release_date('10-Nov-2016'); ?></b>
8819<ul><li>Core:
8820<ul>
8821  <li><?php bugfix(73350); ?> (Exception::__toString() cause circular references).</li>
8822  <li><?php bugfix(73181); ?> (parse_str() without a second argument leads to crash).</li>
8823  <li><?php bugfix(66773); ?> (Autoload with Opcache allows importing conflicting class name to namespace).</li>
8824  <li><?php bugfix(66862); ?> ((Sub-)Namespaces unexpected behaviour).</li>
8825  <li>Fix pthreads detection when cross-compiling.</li>
8826  <li><?php bugfix(73337); ?> (try/catch not working with two exceptions inside a same operation).</li>
8827  <li><?php bugfix(73338); ?> (Exception thrown from error handler causes valgrind warnings (and crashes)).</li>
8828  <li><?php bugfix(73329); ?> ((Float)"Nano" == NAN).</li>
8829</ul></li>
8830<li>GD:
8831<ul>
8832  <li><?php bugfix(73213); ?> (Integer overflow in imageline() with antialiasing).</li>
8833  <li><?php bugfix(73272); ?> (imagescale() is not affected by, but affects imagesetinterpolation()).</li>
8834  <li><?php bugfix(73279); ?> (Integer overflow in gdImageScaleBilinearPalette()).</li>
8835  <li><?php bugfix(73280); ?> (Stack Buffer Overflow in GD dynamicGetbuf).</li>
8836  <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li>
8837  <li><?php bugfix(72696); ?> (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)</li>
8838</ul></li>
8839<li>IMAP:
8840<ul>
8841  <li><?php bugfix(73418); ?> (Integer Overflow in "_php_imap_mail" leads to crash).</li>
8842</ul></li>
8843<li>OCI8:
8844<ul>
8845  <li><?php bugfix(71148); ?> (Bind reference overwritten on PHP 7).</li>
8846</ul></li>
8847<li>phpdbg:
8848<ul>
8849  <li>Properly allow for stdin input from a file.</li>
8850  <li>Add -s command line option / stdin command for reading script from stdin.</li>
8851  <li>Ignore non-executable opcodes in line mode of phpdbg_end_oplog().</li>
8852  <li><?php bugfix(70776); ?> (Simple SIGINT does not have any effect with -rr).</li>
8853  <li><?php bugfix(71234); ?> (INI files are loaded even invoked as -n --version).</li>
8854</ul></li>
8855<li>Session:
8856<ul>
8857  <li><?php bugfix(73273); ?> (session_unset() empties values from all variables in which is $_session stored).</li>
8858</ul></li>
8859<li>SOAP:
8860<ul>
8861  <li><?php bugfix(73037); ?> (SoapServer reports Bad Request when gzipped).</li>
8862  <li><?php bugfix(73237); ?> (Nested object in "any" element overwrites other fields).</li>
8863  <li><?php bugfix(69137); ?> (Peer verification fails when using a proxy with SoapClient)</li>
8864</ul></li>
8865<li>SQLite3:
8866<ul>
8867  <li><?php bugfix(73333); ?> (2147483647 is fetched as string).</li>
8868</ul></li>
8869<li>Standard:
8870<ul>
8871  <li><?php bugfix(73203); ?> (passing additional_parameters causes mail to fail).</li>
8872  <li><?php bugfix(71241); ?> (array_replace_recursive sometimes mutates its parameters).</li>
8873  <li><?php bugfix(73192); ?> (parse_url return wrong hostname).</li>
8874</ul></li>
8875<li>Wddx:
8876<ul>
8877  <li><?php bugfix(73331); ?> (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)</li>
8878</ul></li>
8879</ul>
8880<!-- }}} --></section>
8881
8882<section class="version" id="7.0.12"><!-- {{{ 7.0.12 -->
8883<h3>Version 7.0.12</h3>
8884<?php release_date('13-Oct-2016'); ?>
8885<ul><li>Core:
8886<ul>
8887  <li><?php bugfix(73025); ?> (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).</li>
8888  <li><?php bugfix(72703); ?> (Out of bounds global memory read in BF_crypt triggered by password_verify).</li>
8889  <li><?php bugfix(73058); ?> (crypt broken when salt is 'too' long).</li>
8890  <li><?php bugfix(69579); ?> (Invalid free in extension trait).</li>
8891  <li><?php bugfix(73156); ?> (segfault on undefined function).</li>
8892  <li><?php bugfix(73163); ?> (PHP hangs if error handler throws while accessing undef const in default value).</li>
8893  <li><?php bugfix(73172); ?> (parse error: Invalid numeric literal).</li>
8894  <li><?php bugfix(73240); ?> (Write out of bounds at number_format).</li>
8895  <li><?php bugfix(73147); ?> (Use After Free in PHP7 unserialize()).</li>
8896  <li><?php bugfix(73189); ?> (Memcpy negative size parameter php_resolve_path).</li>
8897</ul></li>
8898<li>BCmath:
8899<ul>
8900<li><?php bugfix(73190); ?> (memcpy negative parameter _bc_new_num_ex).</li>
8901</ul></li>
8902<li>COM:
8903<ul>
8904  <li><?php bugfix(73126); ?> (Cannot pass parameter 1 by reference).</li>
8905</ul></li>
8906<li>Date:
8907<ul>
8908  <li><?php bugfix(73091); ?> (Unserializing DateInterval object may lead to __toString invocation).</li>
8909</ul></li>
8910<li>DOM:
8911<ul>
8912  <li><?php bugfix(73150); ?> (missing NULL check in dom_document_save_html).</li>
8913</ul></li>
8914<li>Filter:
8915<ul>
8916  <li><?php bugfix(72972); ?> (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).</li>
8917  <li><?php bugfix(73054); ?> (default option ignored when object passed to int filter).</li>
8918</ul></li>
8919<li>GD:
8920<ul>
8921  <li><?php bugfix(67325); ?> (imagetruecolortopalette: white is duplicated in palette).</li>
8922  <li><?php bugfix(50194); ?> (imagettftext broken on transparent background w/o alphablending).</li>
8923  <li><?php bugfix(73003); ?> (Integer Overflow in gdImageWebpCtx of gd_webp.c).</li>
8924  <li><?php bugfix(53504); ?> (imagettfbbox gives incorrect values for bounding box).</li>
8925  <li><?php bugfix(73157); ?> (imagegd2() ignores 3rd param if 4 are given).</li>
8926  <li><?php bugfix(73155); ?> (imagegd2() writes wrong chunk sizes on boundaries).</li>
8927  <li><?php bugfix(73159); ?> (imagegd2(): unrecognized formats may result in corrupted files).</li>
8928  <li><?php bugfix(73161); ?> (imagecreatefromgd2() may leak memory).</li>
8929</ul></li>
8930<li>Intl:
8931<ul>
8932  <li><?php bugfix(73218); ?> (add mitigation for ICU int overflow).</li>
8933</ul></li>
8934<li>Mbstring:
8935<ul>
8936  <li><?php bugfix(66797); ?> (mb_substr only takes 32-bit signed integer).</li>
8937  <li><?php bugfix(66964); ?> (mb_convert_variables() cannot detect recursion).</li>
8938  <li><?php bugfix(72992); ?> (mbstring.internal_encoding doesn't inherit default_charset).</li>
8939</ul></li>
8940<li>Mysqlnd:
8941<ul>
8942  <li><?php bugfix(72489); ?> (PHP Crashes When Modifying Array Containing MySQLi Result Data).</li>
8943</ul></li>
8944<li>Opcache:
8945<ul>
8946  <li><?php bugfix(72982); ?> (Memory leak in zend_accel_blacklist_update_regexp() function).</li>
8947</ul></li>
8948<li>OpenSSL:
8949<ul>
8950  <li><?php bugfix(73072); ?> (Invalid path SNI_server_certs causes segfault).</li>
8951  <li><?php bugfix(73276); ?> (crash in openssl_random_pseudo_bytes function).</li>
8952  <li><?php bugfix(73275); ?> (crash in openssl_encrypt function).</li>
8953</ul></li>
8954<li>PCRE:
8955<ul>
8956  <li><?php bugfix(73121); ?> (Bundled PCRE doesn't compile because JIT isn't supported on s390).</li>
8957  <li><?php bugfix(73174); ?> (heap overflow in php_pcre_replace_impl).</li>
8958</ul></li>
8959<li>PDO_DBlib:
8960<ul>
8961  <li><?php bugfix(72414); ?> (Never quote values as raw binary data).</li>
8962  <li>Allow \PDO::setAttribute() to set query timeouts.</li>
8963  <li>Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.</li>
8964  <li>Add common PDO test suite.</li>
8965  <li>Free error and message strings when cleaning up PDO instances.</li>
8966  <li><?php bugfix(67130); ?> (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).</li>
8967  <li>Ignore potentially misleading dberr values.</li>
8968</ul></li>
8969<li>phpdbg:
8970<ul>
8971  <li><?php bugfix(72996); ?> (phpdbg_prompt.c undefined reference to DL_LOAD).</li>
8972  <li>Fixed next command not stopping when leaving function.</li>
8973</ul></li>
8974<li>Session:
8975<ul>
8976  <li><?php bugfix(68015); ?> (Session does not report invalid uid for files save handler).</li>
8977  <li><?php bugfix(73100); ?> (session_destroy null dereference in ps_files_path_create).</li>
8978</ul></li>
8979<li>SimpleXML:
8980<ul>
8981  <li><?php bugfix(73293); ?> (NULL pointer dereference in SimpleXMLElement::asXML()).</li>
8982</ul></li>
8983<li>SOAP:
8984<ul>
8985  <li><?php bugfix(71711); ?> (Soap Server Member variables reference bug).</li>
8986  <li><?php bugfix(71996); ?> (Using references in arrays doesn't work like expected).</li>
8987</ul></li>
8988<li>SPL:
8989<ul>
8990<li><?php bugfix(73257); ?>, <?php bugfix(73258); ?> (SplObjectStorage unserialize allows use of non-object as key).</li>
8991</ul></li>
8992<li>SQLite3:
8993<ul>
8994  <li>Updated bundled SQLite3 to 3.14.2.</li>
8995</ul></li>
8996<li>Zip:
8997<ul>
8998  <li><?php bugfix(70752); ?> (Depacking with wrong password leaves 0 length files).</li>
8999</ul></li>
9000</ul>
9001<!-- }}} --></section>
9002
9003<section class="version" id="7.0.11"><!-- {{{ 7.0.11 -->
9004<h3>Version 7.0.11</h3>
9005<?php release_date('15-Sep-2016'); ?>
9006<ul><li>Core:
9007<ul>
9008  <li><?php bugfix(72944); ?> (Null pointer deref in zval_delref_p).</li>
9009  <li><?php bugfix(72943); ?> (assign_dim on string doesn't reset hval).</li>
9010  <li><?php bugfix(72911); ?> (Memleak in zend_binary_assign_op_obj_helper).</li>
9011  <li><?php bugfix(72813); ?> (Segfault with __get returned by ref).</li>
9012  <li><?php bugfix(72767); ?> (PHP Segfaults when trying to expand an infinite operator).</li>
9013  <li><?php bugfix(72854); ?> (PHP Crashes on duplicate destructor call).</li>
9014  <li><?php bugfix(72857); ?> (stream_socket_recvfrom read access violation).</li>
9015</ul></li>
9016<li>COM:
9017<ul>
9018  <li><?php bugfix(72922); ?> (COM called from PHP does not return out parameters).</li>
9019</ul></li>
9020<li>Dba:
9021<ul>
9022  <li><?php bugfix(70825); ?> (Cannot fetch multiple values with group in ini file).</li>
9023</ul></li>
9024<li>FTP:
9025<ul>
9026  <li><?php bugfix(70195); ?> (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).</li>
9027</ul></li>
9028<li>GD:
9029<ul>
9030  <li><?php bugfix(72709); ?> (imagesetstyle() causes OOB read for empty $styles).</li>
9031  <li><?php bugfix(66005); ?> (imagecopy does not support 1bit transparency on truecolor images).</li>
9032  <li><?php bugfix(72913); ?> (imagecopy() loses single-color transparency on palette images).</li>
9033  <li><?php bugfix(68716); ?> (possible resource leaks in _php_image_convert()).</li>
9034</ul></li>
9035<li>iconv:
9036<ul>
9037  <li><?php bugfix(72320); ?> (iconv_substr returns false for empty strings).</li>
9038</ul></li>
9039<li>IMAP:
9040<ul>
9041  <li><?php bugfix(72852); ?> (imap_mail null dereference).</li>
9042</ul></li>
9043<li>Intl:
9044<ul>
9045  <li><?php bugfix(65732); ?> (grapheme_*() is not Unicode compliant on CR LF sequence).</li>
9046  <li><?php bugfix(73007); ?> (add locale length check). (CVE-2016-7416)</li>
9047</ul></li>
9048<li>Mysqlnd:
9049<ul>
9050  <li><?php bugfix(72293); ?> (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)</li>
9051</ul></li>
9052<li>OCI8:
9053<ul>
9054  <li>Fixed invalid handle error with Implicit Result Sets.</li>
9055  <li><?php bugfix(72524); ?> (Binding null values triggers ORA-24816 error).</li>
9056</ul></li>
9057<li>Opcache:
9058<ul>
9059  <li><?php bugfix(72949); ?> (Typo in opcache error message).</li>
9060</ul></li>
9061<li>PDO:
9062<ul>
9063  <li><?php bugfix(72788); ?> (Invalid memory access when using persistent PDO connection).</li>
9064  <li><?php bugfix(72791); ?> (Memory leak in PDO persistent connection handling).</li>
9065  <li><?php bugfix(60665); ?> (call to empty() on NULL result using PDO::FETCH_LAZY returns false).</li>
9066</ul></li>
9067<li>PDO_DBlib:
9068<ul>
9069  <li>Implemented stringify 'uniqueidentifier' fields.</li>
9070</ul></li>
9071<li>PDO_pgsql:
9072<ul>
9073  <li><?php implemented(72633); ?> (Postgres PDO lastInsertId() should work without specifying a sequence).</li>
9074  <li><?php bugfix(72759); ?> (Regression in pgo_pgsql).</li>
9075</ul></li>
9076<li>Phar:
9077<ul>
