php-src/NEWS
2023-11-25 00:57:22 +01:00

1810 lines
63 KiB
Plaintext

PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.1.27
- Core:
. Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
error handler). (ilutov)
. Fixed oss-fuzz #64209 (In-place modification of filename in
php_message_handler_for_zend). (ilutov)
. Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
- DOM:
. Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid
default: prefix). (nielsdos)
- Intl:
. Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)
- LibXML:
. Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303)
- OpenSSL:
. Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos)
- PHPDBG:
. Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)
- SQLite3:
. Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
(SakiTakamachi)
- Standard:
. Fix memory leak in syslog device handling. (danog)
. Fixed bug GH-12621 (browscap segmentation fault when configured in the
vhost). (nielsdos)
. Fixed bug GH-12655 (proc_open() does not take into account references
in the descriptor array). (nielsdos)
- Streams:
. Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
(Jakub Zelenka)
- Zip:
. Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
Behavior). (Remi)
23 Nov 2023, PHP 8.1.26
- Core:
. Fixed bug GH-12468 (Double-free of doc_comment when overriding static
property via trait). (ilutov)
. Fixed segfault caused by weak references to FFI objects. (sj-i)
. Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
- DOM:
. Fix registerNodeClass with abstract class crashing. (nielsdos)
. Add missing NULL pointer error check. (icy17)
. Fix validation logic of php:function() callbacks. (nielsdos)
- Fiber:
. Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)
- FPM:
. Fixed bug GH-9921 (Loading ext in FPM config does not register module
handlers). (Jakub Zelenka)
. Fixed bug GH-12232 (FPM: segfault dynamically loading extension without
opcache). (Jakub Zelenka)
- Intl:
. Removed the BC break on IntlDateFormatter::construct which threw an
exception with an invalid locale. (David Carlier)
- Opcache:
. Added warning when JIT cannot be enabled. (danog)
. Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
- OpenSSL:
. Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-11374 (Backport upstream fix, Different preg_match result
with -d pcre.jit=0). (mvorisek)
- SOAP:
. Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
(nielsdos)
. Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation
Fault). (nielsdos)
. Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos)
. Fix incorrect uri check in SOAP caching. (nielsdos)
. Fix segfault and assertion failure with refcounted props and arrays.
(nielsdos)
. Fix potential crash with an edge case of persistent encoders. (nielsdos)
. Fixed bug #75306 (Memleak in SoapClient). (nielsdos)
- Streams:
. Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers).
(Jakub Zelenka)
- XMLReader:
. Add missing NULL pointer error check. (icy17)
- XMLWriter:
. Add missing NULL pointer error check. (icy17)
- XSL:
. Add missing module dependency. (nielsdos)
. Fix validation logic of php:function() callbacks. (nielsdos)
26 Oct 2023, PHP 8.1.25
- Core:
. Fixed bug GH-12207 (memory leak when class using trait with doc block).
(rioderelfte)
. Fixed bug GH-12215 (Module entry being overwritten causes type errors in
ext/dom). (nielsdos)
. Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky)
. Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
- CLI:
. Ensure a single Date header is present. (coppolafab)
- CType:
. Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
(nielsdos)
- DOM:
. Restore old namespace reconciliation behaviour. (nielsdos)
. Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos)
- Fileinfo:
. Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise)
- Filter:
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
. Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
(MaxSem)
- Intl:
. Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
(David Carlier)
. Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception
on an invalid locale). (David Carlier)
- MySQLnd:
. Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library)
'mysqlnd.so' in Unknown on line). (nielsdos)
- Opcache:
. Fixed opcache_invalidate() on deleted file. (mikhainin)
. Fixed bug GH-12380 (JIT+private array property access inside closure
accesses private property in child class). (nielsdos)
- PCRE:
. Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with
JIT enabled gives different result). (nielsdos)
- SimpleXML:
. Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)
. Fixed bug GH-12223 (Entity reference produces infinite loop in
var_dump/print_r). (nielsdos)
. Fixed bug GH-12167 (Unable to get processing instruction contents in
SimpleXML). (nielsdos)
. Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
(nielsdos)
- Streams:
. Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
(David Carlier)
- XML:
. Fix return type of stub of xml_parse_into_struct(). (nielsdos)
. Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)
- XSL:
. Fix type error on XSLTProcessor::transformToDoc return value with
SimpleXML. (nielsdos)
- Sockets:
. Fix socket_export_stream() with wrong protocol (twosee)
28 Sep 2023, PHP 8.1.24
- Core:
. Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov)
. Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
(Jeremie Courreges-Anglas)
. Fixed bug GH-12073 (Segfault when freeing incompletely initialized
closures). (ilutov)
. Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
(ju1ius)
. Fixed bug GH-12102 (Incorrect compile error when using array access on TMP
value in function call). (ilutov)
- DOM:
. Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos)
- Iconv:
. Fixed build for NetBSD which still uses the old iconv signature.
(David Carlier)
- Intl:
. Fixed bug GH-12020 (intl_get_error_message() broken after
MessageFormatter::formatMessage() fails). (Girgias)
- MySQLnd:
. Fixed bug GH-10270 (Invalid error message when connection via SSL fails:
"trying to connect via (null)"). (Kamil Tekiela)
- ODBC:
. Fixed memory leak with failed SQLPrepare. (NattyNarwhal)
. Fixed persistent procedural ODBC connections not getting closed.
(NattyNarwhal)
- SimpleXML:
. Fixed bug #52751 (XPath processing-instruction() function is not
supported). (nielsdos)
- SPL:
. Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
(nielsdos)
- SQLite3:
. Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
a callable array). (nielsdos, arnaud-lb)
31 Aug 2023, PHP 8.1.23
- CLI:
. Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with
ZEND_RC_DEBUG=1). (nielsdos)
. Fixed bug GH-10964 (Improve man page about the built-in server).
