PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.2.8 - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) - PCRE: . Fix preg_replace_callback_array() pattern validation. (ilutov) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) 08 Jun 2023, PHP 8.2.7 - Core: . Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names). (ilutov) . Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos) . Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) . Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo) . Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob) - Date: . Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos) - Exif: . Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos) - FPM: . Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka) . Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka) . Fixed memory leak for invalid primary script file handle. (Jakub Zelenka) - Hash: . Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos) - LibXML: . Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos) - MBString: . Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding). (ilutov) - Opcache: . Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov) . Fixed too wide OR and AND range inference. (nielsdos) . Fixed missing class redeclaration error with OPcache enabled. (ilutov) . Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos) - PCNTL: . Fixed maximum argument count of pcntl_forkx(). (nielsdos) - PGSQL: . Fixed parameter parsing of pg_lo_export(). (kocsismate) - Phar: . Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done). (peter279k) - Soap: . Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos) - SPL: . Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) - Standard: . Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov) . Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos) - Streams: . Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos) . Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos) . Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos) 11 May 2023, PHP 8.2.6 - Core: . Fix inconsistent float negation in constant expressions. (ilutov) . Fixed bug GH-8841 (php-cli core dump calling a badly formed function). (nielsdos) . Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB) . Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos) . Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=). (ilutov) - Date: . Fixed bug where the diff() method would not return the right result around DST changeover for date/times associated with a timezone identifier. (Derick) . Fixed out-of-range bug when converting to/from around the LONG_MIN unix timestamp. (Derick) - DOM: . Fixed bug #80602 (Segfault when using DOMChildNode::before()). (Nathan Freeman) . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos) - Exif: . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index). (nielsdos) - Intl: . Fixed bug GH-11071 (TZData version not displayed anymore). (Remi) - PCRE: . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov) - Reflection: . Fixed bug GH-10983 (State-dependant segfault in ReflectionObject::getProperties). (nielsdos) - SPL: . Handle indirect zvals and use up-to-date properties in SplFixedArray::__serialize. (nielsdos) - Standard: . Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference). (nielsdos) . Fixed bug GH-9775 (Duplicates returned by array_unique when using enums). (ilutov) - Streams: . Fixed bug GH-10406 (feof() behavior change for UNIX based socket resources). (Jakub Zelenka) 13 Apr 2023, PHP 8.2.5 - Core: . Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas) . Fixed use-after-free in recursive AST evaluation. (ilutov) . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos) . Re-add some CTE functions that were removed from being CTE by a mistake. (mvorisek) . Remove CTE flag from array_diff_ukey(), which was added by mistake. (mvorisek) . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault). (nielsdos) . Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache). (nielsdos) . Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown). (nielsdos) . Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()). (ilutov) . Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov) - Date: . Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw). (Derick) - FPM: . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos) . Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos) . Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path). (Jakub Zelenka) - FTP: . Propagate success status of ftp_close(). (nielsdos) . Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB). (nielsdos) - IMAP: . Fix build failure with Clang 16. (orlitzky) - MySQLnd: . Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections). (nielsdos) - Opcache: . Fixed build for macOS to cater with pkg-config settings. (David Carlier) . Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context). (nielsdos) - OpenSSL: . Add missing error checks on file writing functions. (nielsdos) - PDO Firebird: . Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland). (nielsdos) - Phar: . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)). (nielsdos) . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit(). (nielsdos) - PDO ODBC: . Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos) - PGSQL: . Fixed typo in the array returned from pg_meta_data (extended mode). (David Carlier) - SPL: . Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman) . Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in PHP 8.2.4). (nielsdos) . Fixed bug GH-10844 (ArrayIterator allows modification of readonly props). (ilutov) - Standard: . Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov) . Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)). (nielsdos) . Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure). (ilutov) . Fixed undefined behaviour in unpack(). (nielsdos) 16 Mar 2023, PHP 8.2.4 - Core: . Fixed incorrect check condition in ZEND_YIELD. (nielsdos) . Fixed incorrect check condition in type inference. (nielsdos) . Fix incorrect check in zend_internal_call_should_throw(). (nielsdos) . Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos) . Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes). (Arnaud) . Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout). (trowski) . Fixed SSA object type update for compound assignment opcodes. (nielsdos) . Fixed language scanner generation build. (Daniel Black) . Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type. (nielsdos) . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name). (nielsdos) . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized. (nielsdos) - Curl: . Fixed deprecation warning at compile time. (Max Kellermann) . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback). (Pierrick Charron) - Date: . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick) . Fix GH-10152 (Custom properties of Date's child classes are not serialised). (Derick) - FFI: . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos) - Fiber: . Fixed assembly on alpine x86. (nielsdos) . Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber). (Bob, Arnaud) - FPM: . Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka) . Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos) - GMP: . Properly implement GMP::__construct(). (nielsdos) - Intl: . Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0. (Nathan Freeman) - JSON: . Fixed JSON scanner and parser generation build. (Daniel Black, Jakub Zelenka) - MBString: . ext/mbstring: fix new_value length check. (Max Kellermann) . Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos) - Opcache: . Fix incorrect page_size check. (nielsdos) . Fix readonly modification check when using inc/dec operators on readonly property with JIT. (ilutov) - OpenSSL: . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos) - PDO OCI: . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars). (Michael Voříšek) - PHPDBG: . Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos) - PGSQL: . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias) - Phar: . Fix incorrect check in phar tar parsing. (nielsdos) - Random: . Fix GH-10390 (Do not trust arc4random_buf() on glibc). (timwolla) . Fix GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) - Reflection: . Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments). (nielsdos) . Fix Segfault when using ReflectionFiber suspended by an internal function. (danog) - Session: . Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos). - Standard: . Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI). (Jakub Zelenka) . Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos) . Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes . Fix incorrect error check in browsecap for pcre2_match(). (nielsdos) - Streams: . Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when using copy_file_range). (nielsdos) . Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect copy_file_range() len). (nielsdos) - Tidy: . Fix memory leaks when attempting to open a non-existing file or a file over 4GB. (Girgias) . Add missing error check on tidyLoadConfig. (nielsdos) - Zlib: . Fixed output_handler directive value's length which counted the string terminator. (nieldos) 14 Feb 2023, PHP 8.2.3 - Core: . Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus) . Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche) - SAPI: . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka) 02 Feb 2023, PHP 8.2.2 - Core: . Fixed bug GH-10200 (zif_get_object_vars: Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed). (nielsdos) . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos) . Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an unpacked array). (Arnaud) . Fix GH-9735 (Fiber stack variables do not participate in cycle collector). (Arnaud) . Fix GH-9675 (Broken run_time_cache init for internal enum methods). (Petar Obradović, Bob) . Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed). (nielsdos) - FPM: . Fixed bug #77106 (Missing separator in FPM FastCGI errors). (Jakub Zelenka) . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header). (Jakub Zelenka) . Fixed bug #68591 (Configuration test does not perform UID lookups). (Jakub Zelenka) . Fixed memory leak when running FPM config test. (Jakub Zelenka) . Fixed bug #67244 (Wrong owner:group for listening unix socket). (Jakub Zelenka) - Hash: . Handle exceptions from __toString in XXH3's initialization (nielsdos) - LDAP: . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()). (cmb) - Opcache: . Fix inverted bailout value in zend_runtime_jit() (Max Kellermann). . Fix access to uninitialized variable in accel_preload(). (nielsdos) . Fix zend_jit_find_trace() crashes. (Max Kellermann) . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann) - Phar: . Fix wrong flags check for compression method in phar_object.c (nielsdos) - PHPDBG: . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos) . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos) . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos) . Fix phpdbg segmentation fault in case of malformed input (nielsdos) - Posix: . Fix memory leak in posix_ttyname() (girgias) - Random: . Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom). (timwolla) - Standard: . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos) . Fixed bug GH-10214 (Incomplete validation of object syntax during unserialize()). (timwolla) . Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos) - XMLWriter . Fix missing check for xmlTextWriterEndElement (nielsdos) 05 Jan 2023, PHP 8.2.1 - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) . Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr) - Apache: . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - Imap: . Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open). (Girgias) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka) . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) - TSRM: . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre) 08 Dec 2022, PHP 8.2.0 - CLI: . Fixed bug #81496 (Server logs incorrect request method). (lauri) . Updated the mime-type table for the builtin-server. (Ayesh Karunaratne) . Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner) . Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource destruction. (Jakub Zelenka) . Implement built-in web server responding without body to HEAD request on a static resource. (Vedran Miletic, Marin Martuslovic) . Implement built-in web server responding with HTTP status 405 to DELETE/PUT/PATCH request on a static resource. (Vedran Miletic, Marin Martuslovic) . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara) - COM: . Fixed bug GH-8750 (Can not create VT_ERROR variant type). (cmb) - Core: . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe) . Fixed bug GH-7771 (Fix filename/lineno of constant expressions). (ilutov) . Fixed bug GH-7792 (Improve class type in error messages). (ilutov) . Support huge pages on MacOS. (David CARLIER) . Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas) . Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable warning). (ilutov) . Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed enums). (ilutov) . Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function calls). (ilutov) . Optimised code path for newly created file with the stream plain wrapper. (Max Kellermann) . Uses safe_perealloc instead of perealloc for the ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows. (David Carlier) . Reduced the memory footprint of strings returned by var_export(), json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(), http_build_query(), strstr(), Reflection*::__toString(). (Arnaud) . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError). (Tobias Bachert) . Added error_log_mode ini setting. (Mikhail Galanin) . Updated request startup messages. (Eric Norris) . Fixed bug GH-7900 (Arrow function with never return type compile-time errors). (ilutov) . Fixed incorrect double to long casting in latest clang. (zeriyoshi) . Added support for defining constants in traits. (sj-i) . Stop incorrectly emitting false positive deprecation notice alongside unsupported syntax fatal error for `"{$g{'h'}}"`. (TysonAndre) . Fix unexpected deprecated dynamic property warning, which occurred when exit() in finally block after an exception was thrown without catching. (Twosee) . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling) . Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored). (cmb) . Fixed bug GH-9285 (Traits cannot be used in readonly classes). (kocsismate) . Fixed bug GH-9186 (@strict-properties can be bypassed using unserialization). (kocsismate) . Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword results in a parse error). (ilutov) . Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A). (Girgias) . Fixed observer class notify with Opcache file_cache_only=1. (ilutov) . Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier) . Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable) (Girgias) . Fixed bug GH-9589 (dl() segfaults when module is already loaded). (cmb, Arnaud) . Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params). (Arnaud) . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization). (Arnaud) . Fixed a bug with preloaded enums possibly segfaulting. (Bob) . Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler). (Florian Sowade) . Fixed potential NULL pointer dereference Windows shm*() functions. (cmb) . Fix target validation for internal attributes with constructor property promotion. (kooldev) . Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation. (Arnaud) - Curl: . Added support for CURLOPT_XFERINFOFUNCTION. (David Carlier) . Added support for CURLOPT_MAXFILESIZE_LARGE. (David Carlier) . Added new constants from cURL 7.62 to 7.80. (Pierrick) . New function curl_upkeep(). (Pierrick) - Date: . Fixed GH-8458 (DateInterval::createFromDateString does not throw if non-relative items are present). (Derick) . Fixed bug #52015 (Allow including end date in DatePeriod iterations) (Daniel Egeberg, Derick) . idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO Year). (Pavel Djundik) . Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type). (Derick) . Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second). (Derick) . Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0). (Derick) . Fixed bug #75035 (Datetime fails to unserialize "extreme" dates). (Derick) . Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized). (Derick) . Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick) . Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no errors/warnings). (Derick) . Fixed bug with parsing large negative numbers with the @ notation. (Derick) - DBA: . Fixed LMDB driver hanging when attempting to delete a non-existing key (Girgias) . Fixed LMDB driver memory leak on DB creation failure (Girgias) . Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag). (Girgias) - FFI: . Fixed bug GH-9090 (Support assigning function pointers in FFI). (Adam Saponara) - Fileinfo: . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files). (Anatol) - Filter: . Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs. (vnsavage) - FPM: . Emit error for invalid port setting. (David Carlier) . Added extra check for FPM proc dumpable on SELinux based systems. (David Carlier) . Added support for listening queue on macOS. (David Carlier) . Changed default for listen.backlog on Linux to -1. (Cristian Rodríguez) . Added listen.setfib pool option to set route FIB on FreeBSD. (David Carlier) . Added access.suppress_path pool option to filter access log entries. (Mark Gallagher) . Fixed on fpm scoreboard occasional warning on acquisition failure. (Felix Wiedemann) . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11). (Jakub Zelenka) - FTP: . Fix datetime format string to follow POSIX spec in ftp_mdtm(). (Jihwan Kim) - GD: . Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb) - GMP: . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias) - Hash: . Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be) . Fixed bug GH-10077: Fix compilation on RHEL 7 ppc64le. (Mattias Ellert) - Intl: . Update all grandfathered language tags with preferred values . Fixed GH-7939 (Cannot unserialize IntlTimeZone objects). (cmb) . Fixed build for ICU 69.x and onwards. (David Carlier) . Declared Transliterator::$id as readonly to unlock subclassing it. (Nicolas Grekas) . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias) - MBString: . Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()). (cmb) - mysqli: . Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode). (Kamil Tekiela) - MySQLnd: . Fixed potential heap corruption due to alignment mismatch. (cmb) - OCI8: . Added oci8.prefetch_lob_size directive to tune LOB query performance . Support for building against Oracle Client libraries 10.1 and 10.2 has been dropped. Oracle Client libraries 11.2 or newer are now required. - ODBC: . Fixed bug GH-8300 (User input not escaped when building connection string). (Calvin Buckley) . Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin Buckley) - Opcache: . Allocate JIT buffer close to PHP .text segemnt to allow using direct IP-relative calls and jumps. (Su Tao, Wang Xue, Chen Hu, Lizhen Lizhen, Dmitry) . Added initial support for JIT performance profiling generation for macOs Instrument. (David Carlier) . Fixed bug GH-8030 (Segfault with JIT and large match/switch statements). (Arnaud) . Added JIT support improvement for macOs for segments and executable permission bit handling. (David Carlier) . Added JIT buffer allocation near the .text section on FreeNSD. (David Carlier) . Fixed bug GH-9371 (Crash with JIT on mac arm64) (jdp1024/David Carlier) . Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer overflow). (Arnaud) . Added indirect call reduction for jit on x86 architectures. (wxue1) - OPcache: . Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy). (Arnaud, Sergei Turchanov) - OpenSSL: . Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann) . Fixed bug GH-9310 (SSL local_cert and local_pk do not respect open_basedir). (Jakub Zelenka) . Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like AEAD). (Jakub Zelenka) . Added openssl_cipher_key_length function. (Jakub Zelenka) . Fixed bug GH-9517 (Compilation error openssl extension related to PR GH-9366). (Jakub Zelenka) . Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620. (Jakub Zelenka) . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build). (Jakub Zelenka, fsbruva) - PCNTL: . Fixed pcntl_(get|set)priority error handling for MacOS. (Juan Morales) - PCRE: . Implemented FR #77726 (Allow null character in regex patterns). (tobil4sk) . Updated bundled libpcre to 10.40. (cmb) - PDO: . Fixed bug GH-9818 (Initialize run time cache in PDO methods). (Florian Sowade) - PDO_Firebird: . Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8). (cmb) - PDO_ODBC: . Fixed bug #80909 (crash with persistent connections in PDO_ODBC). (Calvin Buckley) . Fixed bug GH-8300 (User input not escaped when building connection string). (Calvin Buckley) . Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin Buckley) . Fixed bug GH-9372 (HY010 when binding overlong parameter). (cmb) - PDO_PGSQL: . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft) - Random: . Added new random extension. (Go Kudo) . Fixed bug GH-9067 (random extension is not thread safe). (cmb) . Fixed bug GH-9055 (segmentation fault if user engine throws). (timwolla) . Fixed bug GH-9066 (signed integer overflow). (zeriyoshi) . Fixed bug GH-9083 (undefined behavior during shifting). (timwolla) . Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when generating uniform integers within a given range). (timwolla) . Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct() call twice). (zeriyoshi) . Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative $advance). (Anton Smirnov) . Changed Mt19937 to throw a ValueError instead of InvalidArgumentException for invalid $mode. (timwolla) . Splitted Random\Randomizer::getInt() (without arguments) to Random\Randomizer::nextInt(). (zeriyoshi) . Fixed bug GH-9235 (non-existant $sequence parameter in stub for PcgOneseq128XslRr64::__construct()). (timwolla) . Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when handling large ranges). (timwolla) . Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid all-zero state). (timwolla) . Removed redundant RuntimeExceptions from Randomizer methods. The exceptions thrown by the engines will be exposed directly. (timwolla) . Added extension specific Exceptions/Errors (RandomException, RandomError, BrokenRandomEngineError). (timwolla) . Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937 always returns 1). (timwolla) . Fixed Randomizer::getInt() consistency for 32-bit engines. (timwolla) . Fixed bug GH-9464 (build on older macOs releases). (David Bohman) . Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand() functions for MT_RAND_PHP). (timwolla) - Reflection: . Added ReflectionFunction::isAnonymous(). (Nicolas Grekas) . Added ReflectionMethod::hasPrototype(). (Ollie Read) . Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType. (SamMousa) . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas) - Session: . Fixed bug GH-7787 (Improve session write failure message for user error handlers). (ilutov) . Fixed GH-9200 (setcookie has an obsolete expires date format). (timwolla) . Fixed GH-9584 (Avoid memory corruption when not unregistering custom session handler). (ilutov) . Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias) - SOAP: . Fixed bug GH-9720 (Null pointer dereference while serializing the response). (cmb) - Sockets: . Added TCP_NOTSENT_LOWAT socket option. (David Carlier) . Added SO_MEMINFO socket option. (David Carlier) . Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux). (David Carlier) . Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket options. (David Carlier) . Added ancillary data support for FreeBSD. (David Carlier) . Added ancillary data support for NetBSD. (David Carlier) . Added SO_BPF_EXTENSIONS socket option. (David Carlier) . Added SO_SETFIB socket option. (David Carlier) . Added TCP_CONGESTION socket option. (David Carlier) . Added SO_ZEROCOPY/MSG_ZEROCOPY options. (David Carlier) . Added SOL_FILTER socket option for Solaris. (David Carlier) . Fixed socket constants regression as of PHP 8.2.0beta3. (Bruce Dou) - Sodium: . Added sodium_crypto_stream_xchacha20_xor_ic(). (Scott) - SPL: . Uses safe_erealloc instead of erealloc to handle heap growth for the SplHeap::insert method to avoid possible overflows. (David Carlier) . Widen iterator_to_array() and iterator_count()'s $iterator parameter to iterable. (timwolla) . Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields). (cmb) . Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check). (Jakub Zelenka) - SQLite3: . Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER. (bohwaz) - Standard: . net_get_interfaces() also reports wireless network interfaces on Windows. (Yurun) . Finished AVIF support in getimagesize(). (Yannis Guyon) . Fixed bug GH-7847 (stripos with large haystack has bad performance). (ilutov) . New function memory_reset_peak_usage(). (Patrick Allaert) . Fixed parse_url(): can not recognize port without scheme. (pandaLIU) . Deprecated utf8_encode() and utf8_decode(). (Rowan Tommins) . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier) . Uses safe_erealloc instead of erealloc to handle options in getopt to avoid possible overflows. (David Carlier) . Implemented FR GH-8924 (str_split should return empty array for empty string). (Michael Vorisek) . Added ini_parse_quantity function to convert ini quantities shorthand notation to int. (Dennis Snell) . Enable arc4random_buf for Linux glibc 2.36 and onwards for the random_bytes. (Cristian Rodriguez) . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier). . Fixed bug #65489 (glob() basedir check is inconsistent). (Jakub Zelenka) . Fixed GH-9200 (setcookie has an obsolete expires date format). (Derick) . Fixed GH-9244 (Segfault with array_multisort + array_shift). (cmb) . Fixed bug GH-9296 (`ksort` behaves incorrectly on arrays with mixed keys). (Denis Vaksman) . Marked crypt()'s $string parameter as #[\SensitiveParameter]. (timwolla) . Fixed bug GH-9464 (build on older macOs releases). (David Bohman) . Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants). (cmb) . Revert "Fixed parse_url(): can not recognize port without scheme." (andypost) - Streams: . Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host. (Cristian Rodríguez) . Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory). (ilutov) . Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann) . Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla) . Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud) . Fixed bug GH-9653 (file copy between different filesystems). (David Carlier) . Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode). (Jakub Zelenka) - Windows: . Added preliminary support for (cross-)building for ARM64. (Yun Dou) - XML: . Added libxml_get_external_entity_loader() function. (Tim Starling) - Zip: . add ZipArchive::clearError() method . add ZipArchive::getStreamName() method . add ZipArchive::getStreamIndex() method . On Windows, the Zip extension is now built as shared library (DLL) by default. (cmb) . Implement fseek for zip stream when possible with libzip 1.9.1. (Remi)