9078  <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)</li>
9079  <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li>
9080</ul></li>
9081<li>Reflection:
9082<ul>
9083  <li><?php bugfix(72846); ?> (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN).</li>
9084</ul></li>
9085<li>Session:
9086<ul>
9087  <li><?php bugfix(72724); ?> (PHP7: session-uploadprogress kills httpd).</li>
9088  <li><?php bugfix(72940); ?> (SID always return "name=ID", even if session cookie exist).</li>
9089</ul></li>
9090<li>SimpleXML:
9091<ul>
9092  <li><?php bugfix(72971); ?> (SimpleXML isset/unset do not respect namespace).</li>
9093  <li><?php bugfix(72957); ?> (Null coalescing operator doesn't behave as expected with SimpleXMLElement).</li>
9094</ul></li>
9095<li>SPL:
9096<ul>
9097  <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray). (CVE-2016-7417)</li>
9098</ul></li>
9099<li>Standard:
9100<ul>
9101  <li><?php bugfix(55451); ?> (substr_compare NULL length interpreted as 0).</li>
9102  <li><?php bugfix(72278); ?> (getimagesize returning FALSE on valid jpg).</li>
9103  <li><?php bugfix(65550); ?> (get_browser() incorrectly parses entries with "+" sign).</li>
9104</ul></li>
9105<li>Streams:
9106<ul>
9107  <li><?php bugfix(72853); ?> (stream_set_blocking doesn't work).</li>
9108  <li><?php bugfix(72764); ?> (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).</li>
9109  <li><?php bugfix(71882); ?> (Negative ftruncate() on php://memory exhausts memory).</li>
9110</ul></li>
9111<li>SQLite3:
9112<ul>
9113<li>Downgraded bundled SQLite to 3.8.10.2, see <?php bugl(73068); ?></li>
9114</ul></li>
9115<li>Sysvshm:
9116<ul>
9117  <li><?php bugfix(72858); ?> (shm_attach null dereference).</li>
9118</ul></li>
9119<li>Wddx:
9120<ul>
9121  <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free). (CVE-2016-7413)</li>
9122  <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)</li>
9123</ul></li>
9124<li>XML:
9125<ul>
9126  <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li>
9127  <li><?php bugfix(72714); ?> (_xml_startElementHandler() segmentation fault).</li>
9128</ul></li>
9129<li>ZIP:
9130<ul>
9131  <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li>
9132</ul></li>
9133</ul>
9134<!-- }}} --></section>
9135
9136<section class="version" id="7.0.10"><!-- {{{ 7.0.10 -->
9137<h3>Version 7.0.10</h3>
9138<?php release_date('18-Aug-2016'); ?>
9139<ul><li>Core:
9140<ul>
9141  <li><?php bugfix(72629); ?> (Caught exception assignment to variables ignores references).</li>
9142  <li><?php bugfix(72594); ?> (Calling an earlier instance of an included anonymous class fatals).</li>
9143  <li><?php bugfix(72581); ?> (previous property undefined in Exception after deserialization).</li>
9144  <li><?php bugfix(72496); ?> (Cannot declare public method with signature incompatible with parent private method).</li>
9145  <li><?php bugfix(72024); ?> (microtime() leaks memory).</li>
9146  <li><?php bugfix(71911); ?> (Unable to set --enable-debug on building extensions by phpize on Windows).</li>
9147  <li>Fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from.</li>
9148  <li><?php implemented(72614); ?> (Support "nmake test" on building extensions by phpize).</li>
9149  <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li>
9150  <li>Fixed potential segfault in object storage freeing in shutdown sequence.</li>
9151  <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)</li>
9152  <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability). (CVE-2016-7125)</li>
9153  <li><?php bugfix(72683); ?> (getmxrr broken).</li>
9154  <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one). (CVE-2016-7133)</li>
9155</ul></li>
9156<li>Bz2:
9157<ul>
9158  <li><?php bugfix(72837); ?> (integer overflow in bzdecompress caused heap corruption).</li>
9159</ul></li>
9160<li>Calendar:
9161<ul>
9162  <li><?php bugfix(67976); ?> (cal_days_month() fails for final month of the French calendar).</li>
9163  <li><?php bugfix(71894); ?> (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).</li>
9164</ul></li>
9165<li>COM:
9166<ul>
9167  <li><?php bugfix(72569); ?> (DOTNET/COM array parameters broke in PHP7).</li>
9168</ul></li>
9169<li>CURL:
9170<ul>
9171  <li><?php bugfix(71709); ?> (curl_setopt segfault with empty CURLOPT_HTTPHEADER).</li>
9172  <li><?php bugfix(71929); ?> (CURLINFO_CERTINFO data parsing error).</li>
9173  <li><?php bugfix(72674); ?> (Heap overflow in curl_escape). (CVE-2016-7134)</li>
9174</ul></li>
9175<li>DOM:
9176<ul>
9177  <li><?php bugfix(66502); ?> (DOM document dangling reference).</li>
9178</ul></li>
9179<li>EXIF:
9180<ul>
9181  <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li>
9182  <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)</li>
9183</ul></li>
9184<li>Filter:
9185<ul>
9186  <li><?php bugfix(71745); ?> (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).</li>
9187</ul></li>
9188<li>FPM:
9189<ul>
9190  <li><?php bugfix(72575); ?> (using --allow-to-run-as-root should ignore missing user).</li>
9191</ul></li>
9192<li>GD:
9193<ul>
9194  <li><?php bugfix(72596); ?> (imagetypes function won't advertise WEBP support).</li>
9195  <li><?php bugfix(72604); ?> (imagearc() ignores thickness for full arcs).</li>
9196  <li><?php bugfix(70315); ?> (500 Server Error but page is fully rendered).</li>
9197  <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor in blendingmode).</li>
9198  <li><?php bugfix(66555); ?> (Always false condition in ext/gd/libgd/gdkanji.c).</li>
9199  <li><?php bugfix(68712); ?> (suspicious if-else statements).</li>
9200  <li><?php bugfix(72697); ?> (select_colors write out-of-bounds). (CVE-2016-7126)</li>
9201  <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)</li>
9202  <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access)</li>
9203</ul></li>
9204<li>Intl:
9205<ul>
9206  <li><?php bugfix(72639); ?> (Segfault when instantiating class that extends IntlCalendar and adds a property).</li>
9207  <li>Partially fixed <?php bugfix(72506); ?> (idn_to_ascii for UTS #46 incorrect for long domain names).</li>
9208</ul></li>
9209<li>mbstring:
9210<ul>
9211  <li><?php bugfix(72691); ?> (mb_ereg_search raises a warning if a match zero-width).</li>
9212  <li><?php bugfix(72693); ?> (mb_ereg_search increments search position when a match zero-width).</li>
9213  <li><?php bugfix(72694); ?> (mb_ereg_search_setpos does not accept a string's last position).</li>
9214  <li><?php bugfix(72710); ?> (`mb_ereg` causes buffer overflow on regexp compile error).</li>
9215</ul></li>
9216<li>Mcrypt:
9217<ul>
9218  <li><?php bugfix(72782); ?> (Heap Overflow due to integer overflows).</li>
9219</ul></li>
9220<li>Opcache:
9221<ul>
9222  <li><?php bugfix(72590); ?> (Opcache restart with kill_all_lockers does not work).</li>
9223</ul></li>
9224<li>PCRE:
9225<ul>
9226  <li><?php bugfix(72688); ?> (preg_match missing group names in matches).</li>
9227</ul></li>
9228<li>PDO_pgsql:
9229<ul>
9230  <li><?php bugfix(70313); ?> (PDO statement fails to throw exception).</li>
9231</ul></li>
9232<li>Reflection:
9233<ul>
9234  <li><?php bugfix(72222); ?> (ReflectionClass::export doesn't handle array constants).</li>
9235</ul></li>
9236<li>SimpleXML:
9237<ul>
9238  <li><?php bugfix(72588); ?> (Using global var doesn't work while accessing SimpleXML element).</li>
9239</ul></li>
9240<li>SNMP:
9241<ul>
9242  <li><?php bugfix(72708); ?> (php_snmp_parse_oid integer overflow in memory allocation).</li>
9243</ul></li>
9244<li>SPL:
9245<ul>
9246  <li><?php bugfix(55701); ?> (GlobIterator throws LogicException).</li>
9247  <li><?php bugfix(72646); ?> (SplFileObject::getCsvControl does not return the escape character).</li>
9248  <li><?php bugfix(72684); ?> (AppendIterator segfault with closed generator).</li>
9249</ul></li>
9250<li>SQLite3:
9251<ul>
9252  <li><?php bugfix(72668); ?> (Spurious warning when exception is thrown in user defined function).</li>
9253  <li><?php bugfix(72571); ?> (SQLite3::bindValue, SQLite3::bindParam crash).</li>
9254  <li><?php implemented(72653); ?> (SQLite should allow opening with empty filename).</li>
9255  <li>Updated to SQLite3 3.13.0.</li>
9256</ul></li>
9257<li>Standard:
9258<ul>
9259  <li><?php bugfix(72622); ?> (array_walk + array_replace_recursive create references from nothing).</li>
9260  <li><?php bugfix(72152); ?> (base64_decode $strict fails to detect null byte).</li>
9261  <li><?php bugfix(72263); ?> (base64_decode skips a character after padding in strict mode).</li>
9262  <li><?php bugfix(72264); ?> (base64_decode $strict fails with whitespace between padding).</li>
9263  <li><?php bugfix(72330); ?> (CSV fields incorrectly split if escape char followed by UTF chars).</li>
9264</ul></li>
9265<li>Streams:
9266<ul>
9267  <li><?php bugfix(41021); ?> (Problems with the ftps wrapper).</li>
9268  <li><?php bugfix(54431); ?> (opendir() does not work with ftps:// wrapper).</li>
9269  <li><?php bugfix(72667); ?> (opendir() with ftp:// attempts to open data stream for non-existent directories).</li>
9270  <li><?php bugfix(72771); ?> (ftps:// wrapper is vulnerable to protocol downgrade attack).</li>
9271</ul></li>
9272<li>XMLRPC:
9273<ul>
9274  <li><?php bugfix(72647); ?> (xmlrpc_encode() unexpected output after referencing array elements).</li>
9275</ul></li>
9276<li>Wddx:
9277<ul>
9278  <li><?php bugfix(72564); ?> (boolean always deserialized as "true").</li>
9279  <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li>
9280  <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access). (CVE-2016-7129)</li>
9281  <li><?php bugfix(72750); ?> (wddx_deserialize null dereference). (CVE-2016-7130)</li>
9282  <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)</li>
9283  <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)</li>
9284</ul></li>
9285<li>Zip:
9286<ul>
9287  <li><?php bugfix(72660); ?> (NULL Pointer dereference in zend_virtual_cwd).</li>
9288</ul></li>
9289</ul>
9290<!-- }}} --></section>
9291
9292<section class="version" id="7.0.9"><!-- {{{ 7.0.9 -->
9293<h3>Version 7.0.9</h3>
9294<?php release_date('21-Jul-2016'); ?>
9295<ul><li>Core:
9296<ul>
9297  <li><?php bugfix(72508); ?> (strange references after recursive function call and "switch" statement).</li>
9298  <li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)</li>
9299  <li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)</li>
9300</ul></li>
9301<li>bz2:
9302<ul>
9303  <li><?php bugfix(72613); ?> (Inadequate error handling in bzread()). (CVE-2016-5399)</li>
9304</ul></li>
9305<li>CLI:
9306<ul>
9307  <li><?php bugfix(72484); ?> (SCRIPT_FILENAME shows wrong path if the user specify router.php).</li>
9308</ul></li>
9309<li>COM:
9310<ul>
9311  <li><?php bugfix(72498); ?> (variant_date_from_timestamp null dereference).</li>
9312</ul></li>
9313<li>Curl:
9314<ul>
9315  <li><?php bugfix(72541); ?> (size_t overflow lead to heap corruption).</li>
9316</ul></li>
9317<li>Date:
9318<ul>
9319  <li><?php bugfix(66836); ?> (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).</li>
9320</ul></li>
9321<li>Exif:
9322<ul>
9323  <li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)</li>
9324  <li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)</li>
9325</ul></li>
9326<li>GD:
9327<ul>
9328  <li><?php bugfix(43475); ?> (Thick styled lines have scrambled patterns).</li>
9329  <li><?php bugfix(53640); ?> (XBM images require width to be multiple of 8).</li>
9330  <li><?php bugfix(64641); ?> (imagefilledpolygon doesn't draw horizontal line).</li>
9331  <li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li>
9332  <li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li>
9333  <li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)</li>
9334  <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li>
9335  <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access).</li>
9336</ul></li>
9337<li>Intl:
9338<ul>
9339
9340  <li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)</li>
9341</ul></li>