(Alexandre Daubois)
- Core:
. Fixed strerror_r detection at configuration time. (Kévin Dunglas)
- Date:
. Fixed bug GH-11416: Crash with DatePeriod when uninitialised objects
are passed in. (Derick)
- DOM:
. Fix DOMEntity field getter bugs. (nielsdos)
. Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
(nielsdos)
. Fix DOMCharacterData::replaceWith() with itself. (nielsdos)
. Fix empty argument cases for DOMParentNode methods. (nielsdos)
. Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
(nielsdos)
. Fix json_encode result on DOMDocument. (nielsdos)
. Fix manually calling __construct() on DOM classes. (nielsdos)
. Fixed bug GH-11830 (ParentNode methods should perform their checks
upfront). (nielsdos)
. Fix segfault when DOMParentNode::prepend() is called when the child
disappears. (nielsdos)
- FFI:
. Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)
- MySQLnd:
. Fixed bug GH-11440 (authentication to a sha256_password account fails over
SSL). (nielsdos)
. Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password
accounts using passwords longer than 19 characters).
(nielsdos, Kamil Tekiela)
. Fixed bug GH-11550 (MySQL Statement has a empty query result when
the response field has changed, also Segmentation fault).
(Yurunsoft)
. Fixed invalid error message "Malformed packet" when connection is dropped.
(Kamil Tekiela)
- Opcache:
. Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
opcache_get_status() / phpinfo() is wrong). (nielsdos)
. Avoid adding an unnecessary read-lock when loading script from shm if
restart is in progress. (mikhainin)
- PCNTL:
. Revert behaviour of receiving SIGCHLD signals back to the behaviour
before 8.1.22. (nielsdos)
- SPL:
. Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
(nielsdos)
- Standard:
. Prevent int overflow on $decimals in number_format. (Marc Bennewitz)
. Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix)
(athos-ribeiro)
03 Aug 2023, PHP 8.1.22
- Build:
. Fixed bug GH-11522 (PHP version check fails with '-' separator).
(SVGAnimate)
- CLI:
. Fix interrupted CLI output causing the process to exit. (nielsdos)
- Core:
. Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
(ilutov)
. Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
. Fixed build for FreeBSD before the 11.0 releases. (David Carlier)
- Curl:
. Fix crash when an invalid callback function is passed to
CURLMOPT_PUSHFUNCTION. (nielsdos)
- Date:
. Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
- DOM:
. Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with
DOMDocumentFragment but just deletes node or causes wrapping <></>
depending on libxml2 version). (nielsdos)
- Fileinfo:
. Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)
- FTP:
. Fix context option check for "overwrite". (JonasQuinten)
. Fixed bug GH-10562 (Memory leak and invalid state with consecutive
ftp_nb_fget). (nielsdos)
- GD:
. Fix most of the external libgd test failures. (Michael Orlitzky)
- Hash:
. Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options
parameter in signature. (ilutov)
- Intl:
. Fix memory leak in MessageFormatter::format() on failure. (Girgias)
- Libxml:
. Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)
- MBString:
. Fix GH-11300 (license issue: restricted unicode license headers).
(nielsdos)
- Opcache:
. Fixed bug GH-10914 (OPCache with Enum and Callback functions results in
segmentation fault). (nielsdos)
. Prevent potential deadlock if accelerated globals cannot be allocated.
(nielsdos)
- PCNTL:
. Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
(nielsdos)
- PCRE:
. Mangle PCRE regex cache key with JIT option. (mvorisek)
- PDO:
. Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true
and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
filled). (SakiTakamachi)
- PDO SQLite:
. Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
(KapitanOczywisty, CViniciusSDias)
- Phar:
. Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
. Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
(CVE-2023-3824) (nielsdos)
- PHPDBG:
. Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr)
- Session:
. Removed broken url support for transferring session ID. (ilutov)
- Standard:
. Fix serialization of RC1 objects appearing in object graph twice. (ilutov)
- SQLite3:
. Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)
06 Jul 2023, PHP 8.1.21
- CLI:
. Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
(James Lucas)
- Core:
. Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili)
- Curl:
. Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
(nielsdos)
- DOM:
. Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
and segfaults with replaceWith). (nielsdos)
. Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
attribute value). (nielsdos)
. Fix return value in stub file for DOMNodeList::item. (divinity76)
. Fix spec compliance error with '*' namespace for
DOMDocument::getElementsByTagNameNS. (nielsdos)
. Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
(nielsdos)
. Fixed bug GH-11347 (Memory leak when calling a static method inside an
xpath query). (nielsdos)
. Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
namespaces). (nielsdos)
. Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
with itself). (nielsdos)
. Fixed bug #77686 (Removed elements are still returned by getElementById).
(nielsdos)
. Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
php_libxml_node_free_list()). (nielsdos)
. Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos)
. Fix lifetime issue with getAttributeNodeNS(). (nielsdos)
. Fix "invalid state error" with cloned namespace declarations. (nielsdos)
. Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
issues). (nielsdos)
. Fixed bug #80332 (Completely broken array access functionality with
DOMNamedNodeMap). (nielsdos)
- Opcache:
. Fix allocation loop in zend_shared_alloc_startup(). (nielsdos)
. Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB)
. Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
with opcache.file_cache_only=1 but it was never locked). (nielsdos)
- OpenSSL:
. Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
subjectAltNames (James Lucas, Jakub Zelenka).
