php-src/NEWS
Máté Kocsis adb45a63c0
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0.
  (Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked)
* Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing
* Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic
  properties that would then be added to the backing fixed-size array
* Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing
* Update tests to declare properties or to expect the deprecation warning
* Add news entry

Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
2022-08-30 07:46:32 -04:00

385 lines
14 KiB
Plaintext

PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.2.0RC1
- CLI:
. Implement built-in web server responding without body to HEAD request on
a static resource. (Vedran Miletic, Marin Martuslovic)
. Implement built-in web server responding with HTTP status 405 to
DELETE/PUT/PATCH request on a static resource.
(Vedran Miletic, Marin Martuslovic)
- Core:
. Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
(Tim Starling)
. Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored).
(cmb)
. Fixed bug GH-9285 (Traits cannot be used in readonly classes).
(kocsismate)
. Fixed bug GH-9186 (@strict-properties can be bypassed using
unserialization). (kocsismate)
- Date:
. Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no
errors/warnings). (Derick)
- ODBC:
. Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin
Buckley)
- Opcache:
. Fixed bug GH-9371 (Crash with JIT on mac arm64)
(jdp1024/David Carlier)
- OpenSSL:
. Fixed bug GH-9310 (SSL local_cert and local_pk do not respect
open_basedir). (Jakub Zelenka)
. Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like
AEAD). (Jakub Zelenka)
. Added openssl_cipher_key_length function. (Jakub Zelenka)
- PDO_ODBC:
. Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin
Buckley)
- Random:
. Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937
always returns 1). (timwolla)
. Fixed Randomizer::getInt() consistency for 32-bit engines. (timwolla)
- Streams:
. Fixed bug GH-9316 ($http_response_header is wrong for long status line).
(cmb, timwolla)
- XML:
. Added libxml_get_external_entity_loader() function. (Tim Starling)
18 Aug 2022, PHP 8.2.0beta3
- Core:
. Fixed incorrect double to long casting in latest clang. (zeriyoshi)
. Added support for defining constants in traits. (sj-i)
. Stop incorrectly emitting false positive deprecation notice alongside
unsupported syntax fatal error for `"{$g{'h'}}"`. (TysonAndre)
. Fix unexpected deprecated dynamic property warning, which occurred when
exit() in finally block after an exception was thrown without catching.
(Twosee)
- MBString:
. Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()). (cmb)
- Random:
. Fixed bug GH-9235 (non-existant $sequence parameter in stub for
PcgOneseq128XslRr64::__construct()). (timwolla)
. Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when
handling large ranges). (timwolla)
. Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid
all-zero state). (timwolla)
. Removed redundant RuntimeExceptions from Randomizer methods. The
exceptions thrown by the engines will be exposed directly. (timwolla)
. Added extension specific Exceptions/Errors (RandomException, RandomError,
BrokenRandomEngineError). (timwolla)
- Session:
. Fixed GH-9200 (setcookie has an obsolete expires date format). (timwolla)
- Standard:
. Fixed bug #65489 (glob() basedir check is inconsistent). (Jakub Zelenka)
. Fixed GH-9200 (setcookie has an obsolete expires date format). (Derick)
. Fixed GH-9244 (Segfault with array_multisort + array_shift). (cmb)
04 Aug 2022, PHP 8.2.0beta2
- Core:
. Fixed bug GH-7900 (Arrow function with never return type compile-time
errors). (ilutov)
- Date:
. Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of
different type). (Derick)
. Fixed bug GH-8964 (DateTime object comparison after applying delta less
than 1 second). (Derick)
. Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded
down since PHP 8.1.0). (Derick)
. Fixed bug #75035 (Datetime fails to unserialize "extreme" dates).
(Derick)
. Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized).
