PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.2.21 - Core: . Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot) - Curl: . Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos) - Opcache: . Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). (ilutov) - Sodium: . Fix memory leaks in ext/sodium on failure of some functions. (nielsdos) - SPL: . Fixed bug GH-14290 (Member access within null pointer in extension spl). (nielsdos) 06 Jun 2024, PHP 8.2.20 - CGI: . Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) - CLI: . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). (nielsdos) - Core: . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). (ilutov) . Fixed bug GH-14140 (Floating point bug in range operation on Apple Silicon hardware). (Derick, Saki) - DOM: . Fix crashes when entity declaration is removed while still having entity references. (nielsdos) . Fix references not handled correctly in C14N. (nielsdos) . Fix crash when calling childNodes next() when iterator is exhausted. (nielsdos) . Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. (nielsdos) - FFI: . Fixed bug GH-14215 (Cannot use FFI::load on CRLF header file with apache2handler). (nielsdos) - FPM: . Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). (Benjamin Cremer) - Hash: . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) - Intl: . Fixed build regression on systems without C++17 compilers. (Calvin Buckley, Peter Kokot) - Ini: . Fixed bug GH-14100 (Corrected spelling mistake in php.ini files). (Marcus Xavier) - MySQLnd: . Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). (Kamil Tekiela) - Opcache: . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). (ilutov) - XML: . Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). (nielsdos) - XMLReader: . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos) 09 May 2024, PHP 8.2.19 - Core: . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled). (Bob) . Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c). (nielsdos) . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations). (Kévin Dunglas) . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters). (ilutov) . Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Kokot) . Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly). (ranvis) . Fixed bug GH-13727 (Missing void keyword). (Peter Kokot) - Fibers: . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()). (nielsdos) - FPM: . Fixed bug GH-13563 (Setting bool values via env in FPM config fails). (Jakub Zelenka) - Intl: . Fixed build for icu 74 and onwards. (dunglas) - MySQLnd: . Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdos) - Opcache: . Fixed incorrect assumptions across compilation units for static calls. (ilutov) - OpenSSL: . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). (Jakub Zelenka) - PDO SQLite: . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi) . Fix GH-13998 (Manage refcount of agg_context->val correctly). (Saki Takamachi) - Phar: . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference). (nielsdos) . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c). (nielsdos) . Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17) - PHPDBG: . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame). (nielsdos) - Posix: . Fix usage of reentrant functions in ext/posix. (Arnaud) - Session: . Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c). (nielsdos) . Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts). (nielsdos, kamil-tekiela) . Fixed buffer _read/_write size limit on windows for the file mode. (David Carlier) - Streams: . Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument". (Damian Wójcik) . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure). (Jakub Zelenka) . Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos) . Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud) - Treewide: . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez) 11 Apr 2024, PHP 8.2.18 - Core: . Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) - DOM: . Add some missing ZPP checks. (nielsdos) . Fix potential memory leak in XPath evaluation results. (nielsdos) . Fix phpdoc for DOMDocument load methods. (VincentLanglet) - FPM . Fixed incorrect check in fpm_shm_free(). (nielsdos) - GD: . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) - Gettext: . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) - MySQLnd: . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) - Opcache: . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob) - PDO: . Fix various PDORow bugs. (Girgias) - Random: . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla) . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla) - Session: . Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos) - Sockets: . Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier) - SPL: . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos) . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos) - Standard: . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos) . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi) . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76) . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) - XML: . Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos) 14 Mar 2024, PHP 8.2.17 - Core: . Fix ZTS persistent resource crashes on shutdown. (nielsdos) - Curl: . Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh) - DOM: . Fix reference access in dimensions for DOMNodeList and DOMNodeMap. (nielsdos) - Fileinfo: . Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null), backport). (nielsdos) - FPM: . Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER). (Jakub Zelenka) - GD: . Fixed bug GH-12019 (detection of image formats in system gd library). (Michael Orlitzky) - MySQLnd: . Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi) - PGSQL: . Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute with null value passed by reference). (George Barbarosie) - Standard: . Fixed array key as hash to string (case insensitive) comparison typo for the second operand buffer size (albeit unused for now). (A. Slepykh) 15 Feb 2024, PHP 8.2.16 - Core: . Fixed timer leak in zend-max-execution-timers builds. (withinboredom) . Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus) . Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception). (nielsdos) . Fixed bug GH-13215 (GCC 14 build failure). (Remi) - Curl: . Fix missing error check in curl_multi_init(). (divinity76) - FPM: . Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path). (Jakub Zelenka) - GD: . Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path). (nielsdos) . Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90). (nielsdos) - MySQLnd: . Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes). (nielsdos) - Opcache: . Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on). (nielsdos) - OpenSSL: . Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier). - PDO_Firebird: . Fix GH-13119 (Changed to convert float and double values into strings using `H` format). (SakiTakamachi) - Phar: . Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos) . Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos) - Random: . Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines). (timwolla) - Session: . Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader). (nielsdos) - Streams: . Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail). (nielsdos) 18 Jan 2024, PHP 8.2.15 - Core: . Fixed bug GH-12953 (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements). (nielsdos) . Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings). (Peter Kokot) . Fixed bug GH-13727 (missing void keyword for C generate code for feature test). (Peter Kokot/David Carlier) - Cli: . Fix incorrect timeout in built-in web server when using router script and max_input_time. (ilutov) - FFI: . Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData). (Jakub Zelenka) . Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos) - GD: . Fixed GH-13082 undefined behavior with GdFont instances handling with imageload* and imagechar*. (David Carlier) - Intl: . Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale). (David Carlier) - Hash: . Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on strings >= 4GiB). (nielsdos) - ODBC: . Fix crash on Apache shutdown with persistent connections. (nielsdos) - Opcache: . Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result). (ilutov) . Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov) - OpenSSL: . Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error). (Jakub Zelenka) - PDO: . Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES). (SakiTakamachi) - PDO_ODBC: . Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()). (SakiTakamachi) - PGSQL: . Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier) . Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()). (nielsdos) - Phar: . Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos) - PHPDBG: . Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos) - SimpleXML: . Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash. (nielsdos) - Tidy: . Fixed bug GH-12980 (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes). (nielsdos) 21 Dec 2023, PHP 8.2.14 - Core: . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler). (ilutov) . Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend). (ilutov) . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt) . Fix various missing NULL checks. (nielsdos, dstogov) . Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call). (ilutov) - Date: . Fixed improbably integer overflow while parsing really large (or small) Unix timestamps. (Derick) - DOM: . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix). (nielsdos) - FPM: . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval). (Patrick Prasse) - FTP: . Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos) - Intl: . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos) - LibXML: . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303) . Fixed test failures for libxml2 2.12.0. (nielsdos) - MySQLnd: . Avoid using uninitialised struct. (mikhainin) . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code). (nielsdos) - Opcache: . Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error). (Girgias) . Fixed JIT bug (JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown). (Girgias) - OpenSSL: . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs). (Jakub Zelenka) - PCRE: . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos) - PDO PGSQL: . Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate) - PGSQL: . Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov) - PHPDBG: . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos) - SOAP: . Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted). (nielsdos) - SPL: . Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination with GlobIterator and no directory separator). (nielsdos) - SQLite3: . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0). (SakiTakamachi) - Standard: . Fix memory leak in syslog device handling. (danog) . Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost). (nielsdos) . Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array). (nielsdos) - Streams: . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault). (Jakub Zelenka) - Zip: . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior). (Remi) 23 Nov 2023, PHP 8.2.13 - Core: . Fixed double-free of non-interned enum case name. (ilutov) . Fixed bug GH-12457 (Incorrect result of stripos with single character needle). (SakiTakamachi) . Fixed bug GH-12468 (Double-free of doc_comment when overriding static property via trait). (ilutov) . Fixed segfault caused by weak references to FFI objects. (sj-i) . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas) . Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type if the class name starts with N). (kocsismate) - DOM: . Fix registerNodeClass with abstract class crashing. (nielsdos) . Add missing NULL pointer error check. (icy17) . Fix validation logic of php:function() callbacks. (nielsdos) - Fiber: . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi) - FPM: . Fixed bug GH-9921 (Loading ext in FPM config does not register module handlers). (Jakub Zelenka) . Fixed bug GH-12232 (FPM: segfault dynamically loading extension without opcache). (Jakub Zelenka) . Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES). (Jakub Zelenka) - Intl: . Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale. (David Carlier) - Opcache: . Added warning when JIT cannot be enabled. (danog) . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) - OpenSSL: . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). (Jakub Zelenka) - PCRE: . Fixed bug GH-11374 (Backport upstream fix, Different preg_match result with -d pcre.jit=0). (mvorisek) - SOAP: . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes). (nielsdos) . Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation Fault). (nielsdos) . Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos) . Fix incorrect uri check in SOAP caching. (nielsdos) . Fix segfault and assertion failure with refcounted props and arrays. (nielsdos) . Fix potential crash with an edge case of persistent encoders. (nielsdos) . Fixed bug #75306 (Memleak in SoapClient). (nielsdos) - Streams: . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers). (Jakub Zelenka) - XMLReader: . Add missing NULL pointer error check. (icy17) - XMLWriter: . Add missing NULL pointer error check. (icy17) - XSL: . Add missing module dependency. (nielsdos) . Fix validation logic of php:function() callbacks. (nielsdos) 26 Oct 2023, PHP 8.2.12 - Core: . Fixed bug GH-12207 (memory leak when class using trait with doc block). (rioderelfte) . Fixed bug GH-12215 (Module entry being overwritten causes type errors in ext/dom). (nielsdos) . Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky) . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos) - CLI: . Ensure a single Date header is present. (coppolafab) - CType: . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater). (nielsdos) - DOM: . Restore old namespace reconciliation behaviour. (nielsdos) . Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos) - Fileinfo: . Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise) - Filter: . Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov) - Hash: . Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext). (MaxSem) - Intl: . Fixed bug GH-12243 (segfault on IntlDateFormatter::construct). (David Carlier) . Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception on an invalid locale). (David Carlier) - MySQLnd: . Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line). (nielsdos) - Opcache: . Fixed opcache_invalidate() on deleted file. (mikhainin) . Fixed bug GH-12380 (JIT+private array property access inside closure accesses private property in child class). (nielsdos) - PCRE: . Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result). (nielsdos) - SimpleXML: . Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos) . Fixed bug GH-12223 (Entity reference produces infinite loop in var_dump/print_r). (nielsdos) . Fixed bug GH-12167 (Unable to get processing instruction contents in SimpleXML). (nielsdos) . Fixed bug GH-12169 (Unable to get comment contents in SimpleXML). (nielsdos) - Streams: . Fixed bug GH-12190 (binding ipv4 address with both address and port at 0). (David Carlier) - XML: . Fix return type of stub of xml_parse_into_struct(). (nielsdos) . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos) - XSL: . Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML. (nielsdos) 28 Sep 2023, PHP 8.2.11 - Core: . Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov) . Fixed bug GH-11790 (On riscv64 require libatomic if actually needed). (Jeremie Courreges-Anglas) . Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities. (Girgias) . Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures). (ilutov) . Fixed bug GH-12060 (Internal iterator rewind handler is called twice). (ju1ius) . Fixed bug GH-12102 (Incorrect compile error when using array access on TMP value in function call). (ilutov) - DOM: . Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos) - Iconv: . Fixed build for NetBSD which still uses the old iconv signature. (David Carlier) - Intl: . Fixed bug GH-12020 (intl_get_error_message() broken after MessageFormatter::formatMessage() fails). (Girgias) - MySQLnd: . Fixed bug GH-10270 (Invalid error message when connection via SSL fails: "trying to connect via (null)"). (Kamil Tekiela) - ODBC: . Fixed memory leak with failed SQLPrepare. (NattyNarwhal) . Fixed persistent procedural ODBC connections not getting closed. (NattyNarwhal) - SimpleXML: . Fixed bug #52751 (XPath processing-instruction() function is not supported). (nielsdos) - SPL: . Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18). (nielsdos) - SQLite3: . Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with a callable array). (nielsdos, arnaud-lb) 31 Aug 2023, PHP 8.2.10 - CLI: . Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1). (nielsdos) . Fixed bug GH-10964 (Improve man page about the built-in server). (Alexandre Daubois) - Date: . Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are passed in). (Derick) - Core: . Fixed strerror_r detection at configuration time. (Kévin Dunglas) . Fixed trait typed properties using a DNF type not being correctly bound. (Girgias) . Fixed trait property types not being arena allocated if copied from an internal trait. (Girgias) . Fixed deep copy of property DNF type during lazy class load. (Girgias, ilutov) . Fixed memory freeing of DNF types for non arena allocated types. (Girgias, ju1ius) - DOM: . Fix DOMEntity field getter bugs. (nielsdos) . Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS. (nielsdos) . Fix DOMCharacterData::replaceWith() with itself. (nielsdos) . Fix empty argument cases for DOMParentNode methods. (nielsdos) . Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone). (nielsdos) . Fix json_encode result on DOMDocument. (nielsdos) . Fix manually calling __construct() on DOM classes. (nielsdos) . Fixed bug GH-11830 (ParentNode methods should perform their checks upfront). (nielsdos) . Fix viable next sibling search for replaceWith. (nielsdos) . Fix segfault when DOMParentNode::prepend() is called when the child disappears. (nielsdos) - FFI: . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov) - Hash: . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. (ilutov) - MySQLnd: . Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL). (nielsdos) . Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters). (nielsdos, Kamil Tekiela) . Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault). (Yurunsoft) . Fixed invalid error message "Malformed packet" when connection is dropped. (Kamil Tekiela) - Opcache: . Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong). (nielsdos) . Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress. (mikhainin) - PCNTL: . Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22. (nielsdos) - SPL: . Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free). (nielsdos) - Standard: . Prevent int overflow on $decimals in number_format. (Marc Bennewitz) . Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro) 03 Aug 2023, PHP 8.2.9 - Build: . Fixed bug GH-11522 (PHP version check fails with '-' separator). (SVGAnimate) - CLI: . Fix interrupted CLI output causing the process to exit. (nielsdos) - Core: . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). (ilutov) . Fixed line number of JMP instruction over else block. (ilutov) . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) . Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov) . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - Curl: . Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos) - Date: . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick) . Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters). (Derick) . Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with extra space). (nielsdos, Derick) - DOM: . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos) - Fileinfo: . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol) - FTP: . Fix context option check for "overwrite". (JonasQuinten) . Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos) - GD: . Fix most of the external libgd test failures. (Michael Orlitzky) - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - Libxml: . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) - Opcache: . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos) . Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos) - PCNTL: . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos) - PDO: . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi) - PDO SQLite: . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias) - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) - Session: . Removed broken url support for transferring session ID. (ilutov) - Standard: . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - Streams: . Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself). (ilutov) - SQLite3: . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos) - XMLReader: . Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active). (Bob) 06 Jul 2023, PHP 8.2.8 - CLI: . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS). (James Lucas) - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - Curl: . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL). (nielsdos) - Date: . Fixed bug GH-11455 (Segmentation fault with custom object date properties). (nielsdos) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) . Fix return value in stub file for DOMNodeList::item. (divinity76) . Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS. (nielsdos) . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks. (nielsdos) . Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query). (nielsdos) . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces). (nielsdos) . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself). (nielsdos) . Fixed bug #77686 (Removed elements are still returned by getElementById). (nielsdos) . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()). (nielsdos) . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos) . Fix lifetime issue with getAttributeNodeNS(). (nielsdos) . Fix "invalid state error" with cloned namespace declarations. (nielsdos) . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues). (nielsdos) . Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked). (nielsdos) - OpenSSL: . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka). - PCRE: . Fix preg_replace_callback_array() pattern validation. (ilutov) - PGSQL: . Fixed intermittent segfault with pg_trace. (David Carlier) - Phar: . Fix cross-compilation check in phar generation for FreeBSD. (peter279k) - SPL: . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash). (nielsdos) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) - SQLite3: . Fixed bug GH-11451 (Invalid associative array containing duplicate keys). (nielsdos) 08 Jun 2023, PHP 8.2.7 - Core: . Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names). (ilutov) . Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos) . Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) . Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo) . Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob) - Date: . Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos) - Exif: . Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos) - FPM: . Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka) . Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka) . Fixed memory leak for invalid primary script file handle. (Jakub Zelenka) - Hash: . Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos) - LibXML: . Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos) - MBString: . Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding). (ilutov) - Opcache: . Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov) . Fixed too wide OR and AND range inference. (nielsdos) . Fixed missing class redeclaration error with OPcache enabled. (ilutov) . Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos) - PCNTL: . Fixed maximum argument count of pcntl_forkx(). (nielsdos) - PGSQL: . Fixed parameter parsing of pg_lo_export(). (kocsismate) - Phar: . Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done). (peter279k) - Soap: . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247) (nielsdos, timwolla) . Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos) - SPL: . Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) - Standard: . Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov) . Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos) - Streams: . Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos) . Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos) . Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos) 11 May 2023, PHP 8.2.6 - Core: . Fix inconsistent float negation in constant expressions. (ilutov) . Fixed bug GH-8841 (php-cli core dump calling a badly formed function). (nielsdos) . Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB) . Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos) . Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=). (ilutov) - Date: . Fixed bug where the diff() method would not return the right result around DST changeover for date/times associated with a timezone identifier. (Derick) . Fixed out-of-range bug when converting to/from around the LONG_MIN unix timestamp. (Derick) - DOM: . Fixed bug #80602 (Segfault when using DOMChildNode::before()). (Nathan Freeman) . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos) - Exif: . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index). (nielsdos) - Intl: . Fixed bug GH-11071 (TZData version not displayed anymore). (Remi) - PCRE: . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov) - Reflection: . Fixed bug GH-10983 (State-dependant segfault in ReflectionObject::getProperties). (nielsdos) - SPL: . Handle indirect zvals and use up-to-date properties in SplFixedArray::__serialize. (nielsdos) - Standard: . Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference). (nielsdos) . Fixed bug GH-9775 (Duplicates returned by array_unique when using enums). (ilutov) - Streams: . Fixed bug GH-10406 (feof() behavior change for UNIX based socket resources). (Jakub Zelenka) 13 Apr 2023, PHP 8.2.5 - Core: . Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas) . Fixed use-after-free in recursive AST evaluation. (ilutov) . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos) . Re-add some CTE functions that were removed from being CTE by a mistake. (mvorisek) . Remove CTE flag from array_diff_ukey(), which was added by mistake. (mvorisek) . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault). (nielsdos) . Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache). (nielsdos) . Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown). (nielsdos) . Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()). (ilutov) . Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov) - Date: . Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw). (Derick) - FPM: . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos) . Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos) . Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path). (Jakub Zelenka) - FTP: . Propagate success status of ftp_close(). (nielsdos) . Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB). (nielsdos) - IMAP: . Fix build failure with Clang 16. (orlitzky) - MySQLnd: . Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections). (nielsdos) - Opcache: . Fixed build for macOS to cater with pkg-config settings. (David Carlier) . Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context). (nielsdos) - OpenSSL: . Add missing error checks on file writing functions. (nielsdos) - PDO Firebird: . Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland). (nielsdos) - Phar: . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)). (nielsdos) . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit(). (nielsdos) - PDO ODBC: . Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos) - PGSQL: . Fixed typo in the array returned from pg_meta_data (extended mode). (David Carlier) - SPL: . Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman) . Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in PHP 8.2.4). (nielsdos) . Fixed bug GH-10844 (ArrayIterator allows modification of readonly props). (ilutov) - Standard: . Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov) . Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)). (nielsdos) . Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure). (ilutov) . Fixed undefined behaviour in unpack(). (nielsdos) 16 Mar 2023, PHP 8.2.4 - Core: . Fixed incorrect check condition in ZEND_YIELD. (nielsdos) . Fixed incorrect check condition in type inference. (nielsdos) . Fix incorrect check in zend_internal_call_should_throw(). (nielsdos) . Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos) . Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes). (Arnaud) . Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout). (trowski) . Fixed SSA object type update for compound assignment opcodes. (nielsdos) . Fixed language scanner generation build. (Daniel Black) . Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type. (nielsdos) . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name). (nielsdos) . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized. (nielsdos) - Curl: . Fixed deprecation warning at compile time. (Max Kellermann) . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback). (Pierrick Charron) - Date: . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick) . Fix GH-10152 (Custom properties of Date's child classes are not serialised). (Derick) - FFI: . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos) - Fiber: . Fixed assembly on alpine x86. (nielsdos) . Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber). (Bob, Arnaud) - FPM: . Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka) . Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos) - GMP: . Properly implement GMP::__construct(). (nielsdos) - Intl: . Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0. (Nathan Freeman) - JSON: . Fixed JSON scanner and parser generation build. (Daniel Black, Jakub Zelenka) - MBString: . ext/mbstring: fix new_value length check. (Max Kellermann) . Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos) - Opcache: . Fix incorrect page_size check. (nielsdos) . Fix readonly modification check when using inc/dec operators on readonly property with JIT. (ilutov) - OpenSSL: . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos) - PDO OCI: . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars). (Michael Voříšek) - PHPDBG: . Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos) - PGSQL: . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias) - Phar: . Fix incorrect check in phar tar parsing. (nielsdos) - Random: . Fix GH-10390 (Do not trust arc4random_buf() on glibc). (timwolla) . Fix GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) - Reflection: . Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments). (nielsdos) . Fix Segfault when using ReflectionFiber suspended by an internal function. (danog) - Session: . Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos). - Standard: . Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI). (Jakub Zelenka) . Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos) . Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes . Fix incorrect error check in browsecap for pcre2_match(). (nielsdos) - Streams: . Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when using copy_file_range). (nielsdos) . Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect copy_file_range() len). (nielsdos) - Tidy: . Fix memory leaks when attempting to open a non-existing file or a file over 4GB. (Girgias) . Add missing error check on tidyLoadConfig. (nielsdos) - Zlib: . Fixed output_handler directive value's length which counted the string terminator. (nieldos) 14 Feb 2023, PHP 8.2.3 - Core: . Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus) . Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche) - SAPI: . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka) 02 Feb 2023, PHP 8.2.2 - Core: . Fixed bug GH-10200 (zif_get_object_vars: Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed). (nielsdos) . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos) . Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an unpacked array). (Arnaud) . Fix GH-9735 (Fiber stack variables do not participate in cycle collector). (Arnaud) . Fix GH-9675 (Broken run_time_cache init for internal enum methods). (Petar Obradović, Bob) . Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed). (nielsdos) - FPM: . Fixed bug #77106 (Missing separator in FPM FastCGI errors). (Jakub Zelenka) . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header). (Jakub Zelenka) . Fixed bug #68591 (Configuration test does not perform UID lookups). (Jakub Zelenka) . Fixed memory leak when running FPM config test. (Jakub Zelenka) . Fixed bug #67244 (Wrong owner:group for listening unix socket). (Jakub Zelenka) - Hash: . Handle exceptions from __toString in XXH3's initialization (nielsdos) - LDAP: . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()). (cmb) - Opcache: . Fix inverted bailout value in zend_runtime_jit() (Max Kellermann). . Fix access to uninitialized variable in accel_preload(). (nielsdos) . Fix zend_jit_find_trace() crashes. (Max Kellermann) . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann) - Phar: . Fix wrong flags check for compression method in phar_object.c (nielsdos) - PHPDBG: . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos) . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos) . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos) . Fix phpdbg segmentation fault in case of malformed input (nielsdos) - Posix: . Fix memory leak in posix_ttyname() (girgias) - Random: . Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom). (timwolla) - Standard: . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos) . Fixed bug GH-10214 (Incomplete validation of object syntax during unserialize()). (timwolla) . Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos) - XMLWriter . Fix missing check for xmlTextWriterEndElement (nielsdos) 05 Jan 2023, PHP 8.2.1 - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) . Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr) - Apache: . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - Imap: . Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open). (Girgias) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka) . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) - TSRM: . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre) 08 Dec 2022, PHP 8.2.0 - CLI: . Fixed bug #81496 (Server logs incorrect request method). (lauri) . Updated the mime-type table for the builtin-server. (Ayesh Karunaratne) . Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner) . Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource destruction. (Jakub Zelenka) . Implement built-in web server responding without body to HEAD request on a static resource. (Vedran Miletic, Marin Martuslovic) . Implement built-in web server responding with HTTP status 405 to DELETE/PUT/PATCH request on a static resource. (Vedran Miletic, Marin Martuslovic) . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara) - COM: . Fixed bug GH-8750 (Can not create VT_ERROR variant type). (cmb) - Core: . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe) . Fixed bug GH-7771 (Fix filename/lineno of constant expressions). (ilutov) . Fixed bug GH-7792 (Improve class type in error messages). (ilutov) . Support huge pages on MacOS. (David CARLIER) . Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas) . Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable warning). (ilutov) . Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed enums). (ilutov) . Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function calls). (ilutov) . Optimised code path for newly created file with the stream plain wrapper. (Max Kellermann) . Uses safe_perealloc instead of perealloc for the ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows. (David Carlier) . Reduced the memory footprint of strings returned by var_export(), json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(), http_build_query(), strstr(), Reflection*::__toString(). (Arnaud) . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError). (Tobias Bachert) . Added error_log_mode ini setting. (Mikhail Galanin) . Updated request startup messages. (Eric Norris) . Fixed bug GH-7900 (Arrow function with never return type compile-time errors). (ilutov) . Fixed incorrect double to long casting in latest clang. (zeriyoshi) . Added support for defining constants in traits. (sj-i) . Stop incorrectly emitting false positive deprecation notice alongside unsupported syntax fatal error for `"{$g{'h'}}"`. (TysonAndre) . Fix unexpected deprecated dynamic property warning, which occurred when exit() in finally block after an exception was thrown without catching. (Twosee) . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling) . Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored). (cmb) . Fixed bug GH-9285 (Traits cannot be used in readonly classes). (kocsismate) . Fixed bug GH-9186 (@strict-properties can be bypassed using unserialization). (kocsismate) . Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword results in a parse error). (ilutov) . Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A). (Girgias) . Fixed observer class notify with Opcache file_cache_only=1. (ilutov) . Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier) . Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable) (Girgias) . Fixed bug GH-9589 (dl() segfaults when module is already loaded). (cmb, Arnaud) . Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params). (Arnaud) . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization). (Arnaud) . Fixed a bug with preloaded enums possibly segfaulting. (Bob) . Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler). (Florian Sowade) . Fixed potential NULL pointer dereference Windows shm*() functions. (cmb) . Fix target validation for internal attributes with constructor property promotion. (kooldev) . Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation. (Arnaud) - Curl: . Added support for CURLOPT_XFERINFOFUNCTION. (David Carlier) . Added support for CURLOPT_MAXFILESIZE_LARGE. (David Carlier) . Added new constants from cURL 7.62 to 7.80. (Pierrick) . New function curl_upkeep(). (Pierrick) - Date: . Fixed GH-8458 (DateInterval::createFromDateString does not throw if non-relative items are present). (Derick) . Fixed bug #52015 (Allow including end date in DatePeriod iterations) (Daniel Egeberg, Derick) . idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO Year). (Pavel Djundik) . Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type). (Derick) . Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second). (Derick) . Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0). (Derick) . Fixed bug #75035 (Datetime fails to unserialize "extreme" dates). (Derick) . Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized). (Derick) . Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick) . Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no errors/warnings). (Derick) . Fixed bug with parsing large negative numbers with the @ notation. (Derick) - DBA: . Fixed LMDB driver hanging when attempting to delete a non-existing key (Girgias) . Fixed LMDB driver memory leak on DB creation failure (Girgias) . Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag). (Girgias) - FFI: . Fixed bug GH-9090 (Support assigning function pointers in FFI). (Adam Saponara) - Fileinfo: . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files). (Anatol) - Filter: . Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs. (vnsavage) - FPM: . Emit error for invalid port setting. (David Carlier) . Added extra check for FPM proc dumpable on SELinux based systems. (David Carlier) . Added support for listening queue on macOS. (David Carlier) . Changed default for listen.backlog on Linux to -1. (Cristian Rodríguez) . Added listen.setfib pool option to set route FIB on FreeBSD. (David Carlier) . Added access.suppress_path pool option to filter access log entries. (Mark Gallagher) . Fixed on fpm scoreboard occasional warning on acquisition failure. (Felix Wiedemann) . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11). (Jakub Zelenka) - FTP: . Fix datetime format string to follow POSIX spec in ftp_mdtm(). (Jihwan Kim) - GD: . Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb) - GMP: . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias) - Hash: . Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be) . Fixed bug GH-10077: Fix compilation on RHEL 7 ppc64le. (Mattias Ellert) - Intl: . Update all grandfathered language tags with preferred values . Fixed GH-7939 (Cannot unserialize IntlTimeZone objects). (cmb) . Fixed build for ICU 69.x and onwards. (David Carlier) . Declared Transliterator::$id as readonly to unlock subclassing it. (Nicolas Grekas) . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias) - MBString: . Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()). (cmb) - mysqli: . Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode). (Kamil Tekiela) - MySQLnd: . Fixed potential heap corruption due to alignment mismatch. (cmb) - OCI8: . Added oci8.prefetch_lob_size directive to tune LOB query performance . Support for building against Oracle Client libraries 10.1 and 10.2 has been dropped. Oracle Client libraries 11.2 or newer are now required. - ODBC: . Fixed bug GH-8300 (User input not escaped when building connection string). (Calvin Buckley) . Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin Buckley) - Opcache: . Allocate JIT buffer close to PHP .text segemnt to allow using direct IP-relative calls and jumps. (Su Tao, Wang Xue, Chen Hu, Lizhen Lizhen, Dmitry) . Added initial support for JIT performance profiling generation for macOs Instrument. (David Carlier) . Fixed bug GH-8030 (Segfault with JIT and large match/switch statements). (Arnaud) . Added JIT support improvement for macOs for segments and executable permission bit handling. (David Carlier) . Added JIT buffer allocation near the .text section on FreeNSD. (David Carlier) . Fixed bug GH-9371 (Crash with JIT on mac arm64) (jdp1024/David Carlier) . Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer overflow). (Arnaud) . Added indirect call reduction for jit on x86 architectures. (wxue1) - OPcache: . Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy). (Arnaud, Sergei Turchanov) - OpenSSL: . Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann) . Fixed bug GH-9310 (SSL local_cert and local_pk do not respect open_basedir). (Jakub Zelenka) . Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like AEAD). (Jakub Zelenka) . Added openssl_cipher_key_length function. (Jakub Zelenka) . Fixed bug GH-9517 (Compilation error openssl extension related to PR GH-9366). (Jakub Zelenka) . Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620. (Jakub Zelenka) . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build). (Jakub Zelenka, fsbruva) - PCNTL: . Fixed pcntl_(get|set)priority error handling for MacOS. (Juan Morales) - PCRE: . Implemented FR #77726 (Allow null character in regex patterns). (tobil4sk) . Updated bundled libpcre to 10.40. (cmb) - PDO: . Fixed bug GH-9818 (Initialize run time cache in PDO methods). (Florian Sowade) - PDO_Firebird: . Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8). (cmb) - PDO_ODBC: . Fixed bug #80909 (crash with persistent connections in PDO_ODBC). (Calvin Buckley) . Fixed bug GH-8300 (User input not escaped when building connection string). (Calvin Buckley) . Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin Buckley) . Fixed bug GH-9372 (HY010 when binding overlong parameter). (cmb) - PDO_PGSQL: . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft) - Random: . Added new random extension. (Go Kudo) . Fixed bug GH-9067 (random extension is not thread safe). (cmb) . Fixed bug GH-9055 (segmentation fault if user engine throws). (timwolla) . Fixed bug GH-9066 (signed integer overflow). (zeriyoshi) . Fixed bug GH-9083 (undefined behavior during shifting). (timwolla) . Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when generating uniform integers within a given range). (timwolla) . Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct() call twice). (zeriyoshi) . Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative $advance). (Anton Smirnov) . Changed Mt19937 to throw a ValueError instead of InvalidArgumentException for invalid $mode. (timwolla) . Splitted Random\Randomizer::getInt() (without arguments) to Random\Randomizer::nextInt(). (zeriyoshi) . Fixed bug GH-9235 (non-existant $sequence parameter in stub for PcgOneseq128XslRr64::__construct()). (timwolla) . Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when handling large ranges). (timwolla) . Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid all-zero state). (timwolla) . Removed redundant RuntimeExceptions from Randomizer methods. The exceptions thrown by the engines will be exposed directly. (timwolla) . Added extension specific Exceptions/Errors (RandomException, RandomError, BrokenRandomEngineError). (timwolla) . Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937 always returns 1). (timwolla) . Fixed Randomizer::getInt() consistency for 32-bit engines. (timwolla) . Fixed bug GH-9464 (build on older macOs releases). (David Bohman) . Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand() functions for MT_RAND_PHP). (timwolla) - Reflection: . Added ReflectionFunction::isAnonymous(). (Nicolas Grekas) . Added ReflectionMethod::hasPrototype(). (Ollie Read) . Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType. (SamMousa) . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas) - Session: . Fixed bug GH-7787 (Improve session write failure message for user error handlers). (ilutov) . Fixed GH-9200 (setcookie has an obsolete expires date format). (timwolla) . Fixed GH-9584 (Avoid memory corruption when not unregistering custom session handler). (ilutov) . Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias) - SOAP: . Fixed bug GH-9720 (Null pointer dereference while serializing the response). (cmb) - Sockets: . Added TCP_NOTSENT_LOWAT socket option. (David Carlier) . Added SO_MEMINFO socket option. (David Carlier) . Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux). (David Carlier) . Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket options. (David Carlier) . Added ancillary data support for FreeBSD. (David Carlier) . Added ancillary data support for NetBSD. (David Carlier) . Added SO_BPF_EXTENSIONS socket option. (David Carlier) . Added SO_SETFIB socket option. (David Carlier) . Added TCP_CONGESTION socket option. (David Carlier) . Added SO_ZEROCOPY/MSG_ZEROCOPY options. (David Carlier) . Added SOL_FILTER socket option for Solaris. (David Carlier) . Fixed socket constants regression as of PHP 8.2.0beta3. (Bruce Dou) - Sodium: . Added sodium_crypto_stream_xchacha20_xor_ic(). (Scott) - SPL: . Uses safe_erealloc instead of erealloc to handle heap growth for the SplHeap::insert method to avoid possible overflows. (David Carlier) . Widen iterator_to_array() and iterator_count()'s $iterator parameter to iterable. (timwolla) . Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields). (cmb) . Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check). (Jakub Zelenka) - SQLite3: . Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER. (bohwaz) - Standard: . net_get_interfaces() also reports wireless network interfaces on Windows. (Yurun) . Finished AVIF support in getimagesize(). (Yannis Guyon) . Fixed bug GH-7847 (stripos with large haystack has bad performance). (ilutov) . New function memory_reset_peak_usage(). (Patrick Allaert) . Fixed parse_url(): can not recognize port without scheme. (pandaLIU) . Deprecated utf8_encode() and utf8_decode(). (Rowan Tommins) . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier) . Uses safe_erealloc instead of erealloc to handle options in getopt to avoid possible overflows. (David Carlier) . Implemented FR GH-8924 (str_split should return empty array for empty string). (Michael Vorisek) . Added ini_parse_quantity function to convert ini quantities shorthand notation to int. (Dennis Snell) . Enable arc4random_buf for Linux glibc 2.36 and onwards for the random_bytes. (Cristian Rodriguez) . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier). . Fixed bug #65489 (glob() basedir check is inconsistent). (Jakub Zelenka) . Fixed GH-9200 (setcookie has an obsolete expires date format). (Derick) . Fixed GH-9244 (Segfault with array_multisort + array_shift). (cmb) . Fixed bug GH-9296 (`ksort` behaves incorrectly on arrays with mixed keys). (Denis Vaksman) . Marked crypt()'s $string parameter as #[\SensitiveParameter]. (timwolla) . Fixed bug GH-9464 (build on older macOs releases). (David Bohman) . Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants). (cmb) . Revert "Fixed parse_url(): can not recognize port without scheme." (andypost) - Streams: . Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host. (Cristian Rodríguez) . Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory). (ilutov) . Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann) . Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla) . Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud) . Fixed bug GH-9653 (file copy between different filesystems). (David Carlier) . Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode). (Jakub Zelenka) - Windows: . Added preliminary support for (cross-)building for ARM64. (Yun Dou) - XML: . Added libxml_get_external_entity_loader() function. (Tim Starling) - Zip: . add ZipArchive::clearError() method . add ZipArchive::getStreamName() method . add ZipArchive::getStreamIndex() method . On Windows, the Zip extension is now built as shared library (DLL) by default. (cmb) . Implement fseek for zip stream when possible with libzip 1.9.1. (Remi)