- PGSQL:
. Fixed intermittent segfault with pg_trace. (David Carlier)
- Phar:
. Fix cross-compilation check in phar generation for FreeBSD. (peter279k)
- SPL:
. Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
slash). (nielsdos)
- Standard:
. Fix access on NULL pointer in array_merge_recursive(). (ilutov)
. Fix exception handling in array_multisort(). (ilutov)
08 Jun 2023, PHP 8.1.20
- Core:
. Fixed bug GH-9068 (Conditional jump or move depends on uninitialised
value(s)). (nielsdos)
. Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves
the array in an invalid state). (Bob)
. Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
(Bob)
- Date:
. Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in
offset). (nielsdos)
- Exif:
. Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper
chunk sizes). (nielsdos)
- FPM:
. Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of
child->ev_std(out|err)). (Jakub Zelenka)
. Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
(Jakub Zelenka)
. Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)
- Hash:
. Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
(nielsdos)
- LibXML:
. Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
(nielsdos)
- Opcache:
. Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
. Fixed too wide OR and AND range inference. (nielsdos)
. Fixed bug GH-11245 (In some specific cases SWITCH with one default
statement will cause segfault). (nielsdos)
- PGSQL:
. Fixed parameter parsing of pg_lo_export(). (kocsismate)
- Phar:
. Fixed bug GH-11099 (Generating phar.php during cross-compile can't be
done). (peter279k)
- Soap:
. Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
bytes in HTTP Digest authentication for SOAP).
(CVE-2023-3247) (nielsdos, timwolla)
. Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)
- SPL:
. Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data
(PHP 8.1.18)). (nielsdos)
- Standard:
. Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for
source file). (ilutov)
. Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308
redirect). (nielsdos)
- Streams:
. Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted
irregularly for last chunk of data). (nielsdos)
. Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
. Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1
passed to stream_socket_accept/stream_socket_client). (nielsdos)
11 May 2023, PHP 8.1.19
- Core:
. Fix inconsistent float negation in constant expressions. (ilutov)
. Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
(nielsdos)
. Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of
sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB)
. Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos)
. Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
(ilutov)
- DOM:
. Fixed bug #80602 (Segfault when using DOMChildNode::before()).
(Nathan Freeman)
. Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos)
- Exif:
. Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid
endianess, Illegal IFD size and Undefined index). (nielsdos)
- Intl:
. Fixed bug GH-11071 (TZData version not displayed anymore). (Remi)
- PCRE:
. Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov)
- Standard:
. Fixed bug GH-10990 (mail() throws TypeError after iterating over
$additional_headers array by reference). (nielsdos)
. Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).
(ilutov)
13 Apr 2023, PHP 8.1.18
- Core:
. Added optional support for max_execution_time in ZTS/Linux builds
(Kévin Dunglas)
. Fixed use-after-free in recursive AST evaluation. (ilutov)
. Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos)
. Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
(nielsdos)
. Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on
apache). (nielsdos)
. Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
(nielsdos)
. Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
(ilutov)
. Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov)
- Date:
. Fixed bug GH-10583 (DateTime modify with tz pattern should not update
linked timezone). (Derick)
- FPM:
. Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos)
. Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos)
. Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when
spaces are in path). (Jakub Zelenka)
- FTP:
. Propagate success status of ftp_close(). (nielsdos)
. Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
(nielsdos)
- IMAP:
. Fix build failure with Clang 16. (orlitzky)
- MySQLnd:
. Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL
connections). (nielsdos)
- Opcache:
. Fixed build for macOS to cater with pkg-config settings. (David Carlier)
. Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in
PHP >= 8.1.5 in fpm context). (nielsdos)
- OpenSSL:
. Add missing error checks on file writing functions. (nielsdos)
- PDO Firebird:
. Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel
and 32 bit userland). (nielsdos)
- PDO ODBC:
. Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos)
- Phar:
. Fixed bug GH-10766 (PharData archive created with Phar::Zip format does
not keep files metadata (datetime)). (nielsdos)
. Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
(nielsdos)
- PGSQL:
. Fixed typo in the array returned from pg_meta_data (extended mode).
(David Carlier)
- SPL:
. Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman)
. Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
(ilutov)
- Standard:
. Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov)
. Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown
(apache2)). (nielsdos)
. Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter
and enclosure). (ilutov)
. Fixed undefined behaviour in unpack(). (nielsdos)
16 Mar 2023, PHP 8.1.17
- Core:
. Fixed incorrect check condition in ZEND_YIELD. (nielsdos)
. Fixed incorrect check condition in type inference. (nielsdos)
. Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos)
. Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a
Generator emits an unavoidable fatal error or crashes). (Arnaud)
. Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown
function after bailout). (trowski)
. Fixed SSA object type update for compound assignment opcodes. (nielsdos)
. Fixed language scanner generation build. (Daniel Black)
. Fixed zend_update_static_property() calling zend_update_static_property_ex()
misleadingly with the wrong return type. (nielsdos)
. Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer
constant name). (nielsdos)
. Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle()
freeing dangling pointers on the handle as it was uninitialized. (nielsdos)
- Curl:
. Fixed deprecation warning at compile time. (Max Kellermann)
. Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc
callback). (Pierrick Charron)
- Date:
. Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick)
- FFI:
. Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)
- Fiber:
. Fixed assembly on alpine x86. (nielsdos)
. Fixed bug GH-10496 (segfault when garbage collector is invoked inside of
fiber). (Bob, Arnaud)
- FPM:
. Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka)
. Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos)
- Intl:
. Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods
error code's argument always returning NULL0. (Nathan Freeman)
- JSON:
. Fixed JSON scanner and parser generation build.
(Daniel Black, Jakub Zelenka)
- MBString:
. ext/mbstring: fix new_value length check. (Max Kellermann)
. Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos)
- Opcache:
. Fix incorrect page_size check. (nielsdos)
. Fix readonly modification check when using inc/dec operators on readonly
property with JIT. (ilutov)
- OpenSSL:
. Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos)
- PDO OCI:
. Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
(Michael Voříšek)
- PHPDBG:
. Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos)
- PGSQL:
. Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias)
- Phar:
. Fix incorrect check in phar tar parsing. (nielsdos)
- Reflection:
. Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with
variadic arguments). (nielsdos)
. Fix Segfault when using ReflectionFiber suspended by an internal function.
(danog)
- Session:
. Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as
the latter was considered success by callers. (nielsdos).