9342<li>Mbstring:
9343<ul>
9344  <li><?php bugfix(72405); ?> (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).</li>
9345  <li><?php bugfix(72399); ?> (Use-After-Free in MBString (search_re)).</li>
9346</ul></li>
9347<li>mcrypt:
9348<ul>
9349  <li><?php bugfix(72551); ?>, bug <?php bugl(72552) ?> (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).</li>
9350</ul></li>
9351<li>PDO_pgsql:
9352<ul>
9353  <li><?php bugfix(72570); ?> (Segmentation fault when binding parameters on a query without placeholders).</li>
9354</ul></li>
9355<li>PCRE:
9356<ul>
9357  <li><?php bugfix(72476); ?> (Memleak in jit_stack).</li>
9358  <li><?php bugfix(72463); ?> (mail fails with invalid argument).</li>
9359</ul></li>
9360<li>Readline:
9361<ul>
9362  <li><?php bugfix(72538); ?> (readline_redisplay crashes php).</li>
9363</ul></li>
9364<li>Standard:
9365<ul>
9366  <li><?php bugfix(72505); ?> (readfile() mangles files larger than 2G).</li>
9367  <li><?php bugfix(72306); ?> (Heap overflow through proc_open and $env parameter).</li>
9368</ul></li>
9369<li>Session:
9370<ul>
9371  <li><?php bugfix(72531); ?> (ps_files_cleanup_dir Buffer overflow).</li>
9372  <li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li>
9373</ul></li>
9374<li>SNMP:
9375<ul>
9376  <li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)</li>
9377</ul></li>
9378<li>Streams:
9379<ul>
9380  <li><?php bugfix(72439); ?> (Stream socket with remote address leads to a segmentation fault).</li>
9381</ul></li>
9382<li>XMLRPC:
9383<ul>
9384  <li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)</li>
9385</ul></li>
9386<li>Zip:
9387<ul>
9388  <li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)</li>
9389</ul></li>
9390</ul>
9391<!-- }}} --></section>
9392
9393<section class="version" id="7.0.8"><!-- {{{ 7.0.8 -->
9394<h3>Version 7.0.8</h3>
9395<?php release_date('23-Jun-2016'); ?>
9396<ul><li>Core:
9397<ul>
9398  <li><?php bugfix(72218); ?> (If host name cannot be resolved then PHP 7 crashes).</li>
9399  <li><?php bugfix(72221); ?> (segfault, past-the-end access).</li>
9400  <li><?php bugfix(72268); ?> (Integer Overflow in nl2br()).</li>
9401  <li><?php bugfix(72275); ?> (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).</li>
9402  <li><?php bugfix(72400); ?> (Integer Overflow in addcslashes/addslashes).</li>
9403  <li><?php bugfix(72403); ?> (Integer Overflow in Length of String-typed ZVAL).</li>
9404</ul></li>
9405<li>Date:
9406<ul>
9407  <li><?php bugfix(63740); ?> (strtotime seems to use both sunday and monday as start of week).</li>
9408</ul></li>
9409<li>FPM:
9410<ul>
9411  <li><?php bugfix(72308); ?> (fastcgi_finish_request and logging environment variables).</li>
9412</ul></li>
9413<li>GD:
9414<ul>
9415  <li><?php bugfix(72298); ?> (pass2_no_dither out-of-bounds access).</li>
9416  <li><?php bugfix(72337); ?> (invalid dimensions can lead to crash).</li>
9417  <li><?php bugfix(72339); ?> (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)</li>
9418  <li><?php bugfix(72407); ?> (NULL Pointer Dereference at _gdScaleVert).</li>
9419  <li><?php bugfix(72446); ?> (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)</li>
9420</ul></li>
9421<li>Intl:
9422<ul>
9423  <li><?php bugfix(70484); ?> (selectordinal doesn't work with named parameters).</li>
9424</ul></li>
9425<li>mbstring:
9426<ul>
9427  <li><?php bugfix(72402); ?> (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)</li>
9428</ul></li>
9429<li>mcrypt:
9430<ul>
9431  <li><?php bugfix(72455); ?> (Heap Overflow due to integer overflows). (CVE-2016-5769)</li>
9432</ul></li>
9433<li>OpenSSL:
9434<ul>
9435  <li><?php bugfix(72140); ?> (segfault after calling ERR_free_strings()).</li>
9436</ul></li>
9437<li>PCRE:
9438<ul>
9439  <li><?php bugfix(72143); ?> (preg_replace uses int instead of size_t).</li>
9440</ul></li>
9441<li>PDO_pgsql:
9442<ul>
9443  <li><?php bugfix(71573); ?> (Segfault (core dumped) if paramno beyond bound).</li>
9444  <li><?php bugfix(72294); ?> (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor).</li>
9445</ul></li>
9446<li>Phar:
9447<ul>
9448  <li><?php bugfix(72321); ?> (invalid free in phar_extract_file()). (CVE-2016-4473)</li>
9449</ul></li>
9450<li>Phpdbg:
9451<ul>
9452  <li><?php bugfix(72284); ?> (phpdbg fatal errors with coverage).</li>
9453</ul></li>
9454<li>Postgres:
9455<ul>
9456  <li><?php bugfix(72195); ?> (pg_pconnect/pg_connect cause use-after-free).</li>
9457  <li><?php bugfix(72197); ?> (pg_lo_create arbitrary read).</li>
9458</ul></li>
9459<li>Standard:
9460<ul>
9461  <li><?php bugfix(72017); ?> (range() with float step produces unexpected result).</li>
9462  <li><?php bugfix(72193); ?> (dns_get_record returns array containing elements of type 'unknown').</li>
9463  <li><?php bugfix(72229); ?> (Wrong reference when serialize/unserialize an object).</li>
9464  <li><?php bugfix(72300); ?> (ignore_user_abort(false) has no effect).</li>
9465</ul></li>
9466<li>WDDX:
9467<ul>
9468  <li><?php bugfix(72340); ?> (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)</li>
9469</ul></li>
9470<li>XML:
9471<ul>
9472  <li><?php bugfix(72206); ?> (xml_parser_create/xml_parser_free leaks mem).</li>
9473</ul></li>
9474<li>XMLRPC:
9475<ul>
9476  <li><?php bugfix(72155); ?> (use-after-free caused by get_zval_xmlrpc_type).</li>
9477</ul></li>
9478<li>Zip:
9479<ul>
9480  <li><?php bugfix(72258); ?> (ZipArchive converts filenames to unrecoverable form).</li>
9481  <li><?php bugfix(72434); ?> (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)</li>
9482</ul></li>
9483</ul>
9484<!-- }}} --></section>
9485
9486<section class="version" id="7.0.7"><!-- {{{ 7.0.7 -->
9487<h3>Version 7.0.7</h3>
9488<?php release_date('26-May-2016'); ?>
9489<ul><li>Core:
9490<ul>
9491  <li><?php bugfix(72162); ?> (use-after-free - error_reporting).</li>
9492  <li>Add compiler option to disable special case function calls.</li>
9493  <li><?php bugfix(72101); ?> (crash on complex code).</li>
9494  <li><?php bugfix(72100); ?> (implode() inserts garbage into resulting string when joins very big integer).</li>
9495  <li><?php bugfix(72057); ?> (PHP Hangs when using custom error handler and typehint).</li>
9496  <li><?php bugfix(72038); ?> (Function calls with values to a by-ref parameter don't always throw a notice).</li>
9497  <li><?php bugfix(71737); ?> (Memory leak in closure with parameter named $this).</li>
9498  <li><?php bugfix(72059); ?> (?? is not allowed on constant expressions).</li>
9499  <li><?php bugfix(72159); ?> (Imported Class Overrides Local Class Name).</li>
9500</ul></li>
9501<li>Curl:
9502<ul>
9503  <li><?php bugfix(68658); ?> (Define CURLE_SSL_CACERT_BADFILE).</li>
9504</ul></li>
9505<li>DBA:
9506<ul>
9507  <li><?php bugfix(72157); ?> (use-after-free caused by dba_open).</li>
9508</ul></li>
9509<li>GD:
9510<ul>
9511  <li><?php bugfix(72227); ?> (imagescale out-of-bounds read). (CVE-2013-7456)</li>
9512</ul></li>
9513<li>Intl:
9514<ul>
9515  <li><?php bugfix(64524); ?> (Add intl.use_exceptions to php.ini-*).</li>
9516  <li><?php bugfix(72241); ?> (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)</li>
9517</ul></li>
9518<li>JSON:
9519<ul>
9520  <li><?php bugfix(72069); ?> (Behavior \JsonSerializable different from json_encode).</li>
9521</ul></li>
9522<li>Mbstring:
9523<ul>
9524  <li><?php bugfix(72164); ?> (Null Pointer Dereference - mb_ereg_replace).</li>
9525</ul></li>
9526<li>OCI8:
9527<ul>
9528  <li><?php bugfix(71600); ?> (oci_fetch_all segfaults when selecting more than eight columns).</li>
9529</ul></li>
9530<li>Opcache:
9531<ul>
9532  <li><?php bugfix(72014); ?> (Including a file with anonymous classes multiple times leads to fatal error).</li>
9533</ul></li>
9534<li>OpenSSL:
9535<ul>
9536  <li><?php bugfix(72165); ?> (Null pointer dereference - openssl_csr_new).</li>
9537</ul></li>
9538<li>PCNTL:
9539<ul>
9540  <li><?php bugfix(72154); ?> (pcntl_wait/pcntl_waitpid array internal structure overwrite).</li>
9541</ul></li>
9542<li>POSIX:
9543<ul>
9544  <li><?php bugfix(72133); ?> (php_posix_group_to_array crashes if gr_passwd is NULL).</li>
9545</ul></li>
9546<li>Postgres:
9547<ul>
9548  <li><?php bugfix(72028); ?> (pg_query_params(): NULL converts to empty string).</li>
9549  <li><?php bugfix(71062); ?> (pg_convert() doesn't accept ISO 8601 for datatype timestamp).</li>
9550  <li><?php bugfix(72151); ?> (mysqli_fetch_object changed behaviour). Patch to <?php bugl(71820) ?> is reverted.</li>
9551</ul></li>
9552<li>Reflection:
9553<ul>
9554  <li><?php bugfix(72174); ?> (ReflectionProperty#getValue() causes __isset call).</li>
9555</ul></li>
9556<li>Session:
9557<ul>
9558  <li><?php bugfix(71972); ?> (Cyclic references causing session_start(): Failed to decode session object).</li>
9559</ul></li>
9560<li>Sockets:
9561<ul>
9562  <li>Added socket_export_stream() function for getting a stream compatible resource from a socket resource.</li>
9563</ul></li>
9564<li>SPL:
9565<ul>
9566  <li><?php bugfix(72051); ?> (The reference in CallbackFilterIterator doesn't work as expected).</li>
9567</ul></li>
9568<li>SQLite3:
9569<ul>
9570  <li><?php bugfix(68849); ?> (bindValue is not using the right data type).</li>
9571</ul></li>
9572<li>Standard:
9573<ul>
9574  <li><?php bugfix(72075); ?> (Referencing socket resources breaks stream_select).</li>
9575  <li><?php bugfix(72031); ?> (array_column() against an array of objects discards all values matching null).</li>
9576</ul></li>
9577</ul>
9578<!-- }}} --></section>
9579
9580<section class="version" id="7.0.6"><!-- {{{ 7.0.6 -->
9581<h3>Version 7.0.6</h3>
9582<?php release_date('28-Apr-2016'); ?>
9583<ul><li>Core:
9584<ul>
9585  <li><?php bugfix(71930); ?> (_zval_dtor_func: Assertion `(arr)-&gt;gc.refcount &lt;= 1' failed).</li>
9586  <li><?php bugfix(71922); ?> (Crash on assert(new class{})).</li>
9587  <li><?php bugfix(71914); ?> (Reference is lost in "switch").</li>
9588  <li><?php bugfix(71871); ?> (Interfaces allow final and abstract functions).</li>
9589  <li><?php bugfix(71859); ?> (zend_objects_store_call_destructors operates on realloced memory, crashing).</li>
9590  <li><?php bugfix(71841); ?> (EG(error_zval) is not handled well).</li>
9591  <li><?php bugfix(71750); ?> (Multiple Heap Overflows in php_raw_url_encode/ php_url_encode).</li>
9592  <li><?php bugfix(71731); ?> (Null coalescing operator and ArrayAccess).</li>
9593  <li><?php bugfix(71609); ?> (Segmentation fault on ZTS with gethostbyname).</li>
9594  <li><?php bugfix(71414); ?> (Inheritance, traits and interfaces).</li>
9595  <li><?php bugfix(71359); ?> (Null coalescing operator and magic).</li>
9596  <li><?php bugfix(71334); ?> (Cannot access array keys while uksort()).</li>
9597  <li><?php bugfix(69659); ?> (ArrayAccess, isset() and the offsetExists method).</li>
9598  <li><?php bugfix(69537); ?> (__debugInfo with empty string for key gives error).</li>
9599  <li><?php bugfix(62059); ?> (ArrayObject and isset are not friends).</li>
9600  <li><?php bugfix(71980); ?> (Decorated/Nested Generator is Uncloseable in Finally).</li>
9601</ul></li>
9602<li>BCmath:
9603<ul>
9604  <li><?php bugfix(72093); ?> (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)</li>
9605</ul></li>
9606<li>Curl:
9607<ul>
9608  <li><?php bugfix(71831); ?> (CURLOPT_NOPROXY applied as long instead of string).</li>
9609</ul></li>
9610<li>Date:
9611<ul>
9612  <li><?php bugfix(71889); ?> (DateInterval::format Segmentation fault).</li>
9613</ul></li>
9614<li>EXIF:
9615<ul>
9616  <li><?php bugfix(72094); ?> (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)</li>
9617</ul></li>
9618<li>GD:
9619<ul>
9620  <li><?php bugfix(71912); ?> (libgd: signedness vulnerability). (CVE-2016-3074)</li>
9621</ul></li>
9622<li>Intl:
9623<ul>
9624  <li><?php bugfix(71516); ?> (IntlDateFormatter looses locale if pattern is set via constructor).</li>
9625  <li><?php bugfix(70455); ?> (Missing constant: IntlChar::NO_NUMERIC_VALUE).</li>