(Derick)
. Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick)
- DBA:
. Fixed LMDB driver memory leak on DB creation failure (Girgias)
. Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag). (Girgias)
- FFI:
. Fixed bug GH-9090 (Support assigning function pointers in FFI). (Adam
Saponara)
- Intl:
. Declared Transliterator::$id as readonly to unlock subclassing it. (Nicolas
Grekas)
- OPcache:
. Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
(Arnaud, Sergei Turchanov)
- PCNTL:
. Fixed pcntl_(get|set)priority error handling for MacOS. (Juan Morales)
- Random:
. Fixed bug GH-9067 (random extension is not thread safe). (cmb)
. Fixed bug GH-9055 (segmentation fault if user engine throws). (timwolla)
. Fixed bug GH-9066 (signed integer overflow). (zeriyoshi)
. Fixed bug GH-9083 (undefined behavior during shifting). (timwolla)
. Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when
generating uniform integers within a given range). (timwolla)
. Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct()
call twice). (zeriyoshi)
. Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative
$advance). (Anton Smirnov)
. Changed Mt19937 to throw a ValueError instead of InvalidArgumentException
for invalid $mode. (timwolla)
. Splitted Random\Randomizer::getInt() (without arguments) to
Random\Randomizer::nextInt(). (zeriyoshi)
- Sockets:
. Added SOL_FILTER socket option for Solaris. (David Carlier)
- SPL:
. Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields).
(cmb)
. Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check).
(Jakub Zelenka)
21 Jul 2022, PHP 8.2.0beta1
- CLI:
. Updated the mime-type table for the builtin-server. (Ayesh Karunaratne)
. Fixed potential overflow for the builtin server via the
PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner)
. Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource
destruction. (Jakub Zelenka)
- Core:
. Reduced the memory footprint of strings returned by var_export(),
json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(),
http_build_query(), strstr(), Reflection*::__toString(). (Arnaud)
. Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
(Tobias Bachert)
. Added error_log_mode ini setting. (Mikhail Galanin)
. Updated request startup messages. (Eric Norris)
- COM:
. Fixed bug GH-8750 (Can not create VT_ERROR variant type). (cmb)
- Filter:
. Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs. (vnsavage)
- FPM:
. Added listen.setfib pool option to set route FIB on FreeBSD. (David Carlier)
. Added access.suppress_path pool option to filter access log entries.
(Mark Gallagher)
. Fixed on fpm scoreboard occasional warning on acquisition failure.
(Felix Wiedemann)
- Opcache:
. Added initial support for JIT performance profiling generation
for macOs Instrument. (David Carlier)
. Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
(Arnaud)
. Added JIT support improvement for macOs for segments and executable permission
bit handling. (David Carlier)
. Added JIT buffer allocation near the .text section on FreeNSD. (David Carlier)
- PCRE:
. Updated bundled libpcre to 10.40. (cmb)
- PDO_Firebird:
. Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8). (cmb)
- Random:
. Added new random extension. (Go Kudo)
- SPL:
. Widen iterator_to_array() and iterator_count()'s $iterator parameter to
iterable. (timwolla)
- Standard:
. Implemented FR GH-8924 (str_split should return empty array for empty
string). (Michael Vorisek)
. Added ini_parse_quantity function to convert ini quantities shorthand
notation to int. (Dennis Snell)
. Enable arc4random_buf for Linux glibc 2.36 and onwards
for the random_bytes. (Cristian Rodriguez)
. Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
- Windows:
. Added preliminary support for (cross-)building for ARM64. (Yun Dou)
07 Jul 2022, PHP 8.2.0alpha3
- Core:
. Uses safe_perealloc instead of perealloc for the
ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows. (David Carlier)
- DBA:
. Fixed LMDB driver hanging when attempting to delete a non-existing key
(Girgias)
- Intl:
. Fixed build for ICU 69.x and onwards. (David Carlier)
- Opcache:
. Allocate JIT buffer close to PHP .text segemnt to allow using direct
IP-relative calls and jumps.