- Standard:
. Fixed bug GH-10292 (Made the default value of the first param of srand() and
mt_srand() unknown). (kocsismate)
. Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos)
. Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of
properties table for certain internal classes such as FFI classes
. Fix incorrect error check in browsecap for pcre2_match(). (nielsdos)
- Tidy:
. Fix memory leaks when attempting to open a non-existing file or a file over
4GB. (Girgias)
. Add missing error check on tidyLoadConfig. (nielsdos)
- Zlib:
. Fixed output_handler directive value's length which counted the string
terminator. (nieldos)
14 Feb 2023, PHP 8.1.16
- Core:
. Fixed bug #81744 (Password_verify() always return true with some hash).
(CVE-2023-0567). (Tim Düsterhus)
. Fixed bug #81746 (1-byte array overrun in common path resolve code).
(CVE-2023-0568). (Niels Dossche)
- SAPI:
. Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
request body). (CVE-2023-0662) (Jakub Zelenka)
02 Feb 2023, PHP 8.1.15
- Apache:
. Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)
- Core:
. Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call
trampoline is used from internal code). (Derick)
. Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos)
. Fix wrong comparison in block optimisation pass after opcode update. (nieldsdos)
. Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed).
(nielsdos)
- Date:
. Fixed bug GH-9891 (DateTime modify with unixtimestamp (@) must work like
setTimestamp). (Derick)
. Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the
"+" character). (Derick)
- Fiber:
. Fix assertion on stack allocation size. (nielsdos)
- FPM:
. Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
(Jakub Zelenka)
. Fixed bug #67244 (Wrong owner:group for listening unix socket).
(Jakub Zelenka)
- Hash:
. Handle exceptions from __toString in XXH3's initialization (nielsdos)
- LDAP:
. Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
(cmb)
- MBString:
. Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character. (Alex Dowad)
- Opcache:
. Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
. Fix access to uninitialized variable in accel_preload(). (nielsdos)
. Fix zend_jit_find_trace() crashes. (Max Kellermann)
. Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann)
- Phar:
. Fix wrong flags check for compression method in phar_object.c (nielsdos)
- PHPDBG:
. Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
. Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
. Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
. Fix phpdbg segmentation fault in case of malformed input (nielsdos)
- Posix:
. Fix memory leak in posix_ttyname() (girgias)
- Standard:
. Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos)
. Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos)
- TSRM:
. Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre)
- XMLWriter
. Fix missing check for xmlTextWriterEndElement (nielsdos)
05 Jan 2023, PHP 8.1.14
- Core:
. Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
(cmb)
. Fixed bug GH-9918 (License information for xxHash is not included in
README.REDIST.BINS file). (Akama Hitoshi)
. Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek)
. Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb)
- Date:
. Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards -
timezone related). (Derick)
. Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too
greedy). (Derick)
. Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()). (Derick)
. Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using
a timezone). (Derick)
- FPM:
. Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
#66694). (Petr Sumbera)
. Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
(Jakub Zelenka)
. Fixed bug GH-8517 (Random crash of FPM master process in
fpm_stdio_child_said). (Jakub Zelenka)
- MBString:
. Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in
PHP8.1). (Nathan Freeman)
- Opcache:
. Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
(Arnaud, michdingpayc)
- OpenSSL:
. Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
(Jakub Zelenka)
. Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with
no-dsa). (Jakub Zelenka)
- Pcntl:
. Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
(Erki Aring)
- PDO_Firebird:
. Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
(cmb)
- PDO/SQLite:
. Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
(cmb)
- Session:
. Fixed GH-9932 (session name silently fails with . and [). (David Carlier)
- SPL:
. Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias)
. Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be
unregistered). (Girgias)
- SQLite3:
. Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb)
24 Nov 2022, PHP 8.1.13
- CLI:
. Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)
- Core:
. Fixed bug GH-9752 (Generator crashes when interrupted during argument
evaluation with extra named params). (Arnaud)
. Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
initialization). (Arnaud)
. Fixed potential NULL pointer dereference Windows shm*() functions. (cmb)
. Fixed bug GH-9750 (Generator memory leak when interrupted during argument
evaluation. (Arnaud)
- Date:
. Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if
the argument is an offset larger than 100*60 minutes). (Derick)
- FPM:
. Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running
php-fpm 8.1.11). (Jakub Zelenka)
- mysqli:
. Fixed bug GH-9841 (mysqli_query throws warning despite using
silenced error mode). (Kamil Tekiela)
- MySQLnd:
. Fixed potential heap corruption due to alignment mismatch. (cmb)
- OpenSSL:
. Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does
not build). (Jakub Zelenka, fsbruva)
- SOAP:
. Fixed GH-9720 (Null pointer dereference while serializing the response).
(cmb)
27 Oct 2022, PHP 8.1.12
- Core:
. Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier)
- Fileinfo:
. Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
(Anatol)
- GD:
. Fixed bug #81739: OOB read due to insufficient input validation in
imageloadfont(). (CVE-2022-31630) (cmb)
- Hash:
. Fixed bug #81738: buffer overflow in hash_update() on long parameter.