9626  <li><?php bugfix(70451); ?>, <?php bugl(70452); ?> (Inconsistencies in return values of IntlChar methods).</li>
9627  <li><?php bugfix(68893); ?> (Stackoverflow in datefmt_create).</li>
9628  <li><?php bugfix(66289); ?> (Locale::lookup incorrectly returns en or en_US if locale is empty).</li>
9629  <li><?php bugfix(70484); ?> (selectordinal doesn't work with named parameters).</li>
9630  <li><?php bugfix(72061); ?> (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)</li>
9631</ul></li>
9632<li>ODBC:
9633<ul>
9634  <li><?php bugfix(63171); ?> (Script hangs after max_execution_time).</li>
9635</ul></li>
9636<li>Opcache:
9637<ul>
9638  <li><?php bugfix(71843); ?> (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).</li>
9639</ul></li>
9640<li>PDO:
9641<ul>
9642  <li><?php bugfix(52098); ?> (Own PDOStatement implementation ignore __call()).</li>
9643  <li><?php bugfix(71447); ?> (Quotes inside comments not properly handled).</li>
9644</ul></li>
9645<li>PDO_DBlib:
9646<ul>
9647  <li><?php bugfix(71943); ?> (dblib_handle_quoter needs to allocate an extra byte).</li>
9648  <li>Add DBLIB-specific attributes for controlling timeouts.</li>
9649</ul></li>
9650<li>PDO_pgsql:
9651<ul>
9652  <li><?php bugfix(62498); ?> (pdo_pgsql inefficient when getColumnMeta() is used).</li>
9653</ul></li>
9654<li>Postgres:
9655<ul>
9656  <li><?php bugfix(71820); ?> (pg_fetch_object binds parameters before call constructor).</li>
9657  <li><?php bugfix(71998); ?> (Function pg_insert does not insert when column type = inet).</li>
9658</ul></li>
9659<li>SOAP:
9660<ul>
9661  <li><?php bugfix(71986); ?> (Nested foreach assign-by-reference creates broken variables).</li>
9662</ul></li>
9663<li>SPL:
9664<ul>
9665  <li><?php bugfix(71838); ?> (Deserializing serialized SPLObjectStorage-Object can't access properties in PHP).</li>
9666  <li><?php bugfix(71735); ?> (Double-free in SplDoublyLinkedList::offsetSet).</li>
9667  <li><?php bugfix(67582); ?> (Cloned SplObjectStorage with overwritten getHash fails offsetExists()).</li>
9668  <li><?php bugfix(52339); ?> (SPL autoloader breaks class_exists()).</li>
9669</ul></li>
9670<li>Standard:
9671<ul>
9672  <li><?php bugfix(72116); ?> (array_fill optimization breaks implementation).</li>
9673  <li><?php bugfix(71995); ?> (Returning the same var twice from __sleep() produces broken serialized data).</li>
9674  <li><?php bugfix(71940); ?> (Unserialize crushes on restore object reference).</li>
9675  <li><?php bugfix(71969); ?> (str_replace returns an incorrect resulting array after a foreach by reference).</li>
9676  <li><?php bugfix(71891); ?> (header_register_callback() and register_shutdown_function()).</li>
9677  <li><?php bugfix(71884); ?> (Null pointer deref (segfault) in stream_context_get_default).</li>
9678  <li><?php bugfix(71840); ?> (Unserialize accepts wrongly data).</li>
9679  <li><?php bugfix(71837); ?> (Wrong arrays behaviour).</li>
9680  <li><?php bugfix(71827); ?> (substr_replace bug, string length).</li>
9681  <li><?php bugfix(67512); ?> (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined).</li>
9682</ul></li>
9683<li>XML:
9684<ul>
9685  <li><?php bugfix(72099); ?> (xml_parse_into_struct segmentation fault). (CVE-2016-4539)</li>
9686</ul></li>
9687<li>Zip:
9688<ul>
9689  <li><?php bugfix(71923); ?> (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078)</li>
9690</ul></li>
9691</ul>
9692<!-- }}} --></section>
9693
9694<section class="version" id="7.0.5"><!-- {{{ 7.0.5 -->
9695<h3>Version 7.0.5</h3>
9696<?php release_date('31-Mar-2016'); ?>
9697<ul><li>Core:
9698<ul>
9699  <li>Huge pages disabled by default.</li>
9700  <li>Added ability to enable huge pages in Zend Memory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1.</li>
9701  <li><?php bugfix(71756); ?> (Call-by-reference widens scope to uninvolved functions when used in switch).</li>
9702  <li><?php bugfix(71729); ?> (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod).</li>
9703  <li><?php bugfix(71695); ?> (Global variables are reserved before execution).</li>
9704  <li><?php bugfix(71629); ?> (Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397).</li>
9705  <li><?php bugfix(71622); ?> (Strings used in pass-as-reference cannot be used to invoke C::$callable()).</li>
9706  <li><?php bugfix(71596); ?> (Segmentation fault on ZTS with date function (setlocale)).</li>
9707  <li><?php bugfix(71535); ?> (Integer overflow in zend_mm_alloc_heap()).</li>
9708  <li><?php bugfix(71470); ?> (Leaked 1 hashtable iterators).</li>
9709  <li><?php bugfix(71575); ?> (ISO C does not allow extra &lsquo;;&rsquo; outside of a function).</li>
9710  <li><?php bugfix(71724); ?> (yield from does not count EOLs).</li>
9711  <li><?php bugfix(71767); ?> (ReflectionMethod::getDocComment returns the wrong comment).</li>
9712  <li><?php bugfix(71806); ?> (php_strip_whitespace() fails on some numerical values).</li>
9713  <li><?php bugfix(71624); ?> (`php -R` (PHP_MODE_PROCESS_STDIN) is broken).</li>
9714</ul></li>
9715<li>CLI Server:
9716<ul>
9717  <li><?php bugfix(69953); ?> (Support MKCALENDAR request method).</li>
9718</ul></li>
9719<li>Curl:
9720<ul>
9721  <li><?php bugfix(71694); ?> (Support constant CURLM_ADDED_ALREADY).</li>
9722</ul></li>
9723<li>Date:
9724<ul>
9725  <li><?php bugfix(71635); ?> (DatePeriod::getEndDate segfault).</li>
9726</ul></li>
9727<li>Fileinfo:
9728<ul>
9729  <li><?php bugfix(71527); ?> (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)</li>
9730</ul></li>
9731<li>libxml:
9732<ul>
9733  <li><?php bugfix(71536); ?> (Access Violation crashes php-cgi.exe).</li>
9734</ul></li>
9735<li>mbstring:
9736<ul>
9737  <li><?php bugfix(71906); ?> (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)</li>
9738</ul></li>
9739<li>ODBC:
9740<ul>
9741  <li><?php bugfix(47803); ?>, <?php bugl(69526); ?> (Executing prepared statements is succesfull only for the first two statements).</li>
9742</ul></li>
9743<li>PCRE:
9744<ul>
9745  <li><?php bugfix(71659); ?> (segmentation fault in pcre running twig tests).</li>
9746</ul></li>
9747<li>PDO_DBlib:
9748<ul>
9749  <li><?php bugfix(54648); ?> (PDO::MSSQL forces format of datetime fields).</li>
9750</ul></li>
9751<li>Phar:
9752<ul>
9753  <li><?php bugfix(71625); ?> (Crash in php7.dll with bad phar filename).</li>
9754  <li><?php bugfix(71317); ?> (PharData fails to open specific file).</li>
9755  <li><?php bugfix(71860); ?> (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072)</li>
9756</ul></li>
9757<li>phpdbg:
9758<ul>
9759  <li>Fixed crash when advancing (except step) inside an internal function.</li>
9760</ul></li>
9761<li>Session:
9762<ul>
9763  <li><?php bugfix(71683); ?> (Null pointer dereference in zend_hash_str_find_bucket).</li>
9764</ul></li>
9765<li>SNMP:
9766<ul>
9767  <li><?php bugfix(71704); ?> (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)</li>
9768</ul></li>
9769<li>SPL:
9770<ul>
9771  <li><?php bugfix(71617); ?> (private properties lost when unserializing ArrayObject).</li>
9772</ul></li>
9773<li>Standard:
9774<ul>
9775  <li><?php bugfix(71660); ?> (array_column behaves incorrectly after foreach by reference).</li>
9776  <li><?php bugfix(71798); ?> (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)</li>
9777</ul></li>
9778<li>Zip:
9779<ul>
9780  <li>Update bundled libzip to 1.1.2.</li>
9781</ul></li>
9782</ul>
9783<!-- }}} --></section>
9784
9785<section class="version" id="7.0.4"><!-- {{{ 7.0.4 -->
9786<h3>Version 7.0.4</h3>
9787<?php release_date('03-Mar-2016'); ?>
9788<ul><li>Core:
9789<ul>
9790  <li>Fixed bug (Low probability segfault in zend_arena).</li>
9791  <li><?php bugfix(71441); ?> (Typehinted Generator with return in try/finally crashes).</li>
9792  <li><?php bugfix(71442); ?> (forward_static_call crash).</li>
9793  <li><?php bugfix(71443); ?> (Segfault using built-in webserver with intl using symfony).</li>
9794  <li><?php bugfix(71449); ?> (An integer overflow bug in php_implode()).</li>
9795  <li><?php bugfix(71450); ?> (An integer overflow bug in php_str_to_str_ex()).</li>
9796  <li><?php bugfix(71474); ?> (Crash because of VM stack corruption on Magento2).</li>
9797  <li><?php bugfix(71485); ?> (Return typehint on internal func causes Fatal error when it throws exception).</li>
9798  <li><?php bugfix(71529); ?> (Variable references on array elements don't work when using count).</li>
9799  <li><?php bugfix(71601); ?> (finally block not executed after yield from).</li>
9800  <li><?php bugfix(71637); ?> (Multiple Heap Overflow due to integer overflows in xml/filter_url/addcslashes). (CVE-2016-4344, CVE-2016-4345, CVE-2016-4346)</li>
9801</ul></li>
9802<li>CLI server:
9803<ul>
9804  <li><?php bugfix(71559); ?> (Built-in HTTP server, we can download file in web by bug).</li>
9805</ul></li>
9806<li>CURL:
9807<ul>
9808  <li><?php bugfix(71523); ?> (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec).</li>
9809  <li>Fixed memory leak in curl_getinfo().</li>
9810</ul></li>
9811<li>Date:
9812<ul>
9813  <li><?php bugfix(71525); ?> (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues).</li>
9814</ul></li>
9815<li>Fileinfo:
9816<ul>
9817  <li><?php bugfix(71434); ?> (finfo throws notice for specific python file).</li>
9818</ul></li>
9819<li>FPM:
9820<ul>
9821  <li><?php bugfix(62172); ?> (FPM not working with Apache httpd 2.4 balancer/fcgi setup).</li>
9822  <li><?php bugfix(71269); ?> (php-fpm dumped core).</li>
9823</ul></li>
9824<li>Opcache:
9825<ul>
9826  <li><?php bugfix(71584); ?> (Possible use-after-free of ZCG(cwd) in Zend Opcache).</li>
9827</ul></li>
9828<li>PCRE:
9829<ul>
9830  <li><?php bugfix(71537); ?> (PCRE segfault from Opcache).</li>
9831</ul></li>
9832<li>phpdbg:
9833<ul>
9834  <li>Fixed inherited functions from unspecified files being included in phpdbg_get_executable().</li>
9835</ul></li>
9836<li>SOAP:
9837<ul>
9838  <li><?php bugfix(71610); ?> (Type Confusion Vulnerability - SOAP / make_http_soap_request()). (CVE-2016-3185)</li>
9839</ul></li>
9840<li>Standard:
9841<ul>
9842  <li><?php bugfix(71603); ?> (compact() maintains references in php7).</li>
9843  <li><?php bugfix(70720); ?> (strip_tags improper php code parsing).</li>
9844</ul></li>
9845<li>XMLRPC:
9846<ul>
9847  <li><?php bugfix(71501); ?> (xmlrpc_encode_request ignores encoding option).</li>
9848</ul></li>
9849<li>Zip:
9850<ul>
9851  <li><?php bugfix(71561); ?> (NULL pointer dereference in Zip::ExtractTo).</li>
9852</ul></li>
9853</ul>
9854<!-- }}} --></section>
9855
9856<section class="version" id="7.0.3"><!-- {{{ 7.0.3 -->
9857<h3>Version 7.0.3</h3>
9858<?php release_date('04-Feb-2016'); ?>
9859<ul><li>Core:
9860<ul>
9861  <li>Added support for new HTTP 451 code.</li>
9862  <li><?php bugfix(71039); ?> (exec functions ignore length but look for NULL termination).</li>
9863  <li><?php bugfix(71089); ?> (No check to duplicate zend_extension).</li>
9864  <li><?php bugfix(71201); ?> (round() segfault on 64-bit builds).</li>
9865  <li><?php bugfix(71221); ?> (Null pointer deref (segfault) in get_defined_vars via ob_start).</li>
9866  <li><?php bugfix(71248); ?> (Wrong interface is enforced).</li>
9867  <li><?php bugfix(71273); ?> (A wrong ext directory setup in php.ini leads to crash).</li>
9868  <li><?php bugfix(71275); ?> (Bad method called on cloning an object having a trait).</li>
9869  <li><?php bugfix(71297); ?> (Memory leak with consecutive yield from).</li>
9870  <li><?php bugfix(71300); ?> (Segfault in zend_fetch_string_offset).</li>
9871  <li><?php bugfix(71314); ?> (var_export(INF) prints INF.0).</li>
9872  <li><?php bugfix(71323); ?> (Output of stream_get_meta_data can be falsified by its input).</li>
9873  <li><?php bugfix(71336); ?> (Wrong is_ref on properties as exposed via get_object_vars()).</li>
9874  <li><?php bugfix(71459); ?> (Integer overflow in iptcembed()).</li>
9875</ul></li>
9876<li>Apache2handler:
9877<ul>
9878  <li>Fix &gt;2G Content-Length headers in apache2handler.</li>
9879</ul></li>
9880<li>CURL:
9881<ul>
9882  <li><?php bugfix(71227); ?> (Can't compile php_curl statically).</li>