(Su Tao, Wang Xue, Chen Hu, Lizhen Lizhen, Dmitry)
- Sockets:
. Added TCP_CONGESTION socket option. (David Carlier)
. Added SO_ZEROCOPY/MSG_ZEROCOPY options. (David Carlier)
- SPL:
. Uses safe_erealloc instead of erealloc to handle heap growth
for the SplHeap::insert method to avoid possible overflows. (David Carlier)
- Standard:
. Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
. Uses safe_erealloc instead of erealloc to handle options in getopt
to avoid possible overflows. (David Carlier)
- Zip:
. Implement fseek for zip stream when possible with libzip 1.9.1. (Remi)
23 Jun 2022, PHP 8.2.0alpha2
- Core:
. Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
references). (Nicolas Grekas)
. Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable
warning). (ilutov)
. Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed
enums). (ilutov)
. Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function
calls). (ilutov)
. Optimised code path for newly created file with the stream plain wrapper. (Max Kellermann)
- Curl:
. Added new constants from cURL 7.62 to 7.80. (Pierrick)
. New function curl_upkeep(). (Pierrick)
- OpenSSL:
. Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann)
- PCRE:
. Implemented FR #77726 (Allow null character in regex patterns). (cmb)
- Standard:
. Deprecated utf8_encode() and utf8_decode(). (Rowan Tommins)
- Streams:
. Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann)
09 Jun 2022, PHP 8.2.0alpha1
- CLI:
. Fixed bug #81496 (Server logs incorrect request method). (lauri)
- Core:
. Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
. Fixed bug GH-7771 (Fix filename/lineno of constant expressions). (ilutov)
. Fixed bug GH-7792 (Improve class type in error messages). (ilutov)
. Support huge pages on MacOS. (David CARLIER)
- Curl:
. Added support for CURLOPT_XFERINFOFUNCTION. (David Carlier)
. Added support for CURLOPT_MAXFILESIZE_LARGE. (David Carlier)
- Date:
. Fixed GH-8458 (DateInterval::createFromDateString does not throw if
non-relative items are present). (Derick)
. Fixed bug #52015 (Allow including end date in DatePeriod iterations)
(Daniel Egeberg, Derick)
. idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO
Year). (Pavel Djundik)
- FPM:
. Emit error for invalid port setting. (David Carlier)
. Added extra check for FPM proc dumpable on SELinux based systems.
(David Carlier)
. Added support for listening queue on macOS. (David Carlier)
. Changed default for listen.backlog on Linux to -1. (Cristian Rodríguez)
- FTP:
. Fix datetime format string to follow POSIX spec in ftp_mdtm(). (Jihwan Kim)
- Intl:
. Update all grandfathered language tags with preferred values
. Fixed GH-7939 (Cannot unserialize IntlTimeZone objects). (cmb)
- OCI8:
. Added oci8.prefetch_lob_size directive to tune LOB query performance
. Support for building against Oracle Client libraries 10.1 and 10.2 has been
dropped. Oracle Client libraries 11.2 or newer are now required.
- ODBC:
. Fixed bug GH-8300 (User input not escaped when building connection string).
(Calvin Buckley)
- PDO_ODBC:
. Fixed bug #80909 (crash with persistent connections in PDO_ODBC). (Calvin
Buckley)
. Fixed bug GH-8300 (User input not escaped when building connection string).
(Calvin Buckley)
- Reflection:
. Added ReflectionFunction::isAnonymous(). (Nicolas Grekas)
. Added ReflectionMethod::hasPrototype(). (Ollie Read)
. Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.
(SamMousa)
- Session:
. Fixed bug GH-7787 (Improve session write failure message for user error
handlers). (ilutov)
- Sockets:
. Added TCP_NOTSENT_LOWAT socket option. (David Carlier)
. Added SO_MEMINFO socket option. (David Carlier)
. Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).
(David Carlier)
. Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket
options. (David Carlier)
. Added ancillary data support for FreeBSD. (David Carlier)
. Added ancillary data support for NetBSD. (David Carlier)
. Added SO_BPF_EXTENSIONS socket option. (David Carlier)
. Added SO_SETFIB socket option. (David Carlier)
- Sodium:
. Added sodium_crypto_stream_xchacha20_xor_ic(). (Scott)
- SQLite3:
. Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER. (bohwaz)
- Standard:
. net_get_interfaces() also reports wireless network interfaces on Windows.
(Yurun)
. Finished AVIF support in getimagesize(). (Yannis Guyon)
. Fixed bug GH-7847 (stripos with large haystack has bad performance).
(ilutov)
. New function memory_reset_peak_usage(). (Patrick Allaert)
. Fixed parse_url(): can not recognize port without scheme. (pandaLIU)
- Streams:
. Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.
(Cristian Rodríguez)
. Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory). (ilutov)
- Zip:
. add ZipArchive::clearError() method
. add ZipArchive::getStreamName() method
. add ZipArchive::getStreamIndex() method
. On Windows, the Zip extension is now built as shared library (DLL) by
default. (cmb)
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>