(CVE-2022-37454) (nicky at mouha dot be)
- MBString:
- Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in
mb_ encode_mimeheader). (Alex Dowad)
- Opcache:
. Added indirect call reduction for jit on x86 architectures. (wxue1)
- Session:
. Fixed bug GH-9583 (session_create_id() fails with user defined save handler
that doesn't have a validateId() method). (Girgias)
- Streams:
. Fixed bug GH-9590 (stream_select does not abort upon exception or empty
valid fd set). (Arnaud)
29 Sep 2022, PHP 8.1.11
- Core:
. Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
(Tim Starling)
. Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb,
Christian Schneider)
. Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class
constants in constant expressions). (ilutov)
. Fixed bug #81727: Don't mangle HTTP variable names that clash with ones
that have a specific semantic meaning. (CVE-2022-31629). (Derick)
- DOM:
. Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
(Nathan Freeman)
- FPM:
. Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to
error_log after daemon reload). (Dmitry Menshikov)
. Fixed bug #77780 ("Headers already sent..." when previous connection was
aborted). (Jakub Zelenka)
- GMP
. Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed
to gmp_init()). (Girgias)
- Intl
. Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
(Girgias)
- PCRE:
. Fixed pcre.jit on Apple Silicon. (Niklas Keller)
- PDO_PGSQL:
. Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
(Yurunsoft)
- Phar:
. Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
(CVE-2022-31628). (cmb)
- Reflection:
. Fixed bug GH-8932 (ReflectionFunction provides no way to get the called
class of a Closure). (cmb, Nicolas Grekas)
- Streams:
. Fixed bug GH-9316 ($http_response_header is wrong for long status line).
(cmb, timwolla)
01 Sep 2022, PHP 8.1.10
- Core:
. Fixed --CGI-- support of run-tests.php. (cmb)
. Fixed incorrect double to long casting in latest clang. (zeriyoshi)
. Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present).
(Michael Olšavský)
- Date:
. Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of
different type). (Derick)
. Fixed bug GH-8964 (DateTime object comparison after applying delta less
than 1 second). (Derick)
. Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded
down since PHP 8.1.0). (Derick)
. Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick)
- DBA:
. Fixed LMDB driver memory leak on DB creation failure (Girgias)
. Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults)
(cmb)
- IMAP:
. Fixed bug GH-9309 (Segfault when connection is used after imap_close()).
(cmb)
- Intl:
. Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter)
- MBString:
. Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings).
(cmb)
- OPcache:
. Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
(cmb)
. Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
(Arnaud, Sergei Turchanov)
- OpenSSL:
. Fixed bug GH-9339 (OpenSSL oid_file path check warning contains
uninitialized path). (Jakub Zelenka)
- PDO_SQLite:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- SQLite3:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- Streams:
. Fixed bug GH-8472 (The resource returned by stream_socket_accept may have
incorrect metadata). (Jakub Zelenka)
. Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections
hanging). (Jakub Zelenka, Twosee)
04 Aug 2022, PHP 8.1.9
- CLI:
. Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS
environment variable. (yiyuaner)
- Core:
. Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb)
. Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
(Tobias Bachert)
- CLI:
. Fixed GH-8952 (Intentionally closing std handles no longer possible).
(Arnaud, cmb)
- Date:
. Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
(Derick)
- FPM:
. Fixed zlog message prepend, free on incorrect address. (Heiko Weber)
. Fixed possible double free on configuration loading failure. (Heiko Weber).
- GD:
. Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
(cmb)
- Intl:
. Fixed build for ICU 69.x and onwards. (David Carlier)
- OPcache:
. Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php
syntaxe of a valid file). (Dmitry)
. Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
(Arnaud)
- Reflection:
. Fixed bug GH-8943 (Fixed Reflection::getModifiersNames() with readonly
modifier). (Pierrick)
. Fixed bug GH-8982 (Attribute with TARGET_METHOD is rejected on fake
closure of method). (ilutov)
- Standard:
. Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
. Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
. Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
(Heiko Weber)
07 Jul 2022, PHP 8.1.8
- Core:
. Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
. Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov)
. Fixed calling internal methods with a static return type from
extension code. (Sara)
. Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
references). (Nicolas Grekas)
. Fixed potential use after free in php_binary_init(). (Heiko Weber)
. Fixed bug GH-7942 (Indirect mutation of readonly properties through
references). (ilutov)
- CLI:
. Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)
- COM:
. Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
(cmb)
- Curl:
. Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)
- Date:
. Fixed bug #72963 (Null-byte injection in CreateFromFormat and related
functions). (Derick)
. Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick)
. Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
(Derick)
. Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
(Derick)
- Fileinfo:
. Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
(cmb)
- FPM:
. Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka)
- GD:
. Fixed imagecreatefromavif() memory leak. (cmb)
- MBString:
. mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
. mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)
. Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
. Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored,
after they had been changed in 8.1.0. (Alex Dowad)
- ODBC:
. Fixed handling of single-key connection strings. (Calvin Buckley)
- OPcache:
. Fixed bug GH-8591 (tracing JIT crash after private instance method change).
(Arnaud, Dmitry, Oleg Stepanischev)
- OpenSSL:
. Fixed bug #50293 (Several openssl functions ignore the VCWD).
(Jakub Zelenka, cmb)
. Fixed bug #81713 (NULL byte injection in several OpenSSL functions working
with certificates). (Jakub Zelenka)
- PDO_ODBC:
. Fixed handling of single-key connection strings. (Calvin Buckley)
- Zip:
. Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat
cache). (Remi)
09 Jun 2022, PHP 8.1.7
- CLI:
. Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)
- Date:
. Fixed bug #51934 (strtotime plurals / incorrect time). (Derick)
. Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date
(extended format)). (Derick)
. Fixed bug #66019 (DateTime object does not support short ISO 8601 time
format - YYYY-MM-DDTHH) (cmb, Derick)
. Fixed bug #68549 (Timezones and offsets are not properly used when working
with dates) (Derick, Roel Harbers)
. Fixed bug #81565 (date parsing fails when provided with timezones including
seconds). (Derick)
. Fixed bug GH-7758 (Problems with negative timestamps and fractions).
(Derick, Ilija)
- FPM:
. Fixed ACL build check on MacOS. (David Carlier)
. Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
(Jakub Zelenka, loveharmful)
. Fixes use after free. (Heiko Weber).
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
(c dot fol at ambionics dot io)
- OPcache:
. Fixed bug GH-8461 (tracing JIT crash after function/method change).
(Arnaud, Dmitry)
- OpenSSL:
. Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof
while reading). (Jakub Zelenka)
- Pcntl:
. Fixed Haiku build. (David Carlier)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params().