9883  <li><?php bugfix(71225); ?> (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile).</li>
9884</ul></li>
9885<li>GD:
9886<ul>
9887  <li>Improved fix for bug <?php bugl(70976) ?>.</li>
9888</ul></li>
9889<li>Interbase:
9890<ul>
9891  <li><?php bugfix(71305); ?> (Crash when optional resource is omitted).</li>
9892</ul></li>
9893<li>LDAP:
9894<ul>
9895  <li><?php bugfix(71249); ?> (ldap_mod_replace/ldap_mod_add store value as string "Array").</li>
9896</ul></li>
9897<li>mbstring:
9898<ul>
9899  <li><?php bugfix(71397); ?> (mb_send_mail segmentation fault).</li>
9900</ul></li>
9901<li>OpenSSL:
9902<ul>
9903  <li><?php bugfix(71475); ?> (openssl_seal() uninitialized memory usage).</li>
9904</ul></li>
9905<li>PCRE:
9906<ul>
9907  <li>Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li>
9908</ul></li>
9909<li>Phar:
9910<ul>
9911  <li><?php bugfix(71354); ?> (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)</li>
9912  <li><?php bugfix(71331); ?> (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)</li>
9913  <li><?php bugfix(71391); ?> (NULL Pointer Dereference in phar_tar_setupmetadata()).</li>
9914  <li><?php bugfix(71488); ?> (Stack overflow when decompressing tar archives). (CVE-2016-2554)</li>
9915</ul></li>
9916<li>SOAP:
9917<ul>
9918  <li><?php bugfix(70979); ?> (crash with bad soap request).</li>
9919</ul></li>
9920<li>SPL:
9921<ul>
9922  <li><?php bugfix(71204); ?> (segfault if clean spl_autoload_funcs while autoloading).</li>
9923  <li><?php bugfix(71202); ?> (Autoload function registered by another not activated immediately).</li>
9924  <li><?php bugfix(71311); ?> (Use-after-free vulnerability in SPL(ArrayObject, unserialize)).</li>
9925  <li><?php bugfix(71313); ?> (Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)).</li>
9926</ul></li>
9927<li>Standard:
9928<ul>
9929  <li><?php bugfix(71287); ?> (Error message contains hexadecimal instead of decimal number).</li>
9930  <li><?php bugfix(71264); ?> (file_put_contents() returns unexpected value when filesystem runs full).</li>
9931  <li><?php bugfix(71245); ?> (file_get_contents() ignores "header" context option if it's a reference).</li>
9932  <li><?php bugfix(71220); ?> (Null pointer deref (segfault) in compact via ob_start).</li>
9933  <li><?php bugfix(71190); ?> (substr_replace converts integers in original $search array to strings).</li>
9934  <li><?php bugfix(71188); ?> (str_replace converts integers in original $search array to strings).</li>
9935  <li><?php bugfix(71132); ?>, <?php bugl(71197) ?> (range() segfaults).</li>
9936</ul></li>
9937<li>WDDX:
9938<ul>
9939  <li><?php bugfix(71335); ?> (Type Confusion in WDDX Packet Deserialization).</li>
9940</ul></li>
9941</ul>
9942<!-- }}} --></section>
9943
9944<section class="version" id="7.0.2"><!-- {{{ 7.0.2 -->
9945<h3>Version 7.0.2</h3>
9946<?php release_date('07-Jan-2016'); ?>
9947<ul><li>Core:
9948<ul>
9949  <li><?php bugfix(71165); ?> (-DGC_BENCH=1 doesn't work on PHP7).</li>
9950  <li><?php bugfix(71163); ?> (Segmentation Fault: cleanup_unfinished_calls).</li>
9951  <li><?php bugfix(71109); ?> (ZEND_MOD_CONFLICTS("xdebug") doesn't work).</li>
9952  <li><?php bugfix(71092); ?> (Segmentation fault with return type hinting).</li>
9953  <li>Fixed bug memleak in header_register_callback.</li>
9954  <li><?php bugfix(71067); ?> (Local object in class method stays in memory for each call).</li>
9955  <li><?php bugfix(66909); ?> (configure fails utf8_to_mutf7 test).</li>
9956  <li><?php bugfix(70781); ?> (Extension tests fail on dynamic ext dependency).</li>
9957  <li><?php bugfix(71089); ?> (No check to duplicate zend_extension).</li>
9958  <li><?php bugfix(71086); ?> (Invalid numeric literal parse error within highlight_string() function).</li>
9959  <li><?php bugfix(71154); ?> (Incorrect HT iterator invalidation causes iterator reuse).</li>
9960  <li><?php bugfix(52355); ?> (Negating zero does not produce negative zero).</li>
9961  <li><?php bugfix(66179); ?> (var_export() exports float as integer).</li>
9962  <li><?php bugfix(70804); ?> (Unary add on negative zero produces positive zero).</li>
9963</ul></li>
9964<li>CURL:
9965<ul>
9966  <li><?php bugfix(71144); ?> (Sementation fault when using cURL with ZTS).</li>
9967</ul></li>
9968<li>DBA:
9969<ul>
9970  <li>Fixed key leak with invalid resource.</li>
9971</ul></li>
9972<li>Filter:
9973<ul>
9974  <li><?php bugfix(71063); ?> (filter_input(INPUT_ENV, ..) does not work).</li>
9975</ul></li>
9976<li>FTP:
9977<ul>
9978  <li><?php implemented(55651); ?> (Option to ignore the returned FTP PASV address).</li>
9979</ul></li>
9980<li>FPM:
9981<ul>
9982  <li><?php bugfix(70755); ?> (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)</li>
9983</ul></li>
9984<li>GD:
9985<ul>
9986  <li><?php bugfix(70976); ?> (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)</li>
9987</ul></li>
9988<li>Mbstring:
9989<ul>
9990  <li><?php bugfix(71066); ?> (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault).</li>
9991</ul></li>
9992<li>Opcache:
9993<ul>
9994  <li><?php bugfix(71127); ?> (Define in auto_prepend_file is overwrite).</li>
9995</ul></li>
9996<li>PCRE:
9997<ul>
9998  <li><?php bugfix(71178); ?> (preg_replace with arrays creates [0] in replace array if not already set).</li>
9999</ul></li>
10000<li>Readline:
10001<ul>
10002  <li><?php bugfix(71094); ?> (readline_completion_function corrupts static array on second TAB).</li>
10003</ul></li>
10004<li>Session:
10005<ul>
10006  <li><?php bugfix(71122); ?> (Session GC may not remove obsolete session data).</li>
10007</ul></li>
10008<li>SPL:
10009<ul>
10010  <li><?php bugfix(71077); ?> (ReflectionMethod for ArrayObject constructor returns wrong number of parameters).</li>
10011  <li><?php bugfix(71153); ?> (Performance Degradation in ArrayIterator with large arrays).</li>
10012</ul></li>
10013<li>Standard:
10014<ul>
10015  <li><?php bugfix(71270); ?> (Heap BufferOver Flow in escapeshell functions). (CVE-2016-1904)</li>
10016</ul></li>
10017<li>WDDX:
10018<ul>
10019  <li><?php bugfix(70661); ?> (Use After Free Vulnerability in WDDX Packet Deserialization).</li>
10020  <li><?php bugfix(70741); ?> (Session WDDX Packet Deserialization Type Confusion Vulnerability).</li>
10021</ul></li>
10022<li>XMLRPC:
10023<ul>
10024  <li><?php bugfix(70728); ?> (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).</li>
10025</ul></li>
10026</ul>
10027<!-- }}} --></section>
10028
10029<section class="version" id="7.0.1"><!-- {{{ 7.0.1 -->
10030<h3>Version 7.0.1</h3>
10031<?php release_date('17-Dec-2015'); ?>
10032<ul><li>Core:
10033<ul>
10034  <li><?php bugfix(71105); ?> (Format String Vulnerability in Class Name Error Message). (CVE-2015-8617)</li>
10035  <li><?php bugfix(70831); ?> (Compile fails on system with 160 CPUs).</li>
10036  <li><?php bugfix(71006); ?> (symbol referencing errors on Sparc/Solaris).</li>
10037  <li><?php bugfix(70997); ?> (When using parentClass:: instead of parent::, static context changed).</li>
10038  <li><?php bugfix(70970); ?> (Segfault when combining error handler with output buffering).</li>
10039  <li><?php bugfix(70967); ?> (Weird error handling for __toString when Error is thrown).</li>
10040  <li><?php bugfix(70958); ?> (Invalid opcode while using ::class as trait method paramater default value).</li>
10041  <li><?php bugfix(70944); ?> (try{ } finally{} can create infinite chains of exceptions).</li>
10042  <li><?php bugfix(70931); ?> (Two errors messages are in conflict).</li>
10043  <li><?php bugfix(70904); ?> (yield from incorrectly marks valid generator as finished).</li>
10044  <li><?php bugfix(70899); ?> (buildconf failure in extensions).</li>
10045  <li><?php bugfix(61751); ?> (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions).</li>
10046  <li>Fixed \int (or generally every scalar type name with leading backslash) to not be accepted as type name.</li>
10047  <li>Fixed exception not being thrown immediately into a generator yielding from an array.</li>
10048  <li><?php bugfix(70987); ?> (static::class within Closure::call() causes segfault).</li>
10049  <li><?php bugfix(71013); ?> (Incorrect exception handler with yield from).</li>
10050  <li>Fixed double free in error condition of format printer.</li>
10051</ul></li>
10052<li>CLI server:
10053<ul>
10054  <li><?php bugfix(71005); ?> (Segfault in php_cli_server_dispatch_router()).</li>
10055</ul></li>
10056<li>Intl:
10057<ul>
10058  <li><?php bugfix(71020); ?> (Use after free in Collator::sortWithSortKeys). (CVE-2015-8616)</li>
10059</ul></li>
10060<li>Mysqlnd:
10061<ul>
10062  <li><?php bugfix(68077); ?> (LOAD DATA LOCAL INFILE / open_basedir restriction).</li>
10063  <li><?php bugfix(68344); ?> (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.</li>
10064</ul></li>
10065<li>OCI8:
10066<ul>
10067  <li>Fixed LOB implementation size_t/zend_long mismatch reported by gcov.</li>
10068</ul></li>
10069<li>Opcache:
10070<ul>
10071  <li><?php bugfix(71024); ?> (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server).</li>
10072  <li><?php bugfix(70991); ?> (zend_file_cache.c:710: error: array type has incomplete element type).</li>
10073  <li><?php bugfix(70977); ?> (Segmentation fault with opcache.huge_code_pages=1).</li>
10074</ul></li>
10075<li>PDO_Firebird:
10076<ul>
10077  <li><?php bugfix(60052); ?> (Integer returned as a 64bit integer on X64_86).</li>
10078</ul></li>
10079<li>Phpdbg:
10080<ul>
10081  <li>Fixed stderr being written to stdout.</li>
10082</ul></li>
10083<li>Reflection:
10084<ul>
10085  <li><?php bugfix(71018); ?> (ReflectionProperty::setValue() behavior changed).</li>
10086  <li><?php bugfix(70982); ?> (setStaticPropertyValue behaviors inconsistently with 5.6).</li>
10087</ul></li>
10088<li>Soap:
10089<ul>
10090  <li><?php bugfix(70993); ?> (Array key references break argument processing).</li>
10091</ul></li>
10092<li>SPL:
10093<ul>
10094  <li><?php bugfix(71028); ?> (Undefined index with ArrayIterator).</li>
10095</ul></li>
10096<li>SQLite3:
10097<ul>
10098  <li><?php bugfix(71049); ?> (SQLite3Stmt::execute() releases bound parameter instead of internal buffer).</li>
10099</ul></li>
10100<li>Standard:
10101<ul>
10102  <li><?php bugfix(70999); ?> (php_random_bytes: called object is not a function).</li>
10103  <li><?php bugfix(70960); ?> (ReflectionFunction for array_unique returns wrong number of parameters).</li>
10104</ul></li>
10105<li>Streams/Socket:
10106<ul>
10107  <li>Add IPV6_V6ONLY constant / make it usable in stream contexts.</li>
10108</ul></li>
10109</ul>
10110<!-- }}} --></section>
10111
10112<section class="version" id="7.0.0"><!-- {{{ 7.0.0 -->
10113<h3>Version 7.0.0</h3>
10114<?php release_date('03-Dec-2015'); ?>
10115<ul><li>Core:
10116<ul>
10117  <li><?php bugfix(70947); ?> (INI parser segfault with INI_SCANNER_TYPED).</li>
10118  <li><?php bugfix(70914); ?> (zend_throw_or_error() format string vulnerability).</li>
10119  <li><?php bugfix(70912); ?> (Null ptr dereference instantiating class with invalid array property).</li>
10120  <li><?php bugfix(70895); ?>, <?php bugl(70898); ?> (null ptr deref and segfault with crafted calable).</li>
10121  <li><?php bugfix(70249); ?> (Segmentation fault while running PHPUnit tests on phpBB 3.2-dev).</li>
10122  <li><?php bugfix(70805); ?> (Segmentation faults whilst running Drupal 8 test suite).</li>
10123  <li><?php bugfix(70842); ?> (Persistent Stream Segmentation Fault).</li>
10124  <li><?php bugfix(70862); ?> (Several functions do not check return code of php_stream_copy_to_mem()).</li>
10125  <li><?php bugfix(70863); ?> (Incorect logic to increment_function for proxy objects).</li>
10126  <li><?php bugfix(70323); ?> (Regression in zend_fetch_debug_backtrace() can cause segfaults).</li>
10127  <li><?php bugfix(70873); ?> (Regression on private static properties access).</li>
10128  <li><?php bugfix(70748); ?> (Segfault in ini_lex () at Zend/zend_ini_scanner.l).</li>