(CVE-2022-31625) (cmb)
- Soap:
. Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
(robertnisipeanu)
. Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)
- SPL:
. Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)
- Standard:
. Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS).
(Arnaud)
- Zip:
. Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger)
12 May 2022, PHP 8.1.6
- Core:
. Fixed bug GH-8310 (Registry settings are no longer recognized). (cmb)
. Fixed potential race condition during resource ID allocation. (ryancaicse)
. Fixed bug GH-8133 (Preloading of constants containing arrays with enums
segfaults). (ilutov)
. Fixed Haiku ZTS builds. (David Carlier)
- Date:
. Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient
data). (Derick)
. Fixed bug GH-8108 (Timezone doesn't work as intended). (Derick)
. Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
(Derick)
. Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are
not rethrown into the generator). (Bob)
- FFI:
. Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
(Bob)
- FPM:
. Fixed bug #76003 (FPM /status reports wrong number of active processe).
(Jakub Zelenka)
. Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka)
. Fixed comment in kqueue remove callback log message. (David Carlier)
- Hash:
. Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb)
- Iconv:
. Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
(cmb)
- Intl:
. Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb)
- MBString:
. Number of error markers emitted for invalid UTF-8 text matches WHATWG specification.
This is a return to the behavior of PHP 8.0 and earlier. (alexdowad)
- MySQLi:
. Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
(cmb)
- OPcache:
. Fixed bug GH-8063 (OPcache breaks autoloading after E_COMPILE_ERROR).
(Arnaud)
- SPL:
. Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
(cmb)
. Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias)
- Streams:
. Fixed php://temp does not preserve file-position when switched to temporary
file. (Bernd Holzmüller)
- zlib:
. Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
(cmb)
14 Apr 2022, PHP 8.1.5
- Core:
. Fixed bug GH-8176 (Enum values in property initializers leak). (Bob)
. Fixed freeing of internal attribute arguments. (Bob)
. Fixed bug GH-8070 (memory leak of internal function attribute hash).
(Tim Düsterhus)
. Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
- Filter:
. Fixed signedness confusion in php_filter_validate_domain(). (cmb)
- Intl:
. Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl
classes). (ilutov)
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
. Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first
key). (ilutov)
- MBString:
. Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
(cmb)
- MySQLi:
. Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
(cmb)
- Pcntl:
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
- PgSQL:
. Fixed result_type related stack corruption on LLP64 architectures. (cmb)
. Fixed bug GH-8253 (pg_insert() fails for references). (cmb)
- Sockets:
. Fixed Solaris builds. (David Carlier)
. Fix undefined behavior in php_set_inet6_addr. (ilutov)
- SPL:
. Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
(cmb)
. Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without
return typehint in 8.1). (Nikita)
- Standard:
. Fixed bug GH-8048 (Force macOS to use statfs). (risner)
17 Mar 2022, PHP 8.1.4
- Core:
. Fixed Haiku ZTS build. (David Carlier)
. Fixed bug GH-8059 arginfo not regenerated for extension. (Remi)
. Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static
variables. (ilutov)
. Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory). (cmb)
. Fixed bug GH-8074 (Wrong type inference of range() result). (cmb)
. Fixed bug GH-8140 (Wrong first class callable by name optimization). (cmb)
. Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory
when observed). (Bob)
- GD:
. Fixed libpng warning when loading interlaced images. (Brett)
- FPM:
. Fixed bug #76109 (Unsafe access to fpm scoreboard).
(Till Backhaus, Jakub Zelenka)
- Iconv:
. Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
. Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb)
- MBString:
. Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit). (alexdowad)
- MySQLnd:
. Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela)
- Reflection:
. Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
(cmb)
. Fixed bug GH-8444 (Fix ReflectionProperty::__toString() of properties
containing instantiated enums). (ilutov)
- Zlib:
. Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
03 Feb 2022, PHP 8.1.3
- Core:
. Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
(beberlei)
. Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb)
. Fixed bug GH-7883 (Segfault when INI file is not readable). (Remi)
- FFI:
. Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb,
dmitry)
- Filter:
. Fix #81708: UAF due to php_filter_float() failing for ints.
(CVE-2021-21708) (cmb)
- FPM:
. Fixed memory leak on invalid port. (David Carlier)
. Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM
status page. (Stefano Arlandini)
- MBString:
. Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb)
- MySQLnd:
. Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela)
- pcntl:
. Fixed pcntl_rfork build for DragonFlyBSD. (David Carlier)
- Sockets:
. Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier)
- Standard:
. Fixed bug GH-7899 (Regression in unpack for negative int value). (Remi)
. Fixed bug GH-7875 (mails are sent even if failure to log throws exception).
(cmb)
20 Jan 2022, PHP 8.1.2
- Core:
. Fixed bug #81216 (Nullsafe operator leaks dynamic property name). (Dmitry)
. Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces
opcode error). (ilutov)
. Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner)
. Fixed bug #81683 (Misleading "access type ... must be public" error message
on final or abstract interface methods). (ilutov)
. Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
(cmb)
. Fixed bug GH-7757 (Multi-inherited final constant causes fatal error).
(cmb)
. Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera)
. Added riscv64 support for fibers. (Jeremie Courreges-Anglas)
- Filter:
. Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong)
- Hash:
. Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
(cmb)
. Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and
hash_file). (cmb)
- MBString:
. Fixed bug #81693 (mb_check_encoding(7bit) segfaults). (cmb)
- MySQLi:
. Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
(devnexen)
. Introduced MYSQLI_IS_MARIADB. (devnexen)
. Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()). (Kamil Tekiela)
- MySQLnd:
. Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb)
- OCI8:
. Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second
call). (cmb)
- OPcache:
. Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb)
- Readline:
. Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive
shell). (Nikita)
- Reflection:
. Fixed bug #81681 (ReflectionEnum throwing exceptions). (cmb)
- PDO_PGSQL:
. Fixed error message allocation of PDO PgSQL. (SATO Kentaro)
- Sockets:
. Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier)
. Fixed ext/sockets build on Haiku. (David Carlier)
- Spl:
. Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr
Bystry)
. Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault). (cmb)
- Standard:
. Fixed bug GH-7748 (gethostbyaddr outputs binary string). (cmb)
. Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions).
(David Warner)
02 Dec 2021, PHP 8.1.1
- IMAP:
. Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
(cmb)
- PCRE:
. Update bundled PCRE2 to 10.39. (cmb)
. Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry)
- Standard:
. Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
(cmb)
25 Nov 2021, PHP 8.1.0
- Core:
. Fixed inclusion order for phpize builds on Windows. (cmb)
. Added missing hashtable insertion APIs for arr/obj/ref. (Sara)
. Implemented FR #77372 (Relative file path is removed from uploaded file).
(Björn Tantau)
. Fixed bug #81607 (CE_CACHE allocation with concurrent access). (Nikita,
Dmitry)
. Fixed bug #81507 (Fiber does not compile on AIX). (Clément Chigot)
. Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check).
(Nikita)
. Fixed bug #81518 (Header injection via default_mimetype / default_charset).
(cmb)
. Fixed bug #75941 (Fix compile failure on Solaris with clang). (Jaromír
Doleček)
. Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
. Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault).
(Nikita)
. Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).
(Remi)
. Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning). (Nikita)
. Fixed bug #81342 (New ampersand token parsing depends on new line after it).
(Nikita)
. Fixed bug #81280 (Unicode characters in cli.prompt causes segfault).
(krakjoe)
. Fixed bug #81192 ("Declaration should be compatible with" gives incorrect
line number with traits). (Nikita)
. Fixed bug #78919 (CLI server: insufficient cleanup if request startup
fails). (cataphract, cmb)
. Fixed bug #81303 (match error message improvements). (krakjoe)
. Fixed bug #81238 (Fiber support missing for Solaris Sparc). (trowski)
. Fixed bug #81237 (Comparison of fake closures doesn't work). (krakjoe)
. Fixed bug #81202 (powerpc64 build fails on fibers). (krakjoe)
. Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak). (Nikita)
. Fixed bug #81163 (__sleep allowed to return non-array). (krakjoe)
. Fixed bug #75474 (function scope static variables are not bound to a unique
function). (Nikita)
. Fixed bug #53826 (__callStatic fired in base class through a parent call if
the method is private). (Nikita)
. Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
(krakjoe)
- CLI:
. Fixed bug #81496 (Server logs incorrect request method). (lauri)
- COM:
. Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT. (Dmitry
Maksimov)
- Curl:
. Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings).
(camporter)
- Date:
. Fixed bug #81458 (Regression Incorrect difference after timezone change).
(Derick)
. Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
(cmb)
. Fixed bug #81504 (Incorrect timezone transition details for POSIX data).
(Derick)
. Fixed bug #80998 (Missing second with inverted interval). (Derick)
. Speed up finding timezone offset information. (Derick)
. Fixed bug #79580 (date_create_from_format misses leap year). (Derick)
. Fixed bug #80963 (DateTimeZone::getTransitions() truncated). (Derick)
. Fixed bug #80974 (Wrong diff between 2 dates in different timezones).
(Derick)
. Fixed bug #80998 (Missing second with inverted interval). (Derick)
. Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an
offset with seconds). (Derick)
. Fixed bug #81106 (Regression in 8.1: add() now truncate ->f). (Derick)
. Fixed bug #81273 (Date interval calculation not correct). (Derick)
. Fixed bug #52480 (Incorrect difference using DateInterval). (Derick)
. Fixed bug #62326 (date_diff() function returns false result). (Derick)
. Fixed bug #64992 (dst not handled past 2038). (Derick)
. Fixed bug #65003 (Wrong date diff). (Derick)
. Fixed bug #66545 (DateTime. diff returns negative values). (Derick)
. Fixed bug #68503 (date_diff on two dates with timezone set localised
returns wrong results). (Derick)
. Fixed bug #69806 (Incorrect date from timestamp). (Derick)
. Fixed bug #71700 (Extra day on diff between begin and end of march 2016).
(Derick)
. Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo'). (Derick)
. Fixed bug #73460 (Datetime add not realising it already applied DST
change). (Derick)
. Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in
incorrect time). (Derick)
. Fixed bug #74274 (Handling DST transitions correctly). (Derick)
. Fixed bug #74524 (Date diff is bad calculated, in same time zone). (Derick)
. Fixed bug #75167 (DateTime::add does only care about backward DST
transition, not forward). (Derick)
. Fixed bug #76032 (DateTime->diff having issues with leap days for
timezones ahead of UTC). (Derick)
. Fixed bug #76374 (Date difference varies according day time). (Derick)
. Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from
UTC+01:00 to UTC+12:00). (Derick)
. Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran). (Derick)
. Fixed bug #79452 (DateTime::diff() generates months differently between
time zones). (Derick)
. Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic
-b slim')). (Derick)
. Fixed bug #79716 (Invalid date time created (with day "00")). (Derick)
. Fixed bug #80610 (DateTime calculate wrong with DateInterval). (Derick)
. Fixed bug #80664 (DateTime objects behave incorrectly around DST
transition). (Derick)
. Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect
time). (Derick)
- DBA:
. Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias)
- DOM:
. Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
(Viktor Volkov)
- FFI:
. Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
defined). (Dmitry)
- Filter:
. Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
(cmb, Nikita)
- FPM:
. Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
(Jakub Zelenka)
. Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
escalation) (CVE-2021-21703). (Jakub Zelenka)
. Added openmetrics status format. (Cees-Jan Kiewiet)
. Enable process renaming on macOS. (devnexen)
. Added pm.max_spawn_rate option to configure max spawn child processes rate.