10129  <li><?php bugfix(70689); ?> (Exception handler does not work as expected).</li>
10130  <li><?php bugfix(70430); ?> (Stack buffer overflow in zend_language_parser()).</li>
10131  <li><?php bugfix(70782); ?> (null ptr deref and segfault (zend_get_class_fetch_type)).</li>
10132  <li><?php bugfix(70785); ?> (Infinite loop due to exception during identical comparison).</li>
10133  <li><?php bugfix(70630); ?> (Closure::call/bind() crash with ReflectionFunction-&gt; getClosure()).</li>
10134  <li><?php bugfix(70662); ?> (Duplicate array key via undefined index error handler).</li>
10135  <li><?php bugfix(70681); ?> (Segfault when binding $this of internal instance method to null).</li>
10136  <li><?php bugfix(70685); ?> (Segfault for getClosure() internal method rebind with invalid $this).</li>
10137  <li>Added zend_internal_function.reserved[] fields.</li>
10138  <li><?php bugfix(70557); ?> (Memleak on return type verifying failed).</li>
10139  <li><?php bugfix(70555); ?> (fun_get_arg() on unsetted vars return UNKNOW).</li>
10140  <li><?php bugfix(70548); ?> (Redundant information printed in case of uncaught engine exception).</li>
10141  <li><?php bugfix(70547); ?> (unsetting function variables corrupts backtrace).</li>
10142  <li><?php bugfix(70528); ?> (assert() with instanceof adds apostrophes around class name).</li>
10143  <li><?php bugfix(70481); ?> (Memory leak in auto_global_copy_ctor() in ZTS build).</li>
10144  <li><?php bugfix(70431); ?> (Memory leak in php_ini.c).</li>
10145  <li><?php bugfix(70478); ?> (**= does no longer work).</li>
10146  <li><?php bugfix(70398); ?> (SIGSEGV, Segmentation fault zend_ast_destroy_ex).</li>
10147  <li><?php bugfix(70332); ?> (Wrong behavior while returning reference on object).</li>
10148  <li><?php bugfix(70300); ?> (Syntactical inconsistency with new group use syntax).</li>
10149  <li><?php bugfix(70321); ?> (Magic getter breaks reference to array property).</li>
10150  <li><?php bugfix(70187); ?> (Notice: unserialize(): Unexpected end of serialized data).</li>
10151  <li><?php bugfix(70145); ?> (From field incorrectly parsed from headers).</li>
10152  <li><?php bugfix(70370); ?> (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions).</li>
10153  <li>Fixed bug causing exception traces with anon classes to be truncated.</li>
10154  <li><?php bugfix(70397); ?> (Segmentation fault when using Closure::call and yield).</li>
10155  <li><?php bugfix(70299); ?> (Memleak while assigning object offsetGet result).</li>
10156  <li><?php bugfix(70288); ?> (Apache crash related to ZEND_SEND_REF).</li>
10157  <li><?php bugfix(70262); ?> (Accessing array crashes PHP 7.0beta3).</li>
10158  <li><?php bugfix(70258); ?> (Segfault if do_resize fails to allocated memory).</li>
10159  <li><?php bugfix(70253); ?> (segfault at _efree () in zend_alloc.c:1389).</li>
10160  <li><?php bugfix(70240); ?> (Segfault when doing unset($var());).</li>
10161  <li><?php bugfix(70223); ?> (Incrementing value returned by magic getter).</li>
10162  <li><?php bugfix(70215); ?> (Segfault when __invoke is static).</li>
10163  <li><?php bugfix(70207); ?> (Finally is broken with opcache).</li>
10164  <li><?php bugfix(70173); ?> (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc).</li>
10165  <li><?php bugfix(69487); ?> (SAPI may truncate POST data).</li>
10166  <li><?php bugfix(70198); ?> (Checking liveness does not work as expected).</li>
10167  <li><?php bugfix(70241); ?>, <?php bugl(70293); ?> (Skipped assertions affect Generator returns).</li>
10168  <li><?php bugfix(70239); ?> (Creating a huge array doesn't result in exhausted, but segfault).</li>
10169  <li>Fixed "finally" issues.</li>
10170  <li><?php bugfix(70098); ?> (Real memory usage doesn't decrease).</li>
10171  <li><?php bugfix(70159); ?> (__CLASS__ is lost in closures).</li>
10172  <li><?php bugfix(70156); ?> (Segfault in zend_find_alias_name).</li>
10173  <li><?php bugfix(70124); ?> (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION).</li>
10174  <li><?php bugfix(70117); ?> (Unexpected return type error).</li>
10175  <li><?php bugfix(70106); ?> (Inheritance by anonymous class).</li>
10176  <li><?php bugfix(69674); ?> (SIGSEGV array.c:953).</li>
10177  <li><?php bugfix(70164); ?> (__COMPILER_HALT_OFFSET__ under namespace is not defined).</li>
10178  <li><?php bugfix(70108); ?> (sometimes empty $_SERVER['QUERY_STRING']).</li>
10179  <li><?php bugfix(70179); ?> ($this refcount issue).</li>
10180  <li><?php bugfix(69896); ?> ('asm' operand has impossible constraints).</li>
10181  <li><?php bugfix(70183); ?> (null pointer deref (segfault) in zend_eval_const_expr).</li>
10182  <li><?php bugfix(70182); ?> (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER).</li>
10183  <li><?php bugfix(69793); ?> (Remotely triggerable stack exhaustion via recursive method calls).</li>
10184  <li><?php bugfix(69892); ?> (Different arrays compare indentical due to integer key truncation).</li>
10185  <li><?php bugfix(70121); ?> (unserialize() could lead to unexpected methods execution / NULL pointer deref).</li>
10186  <li><?php bugfix(70089); ?> (segfault at ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER ()).</li>
10187  <li><?php bugfix(70057); ?> (Build failure on 32-bit Mac OS X 10.6.8: recursive inlining).</li>
10188  <li><?php bugfix(70012); ?> (Exception lost with nested finally block).</li>
10189  <li><?php bugfix(69996); ?> (Changing the property of a cloned object affects the original).</li>
10190  <li><?php bugfix(70083); ?> (Use after free with assign by ref to overloaded objects).</li>
10191  <li><?php bugfix(70006); ?> (cli - function with default arg = STDOUT crash output).</li>
10192  <li><?php bugfix(69521); ?> (Segfault in gc_collect_cycles()).</li>
10193  <li>Improved zend_string API.</li>
10194  <li><?php bugfix(69955); ?> (Segfault when trying to combine [] and assign-op on ArrayAccess object).</li>
10195  <li><?php bugfix(69957); ?> (Different ways of handling div/mod/intdiv).</li>
10196  <li><?php bugfix(69900); ?> (Too long timeout on pipes).</li>
10197  <li><?php bugfix(69872); ?> (uninitialised value in strtr with array).</li>
10198  <li><?php bugfix(69868); ?> (Invalid read of size 1 in zend_compile_short_circuiting).</li>
10199  <li><?php bugfix(69849); ?> (Broken output of apache_request_headers).</li>
10200  <li><?php bugfix(69840); ?> (iconv_substr() doesn't work with UTF-16BE).</li>
10201  <li><?php bugfix(69823); ?> (PHP 7.0.0alpha1 segmentation fault when exactly 33 extensions are loaded).</li>
10202  <li><?php bugfix(69805); ?> (null ptr deref and seg fault in zend_resolve_class_name).</li>
10203  <li><?php bugfix(69802); ?> (Reflection on Closure::__invoke borks type hint class name).</li>
10204  <li><?php bugfix(69761); ?> (Serialization of anonymous classes should be prevented).</li>
10205  <li><?php bugfix(69551); ?> (parse_ini_file() and parse_ini_string() segmentation fault).</li>
10206  <li><?php bugfix(69781); ?> (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business").</li>
10207  <li><?php bugfix(69835); ?> (phpinfo() does not report many Windows SKUs).</li>
10208  <li><?php bugfix(69889); ?> (Null coalesce operator doesn't work for string offsets).</li>
10209  <li><?php bugfix(69891); ?> (Unexpected array comparison result).</li>
10210  <li><?php bugfix(69892); ?> (Different arrays compare indentical due to integer key truncation).</li>
10211  <li><?php bugfix(69893); ?> (Strict comparison between integer and empty string keys crashes).</li>
10212  <li><?php bugfix(69767); ?> (Default parameter value with wrong type segfaults).</li>
10213  <li><?php bugfix(69756); ?> (Fatal error: Nesting level too deep - recursive dependency ? with ===).</li>
10214  <li><?php bugfix(69758); ?> (Item added to array not being removed by array_pop/shift ).</li>
10215  <li><?php bugfix(68475); ?> (Add support for $callable() sytnax with 'Class::method').</li>
10216  <li><?php bugfix(69485); ?> (Double free on zend_list_dtor).</li>
10217  <li><?php bugfix(69427); ?> (Segfault on magic method __call of private method in superclass).</li>
10218  <li>Improved __call() and __callStatic() magic method handling. Now they are called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without additional stack frame.</li>
10219  <li>Optimized strings concatenation.</li>
10220  <li>Fixed weird operators behavior. Division by zero now emits warning and returns +/-INF, modulo by zero and intdid() throws an exception, shifts by negative offset throw exceptions. Compile-time evaluation of division by zero is disabled.</li>
10221  <li><?php bugfix(69371); ?> (Hash table collision leads to inaccessible array keys).</li>
10222  <li><?php bugfix(68933); ?> (Invalid read of size 8 in zend_std_read_property).</li>
10223  <li><?php bugfix(68252); ?> (segfault in Zend/zend_hash.c in function _zend_hash_del_el).</li>
10224  <li><?php bugfix(65598); ?> (Closure executed via static autoload incorrectly marked as static).</li>
10225  <li><?php bugfix(66811); ?> (Cannot access static::class in lambda, writen outside of a class).</li>
10226  <li><?php bugfix(69568); ?> (call a private function in closure failed).</li>
10227  <li>Added PHP_INT_MIN constant.</li>
10228  <li>Added Closure::call() method.</li>
10229  <li><?php bugfix(67959); ?> (Segfault when calling phpversion('spl')).</li>
10230  <li>Implemented the RFC `Catchable "Call to a member function bar() on a non-object"`.</li>
10231  <li>Added options parameter for unserialize allowing to specify acceptable classes (https://wiki.php.net/rfc/secure_unserialize).</li>
10232  <li><?php bugfix(63734); ?> (Garbage collector can free zvals that are still referenced).</li>
10233  <li>Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class modifier.</li>
10234  <li>is_long() &amp; is_integer() is now an alias of is_int().</li>
10235  <li><?php implemented(55467); ?> (phpinfo: PHP Variables with $ and single quotes).</li>
10236  <li>Added ?? operator.</li>
10237  <li>Added &lt;=&gt; operator.</li>
10238  <li>Added \u{xxxxx} Unicode Codepoint Escape Syntax.</li>
10239  <li>Fixed oversight where define() did not support arrays yet const syntax did.</li>
10240  <li>Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages.</li>
10241  <li><?php implemented(55428); ?> (E_RECOVERABLE_ERROR when output buffering in output buffering handler).</li>
10242  <li>Removed scoped calls of non-static methods from an incompatible $this context.</li>
10243  <li>Removed support for #-style comments in ini files.</li>
10244  <li>Removed support for assigning the result of new by reference.</li>
10245  <li>Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31.</li>
10246  <li>Removed dl() function on fpm-fcgi.</li>
10247  <li>Removed support for hexadecimal numeric strings.</li>
10248  <li>Removed obsolete extensions and SAPIs. See the full list in UPGRADING.</li>
10249  <li>Added NULL byte protection to exec, system and passthru.</li>
10250  <li>Added error_clear_last() function.</li>
10251  <li><?php bugfix(68797); ?> (Number 2.2250738585072012e-308 converted incorrectly).</li>
10252  <li>Improved zend_qsort(using hybrid sorting algo) for better performance, and also renamed zend_qsort to zend_sort.</li>
10253  <li>Added stable sorting algo zend_insert_sort.</li>
10254  <li>Improved zend_memnchr(using sunday algo) for better performance.</li>
10255  <li>Implemented the RFC `Scalar Type Decalarations v0.5`.</li>
10256  <li>Implemented the RFC `Group Use Declarations`.</li>
10257  <li>Implemented the RFC `Continue Output Buffering`.</li>
10258  <li>Implemented the RFC `Constructor behaviour of internal classes`.</li>
10259  <li>Implemented the RFC `Fix "foreach" behavior`.</li>
10260  <li>Implemented the RFC `Generator Delegation`.</li>
10261  <li>Implemented the RFC `Anonymous Class Support`.</li>
10262  <li>Implemented the RFC `Context Sensitive Lexer`.</li>
10263  <li><?php bugfix(69511); ?> (Off-by-one buffer overflow in php_sys_readlink).</li>
10264</ul></li>
10265<li>CLI server:
10266<ul>
10267  <li><?php bugfix(68291); ?> (404 on urls with '+').</li>
10268  <li><?php bugfix(66606); ?> (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).</li>
10269  <li><?php bugfix(70264); ?> (CLI server directory traversal).</li>
10270  <li><?php bugfix(69655); ?> (php -S changes MKCALENDAR request method to MKCOL).</li>
10271  <li><?php bugfix(64878); ?> (304 responses return Content-Type header).</li>
10272  <li>Refactor MIME type handling to use a hash table instead of linear search.</li>
10273  <li>Update the MIME type list from the one shipped by Apache HTTPD.</li>
10274  <li>Added support for SEARCH WebDav method.</li>
10275</ul></li>
10276<li>COM:
10277<ul>
10278  <li><?php bugfix(69939); ?> (Casting object to bool returns false).</li>
10279</ul></li>
10280<li>Curl:
10281<ul>
10282  <li><?php bugfix(70330); ?> (Segmentation Fault with multiple "curl_copy_handle").</li>
10283  <li><?php bugfix(70163); ?> (curl_setopt_array() type confusion).</li>
10284  <li><?php bugfix(70065); ?> (curl_getinfo() returns corrupted values).</li>
10285  <li><?php bugfix(69831); ?> (Segmentation fault in curl_getinfo).</li>
10286  <li><?php bugfix(68937); ?> (Segfault in curl_multi_exec).</li>
10287  <li>Removed support for unsafe file uploads.</li>
10288</ul></li>
10289<li>Date:
10290<ul>
10291  <li><?php bugfix(70245); ?> (strtotime does not emit warning when 2nd parameter is object or string).</li>
10292  <li><?php bugfix(70266); ?> (DateInterval::__construct.interval_spec is not supposed to be optional).</li>
10293  <li><?php bugfix(70277); ?> (new DateTimeZone($foo) is ignoring text after null byte).</li>
10294  <li>Fixed day_of_week function as it could sometimes return negative values internally.</li>
10295  <li>Removed $is_dst parameter from mktime() and gmmktime().</li>
10296  <li>Removed date.timezone warning (https://wiki.php.net/rfc/date.timezone_warning_removal).</li>
10297  <li>Added "v" DateTime format modifier to get the 3-digit version of fraction of seconds.</li>
10298  <li><?php implemented(69089); ?> (Added DateTime::RFC3339_EXTENDED to output in RFC3339 Extended format which includes fraction of seconds).</li>
10299</ul></li>
10300<li>DBA:
10301<ul>
10302  <li><?php bugfix(62490); ?> (dba_delete returns true on missing item (inifile)).</li>
10303  <li><?php bugfix(68711); ?> (useless comparisons).</li>
10304</ul></li>
10305<li>DOM:
10306<ul>
10307  <li><?php bugfix(70558); ?> ("Couldn't fetch" error in DOMDocument::registerNodeClass()).</li>
10308  <li><?php bugfix(70001); ?> (Assigning to DOMNode::textContent does additional entity encoding).</li>
10309  <li><?php bugfix(69846); ?> (Segmenation fault (access violation) when iterating over DOMNodeList).</li>
10310  <li>Made DOMNode::textContent writeable.</li>
10311</ul></li>
10312<li>EXIF:
10313<ul>
10314  <li><?php bugfix(70385); ?> (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).</li>
10315</ul></li>
10316<li>Fileinfo:
10317<ul>
10318  <li><?php bugfix(66242); ?> (libmagic: don't assume char is signed).</li>
10319</ul></li>
10320<li>Filter:
10321<ul>
10322  <li>New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL.</li>
10323  <li><?php bugfix(67167);?> 	(Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE).</li>
10324</ul></li>
10325<li>FPM:
10326<ul>
10327  <li><?php bugfix(70538); ?> ("php-fpm -i" crashes).</li>
10328  <li><?php bugfix(70279); ?> (HTTP Authorization Header is sometimes passed to newer reqeusts).</li>
10329  <li><?php bugfix(68945); ?> (Unknown admin values segfault pools).</li>
10330  <li><?php bugfix(65933); ?> (Cannot specify config lines longer than 1024 bytes).</li>
10331  <li><?php implemented(67106); ?> (Split main fpm config).</li>
10332</ul></li>
10333<li>FTP:
10334<ul>
10335  <li><?php bugfix(69082); ?> (FTPS support on Windows).</li>
10336</ul></li>
10337<li>GD:
10338<ul>
10339  <li><?php bugfix(53156); ?> (imagerectangle problem with point ordering).</li>
10340  <li><?php bugfix(66387); ?> (Stack overflow with imagefilltoborder). (CVE-2015-8874)</li>
10341  <li><?php bugfix(70102); ?> (imagecreatefromwebm() shifts colors).</li>
10342  <li><?php bugfix(66590); ?> (imagewebp() doesn't pad to even length).</li>
10343  <li><?php bugfix(66882); ?> (imagerotate by -90 degrees truncates image by 1px).</li>
10344  <li><?php bugfix(70064); ?> (imagescale(..., IMG_BICUBIC) leaks memory).</li>
10345  <li><?php bugfix(69024); ?> (imagescale segfault with palette based image).</li>
10346  <li><?php bugfix(53154); ?> (Zero-height rectangle has whiskers).</li>
10347  <li><?php bugfix(67447); ?> (imagecrop() add a black line when cropping).</li>
10348  <li><?php bugfix(68714); ?> (copy 'n paste error).</li>
10349  <li><?php bugfix(66339); ?> (PHP segfaults in imagexbm).</li>
10350  <li><?php bugfix(70047); ?> (gd_info() doesn't report WebP support).</li>
10351  <li>Replace libvpx with libwebp for bundled libgd.</li>
10352  <li><?php bugfix(61221); ?> (imagegammacorrect function loses alpha channel).</li>
10353  <li>Made fontFetch's path parser thread-safe.</li>
10354  <li>Removed T1Lib support.</li>
10355</ul></li>
10356<li>GMP:
10357<ul>
10358  <li><?php bugfix(70284); ?> (Use after free vulnerability in unserialize() with GMP).</li>
10359</ul></li>
10360<li>hash:
10361<ul>
10362  <li><?php bugfix(70312); ?> (HAVAL gives wrong hashes in specific cases).</li>
10363</ul></li>
10364<li>IMAP:
10365<ul>
10366  <li><?php bugfix(70158); ?> (Building with static imap fails).</li>
10367  <li><?php bugfix(69998); ?> (curl multi leaking memory).</li>
10368</ul></li>
10369<li>Intl:
10370<ul>
10371  <li><?php bugfix(70453); ?> (IntlChar::foldCase() incorrect arguments and missing constants).</li>
10372  <li><?php bugfix(70454); ?> (IntlChar::forDigit second parameter should be optional).</li>
10373  <li>Removed deprecated aliases datefmt_set_timezone_id() and IntlDateFormatter::setTimeZoneID().</li>
10374</ul></li>
10375<li>JSON:
10376<ul>
10377  <li><?php bugfix(62010); ?> (json_decode produces invalid byte-sequences).</li>
10378  <li><?php bugfix(68546); ?> (json_decode() Fatal error: Cannot access property started with '\0').</li>
10379  <li>Replace non-free JSON parser with a parser from Jsond extension, fixes <?php bugl(63520); ?> (JSON extension includes a problematic license statement).</li>
10380  <li><?php bugfix(68938); ?> (json_decode() decodes empty string without error).</li>
10381</ul></li>
10382<li>LDAP:
10383<ul>
10384  <li><?php bugfix(47222); ?> (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE).</li>
10385</ul></li>
10386<li>LiteSpeed:
10387<ul>
10388  <li>Updated LiteSpeed SAPI code from V5.5 to V6.6.</li>
10389</ul></li>
10390<li>libxml:
10391<ul>
10392  <li>Fixed handling of big lines in error messages with libxml &gt;= 2.9.0.</li>
10393</ul></li>
10394<li>Mcrypt:
10395<ul>
10396  <li><?php bugfix(70625); ?> (mcrypt_encrypt() won't return data when no IV was specified under RC4).</li>
10397  <li><?php bugfix(69833); ?> (mcrypt fd caching not working).</li>
10398  <li>Fixed possible read after end of buffer and use after free.</li>
10399  <li>Removed mcrypt_generic_end() alias.</li>
10400  <li>Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb().</li>
10401</ul></li>
10402<li>Mysqli:
10403<ul>
10404  <li><?php bugfix(32490); ?> (constructor of mysqli has wrong name).</li>
10405</ul></li>
10406<li>Mysqlnd:
10407<ul>
10408  <li><?php bugfix(70949); ?> (SQL Result Sets With NULL Can Cause Fatal Memory Errors).</li>
10409  <li><?php bugfix(70384); ?> (mysqli_real_query():Unknown type 245 sent by the server).</li>
10410  <li><?php bugfix(70456); ?> (mysqlnd doesn't activate TCP keep-alive when connecting to a server).</li>
10411  <li><?php bugfix(70572); ?> segfault in mysqlnd_connect.</li>
10412  <li><?php bugfix(69796); ?> (mysqli_stmt::fetch doesn't assign null values to bound variables).</li>
10413</ul></li>
10414<li>OCI8:
10415<ul>
10416  <li>Fixed memory leak with LOBs.</li>
10417  <li><?php bugfix(68298); ?> (OCI int overflow).</li>
10418  <li>Corrected oci8 hash destructors to prevent segfaults, and a few other fixes.</li>
10419</ul></li>
10420<li>ODBC:
10421<ul>
10422  <li><?php bugfix(69975); ?> (PHP segfaults when accessing nvarchar(max) defined columns. (CVE-2015-8879)</li>
10423</ul></li>
10424<li>Opcache:
10425<ul>
10426  <li><?php bugfix(70656); ?> (require() statement broken after opcache_reset() or a few hours of use).</li>
10427  <li><?php bugfix(70843); ?> (Segmentation fault on MacOSX with opcache.file_cache_only=1).</li>
10428  <li><?php bugfix(70724); ?> (Undefined Symbols from opcache.so on Mac OS X 10.10).</li>
10429  <li>Fixed compatibility with Windows 10 (see also bug <?php bugl(70652); ?>).</li>
10430  <li>Attmpt to fix "Unable to reattach to base address" problem.</li>
10431  <li><?php bugfix(70423); ?> (Warning Internal error: wrong size calculation).</li>
10432  <li><?php bugfix(70237); ?> (Empty while and do-while segmentation fault with opcode on CLI enabled).</li>
10433  <li><?php bugfix(70111); ?> (Segfault when a function uses both an explicit return type and an explicit cast).</li>
10434  <li><?php bugfix(70058); ?> (Build fails when building for i386).</li>
10435  <li><?php bugfix(70022); ?> (Crash with opcache using opcache.file_cache_only=1).</li>
10436  <li>Removed opcache.load_comments configuration directive. Now doc comments loading costs nothing and always enabled.</li>
10437  <li><?php bugfix(69838); ?> (Wrong size calculation for function table).</li>
10438  <li><?php bugfix(69688); ?> (segfault with eval and opcache fast shutdown).</li>
10439  <li>Added experimental (disabled by default) file based opcode cache.</li>
10440  <li>Fixed bug with try blocks being removed when extended_info opcode generation is turned on.</li>
10441  <li><?php bugfix(68644); ?> (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache).</li>
10442</ul></li>
10443<li>OpenSSL:
10444<ul>
10445  <li>Require at least OpenSSL version 0.9.8.</li>
10446  <li><?php bugfix(68312); ?> (Lookup for openssl.cnf causes a message box).</li>
10447  <li><?php bugfix(55259); ?> (openssl extension does not get the DH parameters from DH key resource).</li>
10448  <li><?php bugfix(70395); ?> (Missing ARG_INFO for openssl_seal()).</li>
10449  <li><?php bugfix(60632); ?> (openssl_seal fails with AES).</li>
10450  <li><?php implemented(70438); ?> (Add IV parameter for openssl_seal and openssl_open).</li>
10451  <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)</li>
10452  <li><?php bugfix(69882); ?> (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert).</li>
10453  <li>Added "alpn_protocols" SSL context option allowing encrypted client/server streams to negotiate alternative protocols using the ALPN TLS extension when built against OpenSSL 1.0.2 or newer. Negotiated protocol information is accessible through stream_get_meta_data() output.</li>
10454  <li>Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic detection or the "peer_name" option instead.</li>
10455</ul></li>
10456<li>Pcntl:
10457<ul>
10458  <li><?php bugfix(70386); ?> (Can't compile on NetBSD because of missing WCONTINUED and WIFCONTINUED).</li>
10459  <li><?php bugfix(60509); ?> (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL).</li>
10460  <li><?php implemented(68505); ?> (Added wifcontinued and wcontinued).</li>
10461  <li>Added rusage support to pcntl_wait() and pcntl_waitpid().</li>
10462</ul></li>
10463<li>PCRE:
10464<ul>
10465  <li><?php bugfix(70232); ?> (Incorrect bump-along behavior with \K and empty string match).</li>
10466  <li><?php bugfix(70345); ?> (Multiple vulnerabilities related to PCRE functions).</li>
10467  <li><?php bugfix(70232); ?> (Incorrect bump-along behavior with \K and empty string match).</li>
10468  <li><?php bugfix(53823); ?> (preg_replace: * qualifier on unicode replace garbles the string).</li>
10469  <li><?php bugfix(69864); ?> (Segfault in preg_replace_callback).</li>
10470  <li>Removed support for the /e (PREG_REPLACE_EVAL) modifier.</li>
10471</ul></li>
10472<li>PDO:
10473<ul>
10474  <li><?php bugfix(70861); ?> (Segmentation fault in pdo_parse_params() during Drupal 8 test suite).</li>
10475  <li><?php bugfix(70389); ?> (PDO constructor changes unrelated variables).</li>
10476  <li><?php bugfix(70272); ?> (Segfault in pdo_mysql).</li>
10477  <li><?php bugfix(70221); ?> (persistent sqlite connection + custom function segfaults).</li>
10478  <li><?php bugfix(59450); ?> (./configure fails with "Cannot find php_pdo_driver.h").</li>
10479</ul></li>
10480<li>PDO_DBlib:
10481<ul>
10482  <li><?php bugfix(69757); ?> (Segmentation fault on nextRowset).</li>
10483</ul></li>
10484<li>PDO_mysql:
10485<ul>
10486  <li><?php bugfix(68424); ?> (Add new PDO mysql connection attr to control multi statements option).</li>
10487</ul></li>
10488<li>PDO_OCI:
10489<ul>
10490  <li><?php bugfix(70308); ?> (PDO::ATTR_PREFETCH is ignored).</li>
10491</ul></li>
10492<li>PDO_pgsql:
10493<ul>
10494  <li><?php bugfix(69752); ?> (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).</li>
10495  <li>Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of ATTR_EMULATE_PREPARES).</li>
10496</ul></li>
10497<li>Phar:
10498<ul>
10499  <li><?php bugfix(69720); ?> (Null pointer dereference in phar_get_fp_offset()).</li>
10500  <li><?php bugfix(70433); ?> (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").</li>
10501  <li>Improved fix for bug <?php bugl(69441); ?>.</li>
10502  <li><?php bugfix(70019); ?> (Files extracted from archive may be placed outside of destination directory).</li>
10503</ul></li>
10504<li>Phpdbg:
10505<ul>
10506  <li><?php bugfix(70614); ?> (incorrect exit code in -rr mode with Exceptions).</li>
10507  <li><?php bugfix(70532); ?> (phpdbg must respect set_exception_handler).</li>
10508  <li><?php bugfix(70531); ?> (Run and quit mode (-qrr) should not fallback to interactive mode).</li>
10509  <li><?php bugfix(70533); ?> (Help overview (-h) does not rpint anything under Windows).</li>
10510  <li><?php bugfix(70449); ?> (PHP won't compile on 10.4 and 10.5 because of missing constants).</li>
10511  <li><?php bugfix(70214); ?> (FASYNC not defined, needs sys/file.h include).</li>
10512  <li><?php bugfix(70138); ?> (Segfault when displaying memory leaks).</li>
10513</ul></li>
10514<li>Reflection:
10515<ul>
10516  <li><?php bugfix(70650); ?> (Wrong docblock assignment).</li>
10517  <li><?php bugfix(70674); ?> (ReflectionFunction::getClosure() leaks memory when used for internal functions).</li>
10518  <li>Fixed bug causing bogus traces for ReflectionGenerator::getTrace().</li>
10519  <li>Fixed inheritance chain of Reflector interface.</li>
10520  <li>Added ReflectionGenerator class.</li>
10521  <li>Added reflection support for return types and type declarations.</li>
10522</ul></li>
10523<li>Session:
10524<ul>
10525  <li><?php bugfix(70876); ?> (Segmentation fault when regenerating session id with strict mode).</li>
10526  <li><?php bugfix(70529); ?> (Session read causes "String is not zero-terminated" error).</li>
10527  <li><?php bugfix(70013); ?> (Reference to $_SESSION is lost after a call to session_regenerate_id()).</li>
10528  <li><?php bugfix(69952); ?> (Data integrity issues accessing superglobals by reference).</li>
10529  <li><?php bugfix(67694); ?> (Regression in session_regenerate_id()).</li>
10530  <li><?php bugfix(68941); ?> (mod_files.sh is a bash-script).</li>
10531</ul></li>
10532<li>SOAP:
10533<ul>
10534  <li><?php bugfix(70940); ?> (Segfault in soap / type_to_string).</li>
10535  <li><?php bugfix(70900); ?> (SoapClient systematic out of memory error).</li>
10536  <li><?php bugfix(70875); ?> (Segmentation fault if wsdl has no targetNamespace attribute).</li>
10537  <li><?php bugfix(70715); ?> (Segmentation fault inside soap client).</li>
10538  <li><?php bugfix(70709); ?> (SOAP Client generates Segfault).</li>
10539  <li><?php bugfix(70388); ?> (SOAP serialize_function_call() type confusion / RCE).</li>
10540  <li><?php bugfix(70081); ?> (SoapClient info leak / null pointer dereference via multiple type confusions).</li>
10541  <li><?php bugfix(70079); ?> (Segmentation fault after more than 100 SoapClient calls).</li>
10542  <li><?php bugfix(70032); ?> (make_http_soap_request calls zend_hash_get_current_key_ex(,,,NULL).</li>
10543  <li><?php bugfix(68361); ?> (Segmentation fault on SoapClient::__getTypes).</li>
10544</ul></li>
10545<li>SPL:
10546<ul>
10547  <li><?php bugfix(70959); ?> (ArrayObject unserialize does not restore protected fields).</li>
10548  <li><?php bugfix(70853); ?> (SplFixedArray throws exception when using ref variable as index).</li>
10549  <li><?php bugfix(70868); ?> (PCRE JIT and pattern reuse segfault).</li>
10550  <li><?php bugfix(70730); ?> (Incorrect ArrayObject serialization if unset is called in serialize()).</li>
10551  <li><?php bugfix(70573); ?> (Cloning SplPriorityQueue leads to memory leaks).</li>
10552  <li><?php bugfix(70303); ?> (Incorrect constructor reflection for ArrayObject).</li>
10553  <li><?php bugfix(70068); ?> (Dangling pointer in the unserialization of ArrayObject items).</li>
10554  <li><?php bugfix(70166); ?> (Use After Free Vulnerability in unserialize() with SPLArrayObject).</li>
10555  <li><?php bugfix(70168); ?> (Use After Free Vulnerability in unserialize() with SplObjectStorage).</li>
10556  <li><?php bugfix(70169); ?> (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).</li>
10557  <li><?php bugfix(70053); ?> (MutlitpleIterator array-keys incompatible change in PHP 7).</li>
10558  <li><?php bugfix(69970); ?> (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()).</li>
10559  <li><?php bugfix(69845); ?> (ArrayObject with ARRAY_AS_PROPS broken).</li>
10560  <li>Changed ArrayIterator implementation using zend_hash_iterator_... API. Allowed modification of iterated ArrayObject using the same behavior as proposed in `Fix "foreach" behavior`. Removed "Array was modified outside object and internal position is no longer valid" hack.</li>
10561  <li><?php implemented(67886); ?> (SplPriorityQueue/SplHeap doesn't expose extractFlags nor curruption state).</li>
10562  <li><?php bugfix(66405); ?> (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator).</li>
10563</ul></li>
10564<li>SQLite3:
10565<ul>
10566  <li><?php bugfix(70571); ?> (Memory leak in sqlite3_do_callback).</li>
10567  <li><?php bugfix(69972); ?> (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()).</li>
10568  <li><?php bugfix(69897); ?> (segfault when manually constructing SQLite3Result).</li>
10569  <li><?php bugfix(68260); ?> (SQLite3Result::fetchArray declares wrong required_num_args).</li>
10570</ul></li>
10571<li>Standard:
10572<ul>
10573  <li>Fixed count on symbol tables.</li>
10574  <li><?php bugfix(70963); ?> (Unserialize shows UNKNOWN in result).</li>
10575  <li><?php bugfix(70910); ?> (extract() breaks variable references).</li>
10576  <li><?php bugfix(70808); ?> (array_merge_recursive corrupts memory of unset items).</li>
10577  <li><?php bugfix(70667); ?> (strtr() causes invalid writes and a crashes).</li>
10578  <li><?php bugfix(70668); ?> (array_keys() doesn't respect references when $strict is true).</li>
10579  <li>Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`.</li>
10580  <li><?php bugfix(70487); ?> (pack('x') produces an error).</li>
10581  <li><?php bugfix(70342); ?> (changing configuration with ignore_user_abort(true) isn't working).</li>
10582  <li><?php bugfix(70295); ?> (Segmentation fault with setrawcookie).</li>
10583  <li><?php bugfix(67131); ?> (setcookie() conditional for empty values not met).</li>
10584  <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li>
10585  <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li>
10586  <li><?php bugfix(70250); ?> (extract() turns array elements to references).</li>
10587  <li><?php bugfix(70211); ?> (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free).</li>
10588  <li><?php bugfix(70208); ?> (Assert breaking access on objects).</li>
10589  <li><?php bugfix(70140); ?> (str_ireplace/php_string_tolower - Arbitrary Code Execution).</li>
10590  <li><?php implemented(70112); ?> (Allow "dirname" to go up various times).</li>
10591  <li><?php bugfix(36365); ?> (scandir duplicates file name at every 65535th file).</li>
10592  <li><?php bugfix(70096); ?> (Repeated iptcembed() adds superfluous FF bytes).</li>
10593  <li><?php bugfix(70018); ?> (exec does not strip all whitespace).</li>
10594  <li><?php bugfix(69983); ?> (get_browser fails with user agent of null).</li>
10595  <li><?php bugfix(69976); ?> (Unable to parse "all" urls with colon char).</li>
10596  <li><?php bugfix(69768); ?> (escapeshell*() doesn't cater to !).</li>
10597  <li><?php bugfix(62922); ?> (Truncating entire string should result in string).</li>
10598  <li><?php bugfix(69723); ?> (Passing parameters by reference and array_column).</li>
10599  <li><?php bugfix(69523); ?> (Cookie name cannot be empty).</li>
10600  <li><?php bugfix(69325); ?> (php_copy_file_ex does not pass the argument).</li>
10601  <li><?php bugfix(69299); ?> (Regression in array_filter's $flag argument in PHP 7).</li>
10602  <li>Removed call_user_method() and call_user_method_array() functions.</li>
10603  <li>Fixed user session handlers (See rfc:session.user.return-value).</li>
10604  <li>Added intdiv() function.</li>
10605  <li>Improved precision of log() function for base 2 and 10.</li>
10606  <li>Remove string category support in setlocale().</li>
10607  <li>Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime().</li>
10608  <li><?php bugfix(65272); ?> (flock() out parameter not set correctly in windows).</li>
10609  <li>Added preg_replace_callback_array function.</li>
10610  <li>Deprecated salt option to password_hash.</li>
10611  <li><?php bugfix(69686); ?> (password_verify reports back error on PHP7 will null string).</li>
10612  <li>Added Windows support for getrusage().</li>
10613  <li>Removed hardcoded limit on number of pipes in proc_open().</li>
10614</ul></li>
10615<li>Streams:
10616<ul>
10617  <li><?php bugfix(70361); ?> (HTTP stream wrapper doesn't close keep-alive connections).</li>
10618  <li><?php bugfix(68532); ?> (convert.base64-encode omits padding bytes).</li>
10619  <li>Removed set_socket_blocking() in favor of its alias stream_set_blocking().</li>
10620</ul></li>
10621<li>Tokenizer:
10622<ul>
10623  <li><?php bugfix(69430); ?> (token_get_all has new irrecoverable errors).</li>
10624</ul></li>
10625<li>XMLReader:
10626<ul>
10627  <li><?php bugfix(70309); ?> (XmlReader read generates extra output).</li>
10628</ul></li>
10629<li>XMLRPC:
10630<ul>
10631  <li><?php bugfix(70526); ?> (xmlrpc_set_type returns false on success).</li>
10632</ul></li>
10633<li>XSL:
10634<ul>
10635  <li><?php bugfix(70678); ?> (PHP7 returns true when false is expected).</li>
10636  <li><?php bugfix(70535); ?> (XSLT: free(): invalid pointer).</li>
10637  <li><?php bugfix(69782); ?> (NULL pointer dereference).</li>
10638  <li><?php bugfix(64776); ?> (The XSLT extension is not thread safe).</li>
10639  <li>Removed xsl.security_prefs ini option.</li>
10640</ul></li>
10641<li>Zlib:
10642<ul>
10643  <li>Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression.</li>
10644</ul></li>
10645<li>Zip:
10646<ul>
10647  <li><?php bugfix(70322); ?> (ZipArchive::close() doesn't indicate errors).</li>
10648  <li><?php bugfix(70350); ?> (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)</li>
10649  <li>Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex methods.</li>
10650  <li>Update bundled libzip to 1.0.1.</li>
10651  <li><?php bugfix(67161); ?> (ZipArchive::getStream() returns NULL for certain file).</li>
10652</ul></li>
10653</ul>
10654<!-- }}} --></section>
10655
10656<?php
10657changelog_footer(7, $MINOR_VERSIONS);
10658