(Paulius Sapragonas)
. Fixed bug #65800 (Events port mechanism). (psumbera)
- FTP:
. Convert resource<ftp> to object \FTP\Connection. (Sara)
- GD:
. Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb)
. Convert resource<gd font> to object \GdFont. (Sara)
- hash:
. Implemented FR #68109 (Add MurmurHash V3). (Anatol, Michael)
. Implemented FR #73385 (Add xxHash support). (Anatol)
- JSON:
. Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1).
(Nikita)
. Fixed bug GH-8238 (Register JSON_ERROR_NON_BACKED_ENUM constant). (ilutov)
- LDAP:
. Convert resource<ldap link> to object \LDAP\Connection. (Máté)
. Convert resource<ldap result> to object \LDAP\Result. (Máté)
. Convert resource<ldap result entry> to object \LDAP\ResultEntry. (Máté)
- MBString:
. Fixed bug #76167 (mbstring may use pointer from some previous request).
(cmb, cataphract)
. Fixed bug #81390 (mb_detect_encoding() regression). (alexdowad)
. Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases).
(Nikita)
. Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is
specified). (Nikita)
- MySQLi:
. Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient). (Nikita)
. Fixed bug #80330 (Replace language in APIs and source code/docs).
(Darek Ślusarczyk)
. Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder
(including libmysql)). (Darek Ślusarczyk)
- MySQLnd:
. Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment).
(Nikita)
. Fixed bug #80761 (PDO uses too much memory). (Nikita)
- Opcache:
. Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array).
(Dmitry)
. Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
. Fixed bug #80959 (infinite loop in building cfg during JIT compilation).
(Nikita, Dmitry)
. Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
(Dmitry)
. Fixed bug #81249 (Intermittent property assignment failure with JIT
enabled). (Dmitry)
. Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with
JIT). (Dmitry)
. Fixed bug #81133 (building opcache with phpize fails). (krakjoe)
. Fixed bug #81136 (opcache header not installed). (krakjoe)
. Added inheritance cache. (Dmitry)
- OpenSSL:
. Fixed bug #81502 ($tag argument of openssl_decrypt() should accept
null/empty string). (Nikita)
. Bump minimal OpenSSL version to 1.0.2. (Jakub Zelenka)
- PCRE:
. Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb)
. Bundled PCRE2 is 10.37.
- PDO:
. Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for
fetching a BLOB). (Nikita)
- PDO MySQL:
. Fixed bug #80908 (PDO::lastInsertId() return wrong). (matt)
. Fixed bug #81037 (PDO discards error message text from prepared
statement). (Kamil Tekiela)
- PDO OCI:
. Fixed bug #77120 (Support 'success with info' at connection).
(Sergei Morozov)
- PDO ODBC:
. Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for
PDO::getAttribute(). (Calvin Buckley)
- PDO PgSQL:
. Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling
closeCursor()). (Philip Hofstetter)
- PDO SQLite:
. Fixed bug #38334 (Proper data-type support for PDO_SQLITE). (Nikita)
- PgSQL:
. Fixed bug #81509 (pg_end_copy still expects a resource). (Matteo)
. Convert resource<pgsql link> to object \PgSql\Connection. (Máté)
. Convert resource<pgsql result> to object \PgSql\Result. (Máté)
. Convert resource<pgsql large object> to object \PgSql\Lob. (Máté)
- Phar:
. Use SHA256 by default for signature. (remi)
. Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature. (remi)
- phpdbg:
. Fixed bug #81135 (unknown help topic causes assertion failure). (krakjoe)
- PSpell:
. Convert resource<pspell> to object \PSpell\Dictionary. (Sara)
. Convert resource<pspell config> to object \PSpell\Config. (Sara)
- readline:
. Fixed bug #72998 (invalid read in readline completion). (krakjoe)
- Reflection:
. Fixed bug #81611 (ArgumentCountError when getting default value from
ReflectionParameter with new). (Cameron Porter)
. Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with
Internal error). (Nikita)
. Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a
ReflectionClass). (Nikita)
. Fixed bug #81474 (Make ReflectionEnum and related class non-final). (Nikita)
. Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current
value for statics). (Nikita)
. Fixed bug #80564 (ReflectionProperty::__toString() renders current value,
not default value). (Nikita)
. Fixed bug #80097 (ReflectionAttribute is not a Reflector). (beberlei)
. Fixed bug #81200 (no way to determine if Closure is static). (krakjoe)
. Implement ReflectionFunctionAbstract::getClosureUsedVariables. (krakjoe)
- Shmop:
. Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb)
- SimpleXML:
. Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi)
- SNMP:
. Implement SHA256 and SHA512 for security protocol. (remi)
- Sodium:
. Added the XChaCha20 stream cipher functions. (P.I.E. Security Team)
. Added the Ristretto255 functions, which are available in libsodium 1.0.18.
(P.I.E. Security Team)
- SPL:
. Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on
premature EOF). (Aliaksandr Bystry)
. Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
(cmb, Nikita, Tyson Andre)
. Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb)
. Fixed bug #81112 (Special json_encode behavior for SplFixedArray). (Nikita)
. Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject
non-existing key). (Nikita)
. Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE
from bitmask). (Cameron Porter)
- Standard:
. Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after
calling some other method). (Nikita)
. Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing).
(Dan Pock)
. Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an
associative array). (Nikita)
. Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes
with __serialize()). (Nikita)
. Fixed bug #81137 (hrtime breaks build on OSX before Sierra). (krakjoe)
. Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
(krakjoe)
- Streams:
. Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
(cmb)
- XML:
. Fixed bug #79971 (special character is breaking the path in xml function)
(CVE-2021-21707). (cmb)
. Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
(Aliaksandr Bystry, cmb)
- Zip:
. Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
. Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)
. Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination)
(CVE-2021-21706). (cmb)
. Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi)